Updates for authenticationv0.2.2

author: vlad <vlad@driver.xyz> 2017-07-13 02:27:55 -0700
committer: Jakob Odersky <jakob@driver.xyz> 2017-07-19 17:28:54 -0700
commit: 7f7bd651122754a3df47894b64ddb0456561bbe7 (patch)
tree: a7f7a6acfccb1daa90f5a8afdd26ea3819600d69 /src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
parent: 99ebbb98068324c2c26dd59484acbe9a8b62ae59 (diff)
download: rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.gz
rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.bz2
rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.zip
1 files changed, 8 insertions, 10 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
index 6d78ba9..276ef9f 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
@@ -142,7 +142,7 @@ object ACL extends PhiLogging {
       extends BaseACL(
         label = "criterion",
         create = Set(CriteriaCurator, TrialAdmin),
-        read = Set(CriteriaCurator, TrialAdmin),
+        read = Set(CriteriaCurator, TrialAdmin, RoutesCurator, TreatmentMatchingAdmin, ResearchOncologist),
         update = Set(CriteriaCurator, TrialAdmin),
         delete = Set(CriteriaCurator, TrialAdmin)
       )
@@ -227,28 +227,26 @@ object ACL extends PhiLogging {
                          delete: AclCheck = Forbid) {
 
     def isCreateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("create", create)(requestContext.executor.role)
+      check("create", create)(requestContext.executor.roles)
     }
 
     def isReadAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("read", read)(requestContext.executor.role)
+      check("read", read)(requestContext.executor.roles)
     }
 
     def isUpdateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("update", update)(requestContext.executor.role)
+      check("update", update)(requestContext.executor.roles)
     }
 
     def isDeleteAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("delete", delete)(requestContext.executor.role)
+      check("delete", delete)(requestContext.executor.roles)
     }
 
-    private def check(action: String, isAllowed: AclCheck)(executorRole: Role): Boolean = {
+    private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = {
       loggedError(
-        isAllowed(executorRole),
-        phi"$executorRole has no access to ${Unsafe(action)} a ${Unsafe(label)}"
+        executorRoles.exists(isAllowed),
+        phi"${Unsafe(executorRoles.mkString(", "))} has no access to ${Unsafe(action)} a ${Unsafe(label)}"
       )
     }
-
   }
-
 }
author	vlad <vlad@driver.xyz>	2017-07-13 02:27:55 -0700
committer	Jakob Odersky <jakob@driver.xyz>	2017-07-19 17:28:54 -0700
commit	7f7bd651122754a3df47894b64ddb0456561bbe7 (patch)
tree	a7f7a6acfccb1daa90f5a8afdd26ea3819600d69 /src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
parent	99ebbb98068324c2c26dd59484acbe9a8b62ae59 (diff)
download	rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.gz rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.tar.bz2 rest-query-7f7bd651122754a3df47894b64ddb0456561bbe7.zip