diff options
author | vlad <vlad@driver.xyz> | 2017-07-13 02:27:55 -0700 |
---|---|---|
committer | Jakob Odersky <jakob@driver.xyz> | 2017-07-19 17:28:54 -0700 |
commit | 7f7bd651122754a3df47894b64ddb0456561bbe7 (patch) | |
tree | a7f7a6acfccb1daa90f5a8afdd26ea3819600d69 /src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala | |
parent | 99ebbb98068324c2c26dd59484acbe9a8b62ae59 (diff) | |
download | rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.gz rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.bz2 rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.zip |
Updates for authenticationv0.2.2
Diffstat (limited to 'src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala')
-rw-r--r-- | src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala index 6d78ba9..276ef9f 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala @@ -142,7 +142,7 @@ object ACL extends PhiLogging { extends BaseACL( label = "criterion", create = Set(CriteriaCurator, TrialAdmin), - read = Set(CriteriaCurator, TrialAdmin), + read = Set(CriteriaCurator, TrialAdmin, RoutesCurator, TreatmentMatchingAdmin, ResearchOncologist), update = Set(CriteriaCurator, TrialAdmin), delete = Set(CriteriaCurator, TrialAdmin) ) @@ -227,28 +227,26 @@ object ACL extends PhiLogging { delete: AclCheck = Forbid) { def isCreateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("create", create)(requestContext.executor.role) + check("create", create)(requestContext.executor.roles) } def isReadAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("read", read)(requestContext.executor.role) + check("read", read)(requestContext.executor.roles) } def isUpdateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("update", update)(requestContext.executor.role) + check("update", update)(requestContext.executor.roles) } def isDeleteAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("delete", delete)(requestContext.executor.role) + check("delete", delete)(requestContext.executor.roles) } - private def check(action: String, isAllowed: AclCheck)(executorRole: Role): Boolean = { + private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = { loggedError( - isAllowed(executorRole), - phi"$executorRole has no access to ${Unsafe(action)} a ${Unsafe(label)}" + executorRoles.exists(isAllowed), + phi"${Unsafe(executorRoles.mkString(", "))} has no access to ${Unsafe(action)} a ${Unsafe(label)}" ) } - } - } |