Updates for authentication

author: vlad <vlad@driver.xyz> 2017-07-13 02:27:55 -0700
committer: vlad <vlad@driver.xyz> 2017-07-13 02:27:55 -0700
commit: 93eb4829c0d11959709e18a7b489343550633e83 (patch)
tree: 49ced7ef72180cbd29e2a8126684dedbd958a00c /src/main/scala/xyz/driver/pdsuicommon
parent: 3d902b5197db861c30325c159dc10cfb211ae209 (diff)
download: rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.gz
rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.bz2
rest-query-93eb4829c0d11959709e18a7b489343550633e83.zip
3 files changed, 18 insertions, 16 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
index 6d78ba9..0438dfc 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
@@ -142,7 +142,7 @@ object ACL extends PhiLogging {
       extends BaseACL(
         label = "criterion",
         create = Set(CriteriaCurator, TrialAdmin),
-        read = Set(CriteriaCurator, TrialAdmin),
+        read = Set(CriteriaCurator, TrialAdmin, RoutesCurator, TreatmentMatchingAdmin, ResearchOncologist),
         update = Set(CriteriaCurator, TrialAdmin),
         delete = Set(CriteriaCurator, TrialAdmin)
       )
@@ -227,28 +227,28 @@ object ACL extends PhiLogging {
                          delete: AclCheck = Forbid) {
 
     def isCreateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("create", create)(requestContext.executor.role)
+      check("create", create)(requestContext.executor.roles)
     }
 
     def isReadAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("read", read)(requestContext.executor.role)
+      check("read", read)(requestContext.executor.roles)
     }
 
     def isUpdateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("update", update)(requestContext.executor.role)
+      check("update", update)(requestContext.executor.roles)
     }
 
     def isDeleteAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = {
-      check("delete", delete)(requestContext.executor.role)
+      check("delete", delete)(requestContext.executor.roles)
     }
 
-    private def check(action: String, isAllowed: AclCheck)(executorRole: Role): Boolean = {
-      loggedError(
-        isAllowed(executorRole),
-        phi"$executorRole has no access to ${Unsafe(action)} a ${Unsafe(label)}"
-      )
+    private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = {
+      executorRoles.exists { role =>
+        loggedError(
+          isAllowed(role),
+          phi"$role has no access to ${Unsafe(action)} a ${Unsafe(label)}"
+        )
+      }
     }
-
   }
-
 }
diff --git a/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala b/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala
index a1f93cd..912061a 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala
@@ -1,9 +1,10 @@
 package xyz.driver.pdsuicommon.auth
 
+import xyz.driver.entities.users.UserInfo
 import xyz.driver.pdsuicommon.logging._
 import xyz.driver.pdsuicommon.domain.User
 
-class AuthenticatedRequestContext(val executor: User, override val requestId: RequestId)
+class AuthenticatedRequestContext(val executor: User, val driverUser: UserInfo, override val requestId: RequestId)
     extends AnonymousRequestContext(requestId) {
 
   override def equals(that: Any): Boolean = {
@@ -22,7 +23,8 @@ class AuthenticatedRequestContext(val executor: User, override val requestId: Re
 
 object AuthenticatedRequestContext {
 
-  def apply(executor: User) = new AuthenticatedRequestContext(executor, RequestId())
+  def apply(executor: User, driverUser: UserInfo) =
+    new AuthenticatedRequestContext(executor, driverUser, RequestId())
 
   implicit def toPhiString(x: AuthenticatedRequestContext): PhiString = {
     phi"AuthenticatedRequestContext(executor=${x.executor}, requestId=${x.requestId})"
diff --git a/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala b/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala
index 8d2d86d..ffc4bf9 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala
@@ -11,7 +11,7 @@ import xyz.driver.pdsuicommon.utils.Utils
 case class User(id: StringId[User],
                 email: Email,
                 name: String,
-                role: Role,
+                roles: Set[Role],
                 passwordHash: PasswordHash,
                 latestActivity: Option[LocalDateTime],
                 deleted: Option[LocalDateTime])
@@ -74,7 +74,7 @@ object User {
 
   implicit def toPhiString(x: User): PhiString = {
     import x._
-    phi"User(id=$id, role=$role)"
+    phi"User(id=$id, roles=${Unsafe(roles.map(_.toString).mkString(", "))})"
   }
 
   // SecureRandom is thread-safe, see the implementation
author	vlad <vlad@driver.xyz>	2017-07-13 02:27:55 -0700
committer	vlad <vlad@driver.xyz>	2017-07-13 02:27:55 -0700
commit	93eb4829c0d11959709e18a7b489343550633e83 (patch)
tree	49ced7ef72180cbd29e2a8126684dedbd958a00c /src/main/scala/xyz/driver/pdsuicommon
parent	3d902b5197db861c30325c159dc10cfb211ae209 (diff)
download	rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.gz rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.bz2 rest-query-93eb4829c0d11959709e18a7b489343550633e83.zip