[CLOUDTRUST-2426] Fix Validate authorization

cloudtrust · Mar 23, 2020 · 6f87bfa · 6f87bfa
1 parent 4c31fd7
commit 6f87bfa
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 10 deletions.
diff --git a/pkg/kyc/authorization.go b/pkg/kyc/authorization.go
@@ -21,11 +21,6 @@ func newAction(as string, scope security.Scope) security.Action {
 	return a
 }
 
-const (
-	// RegistrationOfficer is the name of the Keycloak group required for KYC API methods
-	RegistrationOfficer = "registration_officer"
-)
-
 // Creates constants for API method names
 var (
 	KYCGetActions        = newAction("KYC_GetActions", security.ScopeGlobal)
@@ -95,9 +90,8 @@ func (c *authorizationComponentMW) GetUser(ctx context.Context, userID string) (
 func (c *authorizationComponentMW) ValidateUser(ctx context.Context, userID string, user apikyc.UserRepresentation) error {
 	var action = KYCValidateUser.String()
 	var targetRealm = c.realmName
-	var groupID = RegistrationOfficer
 
-	if err := c.authManager.CheckAuthorizationOnTargetGroup(ctx, action, targetRealm, groupID); err != nil {
+	if err := c.authManager.CheckAuthorizationOnTargetUser(ctx, action, targetRealm, userID); err != nil {
 		return err
 	}
 

diff --git a/pkg/kyc/authorization_test.go b/pkg/kyc/authorization_test.go
@@ -26,7 +26,6 @@ func TestMakeAuthorizationRegisterComponentMW(t *testing.T) {
 	var userID = "user4673"
 	var groupIDs = []string{"group1", "group2"}
 	var username = "username"
-	var group = RegistrationOfficer
 	var expectedErr = errors.New("")
 
 	var component = MakeAuthorizationRegisterComponentMW(realm, logger.NewNopLogger(), mockAuthManager)(mockComponent)
@@ -72,13 +71,13 @@ func TestMakeAuthorizationRegisterComponentMW(t *testing.T) {
 	})
 
 	t.Run("ValidateUser - not authorized", func(t *testing.T) {
-		mockAuthManager.EXPECT().CheckAuthorizationOnTargetGroup(ctx, KYCValidateUser.String(), realm, group).Return(expectedErr)
+		mockAuthManager.EXPECT().CheckAuthorizationOnTargetUser(ctx, KYCValidateUser.String(), realm, userID).Return(expectedErr)
 		var err = component.ValidateUser(ctx, userID, user)
 		assert.Equal(t, expectedErr, err)
 	})
 
 	t.Run("ValidateUser - authorized", func(t *testing.T) {
-		mockAuthManager.EXPECT().CheckAuthorizationOnTargetGroup(ctx, KYCValidateUser.String(), realm, group).Return(nil)
+		mockAuthManager.EXPECT().CheckAuthorizationOnTargetUser(ctx, KYCValidateUser.String(), realm, userID).Return(nil)
 		mockComponent.EXPECT().ValidateUser(ctx, userID, user).Return(expectedErr).Times(1)
 		var err = component.ValidateUser(ctx, userID, user)
 		assert.Equal(t, expectedErr, err)