We're updating the issue view to help you get more done. 

authorizationService returns invalid results for right check

Description

After digging into our authorizationService I've noticed that it won't always return valid results. The problem is that we're building a right object that merges all the permission strings for the specific right. This means that retrieving the following permission strings:

1 2 RIGHT_NAME|FACILITY_ONE|PROGRAM_TWO RIGHT_NAME|FACILITY_TWO|PROGRAM_ONE

will result in creating the following right object:

1 2 3 4 5 { name: "RIGHT_NAME", programIds: ["PROGRAM_ONE", "PROGRAM_TWO"], facilityIds: ["FACILITY_ONE", "FACILITY_TWO"] }

which will result in getting true if we ask whether user has a right with RIGHT_NAME for FACILITY_ONE and PROGRAM_ONE, which is not true. The purpose of this ticket is to fix this issue and remove all the extra code that is no longer need after introducing changes from OLMIS-2956.

Acceptance Criteria

  • Remove userRightsFactory completely.

  • Rework authorizationService to internally use the list of right objects returned by the permissionService instead of the aggregate right objects returned by the userRightsFactory.

  • The rest of the authorizationService interface should remain the same, only setRights parameter should change.

  • Rework and rename user-rights.run block to use permissionService instead of the userRightsFactory. It should pass the list of rights to authorizationService.

  • Remove extra checks for warehouse and supervisory node ids and code as well as program code from the hasRight method of the authorizationService

  • Update all calls to the hasRight method to pass program instead of the code.

Environment

None

Status

Assignee

Unassigned

Reporter

Nikodem Graczewski

Labels

None

Story Points

5

Time tracking

1h

Components

Priority

Major