From 72fef25b9ab46e1d545c3c3a1fa7e6dd5daa20cf Mon Sep 17 00:00:00 2001 From: Amandine Jacquelin Date: Thu, 19 Dec 2024 11:27:19 +0100 Subject: [PATCH] =?UTF-8?q?Renomme=20des=20=C3=A9l=C3=A9ments=20li=C3=A9s?= =?UTF-8?q?=20aux=20droits?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/src/auth/auth.module.ts | 4 +- .../permission-operation.enum.ts | 18 +++++ .../auth/authorizations/permission.models.ts | 73 +++++++++++++++++++ .../permission.service.e2e-spec.ts | 62 ++++++++-------- .../permission.service.ts | 34 ++++----- .../resource-type.enum.ts | 0 .../roles/niveau-acces.enum.ts | 0 .../roles/private-utilisateur-droit.table.ts | 0 .../roles/role.enum.ts | 0 .../roles/role.service.ts | 6 +- .../roles/utilisateur-support.table.ts | 0 .../roles/utilisateur-verifie.table.ts | 0 .../gestion-des-droits/authorization.enum.ts | 18 ----- .../gestion-des-droits/permission.models.ts | 73 ------------------- backend/src/auth/index.ts | 2 +- backend/src/auth/models/invitation.table.ts | 2 +- .../membres/membres.router.e2e-spec.ts | 2 +- .../collectivites/membres/membres.service.ts | 2 +- .../personnes.router.e2e-spec.ts | 2 +- backend/src/collectivites/personnes.router.ts | 12 +-- .../src/fiches/bulk-edit/bulk-edit.service.ts | 10 +-- .../fiche-action-update.e2e-spec.ts | 2 +- backend/src/fiches/services/fiche.service.ts | 16 ++-- .../controllers/trajectoire-snbc.e2e-spec.ts | 6 +- .../indicateur-filtre.service.spec.ts | 2 +- .../indicateur-filtre.service.ts | 12 +-- .../services/export-indicateurs.service.ts | 10 +-- .../services/indicateurs.service.spec.ts | 2 +- .../services/indicateurs.service.ts | 14 ++-- .../trajectoires-data.service.spec.ts | 2 +- .../services/trajectoires-data.service.ts | 18 ++--- .../services/personnalisations-service.ts | 14 ++-- .../referentiels-scoring-snapshots.service.ts | 10 +-- .../referentiels-scoring.service.spec.ts | 2 +- .../services/referentiels-scoring.service.ts | 14 ++-- .../update-action-statut.service.ts | 10 +-- backend/src/taxonomie/services/tag.service.ts | 12 +-- 37 files changed, 233 insertions(+), 233 deletions(-) create mode 100644 backend/src/auth/authorizations/permission-operation.enum.ts create mode 100644 backend/src/auth/authorizations/permission.models.ts rename backend/src/auth/{gestion-des-droits => authorizations}/permission.service.e2e-spec.ts (78%) rename backend/src/auth/{gestion-des-droits => authorizations}/permission.service.ts (65%) rename backend/src/auth/{gestion-des-droits => authorizations}/resource-type.enum.ts (100%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/niveau-acces.enum.ts (100%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/private-utilisateur-droit.table.ts (100%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/role.enum.ts (100%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/role.service.ts (96%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/utilisateur-support.table.ts (100%) rename backend/src/auth/{gestion-des-droits => authorizations}/roles/utilisateur-verifie.table.ts (100%) delete mode 100644 backend/src/auth/gestion-des-droits/authorization.enum.ts delete mode 100644 backend/src/auth/gestion-des-droits/permission.models.ts diff --git a/backend/src/auth/auth.module.ts b/backend/src/auth/auth.module.ts index 5acbaf84a41..110b14009ab 100644 --- a/backend/src/auth/auth.module.ts +++ b/backend/src/auth/auth.module.ts @@ -5,8 +5,8 @@ import { CollectivitesModule } from '../collectivites/collectivites.module'; import { CommonModule } from '../common/common.module'; import { ConfigurationModule } from '../config/configuration.module'; import { AuthGuard } from './guards/auth.guard'; -import { PermissionService } from '../auth/gestion-des-droits/permission.service'; -import { RoleService } from '../auth/gestion-des-droits/roles/role.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { RoleService } from '@/backend/auth/authorizations/roles/role.service'; @Global() @Module({ diff --git a/backend/src/auth/authorizations/permission-operation.enum.ts b/backend/src/auth/authorizations/permission-operation.enum.ts new file mode 100644 index 00000000000..076c269bf47 --- /dev/null +++ b/backend/src/auth/authorizations/permission-operation.enum.ts @@ -0,0 +1,18 @@ +export enum PermissionOperation { + // Collectivités + COLLECTIVITES_VISITE = 'collectivites.visite', + COLLECTIVITES_LECTURE = 'collectivites.lecture', + // Référentiels + REFERENTIELS_LECTURE = 'referentiels.lecture', + REFERENTIELS_EDITION = 'referentiels.edition', + // Fiches actions + PLANS_FICHES_EDITION = 'plans.fiches.edition', + PLANS_FICHES_LECTURE = 'plans.fiches.lecture', + PLANS_FICHES_VISITE = 'plans.fiches.visite', + // Indicateurs + INDICATEURS_LECTURE = 'indicateurs.lecture', + INDICATEURS_VISITE = 'indicateurs.visite', + INDICATEURS_EDITION = 'indicateurs.edition', + INDICATEURS_TRAJECTOIRES_LECTURE = 'indicateurs.trajectoires.lecture', + INDICATEURS_TRAJECTOIRES_EDITION = 'indicateurs.trajectoires.edition', +} diff --git a/backend/src/auth/authorizations/permission.models.ts b/backend/src/auth/authorizations/permission.models.ts new file mode 100644 index 00000000000..4558387b683 --- /dev/null +++ b/backend/src/auth/authorizations/permission.models.ts @@ -0,0 +1,73 @@ +import { Role } from '@/backend/auth/authorizations/roles/role.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; + +export const Permission: Record = { + [Role.CONNECTE]: [], + [Role.VERIFIE]: [PermissionOperation.COLLECTIVITES_VISITE, PermissionOperation.PLANS_FICHES_VISITE, PermissionOperation.INDICATEURS_VISITE], + [Role.SUPPORT]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.COLLECTIVITES_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.PLANS_FICHES_LECTURE, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + ], + [Role.ADEME]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + ], + [Role.LECTURE]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.COLLECTIVITES_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.PLANS_FICHES_LECTURE, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + ], + [Role.EDITION]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.COLLECTIVITES_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, + PermissionOperation.REFERENTIELS_EDITION, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.PLANS_FICHES_LECTURE, + PermissionOperation.PLANS_FICHES_EDITION, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_EDITION, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_EDITION, + ], + [Role.ADMIN]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.COLLECTIVITES_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, + PermissionOperation.REFERENTIELS_EDITION, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.PLANS_FICHES_LECTURE, + PermissionOperation.PLANS_FICHES_EDITION, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_EDITION, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_EDITION, + ], + [Role.AUDITEUR]: [ + PermissionOperation.COLLECTIVITES_VISITE, + PermissionOperation.COLLECTIVITES_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, + PermissionOperation.REFERENTIELS_EDITION, + PermissionOperation.PLANS_FICHES_VISITE, + PermissionOperation.PLANS_FICHES_LECTURE, + PermissionOperation.INDICATEURS_VISITE, + PermissionOperation.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_EDITION, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, + ], +}; diff --git a/backend/src/auth/gestion-des-droits/permission.service.e2e-spec.ts b/backend/src/auth/authorizations/permission.service.e2e-spec.ts similarity index 78% rename from backend/src/auth/gestion-des-droits/permission.service.e2e-spec.ts rename to backend/src/auth/authorizations/permission.service.e2e-spec.ts index 1f808fd227d..e9276db8d88 100644 --- a/backend/src/auth/gestion-des-droits/permission.service.e2e-spec.ts +++ b/backend/src/auth/authorizations/permission.service.e2e-spec.ts @@ -1,13 +1,13 @@ import { getAuthUser, getTestApp, getTestDatabase, YOULOU_DOUDOU } from '@/backend/test'; import { INestApplication } from '@nestjs/common'; -import { PermissionService } from '@/backend/auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; import { AuthenticatedUser } from '@/backend/auth/models/auth.models'; -import { Authorization } from '@/backend/auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '@/backend/auth/gestion-des-droits/resource-type.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; import DatabaseService from '../../common/services/database.service'; import { eq } from 'drizzle-orm'; -import { utilisateurSupportTable } from '@/backend/auth/gestion-des-droits/roles/utilisateur-support.table'; -import { utilisateurVerifieTable } from '@/backend/auth/gestion-des-droits/roles/utilisateur-verifie.table'; +import { utilisateurSupportTable } from '@/backend/auth/authorizations/roles/utilisateur-support.table'; +import { utilisateurVerifieTable } from '@/backend/auth/authorizations/roles/utilisateur-verifie.table'; import { dcpTable } from '@/backend/auth'; import { collectiviteTable } from '@/backend/collectivites/models/collectivite.table'; @@ -29,9 +29,9 @@ describe('Gestion des droits', () => { describe('Droit en visite sur une collectivité -> NOK', async () => { test('Utilisateur vérifié -> OK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_VISITE, + PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, 20, true @@ -44,9 +44,9 @@ describe('Gestion des droits', () => { .set({ verifie: false }) .where(eq(utilisateurVerifieTable.userId, yoloDodoUser.id)); expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_VISITE, + PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, 20, true @@ -70,9 +70,9 @@ describe('Gestion des droits', () => { .set({ accessRestreint: true }) .where(eq(collectiviteTable.id, 20)); expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_VISITE, + PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, 20, true @@ -94,9 +94,9 @@ describe('Gestion des droits', () => { describe('Droit en lecture sur une collectivité -> NOK', async () => { test('Utilisateur vérifié sur sa collectivité -> OK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_LECTURE, + PermissionOperation.COLLECTIVITES_LECTURE, ResourceType.COLLECTIVITE, 1, true @@ -110,9 +110,9 @@ describe('Gestion des droits', () => { .set({ verifie: false }) .where(eq(utilisateurVerifieTable.userId, yoloDodoUser.id)); expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_LECTURE, + PermissionOperation.COLLECTIVITES_LECTURE, ResourceType.COLLECTIVITE, 1, true @@ -133,9 +133,9 @@ describe('Gestion des droits', () => { test('Utilisateur vérifié sur une autre collectivité -> NOK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_LECTURE, + PermissionOperation.COLLECTIVITES_LECTURE, ResourceType.COLLECTIVITE, 20, true @@ -148,9 +148,9 @@ describe('Gestion des droits', () => { .set({ support: true }) .where(eq(utilisateurSupportTable.userId, yoloDodoUser.id)); expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.COLLECTIVITES_CONTENT_LECTURE, + PermissionOperation.COLLECTIVITES_LECTURE, ResourceType.COLLECTIVITE, 20, true @@ -170,9 +170,9 @@ describe('Gestion des droits', () => { }); test('Auditeur sur sa collectivité audité -> OK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( youlouDoudouUser, - Authorization.COLLECTIVITES_CONTENT_LECTURE, + PermissionOperation.COLLECTIVITES_LECTURE, ResourceType.COLLECTIVITE, 10, true @@ -184,9 +184,9 @@ describe('Gestion des droits', () => { describe('Droit en edition sur une collectivité -> NOK', async () => { test('Sur sa collectivité -> OK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.FICHES_EDITION, + PermissionOperation.PLANS_FICHES_EDITION, ResourceType.COLLECTIVITE, 1, true @@ -195,9 +195,9 @@ describe('Gestion des droits', () => { }); test('Sur une autre collectivité -> NOK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.FICHES_EDITION, + PermissionOperation.PLANS_FICHES_EDITION, ResourceType.COLLECTIVITE, 20, true @@ -209,9 +209,9 @@ describe('Gestion des droits', () => { describe("Droit en lecture sur la trajectoire d'une collectivité -> NOK", async () => { test('Sur sa collectivité -> OK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, ResourceType.COLLECTIVITE, 1, true @@ -221,9 +221,9 @@ describe('Gestion des droits', () => { test('Sur une autre collectivité -> NOK', async () => { expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, ResourceType.COLLECTIVITE, 20, true @@ -237,9 +237,9 @@ describe('Gestion des droits', () => { .set({ email: 'yolo@ademe.fr' }) .where(eq(dcpTable.userId, yoloDodoUser.id)); expect( - await permissionService.hasTheRightTo( + await permissionService.isAllowed( yoloDodoUser, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, ResourceType.COLLECTIVITE, 20, true diff --git a/backend/src/auth/gestion-des-droits/permission.service.ts b/backend/src/auth/authorizations/permission.service.ts similarity index 65% rename from backend/src/auth/gestion-des-droits/permission.service.ts rename to backend/src/auth/authorizations/permission.service.ts index 5b828a15dfd..7b613e8569b 100644 --- a/backend/src/auth/gestion-des-droits/permission.service.ts +++ b/backend/src/auth/authorizations/permission.service.ts @@ -1,10 +1,10 @@ import { Injectable, Logger, UnauthorizedException } from '@nestjs/common'; import { AuthRole, AuthUser } from '../models/auth.models'; import { RoleService } from './roles/role.service'; -import { Authorization } from '@/backend/auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '@/backend/auth/gestion-des-droits/resource-type.enum'; -import { Permission } from '@/backend/auth/gestion-des-droits/permission.models'; -import { Role } from '@/backend/auth/gestion-des-droits/roles/role.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; +import { Permission } from '@/backend/auth/authorizations/permission.models'; +import { Role } from '@/backend/auth/authorizations/roles/role.enum'; @Injectable() export class PermissionService { @@ -15,20 +15,20 @@ export class PermissionService { /** * Vérifie l'autorisation de l'utilisateur sur une ressource * @param user - * @param authorization + * @param operation * @param resourceType type de la ressource * @param resourceId identifiant de la ressource, null si resourceType = PLATEFORME * @param doNotThrow vrai pour ne pas générer une erreur si l'utilisateur n'a pas l'autorisation */ - async hasTheRightTo( + async isAllowed( user: AuthUser, - authorization: Authorization, + operation: PermissionOperation, resourceType: ResourceType, resourceId: number | null, doNotThrow?: boolean ): Promise { this.logger.log( - `Vérification que l'utilisateur ${user.id} possède l'autorisation ${authorization} sur la ressource ${resourceType} ${resourceId}` + `Vérification que l'utilisateur ${user.id} possède l'autorisation ${operation} sur la ressource ${resourceType} ${resourceId}` ); if (user.role === AuthRole.SERVICE_ROLE) { // Le service rôle à tous les droits @@ -36,7 +36,7 @@ export class PermissionService { } // Récupère les rôles de l'utilisateur pour la ressource donnée - const roles = await this.roleService.getUserRolesForAResource( + const roles = await this.roleService.getUserRoles( user, resourceType, resourceId @@ -53,33 +53,33 @@ export class PermissionService { } // Récupère les autorisations des rôles de l'utilisateur - const authorizations: Set = new Set(); + const operations: Set = new Set(); for (const role of roles) { Permission[role as Role].forEach((permission) => - authorizations.add(permission) + operations.add(permission) ); } this.logger.log( `L'utilisateur ${user.id} possède les autorisations ${JSON.stringify([ - ...authorizations, + ...operations, ])} sur la ressource ${resourceType} ${resourceId}` ); - // Vérifie si l'autorisation demandée est dans la liste des autorisations de l'utilisateur - const hasTheRight = authorizations.has(authorization); + // Vérifie si l'opération demandée est dans la liste des autorisations de l'utilisateur + const hasTheRight = operations.has(operation); if (!hasTheRight) { this.logger.log( - `L'utilisateur ${user.id} ne possède pas l'autorisation ${authorization} sur la ressource ${resourceType} ${resourceId}` + `L'utilisateur ${user.id} ne possède pas l'autorisation ${operation} sur la ressource ${resourceType} ${resourceId}` ); if(!doNotThrow){ throw new UnauthorizedException( - `Droits insuffisants, l'utilisateur ${user.id} n'a pas l'autorisation ${authorization} sur la ressource ${resourceType} ${resourceId}` + `Droits insuffisants, l'utilisateur ${user.id} n'a pas l'autorisation ${operation} sur la ressource ${resourceType} ${resourceId}` ); } }else{ this.logger.log( - `L'utilisateur ${user.id} possède l'autorisation ${authorization} sur la ressource ${resourceType} ${resourceId}` + `L'utilisateur ${user.id} possède l'autorisation ${operation} sur la ressource ${resourceType} ${resourceId}` ); } diff --git a/backend/src/auth/gestion-des-droits/resource-type.enum.ts b/backend/src/auth/authorizations/resource-type.enum.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/resource-type.enum.ts rename to backend/src/auth/authorizations/resource-type.enum.ts diff --git a/backend/src/auth/gestion-des-droits/roles/niveau-acces.enum.ts b/backend/src/auth/authorizations/roles/niveau-acces.enum.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/roles/niveau-acces.enum.ts rename to backend/src/auth/authorizations/roles/niveau-acces.enum.ts diff --git a/backend/src/auth/gestion-des-droits/roles/private-utilisateur-droit.table.ts b/backend/src/auth/authorizations/roles/private-utilisateur-droit.table.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/roles/private-utilisateur-droit.table.ts rename to backend/src/auth/authorizations/roles/private-utilisateur-droit.table.ts diff --git a/backend/src/auth/gestion-des-droits/roles/role.enum.ts b/backend/src/auth/authorizations/roles/role.enum.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/roles/role.enum.ts rename to backend/src/auth/authorizations/roles/role.enum.ts diff --git a/backend/src/auth/gestion-des-droits/roles/role.service.ts b/backend/src/auth/authorizations/roles/role.service.ts similarity index 96% rename from backend/src/auth/gestion-des-droits/roles/role.service.ts rename to backend/src/auth/authorizations/roles/role.service.ts index aad8105a0d6..9d68fbb7120 100644 --- a/backend/src/auth/gestion-des-droits/roles/role.service.ts +++ b/backend/src/auth/authorizations/roles/role.service.ts @@ -9,8 +9,8 @@ import { import { NiveauAcces } from './niveau-acces.enum'; import { utilisateurSupportTable } from './utilisateur-support.table'; import { utilisateurVerifieTable } from './utilisateur-verifie.table'; -import { ResourceType } from '@/backend/auth/gestion-des-droits/resource-type.enum'; -import { Role } from '@/backend/auth/gestion-des-droits/roles/role.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; +import { Role } from '@/backend/auth/authorizations/roles/role.enum'; import { dcpTable } from '@/backend/auth'; @@ -20,7 +20,7 @@ export class RoleService { constructor(private readonly databaseService: DatabaseService) {} - async getUserRolesForAResource( + async getUserRoles( user: AuthUser, resourceType: ResourceType, resourceId: number | null diff --git a/backend/src/auth/gestion-des-droits/roles/utilisateur-support.table.ts b/backend/src/auth/authorizations/roles/utilisateur-support.table.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/roles/utilisateur-support.table.ts rename to backend/src/auth/authorizations/roles/utilisateur-support.table.ts diff --git a/backend/src/auth/gestion-des-droits/roles/utilisateur-verifie.table.ts b/backend/src/auth/authorizations/roles/utilisateur-verifie.table.ts similarity index 100% rename from backend/src/auth/gestion-des-droits/roles/utilisateur-verifie.table.ts rename to backend/src/auth/authorizations/roles/utilisateur-verifie.table.ts diff --git a/backend/src/auth/gestion-des-droits/authorization.enum.ts b/backend/src/auth/gestion-des-droits/authorization.enum.ts deleted file mode 100644 index e6a53d4a619..00000000000 --- a/backend/src/auth/gestion-des-droits/authorization.enum.ts +++ /dev/null @@ -1,18 +0,0 @@ -export enum Authorization { - // Collectivités - COLLECTIVITES_CONTENT_VISITE = 'collectivites.content.visite', - COLLECTIVITES_CONTENT_LECTURE = 'collectivites.content.lecture', - // Référentiels - REFERENTIELS_LECTURE = 'referentiels.lecture', - REFERENTIELS_EDITION = 'referentiels.edition', - // Fiches actions - FICHES_EDITION = 'fiches.edition', - FICHES_LECTURE = 'fiches.lecture', - FICHES_VISITE = 'fiches.visite', - // Indicateurs - INDICATEURS_LECTURE = 'indicateurs.lecture', - INDICATEURS_VISITE = 'indicateurs.visite', - INDICATEURS_EDITION = 'indicateurs.edition', - INDICATEURS_TRAJECTOIRE_LECTURE = 'indicateurs.trajectoire.lecture', - INDICATEURS_TRAJECTOIRE_EDITION = 'indicateurs.trajectoire.edition', -} diff --git a/backend/src/auth/gestion-des-droits/permission.models.ts b/backend/src/auth/gestion-des-droits/permission.models.ts deleted file mode 100644 index aaf8323df0c..00000000000 --- a/backend/src/auth/gestion-des-droits/permission.models.ts +++ /dev/null @@ -1,73 +0,0 @@ -import { Role } from '@/backend/auth/gestion-des-droits/roles/role.enum'; -import { Authorization } from '@/backend/auth/gestion-des-droits/authorization.enum'; - -export const Permission: Record = { - [Role.CONNECTE]: [], - [Role.VERIFIE]: [Authorization.COLLECTIVITES_CONTENT_VISITE, Authorization.FICHES_VISITE, Authorization.INDICATEURS_VISITE], - [Role.SUPPORT]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.COLLECTIVITES_CONTENT_LECTURE, - Authorization.REFERENTIELS_LECTURE, - Authorization.FICHES_VISITE, - Authorization.FICHES_LECTURE, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_LECTURE, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - ], - [Role.ADEME]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.FICHES_VISITE, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - ], - [Role.LECTURE]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.COLLECTIVITES_CONTENT_LECTURE, - Authorization.REFERENTIELS_LECTURE, - Authorization.FICHES_VISITE, - Authorization.FICHES_LECTURE, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_LECTURE, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - ], - [Role.EDITION]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.COLLECTIVITES_CONTENT_LECTURE, - Authorization.REFERENTIELS_LECTURE, - Authorization.REFERENTIELS_EDITION, - Authorization.FICHES_VISITE, - Authorization.FICHES_LECTURE, - Authorization.FICHES_EDITION, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_LECTURE, - Authorization.INDICATEURS_EDITION, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - Authorization.INDICATEURS_TRAJECTOIRE_EDITION, - ], - [Role.ADMIN]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.COLLECTIVITES_CONTENT_LECTURE, - Authorization.REFERENTIELS_LECTURE, - Authorization.REFERENTIELS_EDITION, - Authorization.FICHES_VISITE, - Authorization.FICHES_LECTURE, - Authorization.FICHES_EDITION, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_LECTURE, - Authorization.INDICATEURS_EDITION, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - Authorization.INDICATEURS_TRAJECTOIRE_EDITION, - ], - [Role.AUDITEUR]: [ - Authorization.COLLECTIVITES_CONTENT_VISITE, - Authorization.COLLECTIVITES_CONTENT_LECTURE, - Authorization.REFERENTIELS_LECTURE, - Authorization.REFERENTIELS_EDITION, - Authorization.FICHES_VISITE, - Authorization.FICHES_LECTURE, - Authorization.INDICATEURS_VISITE, - Authorization.INDICATEURS_LECTURE, - Authorization.INDICATEURS_EDITION, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, - ], -}; diff --git a/backend/src/auth/index.ts b/backend/src/auth/index.ts index 679c340b984..d570b38f156 100644 --- a/backend/src/auth/index.ts +++ b/backend/src/auth/index.ts @@ -1,2 +1,2 @@ export * from './models/dcp.table'; -export * from './gestion-des-droits/roles/private-utilisateur-droit.table'; +export * from '@/backend/auth/authorizations/roles/private-utilisateur-droit.table'; diff --git a/backend/src/auth/models/invitation.table.ts b/backend/src/auth/models/invitation.table.ts index 816853f8dca..6110bc26311 100644 --- a/backend/src/auth/models/invitation.table.ts +++ b/backend/src/auth/models/invitation.table.ts @@ -13,7 +13,7 @@ import { createdBy, TIMESTAMP_OPTIONS, } from '../../utils/column.utils'; -import { niveauAccessEnum } from '../gestion-des-droits/roles/niveau-acces.enum'; +import { niveauAccessEnum } from '@/backend/auth/authorizations/roles/niveau-acces.enum'; export const utilisateurSchema = pgSchema('utilisateur'); diff --git a/backend/src/collectivites/membres/membres.router.e2e-spec.ts b/backend/src/collectivites/membres/membres.router.e2e-spec.ts index 370718720dc..3e61b3ac03d 100644 --- a/backend/src/collectivites/membres/membres.router.e2e-spec.ts +++ b/backend/src/collectivites/membres/membres.router.e2e-spec.ts @@ -6,7 +6,7 @@ import { getAuthUser } from '../../../test/auth-utils'; import { YOLO_DODO } from '../../../test/test-users.samples'; import { AuthenticatedUser } from '../../auth/models/auth.models'; import { invitationTable } from '../../auth/models/invitation.table'; -import { NiveauAcces } from '../../auth/gestion-des-droits/roles/niveau-acces.enum'; +import { NiveauAcces } from '@/backend/auth/authorizations/roles/niveau-acces.enum'; import DatabaseService from '../../common/services/database.service'; import { AppRouter, TrpcRouter } from '../../trpc/trpc.router'; import { MembreFonctionEnum } from '../models/membre-fonction.enum'; diff --git a/backend/src/collectivites/membres/membres.service.ts b/backend/src/collectivites/membres/membres.service.ts index dc8dfa640ba..599227fd394 100644 --- a/backend/src/collectivites/membres/membres.service.ts +++ b/backend/src/collectivites/membres/membres.service.ts @@ -4,7 +4,7 @@ import { and, eq, sql } from 'drizzle-orm'; import { unionAll } from 'drizzle-orm/pg-core'; import z from 'zod'; import { invitationTable } from '../../auth/models/invitation.table'; -import { utilisateurDroitTable } from '../../auth/gestion-des-droits/roles/private-utilisateur-droit.table'; +import { utilisateurDroitTable } from '@/backend/auth/authorizations/roles/private-utilisateur-droit.table'; import DatabaseService from '../../common/services/database.service'; import { MembreFonction } from '../models/membre-fonction.enum'; import { insertMembreSchema, membreTable } from '../models/membre.table'; diff --git a/backend/src/collectivites/personnes.router.e2e-spec.ts b/backend/src/collectivites/personnes.router.e2e-spec.ts index 7ce3e82253e..9830d386032 100644 --- a/backend/src/collectivites/personnes.router.e2e-spec.ts +++ b/backend/src/collectivites/personnes.router.e2e-spec.ts @@ -8,7 +8,7 @@ import { import { getAuthUser } from '../../test/auth-utils'; import { YOLO_DODO, YULU_DUDU } from '../../test/test-users.samples'; import { AuthenticatedUser } from '../auth/models/auth.models'; -import { utilisateurDroitTable } from '../auth/gestion-des-droits/roles/private-utilisateur-droit.table'; +import { utilisateurDroitTable } from '@/backend/auth/authorizations/roles/private-utilisateur-droit.table'; import DatabaseService from '../common/services/database.service'; import { AppRouter, TrpcRouter } from '../trpc/trpc.router'; diff --git a/backend/src/collectivites/personnes.router.ts b/backend/src/collectivites/personnes.router.ts index d31c65b7fc8..3718b9dc10c 100644 --- a/backend/src/collectivites/personnes.router.ts +++ b/backend/src/collectivites/personnes.router.ts @@ -5,9 +5,9 @@ import { listRequestSchema, PersonnesService, } from './services/personnes.service'; -import { PermissionService } from '../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; import CollectivitesService from '../collectivites/services/collectivites.service'; const inputSchema = listRequestSchema; @@ -28,11 +28,11 @@ export class PersonnesRouter { const collectivitePrivate = await this.collectivite.isPrivate( input.collectiviteId ); - const authorized = await this.permission.hasTheRightTo( + const authorized = await this.permission.isAllowed( ctx.user, collectivitePrivate - ? Authorization.COLLECTIVITES_CONTENT_LECTURE - : Authorization.COLLECTIVITES_CONTENT_VISITE, + ? PermissionOperation.COLLECTIVITES_LECTURE + : PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, input.collectiviteId, true diff --git a/backend/src/fiches/bulk-edit/bulk-edit.service.ts b/backend/src/fiches/bulk-edit/bulk-edit.service.ts index 53814ed7de8..df0e739361d 100644 --- a/backend/src/fiches/bulk-edit/bulk-edit.service.ts +++ b/backend/src/fiches/bulk-edit/bulk-edit.service.ts @@ -10,9 +10,9 @@ import { ficheActionTable, } from '../models/fiche-action.table'; import { updateFicheActionRequestSchema } from '../models/update-fiche-action.request'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; @Injectable() export class BulkEditService { @@ -53,9 +53,9 @@ export class BulkEditService { // Check if the user has edition access to all the collectivites for (const c of collectiviteIds) { - await this.permission.hasTheRightTo( + await this.permission.isAllowed( user, - Authorization.FICHES_EDITION, + PermissionOperation.PLANS_FICHES_EDITION, ResourceType.COLLECTIVITE, c.collectiviteId ); diff --git a/backend/src/fiches/controllers/fiche-action-update.e2e-spec.ts b/backend/src/fiches/controllers/fiche-action-update.e2e-spec.ts index 72519b406f3..c6bd150acb3 100644 --- a/backend/src/fiches/controllers/fiche-action-update.e2e-spec.ts +++ b/backend/src/fiches/controllers/fiche-action-update.e2e-spec.ts @@ -563,7 +563,7 @@ describe('FichesActionUpdateService', () => { const body = response.body; expect(body).toStrictEqual({ - message: `Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation fiches.edition sur la ressource Collectivité 3`, + message: `Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation plans.fiches.edition sur la ressource Collectivité 3`, error: 'Unauthorized', statusCode: 401, }); diff --git a/backend/src/fiches/services/fiche.service.ts b/backend/src/fiches/services/fiche.service.ts index f40a7e019a3..6711f8ef408 100644 --- a/backend/src/fiches/services/fiche.service.ts +++ b/backend/src/fiches/services/fiche.service.ts @@ -16,9 +16,9 @@ import { ficheActionTable, } from '../models/fiche-action.table'; import { dcpTable } from '@/backend/auth'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; @Injectable() export default class FicheService { @@ -46,11 +46,11 @@ export default class FicheService { ): Promise { const fiche = await this.getFicheFromId(ficheId); if (fiche === null) return false; - return await this.permissionService.hasTheRightTo( + return await this.permissionService.isAllowed( tokenInfo, fiche.restreint - ? Authorization.FICHES_LECTURE - : Authorization.FICHES_VISITE, + ? PermissionOperation.PLANS_FICHES_LECTURE + : PermissionOperation.PLANS_FICHES_VISITE, ResourceType.COLLECTIVITE, fiche.collectiviteId ); @@ -63,9 +63,9 @@ export default class FicheService { ): Promise { const fiche = await this.getFicheFromId(ficheId); if (fiche === null) return false; - return await this.permissionService.hasTheRightTo( + return await this.permissionService.isAllowed( tokenInfo, - Authorization.FICHES_EDITION, + PermissionOperation.PLANS_FICHES_EDITION, ResourceType.COLLECTIVITE, fiche.collectiviteId ); diff --git a/backend/src/indicateurs/controllers/trajectoire-snbc.e2e-spec.ts b/backend/src/indicateurs/controllers/trajectoire-snbc.e2e-spec.ts index 64e07a38313..8b30b50a6d8 100644 --- a/backend/src/indicateurs/controllers/trajectoire-snbc.e2e-spec.ts +++ b/backend/src/indicateurs/controllers/trajectoire-snbc.e2e-spec.ts @@ -27,7 +27,7 @@ describe('Calcul de trajectoire SNBC', () => { .set('Authorization', `Bearer ${yoloDodoToken}`) .expect(401) .expect({ - message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoire.lecture sur la ressource Collectivité 3", + message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoires.lecture sur la ressource Collectivité 3", error: 'Unauthorized', statusCode: 401, }); @@ -39,7 +39,7 @@ describe('Calcul de trajectoire SNBC', () => { .set('Authorization', `Bearer ${yoloDodoToken}`) .expect(401) .expect({ - message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoire.edition sur la ressource Collectivité 3", + message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoires.edition sur la ressource Collectivité 3", error: 'Unauthorized', statusCode: 401, }); @@ -286,7 +286,7 @@ describe('Calcul de trajectoire SNBC', () => { .set('Authorization', `Bearer ${yoloDodoToken}`) .expect(401) .expect({ - message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoire.edition sur la ressource Collectivité 3895", + message: "Droits insuffisants, l'utilisateur 17440546-f389-4d4f-bfdb-b0c94a1bd0f9 n'a pas l'autorisation indicateurs.trajectoires.edition sur la ressource Collectivité 3895", error: 'Unauthorized', statusCode: 401, }); diff --git a/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.spec.ts b/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.spec.ts index b0c5344de65..2545b685661 100644 --- a/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.spec.ts +++ b/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.spec.ts @@ -5,7 +5,7 @@ import { GetFilteredIndicateurRequestQueryOptionType, GetFilteredIndicateursRequestOptionType, } from './get-filtered-indicateurs.request'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; import CollectivitesService from '../../collectivites/services/collectivites.service'; describe('IndicateurFiltreService', () => { diff --git a/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.ts b/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.ts index 4b41dfb98dc..e3d4d172870 100644 --- a/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.ts +++ b/backend/src/indicateurs/indicateur-filtre/indicateur-filtre.service.ts @@ -24,10 +24,10 @@ import { indicateurCollectiviteTable } from '../models/indicateur-collectivite.t import { indicateurActionTable } from '../models/indicateur-action.table'; import { ficheActionIndicateurTable } from '../../fiches/models/fiche-action-indicateur.table'; import { indicateurServiceTagTable } from '../models/indicateur-service-tag.table'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; import CollectivitesService from '../../collectivites/services/collectivites.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; export type RequestResultIndicateursRaw = { id: number; @@ -128,11 +128,11 @@ export default class IndicateurFiltreService { const collectivitePrivate = await this.collectiviteService.isPrivate( collectiviteId ); - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, collectivitePrivate - ? Authorization.COLLECTIVITES_CONTENT_LECTURE - : Authorization.COLLECTIVITES_CONTENT_VISITE, + ? PermissionOperation.COLLECTIVITES_LECTURE + : PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/indicateurs/services/export-indicateurs.service.ts b/backend/src/indicateurs/services/export-indicateurs.service.ts index f69ad9c5613..439ca174723 100644 --- a/backend/src/indicateurs/services/export-indicateurs.service.ts +++ b/backend/src/indicateurs/services/export-indicateurs.service.ts @@ -17,9 +17,9 @@ import { normalizeWorksheetName, } from '../../common/services/xlsx.helper'; import CollectivitesService from '../../collectivites/services/collectivites.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; @Injectable() export default class ExportIndicateursService { @@ -39,9 +39,9 @@ export default class ExportIndicateursService { this.logger.log("Vérification des droits avant l'export xlsx"); - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.FICHES_LECTURE, + PermissionOperation.PLANS_FICHES_LECTURE, ResourceType.COLLECTIVITE, options.collectiviteId ); diff --git a/backend/src/indicateurs/services/indicateurs.service.spec.ts b/backend/src/indicateurs/services/indicateurs.service.spec.ts index ab96b1e1f36..72f5d871827 100644 --- a/backend/src/indicateurs/services/indicateurs.service.spec.ts +++ b/backend/src/indicateurs/services/indicateurs.service.spec.ts @@ -10,7 +10,7 @@ import { IndicateurValeurAvecMetadonnesDefinition, IndicateurValeurType, } from '../models/indicateur-valeur.table'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; import IndicateursService from './indicateurs.service'; describe('IndicateursService', () => { diff --git a/backend/src/indicateurs/services/indicateurs.service.ts b/backend/src/indicateurs/services/indicateurs.service.ts index 3280f595ebd..54060a14c1b 100644 --- a/backend/src/indicateurs/services/indicateurs.service.ts +++ b/backend/src/indicateurs/services/indicateurs.service.ts @@ -45,9 +45,9 @@ import { import { indicateurGroupeTable } from '../models/indicateur-groupe.table'; import { groupementTable } from '../../collectivites/models/groupement.table'; import { groupementCollectiviteTable } from '../../collectivites/models/groupement-collectivite.table'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; @Injectable() export default class IndicateursService { @@ -202,9 +202,9 @@ export default class IndicateursService { options: GetIndicateursValeursRequestType, tokenInfo: AuthenticatedUser ): Promise { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.INDICATEURS_LECTURE, + PermissionOperation.INDICATEURS_LECTURE, ResourceType.COLLECTIVITE, options.collectiviteId ); @@ -373,9 +373,9 @@ export default class IndicateursService { ...new Set(indicateurValeurs.map((v) => v.collectiviteId)), ]; for (const collectiviteId of collectiviteIds) { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.INDICATEURS_EDITION, + PermissionOperation.INDICATEURS_EDITION, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/indicateurs/services/trajectoires-data.service.spec.ts b/backend/src/indicateurs/services/trajectoires-data.service.spec.ts index f7bf793b64d..481f49c4bb3 100644 --- a/backend/src/indicateurs/services/trajectoires-data.service.spec.ts +++ b/backend/src/indicateurs/services/trajectoires-data.service.spec.ts @@ -6,7 +6,7 @@ import { IndicateurValeurType } from '../models/indicateur-valeur.table'; import IndicateurSourcesService from './indicateur-sources.service'; import IndicateursService from './indicateurs.service'; import TrajectoiresDataService from './trajectoires-data.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; describe('TrajectoiresDataService test', () => { let trajectoiresDataService: TrajectoiresDataService; diff --git a/backend/src/indicateurs/services/trajectoires-data.service.ts b/backend/src/indicateurs/services/trajectoires-data.service.ts index 63c3d134492..fc0bbb253ff 100644 --- a/backend/src/indicateurs/services/trajectoires-data.service.ts +++ b/backend/src/indicateurs/services/trajectoires-data.service.ts @@ -26,9 +26,9 @@ import { VerificationTrajectoireRequestType } from '../models/verification-traje import { DonneesCalculTrajectoireARemplirType } from '../models/donnees-calcul-trajectoire-a-remplir.dto'; import { DonneesARemplirValeurType } from '../models/donnees-a-remplir-valeur.dto'; import { DonneesARemplirResultType } from '../models/donnees-a-remplir-result.dto'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; import IndicateurSourcesService from './indicateur-sources.service'; import IndicateursService from './indicateurs.service'; @@ -618,9 +618,9 @@ export default class TrajectoiresDataService { forceRecuperationDonneesUniquementPourLecture = false ): Promise { // Vérification des droits pour lire les données - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.INDICATEURS_TRAJECTOIRE_LECTURE, + PermissionOperation.INDICATEURS_TRAJECTOIRES_LECTURE, ResourceType.COLLECTIVITE, request.collectiviteId ); @@ -686,9 +686,9 @@ export default class TrajectoiresDataService { } if(!forceRecuperationDonneesUniquementPourLecture) { // Vérification des droits pour calculer les données - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.INDICATEURS_TRAJECTOIRE_EDITION, + PermissionOperation.INDICATEURS_TRAJECTOIRES_EDITION, ResourceType.COLLECTIVITE, request.collectiviteId ); @@ -747,9 +747,9 @@ export default class TrajectoiresDataService { // Vérifie les droits de l'utilisateur if (tokenInfo) { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.INDICATEURS_TRAJECTOIRE_EDITION, + PermissionOperation.INDICATEURS_TRAJECTOIRES_EDITION, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/personnalisations/services/personnalisations-service.ts b/backend/src/personnalisations/services/personnalisations-service.ts index 2e24082e28c..84c9a5028df 100644 --- a/backend/src/personnalisations/services/personnalisations-service.ts +++ b/backend/src/personnalisations/services/personnalisations-service.ts @@ -22,9 +22,9 @@ import { reponseBinaireTable } from '../models/reponse-binaire.table'; import { reponseChoixTable } from '../models/reponse-choix.table'; import { reponseProportionTable } from '../models/reponse-proportion.table'; import ExpressionParserService from './expression-parser.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; export type ReponseTables = | typeof reponseBinaireTable @@ -99,9 +99,9 @@ export default class PersonnalisationsService { // Seulement les personnes ayant l'accès en lecture à la collectivité peuvent voir les réponses historiques if (reponsesDate && tokenInfo) { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.REFERENTIELS_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, ResourceType.COLLECTIVITE, collectiviteId ); @@ -168,9 +168,9 @@ export default class PersonnalisationsService { }> { // Seulement les personnes ayant l'accès en lecture à la collectivité peuvent voir les réponses historiques if (request.date && tokenInfo) { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.REFERENTIELS_LECTURE, + PermissionOperation.REFERENTIELS_LECTURE, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/referentiels/services/referentiels-scoring-snapshots.service.ts b/backend/src/referentiels/services/referentiels-scoring-snapshots.service.ts index 904869a9899..17bd58b4c5c 100644 --- a/backend/src/referentiels/services/referentiels-scoring-snapshots.service.ts +++ b/backend/src/referentiels/services/referentiels-scoring-snapshots.service.ts @@ -28,9 +28,9 @@ import { scoreSnapshotTable, ScoreSnapshotType, } from '../models/score-snapshot.table'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; @Injectable() export default class ReferentielsScoringSnapshotsService { @@ -477,9 +477,9 @@ export default class ReferentielsScoringSnapshotsService { snapshotRef: string, tokenInfo: AuthUser ): Promise { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, - Authorization.REFERENTIELS_EDITION, + PermissionOperation.REFERENTIELS_EDITION, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/referentiels/services/referentiels-scoring.service.spec.ts b/backend/src/referentiels/services/referentiels-scoring.service.spec.ts index 286f71948e3..ca47a5c2ea0 100644 --- a/backend/src/referentiels/services/referentiels-scoring.service.spec.ts +++ b/backend/src/referentiels/services/referentiels-scoring.service.spec.ts @@ -26,7 +26,7 @@ import LabellisationService from './labellisation.service'; import ReferentielsScoringSnapshotsService from './referentiels-scoring-snapshots.service'; import ReferentielsScoringService from './referentiels-scoring.service'; import ReferentielsService from './referentiels.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; describe('ReferentielsScoringService', () => { let referentielsScoringService: ReferentielsScoringService; diff --git a/backend/src/referentiels/services/referentiels-scoring.service.ts b/backend/src/referentiels/services/referentiels-scoring.service.ts index ac2b2a78493..1165903de1a 100644 --- a/backend/src/referentiels/services/referentiels-scoring.service.ts +++ b/backend/src/referentiels/services/referentiels-scoring.service.ts @@ -20,7 +20,7 @@ import { chunk, isNil } from 'es-toolkit'; import * as _ from 'lodash'; import { DateTime } from 'luxon'; import { AuthenticatedUser } from '../../auth/models/auth.models'; -import { NiveauAcces } from '../../auth/gestion-des-droits/roles/niveau-acces.enum'; +import { NiveauAcces } from '@/backend/auth/authorizations/roles/niveau-acces.enum'; import { CollectiviteAvecType } from '../../collectivites/models/identite-collectivite.dto'; import CollectivitesService from '../../collectivites/services/collectivites.service'; import DatabaseService from '../../common/services/database.service'; @@ -76,9 +76,9 @@ import { ScoreJalon } from '../models/score-jalon.enum'; import LabellisationService from './labellisation.service'; import ReferentielsScoringSnapshotsService from './referentiels-scoring-snapshots.service'; import ReferentielsService from './referentiels.service'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; @Injectable() export default class ReferentielsScoringService { @@ -132,11 +132,11 @@ export default class ReferentielsScoringService { ): Promise { // Check read access if a date is given (historical data) if (tokenInfo) { - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, niveauAccesMinimum === NiveauAcces.LECTURE - ? Authorization.REFERENTIELS_LECTURE - : Authorization.REFERENTIELS_EDITION, + ? PermissionOperation.REFERENTIELS_LECTURE + : PermissionOperation.REFERENTIELS_EDITION, ResourceType.COLLECTIVITE, collectiviteId ); diff --git a/backend/src/referentiels/update-action-statut/update-action-statut.service.ts b/backend/src/referentiels/update-action-statut/update-action-statut.service.ts index b550fccce04..3034ae3c37b 100644 --- a/backend/src/referentiels/update-action-statut/update-action-statut.service.ts +++ b/backend/src/referentiels/update-action-statut/update-action-statut.service.ts @@ -14,9 +14,9 @@ import { ComputeScoreMode } from '../models/compute-scores-mode.enum'; import { GetReferentielScoresRequestType } from '../models/get-referentiel-scores.request'; import ReferentielsScoringService from '../services/referentiels-scoring.service'; import ReferentielsService from '../services/referentiels.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; export const upsertActionStatutRequestSchema = z.object({ actionStatut: createActionStatutSchema, @@ -41,9 +41,9 @@ export class UpdateActionStatutService { user: AuthenticatedUser ) { // Check user access - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( user, - Authorization.REFERENTIELS_EDITION, + PermissionOperation.REFERENTIELS_EDITION, ResourceType.COLLECTIVITE, request.actionStatut.collectiviteId ); diff --git a/backend/src/taxonomie/services/tag.service.ts b/backend/src/taxonomie/services/tag.service.ts index 9844803c159..7aa35775380 100644 --- a/backend/src/taxonomie/services/tag.service.ts +++ b/backend/src/taxonomie/services/tag.service.ts @@ -6,10 +6,10 @@ import { categorieTagTable } from '../models/categorie-tag.table'; import { groupementCollectiviteTable } from '../../collectivites/models/groupement-collectivite.table'; import { TagType } from '../models/tag.table-base'; import { AuthenticatedUser } from '../../auth/models/auth.models'; -import { Authorization } from '../../auth/gestion-des-droits/authorization.enum'; -import { ResourceType } from '../../auth/gestion-des-droits/resource-type.enum'; +import { PermissionOperation } from '@/backend/auth/authorizations/permission-operation.enum'; +import { ResourceType } from '@/backend/auth/authorizations/resource-type.enum'; import CollectivitesService from '../../collectivites/services/collectivites.service'; -import { PermissionService } from '../../auth/gestion-des-droits/permission.service'; +import { PermissionService } from '@/backend/auth/authorizations/permission.service'; @Injectable() export default class TagService { @@ -70,11 +70,11 @@ export default class TagService { const collectivitePrivate = await this.collectiviteService.isPrivate( collectiviteId ); - await this.permissionService.hasTheRightTo( + await this.permissionService.isAllowed( tokenInfo, collectivitePrivate - ? Authorization.COLLECTIVITES_CONTENT_LECTURE - : Authorization.COLLECTIVITES_CONTENT_VISITE, + ? PermissionOperation.COLLECTIVITES_LECTURE + : PermissionOperation.COLLECTIVITES_VISITE, ResourceType.COLLECTIVITE, collectiviteId );