added role for profile management

helsingborg-stad · Jun 3, 2024 · da6a1e2 · da6a1e2
1 parent 996ee84
commit da6a1e2
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/src/login/index.ts b/src/login/index.ts
@@ -53,6 +53,7 @@ export const normalizeRoles = (
   canManageNotifications: !!roles?.canManageNotifications,
   canManageReturns: !!roles?.canManageReturns,
   canManagePicked: !!roles?.canManagePicked,
+  canManageProfile: !!roles?.canManageProfile,
 })
 
 export const createLoginServiceFromEnv = (
@@ -86,6 +87,7 @@ export const makeRoles = (
     canManageNotifications: defaultEnabled,
     canManageReturns: defaultEnabled,
     canManagePicked: defaultEnabled,
+    canManageProfile: defaultEnabled,
   })
 
 export const combineRoles = (
@@ -115,6 +117,7 @@ export const combineRoles = (
         a.canManageNotifications || b.canManageNotifications,
       canManageReturns: a.canManageReturns || b.canManageReturns,
       canManagePicked: a.canManagePicked || b.canManagePicked,
+      canManageProfile: a.canManageProfile || b.canManageProfile,
     })
   )
 

diff --git a/src/login/types.ts b/src/login/types.ts
@@ -27,6 +27,7 @@ export interface HaffaUserRoles {
   canManageNotifications?: boolean
   canManageReturns?: boolean
   canManagePicked?: boolean
+  canManageProfile?: boolean
 }
 
 export interface RequestPincodeResult {

diff --git a/src/profile/profile-gql-module.ts b/src/profile/profile-gql-module.ts
@@ -2,7 +2,7 @@ import HttpStatusCodes from 'http-status-codes'
 import type { GraphQLModule } from '@helsingborg-stad/gdi-api-node'
 import { profileGqlSchema } from './profile.gql.schema'
 import type { Services } from '../types'
-import { elevateUser } from '../login'
+import { elevateUser, normalizeRoles } from '../login'
 import { waitForAll } from '../lib'
 import { waitRepeat } from '../lib/wait'
 import type { RemoveProfileInput } from './types'
@@ -28,6 +28,9 @@ export const createProfileGqlModule = ({
         if (user.guest) {
           return ctx.throw(HttpStatusCodes.UNAUTHORIZED)
         }
+        if (!normalizeRoles(user?.roles).canManageProfile) {
+          return ctx.throw(HttpStatusCodes.UNAUTHORIZED)
+        }
         return profiles.updateProfile(user, input)
       },
 
@@ -37,6 +40,9 @@ export const createProfileGqlModule = ({
         if (user.guest) {
           return ctx.throw(HttpStatusCodes.UNAUTHORIZED)
         }
+        if (!normalizeRoles(user?.roles).canManageProfile) {
+          return ctx.throw(HttpStatusCodes.UNAUTHORIZED)
+        }
         const effectiveUser = elevateUser(user, { canRemoveOwnAdverts: true })
 
         if (p?.removeAdverts) {