chore: update permission of scopes in backend routes

opencrvs · Oct 21, 2024 · 85f7810 · 85f7810
1 parent 94b35f3
commit 85f7810
Show file tree

Hide file tree

Showing 16 changed files with 198 additions and 754 deletions.
diff --git a/packages/client/src/tests/util.tsx b/packages/client/src/tests/util.tsx
@@ -170,16 +170,6 @@ export const ACTION_STATUS_MAP = {
     SUBMISSION_STATUS.READY_TO_REQUEST_CORRECTION
 } as const
 
-export const validateScopeToken = jwt.sign(
-  { scope: ['validate'] },
-  readFileSync('./test/cert.key'),
-  {
-    algorithm: 'RS256',
-    issuer: 'opencrvs:auth-service',
-    audience: 'opencrvs:gateway-user'
-  }
-)
-
 export function flushPromises() {
   return new Promise((resolve) => setImmediate(resolve))
 }

diff --git a/packages/client/src/views/OfficeHome/inExternalValidation/inExternalValidationTab.test.tsx b/packages/client/src/views/OfficeHome/inExternalValidation/inExternalValidationTab.test.tsx
@@ -30,7 +30,7 @@ const EVENT_CREATION_TIME = 1583322631424 // Wed Mar 04 2020 13:50:31 GMT+0200 (
 const SEND_FOR_VALIDATION_TIME = 1582912800000 // Fri Feb 28 2020 20:00:00 GMT+0200 (Eastern European Standard Time)
 
 const registerScopeToken = jwt.sign(
-  { scope: ['register'] },
+  { scope: ['record.register'] },
   readFileSync('./test/cert.key'),
   {
     algorithm: 'RS256',

diff --git a/packages/commons/src/scopes.ts b/packages/commons/src/scopes.ts
@@ -105,7 +105,10 @@ export const scopes = [
   'user.create',
   'user.create:my-jurisdiction',
   'user.update:my-office',
-  'user.update'
+  'user.update',
+
+  // config
+  'config.update-all'
 ] as const
 
 export type Scope = (typeof scopes)[number]
diff --git a/packages/config/src/config/routes.ts b/packages/config/src/config/routes.ts
@@ -8,15 +8,6 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
-import {
-  createCertificateHandler,
-  getActiveCertificatesHandler,
-  getCertificateHandler,
-  requestActiveCertificate,
-  requestNewCertificate,
-  updateCertificate,
-  updateCertificateHandler
-} from '@config/handlers/certificate/certificateHandler'
 import configHandler, {
   getLoginConfigHandler
 } from '@config/handlers/application/applicationConfigHandler'
@@ -73,13 +64,14 @@ export default function getRoutes(): ServerRoute[] {
       options: {
         auth: {
           scope: [
-            RouteScope.NATLSYSADMIN,
-            RouteScope.DECLARE,
-            RouteScope.REGISTER,
-            RouteScope.CERTIFY,
-            RouteScope.PERFORMANCE,
-            RouteScope.SYSADMIN,
-            RouteScope.VALIDATE
+            'config.update-all',
+            'record.declare-birth',
+            'record.declare-death',
+            'record.declare-marriage',
+            'record.register',
+            'record.certify',
+            'performance.read',
+            'record.submit-for-approval'
           ]
         },
         tags: ['api'],
@@ -114,76 +106,6 @@ export default function getRoutes(): ServerRoute[] {
         description: 'Retrieve forms'
       }
     },
-    {
-      method: 'POST',
-      path: '/getCertificate',
-      handler: getCertificateHandler,
-      options: {
-        tags: ['api'],
-        description: 'Retrieves certificate',
-        auth: {
-          scope: [
-            RouteScope.NATLSYSADMIN,
-            RouteScope.REGISTER,
-            RouteScope.CERTIFY,
-            RouteScope.VALIDATE
-          ]
-        },
-        validate: {
-          payload: requestActiveCertificate
-        }
-      }
-    },
-    {
-      method: 'GET',
-      path: '/getActiveCertificates',
-      handler: getActiveCertificatesHandler,
-      options: {
-        tags: ['api'],
-        description: 'Retrieves active certificates for birth and death',
-        auth: {
-          scope: [
-            RouteScope.NATLSYSADMIN,
-            RouteScope.DECLARE,
-            RouteScope.REGISTER,
-            RouteScope.CERTIFY,
-            RouteScope.PERFORMANCE,
-            RouteScope.SYSADMIN,
-            RouteScope.VALIDATE
-          ]
-        }
-      }
-    },
-    {
-      method: 'POST',
-      path: '/createCertificate',
-      handler: createCertificateHandler,
-      options: {
-        tags: ['api'],
-        description: 'Creates a new Certificate',
-        auth: {
-          scope: [RouteScope.NATLSYSADMIN]
-        },
-        validate: {
-          payload: requestNewCertificate
-        }
-      }
-    },
-    {
-      method: 'POST',
-      path: '/updateCertificate',
-      handler: updateCertificateHandler,
-      options: {
-        tags: ['api'],
-        description: 'Updates an existing Certificate',
-        auth: {
-          scope: [RouteScope.NATLSYSADMIN]
-        },
-        validate: {
-          payload: updateCertificate
-        }
-      }
-    },
     {
       method: 'GET',
       path: '/dashboardQueries',
@@ -214,7 +136,7 @@ export default function getRoutes(): ServerRoute[] {
       options: {
         tags: ['api'],
         auth: {
-          scope: ['natlsysadmin']
+          scope: ['config.update-all']
         },
         description: 'Create a location',
         validate: {
@@ -242,7 +164,7 @@ export default function getRoutes(): ServerRoute[] {
       options: {
         tags: ['api'],
         auth: {
-          scope: ['natlsysadmin']
+          scope: ['config.update-all']
         },
         description: 'Update a location or facility',
         validate: {