Merge pull request #1508 from CVEProject/dr_1495_orgWithPartnerRole_middleware

Closes #1495 - Fixes onlyOrgwithPartner role, and an issue in the migrate / populate…

Author: david-rocca

src/middleware/middleware.js

@@ -310,10 +310,10 @@ async function onlyOrgWithPartnerRole (req, res, next) {
     if (org === null) {
       logger.info({ uuid: req.ctx.uuid, message: shortName + ' does NOT exist ' })
       return res.status(404).json(error.orgDoesNotExist(shortName))
-    } else if ((org.authority.length === 1 && org.authority[0] === 'BULK_DOWNLOAD')) {
+    } else if ((org.authority.length === 1 && org.authority[0] === 'BULK_DOWNLOAD') || (org.authority?.active_roles?.length === 1 && org.authority.active_roles[0] === 'BULK_DOWNLOAD')) {
       logger.info({ uuid: req.ctx.uuid, message: org.short_name + 'only has BULK_DOWNLOAD role ' })
       return res.status(403).json(error.orgHasNoPartnerRole(shortName))
-    } else if (org.authority.length > 0) {
+    } else if (org.authority.length > 0 || org.authority?.active_roles.length > 0) {
       logger.info({ uuid: req.ctx.uuid, message: org.short_name + ' has a role ' })
       next()
     } else {

src/scripts/populate.js

@@ -80,79 +80,62 @@ db.once('open', async () => {
 
     for (const name in populateTheseCollections) {
       if (names.includes(name)) {
-        logger.info(`Dropping ${name} collection indexes!!!`)
-        await db.collections[name].dropIndexes()
-        logger.info(`Dropping ${name} collection !!!`)
-        await db.dropCollection(name)
+        if (db.collections[name]) {
+          logger.info(`Dropping ${name} collection indexes!!!`)
+          await db.collections[name].dropIndexes()
+          logger.info(`Dropping ${name} collection !!!`)
+          await db.dropCollection(name)
+        }
       }
     }
 
-    if (!names.includes('Cve-Id-Range') && !names.includes('Cve-Id') && !names.includes('Cve') && !names.includes('Org') && !names.includes('User') && !names.includes('BaseOrg') && !names.includes('BaseUser')) {
-      // Org
-      await dataUtils.populateCollection(
-        './datadump/pre-population/orgs.json',
-        Org, dataUtils.newOrgTransform
-      )
-
-      // await dataUtils.populateCollection(
-      //   './datadump/pre-population/registry-orgs.json',
-      //   RegistryOrg
-      // )
-
-      // User, depends on Org
-      const hash = await dataUtils.preprocessUserSecrets()
-      await dataUtils.populateCollection(
-        './datadump/pre-population/users.json',
-        User, dataUtils.newUserTransform, hash
-      )
-
-      // const registryUserHash = await dataUtils.preprocessUserSecrets()
-      // await dataUtils.populateCollection(
-      //   './datadump/pre-population/registry-users.json',
-      //   RegistryUser, dataUtils.newRegistryUserTransform, registryUserHash
-      // )
-
-      const populatePromises = []
-
-      // CVE ID Range
+    // Org
+    await dataUtils.populateCollection(
+      './datadump/pre-population/orgs.json',
+      Org, dataUtils.newOrgTransform
+    )
+
+    // User, depends on Org
+    const hash = await dataUtils.preprocessUserSecrets()
+    await dataUtils.populateCollection(
+      './datadump/pre-population/users.json',
+      User, dataUtils.newUserTransform, hash
+    )
+
+    const populatePromises = []
+
+    // CVE ID Range
+    populatePromises.push(dataUtils.populateCollection(
+      './datadump/pre-population/cve-ids-range.json',
+      CveIdRange
+    ))
+
+    // CVE
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
       populatePromises.push(dataUtils.populateCollection(
-        './datadump/pre-population/cve-ids-range.json',
-        CveIdRange
+        './datadump/pre-population/cves.json',
+        Cve, dataUtils.newCveTransform
       ))
+    }
 
-      // CVE
-      if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-        populatePromises.push(dataUtils.populateCollection(
-          './datadump/pre-population/cves.json',
-          Cve, dataUtils.newCveTransform
-        ))
-      }
+    // CVE ID, depends on User and Org
+    populatePromises.push(dataUtils.populateCollection(
+      './datadump/pre-population/cve-ids.json',
+      CveId, dataUtils.newCveIdTransform
+    ))
 
-      // CVE ID, depends on User and Org
-      populatePromises.push(dataUtils.populateCollection(
-        './datadump/pre-population/cve-ids.json',
-        CveId, dataUtils.newCveIdTransform
-      ))
+    // don't close database connection until all remaining populate
+    // promises are resolved
+    Promise.all(populatePromises).then(function () {
+      logger.info('Successfully populated the database!')
 
-      // don't close database connection until all remaining populate
-      // promises are resolved
-      Promise.all(populatePromises).then(function () {
-        logger.info('Successfully populated the database!')
-
-        Object.keys(indexesToCreate).forEach(col => {
-          indexesToCreate[col].forEach(index => {
-            db.collections[col].createIndex(index)
-          })
+      Object.keys(indexesToCreate).forEach(col => {
+        indexesToCreate[col].forEach(index => {
+          db.collections[col].createIndex(index)
         })
-        mongoose.connection.close()
       })
-    } else {
-      logger.error(
-        'The database was not populated because ' +
-        'some of the collections were not deleted.'
-      )
       mongoose.connection.close()
-    }
+    })
   } else {
     mongoose.connection.close()
   }

test/unit-tests/middleware/onlyOrgWithPartnerRoleTest.js

@@ -65,7 +65,7 @@ const stubSecretariat = {
   }
 }
 
-describe.skip('Testing onlyOrgWithPartnerRole middleware', () => {
+describe('Testing onlyOrgWithPartnerRole middleware', () => {
   let status, json, res, next, getOrgRepository, baseUserRepo, baseOrgRepo, getBaseOrgRepository, getBaseUserRepository, orgRepo
   beforeEach(() => {
     status = sinon.stub()