Skip to content

Commit

Permalink
fix: give rights to all authority agents to have ui rights sync with …
Browse files Browse the repository at this point in the history
…backend rights (in the future make it more restrictive or proper)
  • Loading branch information
sneko committed Oct 10, 2023
1 parent 51978f4 commit 8c0928a
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions apps/main/src/server/routers/case.ts
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,14 @@ export async function assertUserCanManageThisCase(userId: string, caseId: string
return true;
}

export async function assertUserAnAgentPartOfAuthority(authorityId: string, userId: string): Promise<boolean> {
if (!(await isUserAnAgentPartOfAuthority(authorityId, userId))) {
throw new Error(`vous devez faire partie de la collectivité pour effectuer cette action`);
}

return true;
}

export async function assertCaseDomainParentItemIsAllowed(parentItemId: string, expectedAuthorityId?: string): Promise<void> {
const parentItem = await prisma.caseDomainItem.findUniqueOrThrow({
where: {
Expand Down Expand Up @@ -509,7 +517,7 @@ export const caseRouter = router({
};
}),
deleteCase: privateProcedure.input(DeleteCaseSchema).mutation(async ({ ctx, input }) => {
await assertUserCanManageThisCase(ctx.user.id, input.caseId);
await assertUserAnAgentPartOfAuthority(ctx.user.id, input.caseId);

// It will delete all relations thanks to the `onDelete` hook
// except for attachments that would require complex manual steps (since they can be linked to multiple entities)
Expand Down Expand Up @@ -1271,7 +1279,7 @@ export const caseRouter = router({
};
}),
addNoteToCase: privateProcedure.input(AddNoteToCaseSchema).mutation(async ({ ctx, input }) => {
await assertUserCanManageThisCase(ctx.user.id, input.caseId);
await assertUserAnAgentPartOfAuthority(ctx.user.id, input.caseId);

const note = await prisma.note.create({
data: {
Expand Down Expand Up @@ -1303,7 +1311,7 @@ export const caseRouter = router({
throw new Error(`ce dossier n'existe pas`);
}

await assertUserCanManageThisCase(ctx.user.id, targetedCase.id);
await assertUserAnAgentPartOfAuthority(ctx.user.id, targetedCase.id);

const note = await prisma.note.delete({
where: {
Expand All @@ -1329,7 +1337,7 @@ export const caseRouter = router({
throw new Error(`ce dossier n'existe pas`);
}

await assertUserCanManageThisCase(ctx.user.id, targetedCase.id);
await assertUserAnAgentPartOfAuthority(ctx.user.id, targetedCase.id);

const note = await prisma.note.update({
where: {
Expand All @@ -1344,7 +1352,7 @@ export const caseRouter = router({
return { note };
}),
addAttachmentToCase: privateProcedure.input(AddAttachmentToCaseSchema).mutation(async ({ ctx, input }) => {
await assertUserCanManageThisCase(ctx.user.id, input.caseId);
await assertUserAnAgentPartOfAuthority(ctx.user.id, input.caseId);

const attachmentsOnCase = await prisma.attachmentsOnCases.findMany({
where: {
Expand Down Expand Up @@ -1424,7 +1432,7 @@ export const caseRouter = router({
throw new Error(`ce dossier n'existe pas`);
}

await assertUserCanManageThisCase(ctx.user.id, targetedCase.id);
await assertUserAnAgentPartOfAuthority(ctx.user.id, targetedCase.id);

await prisma.attachmentsOnCases.update({
where: {
Expand Down

0 comments on commit 8c0928a

Please sign in to comment.