feat: permit node authority to update run_status if permission is gra…

…nted
PrivateAIM · Sep 4, 2024 · 06d1ba7 · 06d1ba7
1 parent a285db3
commit 06d1ba7
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts b/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts
@@ -29,21 +29,22 @@ export async function updateAnalysisNodeRouteHandler(req: Request, res: Response
     const ability = useRequestEnv(req, 'abilities');
 
     const isAuthorityOfNode = isRealmResourceWritable(useRequestEnv(req, 'realm'), entity.node_realm_id);
-    const isAuthorizedForNode = ability.has(PermissionName.ANALYSIS_APPROVE);
-
     const isAuthorityOfAnalysis = isRealmResourceWritable(useRequestEnv(req, 'realm'), entity.analysis_realm_id);
-    const isAuthorizedForAnalysis = ability.has(PermissionName.ANALYSIS_UPDATE);
 
-    if (
-        !(isAuthorityOfNode && isAuthorizedForNode) &&
-        !(isAuthorityOfAnalysis && isAuthorizedForAnalysis)
-    ) {
+    if (!isAuthorityOfNode && !isAuthorityOfAnalysis) {
+        throw new ForbiddenError();
+    }
+
+    const canUpdate = ability.has(PermissionName.ANALYSIS_UPDATE);
+    const canApprove = ability.has(PermissionName.ANALYSIS_APPROVE);
+
+    if (!canUpdate && !canApprove) {
         throw new ForbiddenError();
     }
 
     const result = await runAnalysisNodeValidation(req, 'update');
 
-    if (!isAuthorityOfNode) {
+    if (!isAuthorityOfNode || !canApprove) {
         if (result.data.approval_status) {
             delete result.data.approval_status;
         }
@@ -53,7 +54,13 @@ export async function updateAnalysisNodeRouteHandler(req: Request, res: Response
         }
     }
 
-    if (!isAuthorityOfAnalysis) {
+    if (!isAuthorityOfNode || !canUpdate) {
+        if (result.data.run_status) {
+            delete result.data.run_status;
+        }
+    }
+
+    if (!isAuthorityOfAnalysis || !canUpdate) {
         if (result.data.index) {
             delete result.data.index;
         }

diff --git a/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts b/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts
@@ -6,7 +6,7 @@
  */
 
 import { check } from 'express-validator';
-import { AnalysisNodeApprovalStatus } from '@privateaim/core-kit';
+import { AnalysisNodeApprovalStatus, AnalysisNodeRunStatus } from '@privateaim/core-kit';
 import { BadRequestError, NotFoundError } from '@ebec/http';
 import { isRealmResourceWritable } from '@authup/core-kit';
 import type { Request } from 'routup';
@@ -37,6 +37,11 @@ export async function runAnalysisNodeValidation(
             .run(req);
     }
 
+    await check('run_status')
+        .isIn(Object.values(AnalysisNodeRunStatus))
+        .optional({ values: 'null' })
+        .run(req);
+
     await check('index')
         .exists()
         .isInt()