refactor: update access logic to allow for multiple levels of access …

…rights -refs: #1392
UniversityOfHelsinkiCS · Dec 2, 2024 · 499a5fa · 499a5fa
1 parent 05464c3
commit 499a5fa
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 42 deletions.
diff --git a/src/server/services/feedbackTargets/Access.js b/src/server/services/feedbackTargets/Access.js
@@ -65,7 +65,7 @@ const RIGHTS = {
     UPDATE_ORGANISATION_SURVEYS,
     ENABLE_TOKEN_ENROLMENT,
   ],
-  ORGANISATION_READ: [PUBLIC_FEEDBACKS, GIVE_CONTINUOUS_FEEDBACK, GIVE_FEEDBACK],
+  ORGANISATION_READ: [PUBLIC_FEEDBACKS, GIVE_CONTINUOUS_FEEDBACK],
   RESPONSIBLE_TEACHER: [
     UPDATE,
     UPDATE_RESPONSE,
@@ -91,7 +91,7 @@ Object.freeze(RIGHTS)
 /**
  * Checks whether given access status allows given action
  */
-const hasRight = (accessStatus, action) => (RIGHTS[accessStatus] ?? []).includes(action)
+const hasRight = (accessStatuses, action) => accessStatuses.some(accessStatus => RIGHTS[accessStatus].includes(action))
 
 class Access {
   constructor(accessStatus) {
@@ -172,21 +172,29 @@ class Access {
 
   // Role enum
 
-  static ADMIN = new Access('ADMIN')
+  static ADMIN = new Access(['ADMIN'])
 
-  static RESPONSIBLE_TEACHER = new Access('RESPONSIBLE_TEACHER')
+  static RESPONSIBLE_TEACHER = new Access(['RESPONSIBLE_TEACHER'])
 
-  static TEACHER = new Access('TEACHER')
+  static TEACHER = new Access(['TEACHER'])
 
-  static ORGANISATION_ADMIN = new Access('ORGANISATION_ADMIN')
+  static ORGANISATION_ADMIN = new Access(['ORGANISATION_ADMIN'])
 
-  static ORGANISATION_READ = new Access('ORGANISATION_READ')
+  static ORGANISATION_READ = new Access(['ORGANISATION_READ'])
 
-  static STUDENT = new Access('STUDENT')
+  static STUDENT = new Access(['STUDENT'])
 
-  static NONE = new Access('NONE')
+  static NONE = new Access(['NONE'])
 
-  static For(accessStatus) {
+  static mergeAccesses(accesses) {
+    console.log('accesses', accesses)
+    const accessStatuses = accesses.map(a => a.accessStatus)
+
+    console.log('accessStatuses', accessStatuses)
+    return new Access(accessStatuses.flat())
+  }
+
+  static For(accessStatuses) {
     return (
       [
         this.ADMIN,
@@ -195,7 +203,7 @@ class Access {
         this.ORGANISATION_ADMIN,
         this.ORGANISATION_READ,
         this.STUDENT,
-      ].find(a => a.accessStatus === accessStatus) ?? this.NONE
+      ].find(a => accessStatuses.includes(a.accessStatus)) ?? this.NONE
     )
   }
 

diff --git a/src/server/services/feedbackTargets/getAccess.js b/src/server/services/feedbackTargets/getAccess.js
@@ -1,51 +1,33 @@
 const { Access } = require('./Access')
 
 const getAccess = async ({ userFeedbackTarget, user, feedbackTarget }) => {
-  if (user.dataValues.isAdmin) return Access.ADMIN
+  const accesses = []
+
+  if (user.dataValues.isAdmin) {
+    accesses.push(Access.ADMIN)
+  }
 
   const accessStatus = userFeedbackTarget?.accessStatus
-  let uftAccess = null
   if (accessStatus) {
-    uftAccess = Access.For(accessStatus)
+    accesses.push(Access.For(accessStatus))
   }
 
-  // User not directly associated. Lets check if they have access through organisation
+  // User not directly associated. Let's check if they have access through organisation
   const organisationAccess = await user.getOrganisationAccessByCourseUnitId(feedbackTarget.courseUnitId)
-
-  let orgAccess = null
   if (organisationAccess) {
     if (organisationAccess.admin) {
-      orgAccess = Access.ORGANISATION_ADMIN
+      accesses.push(Access.ORGANISATION_ADMIN)
     } else if (organisationAccess.read) {
-      orgAccess = Access.ORGANISATION_READ
+      accesses.push(Access.ORGANISATION_READ)
     }
   }
 
-  // only direct access, return that
-  if (uftAccess !== null && orgAccess === null) {
-    return uftAccess
-  }
-  // access only through organisation, return that
-  if (uftAccess === null && orgAccess !== null) {
-    return orgAccess
-  }
-  // both direct access and access through organisation, return highest
-  if (uftAccess !== null && orgAccess !== null) {
-    if (orgAccess === Access.ORGANISATION_ADMIN) {
-      if (uftAccess === Access.ADMIN || uftAccess === Access.RESPONSIBLE_TEACHER) {
-        return uftAccess
-      }
-      return orgAccess
-    }
-    if (orgAccess === Access.ORGANISATION_READ) {
-      if (uftAccess === Access.STUDENT) {
-        return orgAccess
-      }
-      return uftAccess
-    }
+  if (accesses.length === 0) {
+    return Access.NONE
   }
 
-  return null
+  // Merge all accesses into one Access object
+  return Access.mergeAccesses(accesses)
 }
 
 module.exports = { getAccess }