chore: need org admin permission for import and sysadmin has read per…

…mission
Informasjonsforvaltning · Sep 29, 2023 · fddd357 · fddd357
1 parent 1e5f526
commit fddd357
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/main/kotlin/no/fdk/concept_catalog/controller/ConceptsController.kt b/src/main/kotlin/no/fdk/concept_catalog/controller/ConceptsController.kt
@@ -60,7 +60,7 @@ class ConceptsController(
         val user = endpointPermissions.getUser(jwt)
         return when {
             user == null -> ResponseEntity(HttpStatus.UNAUTHORIZED)
-            concepts.any { !endpointPermissions.hasOrgWritePermission(jwt, it.ansvarligVirksomhet.id) } ->
+            concepts.any { !endpointPermissions.hasOrgAdminPermission(jwt, it.ansvarligVirksomhet.id) } ->
                 ResponseEntity(HttpStatus.FORBIDDEN)
             else -> {
                 logger.info("creating ${concepts.size} concepts for ${concepts.firstOrNull()?.ansvarligVirksomhet?.id}")

diff --git a/src/main/kotlin/no/fdk/concept_catalog/security/EndpointPermissions.kt b/src/main/kotlin/no/fdk/concept_catalog/security/EndpointPermissions.kt
@@ -45,13 +45,22 @@ class EndpointPermissions {
         return when {
             orgnr == null -> false
             authorities == null -> false
-            hasSysAdminPermission(jwt) -> true
             authorities.contains(roleOrgAdmin(orgnr)) -> true
             authorities.contains(roleOrgWrite(orgnr)) -> true
             else -> false
         }
     }
 
+    fun hasOrgAdminPermission(jwt: Jwt, orgnr: String?): Boolean {
+        val authorities: String? = jwt.claims["authorities"] as? String
+        return when {
+            orgnr == null -> false
+            authorities == null -> false
+            authorities.contains(roleOrgAdmin(orgnr)) -> true
+            else -> false
+        }
+    }
+
     fun hasSysAdminPermission(jwt: Jwt): Boolean {
         val authorities: String? = jwt.claims["authorities"] as? String