Merge pull request #577 from Sage-Bionetworks/develop-fix-571

Give CREATE_PROJECT action permissions to users on first login (SSO)

Author: tschaffter

server/auth/util.js

@@ -1,7 +1,6 @@
-import {
-    omit
-} from 'lodash/fp';
-import config from '../config/environment';
+import { omit } from 'lodash/fp';
+import ActionPermission from '../api/action-permission/action-permission.model';
+import { userRoles, init, actionPermissionTypes } from '../config/environment';
 
 export function handleUnauthorizedOrganization(done) {
     return function (organization) {
@@ -16,23 +15,18 @@ export function handleUnauthorizedOrganization(done) {
 export function createOrUpdateUser(User, userDataFromProvider) {
     return function (organization) {
         if (organization) {
-            return User
-                .findOne({
-                    email: userDataFromProvider.email
-                })
+            return User.findOne({
+                email: userDataFromProvider.email,
+            })
                 .exec()
                 .then(user => {
                     if (user) {
-                        userDataFromProvider = omit([
-                            'username',
-                            'email',
-                            'role'
-                        ], userDataFromProvider);
+                        userDataFromProvider = omit(['username', 'email', 'role'], userDataFromProvider);
                         user = Object.assign(user, userDataFromProvider);
                     } else {
                         user = new User(userDataFromProvider);
                         user = Object.assign(user, {
-                            role: config.userRoles.USER.value
+                            role: userRoles.USER.value,
                         });
                     }
                     return user;
@@ -44,8 +38,8 @@ export function createOrUpdateUser(User, userDataFromProvider) {
 
 export function giveInitAdminRole() {
     return function (user) {
-        if (user && user.email === config.init.admin.email) {
-            user.role = config.userRoles.ADMIN.value;
+        if (user && user.email === init.admin.email) {
+            user.role = userRoles.ADMIN.value;
         }
         return user;
     };
@@ -54,9 +48,24 @@ export function giveInitAdminRole() {
 export function saveUser(done) {
     return function (user) {
         if (user) {
-            return user.save()
-                .then(savedUser => done(null, savedUser));
+            if (user._id) { // returning user
+                return user.save().then(savedUser => done(null, savedUser));
+            } else { // new user
+                return user
+                    .save()
+                    .then(newUser => {
+                        // TODO Implement in a more promise-chain friendly way
+                        ActionPermission.create([
+                            {
+                                user: newUser._id,
+                                action: actionPermissionTypes.CREATE_PROJECT.value,
+                                createdBy: newUser._id, // TODO: Is this the best choice?
+                            },
+                        ]).then(() => newUser);
+                    })
+                    .then(savedUser => done(null, savedUser));
+            }
         }
         return null;
-    }
+    };
 }

server/config/seeds/default/constants.js

@@ -1,6 +1,7 @@
 import mongoose from 'mongoose';
 
 const appId = new mongoose.Types.ObjectId('5cb6ad48e7bdc7740874fd87');
+// const appUserId = new mongoose.Types.ObjectId('5cb7bcea2d719614d82bb97f');
 const adminUserId = new mongoose.Types.ObjectId('5cb7acea2d718614d81bb97f');
 
 export { appId, adminUserId };

server/config/seeds/default/users.js

@@ -1,6 +1,9 @@
 import { adminUserId } from './constants';
 import config from '../../environment';
 
+// Notes:
+// - Users must have the property _id.
+
 let users = [
     {
         _id: adminUserId,

server/config/seeds/development/action-permissions.js

@@ -1,12 +1,8 @@
-import { adminUserId, testUserId } from './users';
-import { actionPermissionTypes } from '../../environment';
+// import { adminUserId, testUserId } from './users';
+// import { actionPermissionTypes } from '../../environment';
 
-let actionPermissions = [
-    {
-        user: testUserId,
-        action: actionPermissionTypes.CREATE_PROJECT.value,
-        createdBy: adminUserId,
-    },
-];
+// Default action-permissions are created in server/config/seeds/index.js
+
+let actionPermissions = [];
 
 export { actionPermissions };

server/config/seeds/development/users.js

@@ -4,6 +4,9 @@ import {
     adminUserId
 } from '../default/users';
 
+// Notes:
+// - Users must have the property _id.
+
 const testUserId = new mongoose.Types.ObjectId('5cb7acea2d718614d81cc97e');
 const testUser1Id = new mongoose.Types.ObjectId('5cb7acea2371abc4d8121e91');
 

server/config/seeds/index.js

@@ -1,19 +1,17 @@
 /*eslint no-process-env:0*/
-import {
-    merge
-} from 'lodash';
+import { merge } from 'lodash';
 import { flow, groupBy, orderBy, mapValues, uniqBy, get } from 'lodash/fp';
 import config from '../../config/environment';
 import { adminUserId } from './default/constants';
 // import { message } from 'gulp-typescript/release/utils';
 
 var default_ = require('./default');
 
-var seeds = module.exports = config.init.dbSeedName ? merge(
-    default_,
-    require(`./${config.init.dbSeedName}`) || {}) : null;
+var seeds = module.exports = config.init.dbSeedName
+    ? merge(default_, require(`./${config.init.dbSeedName}`) || {})
+    : null;
 
-// Creating entity-permissions with Admin access for the authors of projects
+// Create entity-permissions with Admin access for the authors of projects
 if (seeds && seeds.projects) {
     let permissions = seeds.projects.map(project => ({
         status: config.inviteStatusTypes.ACCEPTED.value,
@@ -23,13 +21,25 @@ if (seeds && seeds.projects) {
         access: config.accessTypes.ADMIN.value,
         createdBy: adminUserId,
     }));
-    seeds.entityPermissions = [
-        ...seeds.entityPermissions,
-        ...permissions
-    ];
+    seeds.entityPermissions = [...seeds.entityPermissions, ...permissions];
 }
 
-// Creating entity-permissions with Admin access for the authors of tools
+// Create default action-permissions for the seed users
+if (seeds && seeds.users) {
+    const createProject = seeds.users.map(user => ({
+        user: user._id,
+        action: config.actionPermissionTypes.CREATE_PROJECT.value,
+        createdBy: user._id,
+    }));
+
+    if (!seeds.actionPermissions) {
+        seeds.actionPermissions = [];
+    }
+
+    seeds.actionPermissions.push(...createProject);
+}
+
+// Create entity-permissions with Admin access for the authors of tools
 if (seeds && seeds.tools) {
     let permissions = seeds.tools.map(tool => ({
         status: config.inviteStatusTypes.ACCEPTED.value,
@@ -39,13 +49,10 @@ if (seeds && seeds.tools) {
         access: config.accessTypes.ADMIN.value,
         createdBy: adminUserId,
     }));
-    seeds.entityPermissions = [
-        ...seeds.entityPermissions,
-        ...permissions
-    ];
+    seeds.entityPermissions = [...seeds.entityPermissions, ...permissions];
 }
 
-// Populating thread.contributors from messages
+// Populate thread.contributors from messages
 if (seeds && seeds.threads && seeds.messages) {
     const contributorsByThread = flow([
         groupBy('thread'),
@@ -59,7 +66,7 @@ if (seeds && seeds.threads && seeds.messages) {
 
     seeds.threads = seeds.threads.map(thread => ({
         ...thread,
-        contributors: get(thread._id, contributorsByThread)
+        contributors: get(thread._id, contributorsByThread),
     }));
 }