users in non-academic companies receive role api

oncokb · Jan 18, 2024 · a513f2e · a513f2e
1 parent 506fb99
commit a513f2e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java b/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java
@@ -1,6 +1,7 @@
 package org.mskcc.cbio.oncokb.web.rest;
 
 import org.mskcc.cbio.oncokb.domain.Company;
+import org.mskcc.cbio.oncokb.domain.enumeration.LicenseType;
 import org.mskcc.cbio.oncokb.repository.CompanyRepository;
 import org.mskcc.cbio.oncokb.security.AuthoritiesConstants;
 import org.mskcc.cbio.oncokb.service.CompanyService;
@@ -104,16 +105,18 @@ public ResponseEntity<CompanyDTO> updateCompany(@Valid @RequestBody CompanyVM co
         }
 
         CompanyDTO result = companyService.updateCompany(companyVM);
-        List<UserDTO> usersInCompany = userService.getCompanyUsers(result.getId());
-        for (UserDTO user : usersInCompany) {
-            Set<String> userAuthorities = user.getAuthorities();
-            if (!userAuthorities.contains(AuthoritiesConstants.API)) {
-                userAuthorities.add(AuthoritiesConstants.API);
-                userService.updateUser(user);
+
+        if (!result.getLicenseType().equals(LicenseType.ACADEMIC)) {
+            List<UserDTO> usersInCompany = userService.getCompanyUsers(result.getId());
+            for (UserDTO user : usersInCompany) {
+                Set<String> userAuthorities = user.getAuthorities();
+                if (!userAuthorities.contains(AuthoritiesConstants.API)) {
+                    userAuthorities.add(AuthoritiesConstants.API);
+                    userService.updateUser(user);
+                }
             }
         }
 
-
         return ResponseEntity.ok()
             .body(result);
     }

diff --git a/src/main/java/org/mskcc/cbio/oncokb/web/rest/UserResource.java b/src/main/java/org/mskcc/cbio/oncokb/web/rest/UserResource.java
@@ -6,6 +6,7 @@
 import org.mskcc.cbio.oncokb.config.Constants;
 import org.mskcc.cbio.oncokb.domain.Token;
 import org.mskcc.cbio.oncokb.domain.User;
+import org.mskcc.cbio.oncokb.domain.enumeration.LicenseType;
 import org.mskcc.cbio.oncokb.repository.UserRepository;
 import org.mskcc.cbio.oncokb.security.AuthoritiesConstants;
 import org.mskcc.cbio.oncokb.service.MailService;
@@ -126,7 +127,12 @@ public ResponseEntity<User> createUser(@Valid @RequestBody ManagedUserVM managed
             // Assign ROLE_USER to all new accounts
             // All other authorities can be updated in the user management page
             if (managedUserVM.getAuthorities() == null || managedUserVM.getAuthorities().isEmpty()) {
-                managedUserVM.setAuthorities(Collections.singleton(AuthoritiesConstants.USER));
+                Set<String> authorities = new LinkedHashSet<>();
+                authorities.add(AuthoritiesConstants.USER);
+                if (!managedUserVM.getLicenseType().equals(LicenseType.ACADEMIC)) {
+                    authorities.add(AuthoritiesConstants.API);
+                }
+                managedUserVM.setAuthorities(Collections.unmodifiableSet(authorities));
             }
             User newUser = userService.createUser(managedUserVM, Optional.ofNullable(managedUserVM.getTokenValidDays()), Optional.ofNullable(managedUserVM.getTokenIsRenewable()));
             UserDTO newUserDTO = userMapper.userToUserDTO(newUser);