Skip to content

Commit

Permalink
Merge pull request #115 from codeforjapan/yash/admin-acl
Browse files Browse the repository at this point in the history
Admins - Add ACL support
  • Loading branch information
DaisukeHirata authored May 6, 2020
2 parents 1a4f41c + 229e599 commit d39db1d
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 64 deletions.
15 changes: 4 additions & 11 deletions src/admins/admins.repository.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { Injectable } from '@nestjs/common'
import { Admin, AdminProfile } from './classes/admin.class'
import { Admin } from './classes/admin.class'
import { FirebaseService } from '../shared/firebase/firebase.service'
import * as firebaseAdmin from 'firebase-admin'
import * as moment from 'moment-timezone'
Expand All @@ -12,21 +12,12 @@ export class AdminsRepository {
this.firestoreDB = this.firebaseService.Firestore()
}

async createOne(admin: Admin, adminProfile?: AdminProfile): Promise<void> {
async createOne(admin: Admin): Promise<void> {
admin.createdAt = moment.utc()
await (await this.firestoreDB)
.collection('admins')
.doc(admin.adminUserId)
.set({ ...admin })

if (adminProfile) {
await (await this.firestoreDB)
.collection('admins')
.doc(admin.adminUserId)
.collection('profile')
.doc(admin.adminUserId)
.set({ ...adminProfile })
}
}

async findOneById(adminUserId: string): Promise<Admin | undefined> {
Expand Down Expand Up @@ -61,6 +52,7 @@ export class AdminsRepository {
addedByAdminUserId: doc.data().addedByAdminUserId,
addedByAdminEmail: doc.data().addedByAdminEmail,
createdAt: doc.data().createdAt,
accessControlList: doc.data().accessControlList,
}
})
})
Expand Down Expand Up @@ -95,6 +87,7 @@ export class AdminsRepository {
addedByAdminUserId: doc.data().addedByAdminUserId,
addedByAdminEmail: doc.data().addedByAdminEmail,
createdAt: doc.data().createdAt,
accessControlList: doc.data().accessControlList,
}
adminsArray.push(adminEach)
})
Expand Down
15 changes: 14 additions & 1 deletion src/admins/admins.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import {
canUserCreateNationalAdmin,
canUserCreatePrefectureAdmin,
getPrefectureAdminACLKey,
getNationalAdminACLKey,
} from '../shared/acl'
import { RequestAdminUser } from '../shared/interfaces'
import { OrganizationsService } from '../organizations/organizations.service'
Expand Down Expand Up @@ -46,7 +47,7 @@ export class AdminsService {
createAdminDto.addedByAdminUserId = requestAdminUser.uid
createAdminDto.addedByAdminEmail = requestAdminUser.email
createAdminDto.userAdminRole = createAdminRequest.adminRole

createAdminDto.accessControlList = [getSuperAdminACLKey()]
// Check if the user has access to create new user with desired adminRole in the payload.
// Also, determine what accessKey will be added to the new created admin.
switch (createAdminRequest.adminRole) {
Expand All @@ -55,6 +56,8 @@ export class AdminsService {
throw new UnauthorizedException('Insufficient access to create this adminRole')
}
createAdminDto.userAccessKey = getSuperAdminACLKey()
// No need to add any ACL Key in accessControlList, since it already contains the
// superAdmin key added above.
break

case AdminRole.nationalAdminRole:
Expand Down Expand Up @@ -82,6 +85,11 @@ export class AdminsService {

createAdminDto.userAccessKey = getPrefectureAdminACLKey(createAdminRequest.prefectureId)
createAdminDto.prefectureId = createAdminRequest.prefectureId
createAdminDto.accessControlList.push(
getNationalAdminACLKey(),
getPrefectureAdminACLKey(createAdminRequest.prefectureId)
)

break

case AdminRole.organizationAdminRole:
Expand All @@ -103,6 +111,11 @@ export class AdminsService {

createAdminDto.userAccessKey = getOrganizationAdminACLKey(createAdminRequest.organizationId)
createAdminDto.organizationId = createAdminRequest.organizationId
createAdminDto.accessControlList.push(
getNationalAdminACLKey(),
getOrganizationAdminACLKey(createAdminRequest.organizationId)
)

break

default:
Expand Down
6 changes: 1 addition & 5 deletions src/admins/classes/admin.class.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'
import { Moment } from 'moment-timezone'
import { ResourceWithACL, AdminRole } from '../../shared/acl'

export class Admin {
export class Admin extends ResourceWithACL {
@ApiProperty()
adminUserId: string

Expand Down Expand Up @@ -34,7 +34,3 @@ export class Admin {
@ApiPropertyOptional({ example: 1588297800 })
createdAt?: Moment
}

export class AdminProfile {
name: string
}
50 changes: 3 additions & 47 deletions src/admins/dto/create-admin.dto.ts
Original file line number Diff line number Diff line change
@@ -1,60 +1,16 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'
import { IsString, IsNotEmpty, IsEnum, IsEmail, ValidateIf, Min, IsInt, Max } from 'class-validator'
import { AdminRole } from '../../shared/acl'
import { AdminRole, ResourceWithACL } from '../../shared/acl'

export class CreateAdminProfileDto {
@ApiProperty()
@IsString()
@IsNotEmpty()
name: string
}

export class CreateAdminDto {
@ApiProperty()
@IsString()
@IsNotEmpty()
export class CreateAdminDto extends ResourceWithACL {
// Keys without any decorators are non-Whitelisted. Validator will throw error if it's passed in payload.
adminUserId: string

@ApiProperty({ enum: AdminRole })
@IsNotEmpty()
@IsEnum(AdminRole)
userAdminRole: AdminRole

@ApiProperty()
@IsString()
@IsNotEmpty()
userAccessKey: string

@ApiPropertyOptional({
description: 'Optional, needed when admin role is ORGANIZATION_ADMIN_ROLE',
})
@ValidateIf((o) => o.userAdminRole === AdminRole.organizationAdminRole)
@IsString()
@IsNotEmpty()
organizationId: string

@ApiPropertyOptional({
description: 'Optional, needed when admin role is PREFECTURE_ADMIN_ROLE',
})
@ValidateIf((o) => o.userAdminRole === AdminRole.prefectureAdminRole)
@IsInt()
@Min(0)
@Max(47)
prefectureId: number

@ApiProperty()
@IsString()
@IsNotEmpty()
email: string

@ApiProperty()
@IsString()
@IsNotEmpty()
addedByAdminUserId: string

@ApiProperty()
@IsString()
@IsNotEmpty()
addedByAdminEmail: string
}

Expand Down

0 comments on commit d39db1d

Please sign in to comment.