Skip to content

Commit 009b747

Browse files
author
Vikas Agarwal
committed
Allowing only copilots and above role users to add/update/delete phase/products
1 parent e8c5836 commit 009b747

File tree

2 files changed

+25
-6
lines changed

2 files changed

+25
-6
lines changed

src/permissions/copilotAndAbove.js

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
import util from '../util';
2+
import { MANAGER_ROLES, USER_ROLE } from '../constants';
3+
4+
5+
/**
6+
* Permission to alloow copilot and above roles to perform certain operations
7+
* @param {Object} req the express request instance
8+
* @return {Promise} returns a promise
9+
*/
10+
module.exports = req => new Promise((resolve, reject) => {
11+
const hasAccess = util.hasRoles(req, [...MANAGER_ROLES, USER_ROLE.COPILOT]);
12+
13+
if (!hasAccess) {
14+
return reject(new Error('You do not have permissions to perform this action'));
15+
}
16+
17+
return resolve(true);
18+
});

src/permissions/index.js

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ const projectDelete = require('./project.delete');
77
const projectMemberDelete = require('./projectMember.delete');
88
const projectAdmin = require('./admin.ops');
99
const connectManagerOrAdmin = require('./connectManagerOrAdmin.ops');
10+
const copilotAndAbove = require('./copilotAndAbove');
1011

1112
module.exports = () => {
1213
Authorizer.setDeniedStatusCode(403);
@@ -35,12 +36,12 @@ module.exports = () => {
3536
Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
3637
Authorizer.setPolicy('productTemplate.view', true);
3738

38-
Authorizer.setPolicy('project.addProjectPhase', projectEdit);
39-
Authorizer.setPolicy('project.updateProjectPhase', projectEdit);
40-
Authorizer.setPolicy('project.deleteProjectPhase', projectEdit);
41-
Authorizer.setPolicy('project.addPhaseProduct', projectEdit);
42-
Authorizer.setPolicy('project.updatePhaseProduct', projectEdit);
43-
Authorizer.setPolicy('project.deletePhaseProduct', projectEdit);
39+
Authorizer.setPolicy('project.addProjectPhase', copilotAndAbove);
40+
Authorizer.setPolicy('project.updateProjectPhase', copilotAndAbove);
41+
Authorizer.setPolicy('project.deleteProjectPhase', copilotAndAbove);
42+
Authorizer.setPolicy('project.addPhaseProduct', copilotAndAbove);
43+
Authorizer.setPolicy('project.updatePhaseProduct', copilotAndAbove);
44+
Authorizer.setPolicy('project.deletePhaseProduct', copilotAndAbove);
4445

4546
Authorizer.setPolicy('projectType.create', projectAdmin);
4647
Authorizer.setPolicy('projectType.edit', projectAdmin);

0 commit comments

Comments
 (0)