chore: amend users query with user scopes

opencrvs · Nov 8, 2024 · f640055 · f640055
1 parent 88e0130
commit f640055
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 8 deletions.
diff --git a/packages/gateway/src/features/search/root-resolvers.test.ts b/packages/gateway/src/features/search/root-resolvers.test.ts
@@ -13,7 +13,7 @@ import * as fetchAny from 'jest-fetch-mock'
 import * as jwt from 'jsonwebtoken'
 import { readFileSync } from 'fs'
 import { TestResolvers } from '@gateway/utils/testUtils'
-import { SCOPES } from '@gateway/../../commons/build/dist/scopes'
+import { SCOPES } from '@opencrvs/commons/authentication'
 const resolvers = typeResolvers as unknown as TestResolvers
 const fetch = fetchAny as any
 
@@ -321,7 +321,7 @@ describe('Search root resolvers', () => {
 
     beforeEach(() => {
       fetch.resetMocks()
-      const performanceToken = jwt.sign(
+      const unauthorizedToken = jwt.sign(
         { scope: [SCOPES.RECORD_DECLARE_BIRTH] },
         readFileSync('./test/cert.key'),
         {
@@ -332,7 +332,7 @@ describe('Search root resolvers', () => {
         }
       )
       unauthorizedUser = {
-        Authorization: `Bearer ${performanceToken}`
+        Authorization: `Bearer ${unauthorizedToken}`
       }
       const sysadminUserToken = jwt.sign(
         { scope: [SCOPES.PERFORMANCE_READ] },

diff --git a/packages/gateway/src/features/user/root-resolvers.ts b/packages/gateway/src/features/user/root-resolvers.ts
@@ -87,8 +87,7 @@ export const resolvers: GQLResolver = {
         if (
           !inScope(authHeader, [
             SCOPES.USER_READ,
-            SCOPES.RECORD_REGISTER,
-            SCOPES.RECORD_SUBMIT_FOR_APPROVAL
+            SCOPES.USER_READ_MY_JURISDICTION
           ])
         ) {
           return await Promise.reject(
@@ -150,8 +149,7 @@ export const resolvers: GQLResolver = {
         if (
           !inScope(authHeader, [
             SCOPES.USER_READ,
-            SCOPES.RECORD_REGISTER,
-            SCOPES.RECORD_SUBMIT_FOR_APPROVAL
+            SCOPES.USER_READ_MY_JURISDICTION
           ])
         ) {
           return await Promise.reject(
@@ -369,7 +367,7 @@ export const resolvers: GQLResolver = {
     ) {
       // Only token owner of CONFIG_UPDATE_ALL should be able to change their password
       if (
-        !hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL) &&
+        !hasScope(authHeader, SCOPES.USER_READ) &&
         !isTokenOwner(authHeader, userId)
       ) {
         return await Promise.reject(