fix: Fix access merge

Author: SiniCode

.gitignore

@@ -6,3 +6,4 @@ debug.log
 .env
 coverage
 .DS_Store
+backups

docker-compose.ci.yml

@@ -9,7 +9,7 @@ services:
       - PORT=3003
       - NODE_ENV=test
     ports:
-      - 3000:3003
+      - 3001:3003
     container_name: jami_dev
 
   db:

docker-compose.yml

@@ -13,7 +13,7 @@ services:
     volumes:
       - ./:/usr/src/app
     ports:
-      - 3000:3000
+      - 3001:3000
     container_name: jami_dev
     tty: true
 
@@ -22,8 +22,8 @@ services:
     environment:
       - PGDATA=/data
       - POSTGRES_PASSWORD=postgres
-    ports:
-      - 5432:5432
+    # ports:
+    #   - 5432:5432
     volumes:
       - pg_data:/data
     container_name: jami_db

scripts/get_prod_db.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+
+CONTAINER=jami_db
+SERVICE_NAME=db
+DB_NAME=postgres
+
+# JAMI_DB=jami-db
+
+# current_date=$(date +"%Y%m%d")
+# JAMI_FILE_NAME="jami_${current_date}.sql.gz"
+
+FOLDER_NAME="jami"
+
+PROJECT_ROOT=$(dirname $(dirname $(realpath "$0")))
+BACKUPS=$PROJECT_ROOT/backups/
+DOCKER_COMPOSE=$PROJECT_ROOT/docker-compose.yml
+
+S3_CONF=~/.s3cfg
+
+retry () {
+    for i in {1..60}
+    do
+        $@ && break || echo "Retry attempt $i failed, waiting..." && sleep 3;
+    done
+}
+
+if [ ! -f "$S3_CONF" ]; then
+  echo ""
+  echo "!! No config file for s3 bucket !!"
+  echo "Create file for path ~/.s3cfg and copy the credetials from version.helsinki.fi"
+  echo ""
+  return 0
+fi
+
+echo "Creating backups folder"
+mkdir -p ${BACKUPS}
+
+echo "Listing available backups in S3 bucket..."
+backup_files=$(s3cmd -c "$S3_CONF" ls "s3://psyduck/${FOLDER_NAME}/" | awk '{print $4}' | grep '\.sql\.gz$')
+
+if [ -z "$backup_files" ]; then
+  echo "No backup files found in S3 bucket!"
+  exit 1
+fi
+
+echo "Available backups:"
+select chosen_backup in $backup_files; do
+  if [ -n "$chosen_backup" ]; then
+    echo "You selected: $chosen_backup"
+    FILE_NAME=$(basename "$chosen_backup")
+    break
+  else
+    echo "Invalid selection. Please select a valid backup number."
+  fi
+done
+
+echo "Fetching the selected dump: $FILE_NAME"
+s3cmd -c "$S3_CONF" get "$chosen_backup" "$BACKUPS"
+
+if [ ! -f "${BACKUPS}${FILE_NAME}" ]; then
+  echo "Download failed or file not found: ${BACKUPS}${FILE_NAME}"
+  exit 1
+fi
+
+echo "Removing database and related volume"
+docker-compose -f $DOCKER_COMPOSE down -v
+
+echo "Starting postgres in the background"
+docker-compose -f $DOCKER_COMPOSE up -d $SERVICE_NAME
+
+retry docker-compose -f $DOCKER_COMPOSE exec $SERVICE_NAME pg_isready --dbname=$DB_NAME
+
+echo "Populating ${FOLDER_NAME}"
+docker exec -i $CONTAINER /bin/bash -c "gunzip | psql -U postgres" < ${BACKUPS}${FILE_NAME}

src/auth/IAMRights.ts

@@ -237,8 +237,6 @@ const getFacultyAdminRights: AccessSpecialGroupFunction = (hyGroups) => {
   return { access, specialGroup: {} }
 }
 
-
-
 /**
  * Grant reading rights to programmes of faculties if user is kosu or dekaanaatti of some faculties
  */
@@ -437,7 +435,17 @@ const getIAMRights: AccessSpecialGroupFunction = (hyGroups) => {
     ]
       .map((f) => f(hyGroups))
       .forEach((accessInfo) => {
-        access = { ...access, ...accessInfo.access }
+        for (const code in accessInfo.access) {
+          const newAccess = accessInfo.access[code]
+          const oldAccess = access[code]
+
+          access[code] = {
+            read: newAccess.read || oldAccess?.read,
+            write: newAccess.write || oldAccess?.write,
+            admin: newAccess.admin || oldAccess?.admin
+          }
+        }
+
         specialGroup = { ...specialGroup, ...accessInfo.specialGroup }
       })
 

tests/dekaani.spec.js

@@ -51,4 +51,47 @@ describe.concurrent('Dekaani', () => {
         expect(access[programme].admin).toBe(true)
       })
   })
+
+  it('R K-T works', async () => {
+    const res = await api.post('', {
+      userId: 'rkt',
+      iamGroups: [
+        'hy-employees',
+        'grp-oodikone-users',
+        'grp-oodikone-basic-users',
+        'hy-varadekaanit-opetus',
+        'hy-one',
+        'hy-eltdk-dekanaatti',
+        'grp-katselmus-eltdk',
+      ],
+    })
+
+    expect(res.status).toBe(200)
+    const access = await res.json()
+
+    expect(access['H90'].read).toBe(true)
+    expect(access['H90'].write).toBe(true)
+    expect(access['H90'].admin).toBeFalsy()
+
+    ;[
+      'KH90_001',
+      'MH90_001',
+      'T921108',
+      'T922106'
+    ].forEach((programme) => {
+      expect(access[programme].read).toBe(true)
+      expect(access[programme].write).toBe(true)
+      expect(access[programme].admin).toBe(true)
+    })
+
+    ;[
+      'KH10_001',
+      'MH30_005',
+      'T920102'
+    ].forEach((programme) => {
+      expect(access[programme].read).toBe(true)
+      expect(access[programme].write).toBeFalsy()
+      expect(access[programme].admin).toBeFalsy()
+    })
+  })
 })

tests/util/utils.js

@@ -1,4 +1,4 @@
-const baseUrl = 'http://localhost:3000'
+const baseUrl = 'http://localhost:3001'
 
 export const api = {
   get: async (endpoint) => {