Allow u-bahn role users to perform almost same actions as admin, except admin

Author: callmekatootie

src/common/helper.js

@@ -221,7 +221,11 @@ function injectSearchMeta (req, res, result) {
  * @param recordObj the record object
  */
 function permissionCheck (auth, recordObj) {
-  if (auth && auth.roles && !checkIfExists(auth.roles, [appConst.UserRoles.admin, appConst.UserRoles.administrator]) &&
+  if (
+    auth &&
+    auth.roles &&
+    !checkIfExists(auth.roles, appConst.AdminUser) &&
+    !checkIfExists(auth.roles, [appConst.UserRoles.ubahn]) &&
     recordObj.createdBy !== getAuthUser(auth)) {
     throw errors.newPermissionError('You are not allowed to perform this action')
   }

src/consts.js

@@ -6,13 +6,20 @@ const UserRoles = {
   admin: 'Admin',
   administrator: 'Administrator',
   topcoderUser: 'Topcoder User',
-  copilot: 'Copilot'
+  copilot: 'Copilot',
+  ubahn: 'u-bahn'
 }
 /**
  * all authenticated users.
  * @type {(string)[]}
  */
-const AllAuthenticatedUsers = [UserRoles.admin, UserRoles.administrator, UserRoles.topcoderUser, UserRoles.copilot]
+const AllAuthenticatedUsers = [
+  UserRoles.admin,
+  UserRoles.administrator,
+  UserRoles.topcoderUser,
+  UserRoles.copilot,
+  UserRoles.ubahn
+]
 
 /**
  * all admin user

src/modules/usersSkill/route.js

@@ -47,7 +47,7 @@ module.exports = {
     delete: {
       method: Controller.remove,
       auth: 'jwt',
-      access: consts.AdminUser,
+      access: [...consts.AdminUser, consts.UserRoles.ubahn],
       scopes: ['delete:usersSkill', 'all:usersSkill']
     }
   }