Skip to content

Commit cf88ebc

Browse files
o-seliuchenkoo-seliuchenko
authored
Merge pull request #34 from StreetSupport/feature/3013-create-organisation-listing-and-search-interface
3013 - Give access to organisations for volunteer admin
2 parents 60455a3 + 2030f7f commit cf88ebc

File tree

1 file changed

+25
-16
lines changed

1 file changed

+25
-16
lines changed

src/middleware/authMiddleware.ts

Lines changed: 25 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,15 @@ const handleSuperAdminAccess = (
4646
userAuthClaims: string[]
4747
): boolean => userAuthClaims.includes(ROLES.SUPER_ADMIN);
4848

49+
/**
50+
* Helper: handles global privileged access rules for VolunteerAdmin.
51+
* - VolunteerAdmin: full access
52+
* Returns true if the request has been fully handled (next() called or response sent), otherwise false.
53+
*/
54+
const handleVolunteerAdminAccess = (
55+
userAuthClaims: string[]
56+
): boolean => userAuthClaims.includes(ROLES.VOLUNTEER_ADMIN);
57+
4958
/**
5059
* Helper: validates that user roles are properly configured
5160
* - AuthClaims must not be empty
@@ -251,8 +260,8 @@ export const requireOrganisationByKeyAccess = asyncHandler(async (req: Request,
251260

252261
const userAuthClaims = req.user?.AuthClaims || [];
253262

254-
// SuperAdmin global rule
255-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
263+
// SuperAdmin or VolunteerAdmin global rule
264+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
256265

257266
// For operations on specific organisations, check access based on role
258267
const organisationId = req.params.id;
@@ -307,8 +316,8 @@ export const requireVerifyOrganisationAccess = asyncHandler(async (req: Request,
307316

308317
const userAuthClaims = req.user?.AuthClaims || [];
309318

310-
// SuperAdmin global rule
311-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
319+
// SuperAdmin or VolunteerAdmin global rule
320+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
312321

313322
// For operations on specific organisations, check access based on role
314323
const organisationId = req.params.id;
@@ -347,8 +356,8 @@ export const requireOrganisationAccess = asyncHandler(async (req: Request, res:
347356

348357
const userAuthClaims = req.user?.AuthClaims || [];
349358

350-
// SuperAdmin global rule
351-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
359+
// SuperAdmin or VolunteerAdmin global rule
360+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
352361

353362
// For operations on specific organisations, check access based on role
354363
const organisationId = req.params.id;
@@ -406,8 +415,8 @@ export const requireOrganisationLocationAccess = (req: Request, res: Response, n
406415

407416
const userAuthClaims = req.user?.AuthClaims || [];
408417

409-
// SuperAdmin global rule
410-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
418+
// SuperAdmin or VolunteerAdmin global rule
419+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
411420

412421
// Check if user is a CityAdmin
413422
if (!userAuthClaims.includes(ROLES.CITY_ADMIN)) {
@@ -440,8 +449,8 @@ export const requireServiceAccess = asyncHandler(async (req: Request, res: Respo
440449

441450
const userAuthClaims = req.user?.AuthClaims || [];
442451

443-
// SuperAdmin global rule
444-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
452+
// SuperAdmin or VolunteerAdmin global rule
453+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
445454

446455
// For operations on specific services, check access based on role
447456
const serviceId = req.params.id;
@@ -516,8 +525,8 @@ export const requireServicesByProviderAccess = asyncHandler(async (req: Request,
516525

517526
const userAuthClaims = req.user?.AuthClaims || [];
518527

519-
// SuperAdmin global rule
520-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
528+
// SuperAdmin or VolunteerAdmin global rule
529+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
521530

522531
const providerId = req.params.providerId;
523532

@@ -558,8 +567,8 @@ export const requireAccommodationsAccess = asyncHandler(async (req: Request, res
558567

559568
const userAuthClaims = req.user?.AuthClaims || [];
560569

561-
// SuperAdmin global rule
562-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
570+
// SuperAdmin or VolunteerAdmin global rule
571+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
563572

564573
// For operations on specific accommodations, check access based on role
565574
const accommodationId = req.params.id;
@@ -636,8 +645,8 @@ export const requireAccommodationsByProviderAccess = asyncHandler(async (req: Re
636645

637646
const userAuthClaims = req.user?.AuthClaims || [];
638647

639-
// SuperAdmin global rule
640-
if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
648+
// SuperAdmin or VolunteerAdmin global rule
649+
if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
641650

642651
const providerId = req.params.providerId;
643652

0 commit comments

Comments
 (0)