Skip to content

Commit

Permalink
refactor: migrate utils/permission-levels to admin-form.types (#694)
Browse files Browse the repository at this point in the history
  • Loading branch information
karrui authored Nov 23, 2020
1 parent 6668580 commit 04c841b
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 33 deletions.
12 changes: 7 additions & 5 deletions src/app/controllers/authentication.server.controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
* Module dependencies.
*/
const { StatusCodes } = require('http-status-codes')
const PERMISSIONS = require('../utils/permission-levels').default
const {
PermissionLevel,
} = require('../modules/form/admin-form/admin-form.types')
const { createReqMeta } = require('../utils/request')
const logger = require('../../config/logger').createLoggerWithLabel(module)

Expand Down Expand Up @@ -59,7 +61,7 @@ exports.verifyPermission = (requiredPermission) =>
String(req.form.admin.id) === String(req.session.user._id)

// Forbidden if requiredPersmission is admin but user is not
if (!isFormAdmin && requiredPermission === PERMISSIONS.DELETE) {
if (!isFormAdmin && requiredPermission === PermissionLevel.Delete) {
logUnauthorizedAccess(req, 'verifyPermission', requiredPermission)
return res.status(StatusCodes.FORBIDDEN).json({
message: makeUnauthorizedMessage(
Expand All @@ -74,8 +76,8 @@ exports.verifyPermission = (requiredPermission) =>

// Write users can access forms that require write/read
if (
requiredPermission === PERMISSIONS.WRITE ||
requiredPermission === PERMISSIONS.READ
requiredPermission === PermissionLevel.Write ||
requiredPermission === PermissionLevel.Read
) {
hasSufficientPermission =
hasSufficientPermission ||
Expand All @@ -85,7 +87,7 @@ exports.verifyPermission = (requiredPermission) =>
)
}
// Read users can access forms that require read permissions
if (requiredPermission === PERMISSIONS.READ) {
if (requiredPermission === PermissionLevel.Read) {
hasSufficientPermission =
hasSufficientPermission ||
req.form.permissionList.find(
Expand Down
5 changes: 5 additions & 0 deletions src/app/modules/form/admin-form/admin-form.types.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
export enum PermissionLevel {
Read = 'read',
Write = 'write',
Delete = 'delete',
}
40 changes: 24 additions & 16 deletions src/app/routes/admin-forms.server.routes.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ let auth = require('../../app/controllers/authentication.server.controller')
let submissions = require('../../app/controllers/submissions.server.controller')
const emailSubmissions = require('../../app/controllers/email-submissions.server.controller')
let encryptSubmissions = require('../../app/controllers/encrypt-submissions.server.controller')
let PERMISSIONS = require('../utils/permission-levels').default
const spcpFactory = require('../factories/spcp.factory')
const webhookVerifiedContentFactory = require('../factories/webhook-verified-content.factory')
const AdminFormController = require('../modules/form/admin-form/admin-form.controller')
const { withUserAuthentication } = require('../modules/auth/auth.middlewares')
const EncryptSubmissionController = require('../modules/submission/encrypt-submission/encrypt-submission.controller')
const {
PermissionLevel,
} = require('../modules/form/admin-form/admin-form.types')

const YYYY_MM_DD_REGEX = /([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01]))/

Expand Down Expand Up @@ -53,7 +55,7 @@ let authAdminActiveAnyForm = [
* form admin is encrypt beta-enabled.
*/
const authEncryptedResponseAccess = [
authActiveForm(PERMISSIONS.READ),
authActiveForm(PermissionLevel.Read),
adminForms.isFormEncryptMode,
]

Expand Down Expand Up @@ -161,10 +163,13 @@ module.exports = function (app) {
*/
app
.route('/:formId([a-fA-F0-9]{24})/adminform')
.get(authActiveForm(PERMISSIONS.READ), forms.read(forms.REQUEST_TYPE.ADMIN))
.put(authActiveForm(PERMISSIONS.WRITE), adminForms.update)
.delete(authActiveForm(PERMISSIONS.DELETE), adminForms.delete)
.post(authActiveForm(PERMISSIONS.READ), adminForms.duplicate)
.get(
authActiveForm(PermissionLevel.Read),
forms.read(forms.REQUEST_TYPE.ADMIN),
)
.put(authActiveForm(PermissionLevel.Write), adminForms.update)
.delete(authActiveForm(PermissionLevel.Delete), adminForms.delete)
.post(authActiveForm(PermissionLevel.Read), adminForms.duplicate)

/**
* Return the template form to the user.
Expand Down Expand Up @@ -204,7 +209,10 @@ module.exports = function (app) {
*/
app
.route('/:formId([a-fA-F0-9]{24})/adminform/preview')
.get(authActiveForm(PERMISSIONS.READ), forms.read(forms.REQUEST_TYPE.ADMIN))
.get(
authActiveForm(PermissionLevel.Read),
forms.read(forms.REQUEST_TYPE.ADMIN),
)

/**
* Duplicate a specified form and return that form to the user.
Expand Down Expand Up @@ -262,8 +270,8 @@ module.exports = function (app) {

app
.route('/:formId([a-fA-F0-9]{24})/adminform/feedback')
.get(authActiveForm(PERMISSIONS.READ), adminForms.getFeedback)
.post(authActiveForm(PERMISSIONS.READ), adminForms.passThroughFeedback)
.get(authActiveForm(PermissionLevel.Read), adminForms.getFeedback)
.post(authActiveForm(PermissionLevel.Read), adminForms.passThroughFeedback)

/**
* Count the number of feedback for a form
Expand All @@ -277,7 +285,7 @@ module.exports = function (app) {
*/
app
.route('/:formId([a-fA-F0-9]{24})/adminform/feedback/count')
.get(authActiveForm(PERMISSIONS.READ), adminForms.countFeedback)
.get(authActiveForm(PermissionLevel.Read), adminForms.countFeedback)

/**
* Stream download all feedback for a form
Expand All @@ -291,7 +299,7 @@ module.exports = function (app) {
*/
app
.route('/:formId([a-fA-F0-9]{24})/adminform/feedback/download')
.get(authActiveForm(PERMISSIONS.READ), adminForms.streamFeedback)
.get(authActiveForm(PermissionLevel.Read), adminForms.streamFeedback)

/**
* Transfer form ownership to another user
Expand All @@ -304,7 +312,7 @@ module.exports = function (app) {
* @returns {Object} 200 - Response document
*/
app.route('/:formId([a-fA-F0-9]{24})/adminform/transfer-owner').post(
authActiveForm(PERMISSIONS.DELETE),
authActiveForm(PermissionLevel.Delete),
celebrate({
body: Joi.object().keys({
email: Joi.string()
Expand Down Expand Up @@ -337,7 +345,7 @@ module.exports = function (app) {
app
.route('/v2/submissions/email/preview/:formId([a-fA-F0-9]{24})')
.post(
authActiveForm(PERMISSIONS.READ),
authActiveForm(PermissionLevel.Read),
emailSubmissions.receiveEmailSubmissionUsingBusBoy,
emailSubmissions.validateEmailSubmission,
spcpFactory.passThroughSpcp,
Expand Down Expand Up @@ -372,7 +380,7 @@ module.exports = function (app) {
app
.route('/v2/submissions/encrypt/preview/:formId([a-fA-F0-9]{24})')
.post(
authActiveForm(PERMISSIONS.READ),
authActiveForm(PermissionLevel.Read),
encryptSubmissions.validateEncryptSubmission,
spcpFactory.passThroughSpcp,
submissions.injectAutoReplyInfo,
Expand Down Expand Up @@ -502,7 +510,7 @@ module.exports = function (app) {
.error(() => 'Error - your file could not be verified'),
},
}),
authActiveForm(PERMISSIONS.WRITE),
authActiveForm(PermissionLevel.Write),
AdminFormController.handleCreatePresignedPostForImages,
)

Expand Down Expand Up @@ -530,7 +538,7 @@ module.exports = function (app) {
.error(() => 'Error - your file could not be verified'),
},
}),
authActiveForm(PERMISSIONS.WRITE),
authActiveForm(PermissionLevel.Write),
AdminFormController.handleCreatePresignedPostForLogos,
)
}
7 changes: 0 additions & 7 deletions src/app/utils/permission-levels.ts

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
const { StatusCodes } = require('http-status-codes')
const mongoose = require('mongoose')
const {
PermissionLevel,
} = require('../../../../dist/backend/app/modules/form/admin-form/admin-form.types')

const dbHandler = require('../helpers/db-handler')
let roles = require('../helpers/roles')
let permissionLevels = require('../../../../dist/backend/app/utils/permission-levels')
.default

describe('Authentication Controller', () => {
const TEST_OTP = '123456'
Expand Down Expand Up @@ -67,7 +68,7 @@ describe('Authentication Controller', () => {
let testFormObj = testForm.toObject()
testFormObj.admin = { id: req.session.user._id }
req.form = testFormObj
Controller.verifyPermission(permissionLevels.DELETE)(req, res, next)
Controller.verifyPermission(PermissionLevel.Delete)(req, res, next)
expect(next).toHaveBeenCalled()
})
it('should authorize if session user is a collaborator', () => {
Expand All @@ -79,7 +80,7 @@ describe('Authentication Controller', () => {
roles.collaborator(req.session.user.email),
)
req.form = testFormObj
Controller.verifyPermission(permissionLevels.WRITE)(req, res, next)
Controller.verifyPermission(PermissionLevel.Write)(req, res, next)
expect(next).toHaveBeenCalled()
})
it('should not authorize if session user is not a collaborator nor admin', () => {
Expand All @@ -91,7 +92,7 @@ describe('Authentication Controller', () => {
let testFormObj = testForm.toObject()
testFormObj.admin = { id: mongoose.Types.ObjectId('000000000002') }
req.form = testFormObj
Controller.verifyPermission(permissionLevels.WRITE)(req, res, () => {})
Controller.verifyPermission(PermissionLevel.Write)(req, res, () => {})
})
})
})

0 comments on commit 04c841b

Please sign in to comment.