1561: Add import store role

administration/src/Router.tsx

@@ -18,6 +18,7 @@ import RegionsController from './bp-modules/regions/RegionController'
 import DataPrivacyController from './bp-modules/regions/data-privacy-policy/DataPrivacyController'
 import DataPrivacyPolicy from './bp-modules/regions/data-privacy-policy/DataPrivacyPolicy'
 import StatisticsController from './bp-modules/statistics/StatisticsController'
+import StoresController from './bp-modules/stores/StoresController'
 import UserSettingsController from './bp-modules/user-settings/UserSettingsController'
 import ManageUsersController from './bp-modules/users/ManageUsersController'
 import ActivationPage from './mui-modules/activation/ActivationPage'
@@ -89,6 +90,7 @@ const Router = () => {
             : []),
           { path: 'users', element: <ManageUsersController /> },
           { path: 'user-settings', element: <UserSettingsController /> },
+          { path: 'stores', element: <StoresController /> },
           { path: '*', element: <HomeController /> },
         ],
       },

administration/src/bp-modules/NavigationBar.tsx

@@ -67,6 +67,11 @@ const Navigation = (props: Props) => {
             <Button minimal icon='path-search' text='Region verwalten' />
           </NavLink>
         ) : null}
+        {role === Role.ProjectStoreManager ? (
+          <NavLink to={'/stores'}>
+            <Button minimal icon='shop' text='Akzeptanzpartner verwalten' />
+          </NavLink>
+        ) : null}
       </Navbar.Group>
       <Navbar.Group align={Alignment.RIGHT}>
         <UserMenu onSignOut={props.onSignOut} />

administration/src/bp-modules/home/HomeController.tsx

@@ -55,6 +55,11 @@ const HomeController = () => {
           <StyledButton icon='path-search' text='Region verwalten' />
         </NavLink>
       ) : null}
+      {role === Role.ProjectStoreManager ? (
+        <NavLink to={'/stores'}>
+          <Button minimal icon='shop' text='Akzeptanzpartner verwalten' />
+        </NavLink>
+      ) : null}
     </Container>
   )
 }

administration/src/bp-modules/stores/StoresController.tsx

@@ -0,0 +1,10 @@
+import React, { ReactElement } from 'react'
+
+type StoresControllerProps = {}
+
+const StoresController = (props: StoresControllerProps): ReactElement => {
+  // TODO 1475 CSV Store Import Module
+  return <div>Store Import</div>
+}
+
+export default StoresController

administration/src/bp-modules/users/UsersTable.tsx

@@ -120,6 +120,8 @@ export const roleToText = (role: Role): string => {
       return 'Keine'
     case Role.ProjectAdmin:
       return 'Administrator'
+    case Role.ProjectStoreManager:
+      return 'Verwaltung Akzeptanzpartner'
     case Role.RegionAdmin:
       return 'Regionsadministrator'
     case Role.RegionManager:

backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/Schema.kt

@@ -26,7 +26,7 @@ object Administrators : IntIdTable() {
     val deleted = bool("deleted")
 
     init {
-        val noRegionCompatibleRoles = listOf(Role.PROJECT_ADMIN, Role.NO_RIGHTS)
+        val noRegionCompatibleRoles = listOf(Role.PROJECT_ADMIN, Role.NO_RIGHTS, Role.PROJECT_STORE_MANAGER)
         val regionCompatibleRoles = listOf(Role.REGION_MANAGER, Role.REGION_ADMIN, Role.NO_RIGHTS)
         check("roleRegionCombinationConstraint") {
             regionId.isNull().and(role.inList(noRegionCompatibleRoles.map { it.db_value })) or

backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt

@@ -134,4 +134,8 @@ object Authorizer {
         }
         return false
     }
+
+    fun mayUpdateStoresInProject(user: AdministratorEntity, projectId: Int): Boolean {
+        return user.projectId.value == projectId && user.role == Role.PROJECT_STORE_MANAGER.db_value
+    }
 }

backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/types/Role.kt

@@ -6,6 +6,9 @@ enum class Role(val db_value: String) {
     // A Project Admin has the right to (de)nominate Region Admins for each region in his project
     PROJECT_ADMIN("PROJECT_ADMIN"),
 
+    // A project store manager has the right to import stores in his project.
+    PROJECT_STORE_MANAGER("PROJECT_STORE_MANAGER"),
+
     // A Region Admin has the right to (de)nominate Region Managers for his project. He also has the right to create cards
     // for his project.
     REGION_ADMIN("REGION_ADMIN"),

backend/src/main/kotlin/app/ehrenamtskarte/backend/common/database/Database.kt

@@ -41,7 +41,15 @@ class Database {
         ) {
             val role = Role.fromDbValue(roleDbValue)
             transaction {
-                val testRegionId = if (role != Role.PROJECT_ADMIN) RegionsRepository.findAllInProject(project).first().id.value else null
+                val testRegionId = if (role in setOf(
+                        Role.REGION_MANAGER,
+                        Role.REGION_ADMIN
+                    )
+                ) {
+                    RegionsRepository.findAllInProject(project).first().id.value
+                } else {
+                    null
+                }
                 AdministratorsRepository.insert(project, email, password, role, testRegionId)
             }
         }

backend/src/main/kotlin/app/ehrenamtskarte/backend/migration/migrations/MigrationsRegistry.kt

@@ -15,6 +15,7 @@ object MigrationsRegistry {
         V0011_AddRegionCardConfirmationMailActivation(),
         V0012_AddApplicationCardCreated(),
         V0013_FixExpirationDateGoldCard(),
-        V0014_CreateUserEntitlementsTable()
+        V0014_CreateUserEntitlementsTable(),
+        V0015_UpdateRoleRegionCombinationConstraint()
     )
 }

backend/src/main/kotlin/app/ehrenamtskarte/backend/migration/migrations/V0015_UpdateRoleRegionCombinationConstraint.kt

@@ -0,0 +1,19 @@
+package app.ehrenamtskarte.backend.migration.migrations
+
+import app.ehrenamtskarte.backend.migration.Migration
+import app.ehrenamtskarte.backend.migration.Statement
+
+/**
+ * Drops and Adds new constraint for roleregioncombination to accept PROJECT_STORE_MANAGER
+ */
+@Suppress("ClassName")
+internal class V0015_UpdateRoleRegionCombinationConstraint : Migration() {
+    override val migrate: Statement = {
+        exec(
+            """
+            ALTER TABLE administrators DROP CONSTRAINT roleregioncombinationconstraint;
+            ALTER TABLE administrators ADD CONSTRAINT roleregioncombinationconstraint CHECK (((("regionId" IS NULL) AND ((role)::text = ANY ((ARRAY['PROJECT_ADMIN'::character varying, 'NO_RIGHTS'::character varying, 'PROJECT_STORE_MANAGER'::character varying])::text[]))) OR (("regionId" IS NOT NULL) AND ((role)::text = ANY ((ARRAY['REGION_MANAGER'::character varying, 'REGION_ADMIN'::character varying, 'NO_RIGHTS'::character varying])::text[])))));
+            """.trimIndent()
+        )
+    }
+}

backend/src/test/kotlin/app/ehrenamtskarte/backend/auth/service/AuthorizerTest.kt

@@ -0,0 +1,69 @@
+package app.ehrenamtskarte.backend.auth.service
+
+import app.ehrenamtskarte.backend.IntegrationTest
+import app.ehrenamtskarte.backend.auth.database.AdministratorEntity
+import app.ehrenamtskarte.backend.auth.database.Administrators
+import app.ehrenamtskarte.backend.auth.webservice.schema.types.Role
+import org.jetbrains.exposed.sql.deleteAll
+import org.jetbrains.exposed.sql.insert
+import org.jetbrains.exposed.sql.selectAll
+import org.jetbrains.exposed.sql.transactions.transaction
+import org.junit.After
+import org.junit.Before
+import org.junit.Test
+import java.time.Instant
+import kotlin.test.assertEquals
+
+internal class AuthorizerTest : IntegrationTest() {
+    private val emailStoreManager = "[email protected]"
+    private val emailProjectAdmin = "[email protected]"
+
+    // prepare user test data
+    @Before
+    fun createTestUsers() {
+        transaction {
+            Administrators.insert {
+                it[email] = emailStoreManager
+                it[projectId] = 2
+                it[regionId] = null
+                it[role] = Role.PROJECT_STORE_MANAGER.db_value
+                it[passwordHash] = "34u23nke2131sad".toByteArray()
+                it[passwordResetKeyHash] = "34u23nke2131sad".toByteArray()
+                it[passwordResetKeyExpiry] = Instant.now()
+                it[deleted] = false
+            }
+
+            Administrators.insert {
+                it[email] = emailProjectAdmin
+                it[projectId] = 2
+                it[regionId] = null
+                it[role] = Role.PROJECT_ADMIN.db_value
+                it[passwordHash] = "34u23nke2131sad".toByteArray()
+                it[passwordResetKeyHash] = "34u23nke2131sad".toByteArray()
+                it[passwordResetKeyExpiry] = Instant.now()
+                it[deleted] = false
+            }
+        }
+
+        transaction {
+            assertEquals(2, Administrators.selectAll().count())
+        }
+    }
+
+    @After
+    fun cleanUpUsers() {
+        transaction {
+            Administrators.deleteAll()
+        }
+    }
+
+    @Test
+    fun testMayUpdateStoresInProject() {
+        transaction {
+            val storeManager = AdministratorEntity.find { Administrators.email eq emailStoreManager }.single()
+            val projectAdmin = AdministratorEntity.find { Administrators.email eq emailProjectAdmin }.single()
+            assertEquals(Authorizer.mayUpdateStoresInProject(storeManager, 2), true)
+            assertEquals(Authorizer.mayUpdateStoresInProject(projectAdmin, 2), false)
+        }
+    }
+}

specs/backend-api.graphql

@@ -307,6 +307,7 @@ enum GraphQLExceptionCode {
 enum Role {
   NO_RIGHTS
   PROJECT_ADMIN
+  PROJECT_STORE_MANAGER
   REGION_ADMIN
   REGION_MANAGER
 }