Merge pull request #77 from imcaizheng/fix-permission-rules

fix permission rules as per issue #72

Author: maxceem

app-constants.js

@@ -3,9 +3,16 @@
  */
 
 const UserRoles = {
-  BookingManager: 'bookingmanager'
+  BookingManager: 'bookingmanager',
+  Administrator: 'administrator',
+  ConnectManager: 'Connect Manager'
 }
 
+const FullManagePermissionRoles = [
+  UserRoles.BookingManager,
+  UserRoles.Administrator
+]
+
 const Scopes = {
   // job
   READ_JOB: 'read:taas-jobs',
@@ -31,5 +38,6 @@ const Scopes = {
 
 module.exports = {
   UserRoles,
+  FullManagePermissionRoles,
   Scopes
 }

app-routes.js

@@ -49,8 +49,12 @@ module.exports = (app) => {
             }
           } else {
             req.authUser.jwtToken = req.headers.authorization
-            if (_.includes(req.authUser.roles, constants.UserRoles.BookingManager)) {
-              req.authUser.isBookingManager = true
+            // check if user has full manage permission
+            if (_.intersection(req.authUser.roles, constants.FullManagePermissionRoles).length) {
+              req.authUser.hasManagePermission = true
+            }
+            if (_.includes(req.authUser.roles, constants.UserRoles.ConnectManager)) {
+              req.authUser.isConnectManager = true
             }
             next()
           }