fixing a bug with adding new roles

david-rocca · david-rocca · commit 09f6d976da75 · 2025-09-09T13:39:21.000-04:00
diff --git a/src/controller/org.controller/org.controller.js b/src/controller/org.controller/org.controller.js
@@ -488,8 +488,7 @@ async function createUser (req, res, next) {
 
       if (!await userRepo.isAdminOrSecretariat(orgShortName, req.ctx.user, req.ctx.org, { session }, !req.useRegistry)) {
         await session.abortTransaction()
-        return res.status(123).json(error.notOrgAdminOrSecretariat())
-        // return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization
+        return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization
       }
 
       const users = await userRepo.findUsersByOrgShortname(orgShortName, { session })
@@ -638,8 +637,7 @@ async function updateUser (req, res, next) {
       if (!isRequesterSecretariat && !isAdmin) {
         logger.info({ uuid: req.ctx.uuid, message: `User ${requesterUsername} (not Admin/Secretariat) trying to modify admin-only fields.` })
         await session.abortTransaction()
-        return res.status(321).json(error.notOrgAdminOrSecretariatUpdate())
-        // return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())
+        return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())
       }
     }
 
diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
@@ -236,8 +236,7 @@ async function onlySecretariatOrAdmin (req, res, next) {
     const isAdmin = await userRepo.isAdmin(username, org)
     if (!isSec && !isAdmin) {
       logger.info({ uuid: req.ctx.uuid, message: 'Request denied because \'' + org + '\' is NOT a ' + CONSTANTS.AUTH_ROLE_ENUM.SECRETARIAT + ' and \'' + username + '\' is not an ' + CONSTANTS.USER_ROLE_ENUM.ADMIN + ' user.' })
-      return res.status(987).json(error.notOrgAdminOrSecretariat())
-      // return res.status(403).json(error.notOrgAdminOrSecretariat())
+      return res.status(403).json(error.notOrgAdminOrSecretariat())
     }
 
     logger.info({ uuid: req.ctx.uuid, message: 'Confirmed ' + org + ' as a ' + CONSTANTS.AUTH_ROLE_ENUM.SECRETARIAT + ' or an ' + CONSTANTS.USER_ROLE_ENUM.ADMIN + ' user.' })
@@ -310,15 +309,13 @@ async function onlyOrgWithPartnerRole (req, res, next) {
       return res.status(404).json(error.orgDoesNotExist(shortName))
     } else if ((org.authority.length === 1 && org.authority[0] === 'BULK_DOWNLOAD') || (org.authority?.active_roles?.length === 1 && org.authority.active_roles[0] === 'BULK_DOWNLOAD')) {
       logger.info({ uuid: req.ctx.uuid, message: org.short_name + 'only has BULK_DOWNLOAD role ' })
-      return res.status(789).json(error.orgHasNoPartnerRole(shortName))
-      // return res.status(403).json(error.orgHasNoPartnerRole(shortName))
+      return res.status(403).json(error.orgHasNoPartnerRole(shortName))
     } else if (org.authority.length > 0 || org.authority?.active_roles.length > 0) {
       logger.info({ uuid: req.ctx.uuid, message: org.short_name + ' has a role ' })
       next()
     } else {
       logger.info({ uuid: req.ctx.uuid, message: org.short_name + ' does NOT have a role ' })
-      return res.status(999).json(error.orgHasNoPartnerRole(shortName))
-      //      return res.status(403).json(error.orgHasNoPartnerRole(shortName))
+      return res.status(403).json(error.orgHasNoPartnerRole(shortName))
     }
   } catch (err) {
     next(err)
diff --git a/src/repositories/baseUserRepository.js b/src/repositories/baseUserRepository.js
@@ -263,6 +263,13 @@ class BaseUserRepository extends BaseRepository {
       const filteredUuids = registryOrg.admins.filter(uuid => uuid !== registryUser.UUID)
       registryOrg.admins = filteredUuids
     }
+
+    if (rolesToAdd.includes('ADMIN') && !incomingParameters?.org_short_name) {
+      const orgUpdates = await baseOrgRepository.getOrgObject(orgShortname)
+      orgUpdates.admins = [..._.get(orgUpdates, 'admins', []), registryUser.UUID]
+      await orgUpdates.save({ options })
+    }
+
     const initialRoles = legacyUser.authority?.active_roles ?? []
     const finalRoles = [...new Set([...initialRoles, ...rolesToAdd])].filter(role => !rolesToRemove.includes(role))
     registryUser.role = finalRoles[0] ?? ''

Original file line number	Diff line number	Diff line change
`@@ -488,8 +488,7 @@ async function createUser (req, res, next) {`
`488`	`488`
`489`	`489`	`if (!await userRepo.isAdminOrSecretariat(orgShortName, req.ctx.user, req.ctx.org, { session }, !req.useRegistry)) {`
`490`	`490`	`await session.abortTransaction()`
`491`		`- return res.status(123).json(error.notOrgAdminOrSecretariat())`
`492`		`- // return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization`
	`491`	`+ return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization`
`493`	`492`	`}`
`494`	`493`
`495`	`494`	`const users = await userRepo.findUsersByOrgShortname(orgShortName, { session })`
`@@ -638,8 +637,7 @@ async function updateUser (req, res, next) {`
`638`	`637`	`if (!isRequesterSecretariat && !isAdmin) {`
`639`	`638`	logger.info({ uuid: req.ctx.uuid, message: `User ${requesterUsername} (not Admin/Secretariat) trying to modify admin-only fields.` })
`640`	`639`	`await session.abortTransaction()`
`641`		`- return res.status(321).json(error.notOrgAdminOrSecretariatUpdate())`
`642`		`- // return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())`
	`640`	`+ return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())`
`643`	`641`	`}`
`644`	`642`	`}`
`645`	`643`