bcgsc · elewis2 · Oct 3, 2024 · Jul 29, 2024 · Aug 21, 2024 · Aug 21, 2024
diff --git a/app/constants.js b/app/constants.js
@@ -55,4 +55,17 @@ module.exports = {
   MASTER_REPORT_ACCESS: ['admin', 'manager'],
   ALL_PROJECTS_ACCESS: ['admin', 'all projects access'],
   UPDATE_METHODS: ['POST', 'PUT', 'DELETE'],
+  USER_GROUPS: [
+    'admin',
+    'manager',
+    'report assignment access',
+    'create report access',
+    'germline access',
+    'non-production access',
+    'unreviewed access',
+    'all projects access',
+    'template edit access',
+    'appendix edit access',
+    'variant-text edit access',
+  ],
 };
diff --git a/app/libs/__mocks__/getUser.js b/app/libs/__mocks__/getUser.js
@@ -7,7 +7,6 @@ const include = [
     attributes: {
       exclude: ['id', 'deletedAt', 'updatedAt', 'createdAt', 'updatedBy'],
     },
-    through: {attributes: []},
   },
   {
     model: db.models.project,

diff --git a/app/libs/getUser.js b/app/libs/getUser.js
@@ -15,9 +15,8 @@ const include = [
     model: db.models.userGroup,
     as: 'groups',
     attributes: {
-      exclude: ['id', 'deletedAt', 'updatedAt', 'createdAt', 'updatedBy'],
+      exclude: ['id', 'deletedAt', 'updatedAt', 'createdAt', 'updatedBy', 'userId'],
     },
-    through: {attributes: []},
   },
   {
     model: db.models.project,

diff --git a/app/middleware/group.js b/app/middleware/group.js
@@ -3,13 +3,12 @@ const db = require('../models');
 const logger = require('../log');
 
 // Middleware for user groups
-module.exports = async (req, res, next, ident) => {
+module.exports = async (req, res, next, group) => {
   let result;
   try {
-    result = await db.models.userGroup.findOne({
-      where: {ident},
+    result = await db.models.user.scope('public').findAll({
       include: [
-        {as: 'users', model: db.models.user, attributes: {exclude: ['id', 'deletedAt', 'password', 'updatedBy']}, through: {attributes: []}},
+        {as: 'groups', model: db.models.userGroup, attributes: [], where: {name: group}},
       ],
     });
   } catch (error) {
@@ -20,12 +19,12 @@ module.exports = async (req, res, next, ident) => {
   }
 
   if (!result) {
-    logger.error(`Unable to find group ${ident}`);
+    logger.error(`Unable to find group ${group}`);
     return res.status(HTTP_STATUS.NOT_FOUND).json({
       error: {message: 'Unable to find group'},
     });
   }
 
-  req.group = result;
+  req.group = {name: group, users: result};
   return next();
 };
diff --git a/app/models/clearCache.js b/app/models/clearCache.js
@@ -12,7 +12,7 @@ const CLEAR_GERMLINE_CACHE_MODELS = [
 ];
 
 const CLEAR_USER_CACHE_MODELS = [
-  'userGroup', 'userGroupMember', 'userProject',
+  'userGroup', 'userProject',
 ];
 
 /**

diff --git a/app/models/index.js b/app/models/index.js
@@ -80,13 +80,9 @@ user.belongsToMany(analysisReports, {
 });
 
 const userGroup = require('./user/userGroup')(sequelize, Sq);
-const userGroupMember = require('./user/userGroupMember')(sequelize, Sq);
 
-user.belongsToMany(userGroup, {
-  as: 'groups', through: {model: userGroupMember, unique: false}, foreignKey: 'user_id', otherKey: 'group_id', onDelete: 'CASCADE',
-});
-userGroup.belongsToMany(user, {
-  as: 'users', through: {model: userGroupMember, unique: false}, foreignKey: 'group_id', otherKey: 'user_id', onDelete: 'CASCADE',
+user.hasMany(userGroup, {
+  as: 'groups', foreignKey: 'userId', onDelete: 'CASCADE', constraints: true,
 });
 
 // IMPORTANT must be done before the variant models are defined
@@ -487,9 +483,6 @@ const notification = require('./notification/notification')(sequelize, Sq);
 user.hasMany(notification, {
   as: 'notifications', foreignKey: 'userId', onDelete: 'CASCADE', constraints: true,
 });
-userGroup.hasMany(notification, {
-  as: 'notifications', foreignKey: 'userGroupId', onDelete: 'CASCADE', constraints: true,
-});
 project.hasMany(notification, {
   as: 'notifications', foreignKey: 'projectId', onDelete: 'CASCADE', constraints: true,
 });
@@ -505,9 +498,6 @@ notification.belongsTo(user, {
 notification.belongsTo(project, {
   as: 'project', foreignKey: 'projectId', targetKey: 'id', onDelete: 'CASCADE', constraints: true,
 });
-notification.belongsTo(userGroup, {
-  as: 'userGroup', foreignKey: 'userGroupId', targetKey: 'id', onDelete: 'CASCADE', constraints: true,
-});
 
 const notificationTrack = require('./notification/notificationTrack')(sequelize, Sq);
 

diff --git a/app/models/notification/notification.js b/app/models/notification/notification.js
@@ -1,4 +1,5 @@
 const {DEFAULT_COLUMNS, DEFAULT_OPTIONS} = require('../base');
+const {USER_GROUPS} = require('../../constants');
 
 module.exports = (sequelize, Sq) => {
   const notification = sequelize.define(
@@ -34,16 +35,12 @@ module.exports = (sequelize, Sq) => {
           key: 'id',
         },
       },
-      userGroupId: {
-        type: Sq.INTEGER,
-        name: 'userGroupId',
-        field: 'user_group_id',
+      userGroup: {
+        name: 'userGroup',
+        field: 'user_group',
         unique: false,
         allowNull: true,
-        references: {
-          model: 'user_groups',
-          key: 'id',
-        },
+        type: Sq.ENUM(USER_GROUPS),
       },
       templateId: {
         type: Sq.INTEGER,
@@ -62,19 +59,17 @@ module.exports = (sequelize, Sq) => {
       scopes: {
         public: {
           attributes: {
-            exclude: ['id', 'deletedAt', 'updatedBy', 'userId', 'projectId', 'userGroupId', 'templateId'],
+            exclude: ['id', 'deletedAt', 'updatedBy', 'userId', 'projectId', 'templateId'],
           },
           include: [
             {model: sequelize.models.user.scope('minimal'), as: 'user'},
-            {model: sequelize.models.userGroup.scope('minimal'), as: 'userGroup'},
             {model: sequelize.models.template.scope('minimal'), as: 'template'},
             {model: sequelize.models.project.scope('minimal'), as: 'project'},
           ],
         },
         extended: {
           include: [
             {model: sequelize.models.user, as: 'user'},
-            {model: sequelize.models.userGroup, as: 'userGroup', include: {model: sequelize.models.user, as: 'users', through: {attributes: []}}},
             {model: sequelize.models.template, as: 'template'},
             {model: sequelize.models.project, as: 'project'},
           ],

diff --git a/app/models/user/userGroup.js b/app/models/user/userGroup.js
@@ -1,32 +1,36 @@
 const {DEFAULT_COLUMNS, DEFAULT_OPTIONS} = require('../base');
+const {USER_GROUPS} = require('../../constants');
 
 module.exports = (sequelize, Sq) => {
   const userGroup = sequelize.define('userGroup', {
     ...DEFAULT_COLUMNS,
-    name: {
-      type: Sq.STRING,
+    userId: {
+      name: 'userId',
+      field: 'user_id',
+      type: Sq.INTEGER,
+      references: {
+        model: 'users',
+        key: 'id',
+      },
       allowNull: false,
     },
-    description: {
-      type: Sq.STRING,
-      allowNull: true,
+    name: {
+      type: Sq.ENUM(USER_GROUPS),
+      allowNull: false,
     },
   }, {
     ...DEFAULT_OPTIONS,
     tableName: 'user_groups',
     scopes: {
       public: {
-        order: [['name', 'ASC']],
+        order: [['user_id', 'ASC']],
         attributes: {
           exclude: ['id', 'deletedAt', 'updatedBy'],
         },
         include: [
-          {as: 'users', model: sequelize.models.user, attributes: {exclude: ['id', 'deletedAt', 'password', 'updatedBy']}, through: {attributes: []}},
+          {as: 'users', model: sequelize.models.user, attributes: {exclude: ['id', 'deletedAt', 'password', 'updatedBy']}},
         ],
       },
-      minimal: {
-        attributes: ['ident', 'name'],
-      },
     },
   });
 

diff --git a/app/models/user/userGroupMember.js b/app/models/user/userGroupMember.js
diff --git a/app/routes/notification/notification.js b/app/routes/notification/notification.js
@@ -1,5 +1,6 @@
 const HTTP_STATUS = require('http-status-codes');
 const express = require('express');
+const {USER_GROUPS} = require('../../constants');
 
 const db = require('../../models');
 const logger = require('../../log');
@@ -12,7 +13,6 @@ const pairs = {
   user: db.models.user,
   project: db.models.project,
   template: db.models.template,
-  user_group: db.models.userGroup,
 };
 
 // for each entry in pairs, assumes the key-named value in
@@ -72,10 +72,18 @@ router.route('/')
         });
       }
     }
+
+    if (!USER_GROUPS.includes(req.body.user_group) && req.body.user_group) {
+      logger.error(`${req.body.user_group} group not found`);
+      return res.status(HTTP_STATUS.NOT_FOUND).json({
+        error: {message: `${req.body.user_group} group not found`},
+      });
+    }
+
     try {
       const whereClause = {
         ...((req.body.user_id == null) ? {} : {user_id: req.body.user_id}),
-        ...((req.body.user_group_id == null) ? {} : {user_group_id: req.body.user_group_id}),
+        ...((req.body.user_group == null) ? {} : {user_group: req.body.user_group}),
         ...((req.body.template_id == null) ? {} : {template_id: req.body.template_id}),
         ...((req.body.project_id == null) ? {} : {project_id: req.body.project_id}),
       };
@@ -100,13 +108,13 @@ router.route('/')
       return res.status(HTTP_STATUS.FORBIDDEN);
     }
 
-    if (req.body.user_id && req.body.user_group_id) {
+    if (req.body.user_id && req.body.user_group) {
       return res.status(HTTP_STATUS.CONFLICT).json({
         error: {message: 'Only one of user and user group should be specified'},
       });
     }
 
-    if (!req.body.user_id && !req.body.user_group_id) {
+    if (!req.body.user_id && !req.body.user_group) {
       return res.status(HTTP_STATUS.CONFLICT).json({
         error: {message: 'Exactly one of user and user group should be specified'},
       });
@@ -130,6 +138,13 @@ router.route('/')
       });
     }
 
+    if (!USER_GROUPS.includes(req.body.user_group) && req.body.user_group) {
+      logger.error(`${req.body.user_group} group not found`);
+      return res.status(HTTP_STATUS.NOT_FOUND).json({
+        error: {message: `${req.body.user_group} group not found`},
+      });
+    }
+
     // check the given user, if any, is bound to the given project (or is admin)
     if (req.body.user_id) {
       let notifUser;
@@ -173,7 +188,7 @@ router.route('/')
         where: {
           projectId: req.body.project_id,
           userId: req.body.user_id ? req.body.user_id : null,
-          userGroupId: req.body.user_group_id ? req.body.user_group_id : null,
+          userGroup: req.body.user_group ? req.body.user_group : null,
           eventType: req.body.event_type,
           templateId: req.body.template_id,
         },

diff --git a/app/routes/swagger/schemas.js b/app/routes/swagger/schemas.js
@@ -14,7 +14,7 @@ const ID_FIELDS = [
 ];
 const PUBLIC_VIEW_EXCLUDE = [...ID_FIELDS, 'id', 'reportId', 'geneId', 'deletedAt', 'updatedBy'];
 const GENERAL_EXCLUDE = REPORT_EXCLUDE.concat(ID_FIELDS);
-const GENERAL_EXCLUDE_ASSOCIATIONS = ['report', 'reports', 'germlineReport', 'userProject', 'userGroupMember'];
+const GENERAL_EXCLUDE_ASSOCIATIONS = ['report', 'reports', 'germlineReport', 'userProject'];
 
 const MODELS_WITH_VARIANTS = ['kbMatches', 'genes'];
 
@@ -96,7 +96,7 @@ const getExcludes = (model) => {
 
 // Remove joining models from the list of models to use for generating schemas
 const {
-  userGroupMember, reportProject, userProject, ...models
+  reportProject, userProject, ...models
 } = db.models;
 
 // Generate schemas from Sequelize models. One for the public returned value, one