Skip to content

Commit

Permalink
chore: update search resolvers with scopes
Browse files Browse the repository at this point in the history
  • Loading branch information
Nil20 committed Oct 24, 2024
1 parent 44aef80 commit 5c37d29
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
12 changes: 5 additions & 7 deletions packages/gateway/src/features/search/root-resolvers.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ describe('Search root resolvers', () => {
beforeEach(() => {
fetch.resetMocks()
const validUserTokenRegister = jwt.sign(
{ scope: ['register'] },
{ scope: ['record.register'] },
readFileSync('./test/cert.key'),
{
subject: 'ba7022f0ff4822',
Expand All @@ -41,7 +41,7 @@ describe('Search root resolvers', () => {
Authorization: `Bearer ${validUserTokenRegister}`
}
const validUserTokenDeclare = jwt.sign(
{ scope: ['declare'] },
{ scope: ['record.declare-birth'] },
readFileSync('./test/cert.key'),
{
subject: 'ba7022f0ff4822',
Expand Down Expand Up @@ -309,7 +309,7 @@ describe('Search root resolvers', () => {
beforeEach(() => {
fetch.resetMocks()
const declareToken = jwt.sign(
{ scope: ['declare'] },
{ scope: ['record.declare-birth'] },
readFileSync('./test/cert.key'),
{
subject: 'ba7022f0ff4822',
Expand All @@ -322,7 +322,7 @@ describe('Search root resolvers', () => {
Authorization: `Bearer ${declareToken}`
}
const sysadminUserToken = jwt.sign(
{ scope: ['sysadmin'] },
{ scope: ['config.update:all'] },
readFileSync('./test/cert.key'),
{
subject: 'ba7022f0ff4822',
Expand Down Expand Up @@ -369,9 +369,7 @@ describe('Search root resolvers', () => {
{},
{ headers: unauthorizedUser }
)
).rejects.toThrowError(
'User does not have a sysadmin or register or validate scope'
)
).rejects.toThrowError('User does not have enough scope')
})
it('returns empty result for invalid location id', async () => {
fetch.mockResponseOnce(
Expand Down
31 changes: 18 additions & 13 deletions packages/gateway/src/features/search/root-resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import { Options } from '@hapi/boom'
import { ISearchCriteria, postAdvancedSearch } from './utils'
import { fetchRegistrationForDownloading } from '@gateway/workflow/index'
import { ApolloError } from 'apollo-server-hapi'
import { SCOPES } from '@opencrvs/commons/authentication'

type ApiResponse<T> = {
body: T
Expand Down Expand Up @@ -95,17 +96,17 @@ export const resolvers: GQLResolver = {
// Only registrar, registration agent & field agent should be able to search user
if (
!inScope(authHeader, [
'register',
'validate',
'certify',
'declare',
'recordsearch'
SCOPES.RECORD_REGISTER,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL,
SCOPES.RECORD_CERTIFY,
SCOPES.RECORD_DECLARE_BIRTH,
SCOPES.RECORD_DECLARE_DEATH,
SCOPES.RECORD_DECLARE_MARRIAGE,
SCOPES.RECORDSEARCH
])
) {
return await Promise.reject(
new Error(
'Advanced search is only allowed for registrar, registration agent & field agent'
)
new Error('Advanced search is not allowed for this user')
)
}

Expand All @@ -127,7 +128,7 @@ export const resolvers: GQLResolver = {
}))
}

const isExternalAPI = hasScope(authHeader, 'recordsearch')
const isExternalAPI = hasScope(authHeader, SCOPES.RECORDSEARCH)
if (isExternalAPI) {
const payload = getTokenPayload(authHeader.Authorization)
const system = await getSystem({ systemId: payload.sub }, authHeader)
Expand Down Expand Up @@ -200,11 +201,15 @@ export const resolvers: GQLResolver = {
},
{ headers: authHeader }
) {
if (!inScope(authHeader, ['sysadmin', 'register', 'validate'])) {
if (
!inScope(authHeader, [
SCOPES.RECORD_REGISTER,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL,
SCOPES.CONFIG_UPDATE_ALL
])
) {
return await Promise.reject(
new Error(
'User does not have a sysadmin or register or validate scope'
)
new Error('User does not have enough scope')
)
}

Expand Down

0 comments on commit 5c37d29

Please sign in to comment.