From 1dc6b78f1e160b48a2ee0ed89ae2eb7235c51707 Mon Sep 17 00:00:00 2001
From: Keshav Prasad <keshavprasadms@gmail.com>
Date: Fri, 10 Dec 2021 11:14:59 +0530
Subject: [PATCH] fix: updated content create policy to support certificate
 create api (#3056)

---
 kubernetes/opa/knowledgemw/policies.rego | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/kubernetes/opa/knowledgemw/policies.rego b/kubernetes/opa/knowledgemw/policies.rego
index f05865822..efb0dcd73 100644
--- a/kubernetes/opa/knowledgemw/policies.rego
+++ b/kubernetes/opa/knowledgemw/policies.rego
@@ -21,15 +21,34 @@ copyContent {
 
 createContent {
   acls := ["createContent"]
+  
   # Due to portal legacy code, we need to add REVIEWER roles also for this API, this has to be fixed
   roles := ["BOOK_CREATOR", "CONTENT_CREATOR", "COURSE_CREATOR", "BOOK_REVIEWER", "CONTENT_REVIEWER"]
   super.acls_check(acls)
+  
   # Org check will do an implicit role check so there is no need to invoke super.role_check(roles)
   token_organisationids := super.org_check(roles)
+  
+  # The below payload is being invoked when creating contents
   input.parsed_body.request.content.createdFor[_] in token_organisationids
   input.parsed_body.request.content.createdBy == super.userid
 }
 
+createContent {
+  acls := ["createContent"]
+  
+  # Due to portal legacy code, we need to add REVIEWER roles also for this API, this has to be fixed
+  roles := ["BOOK_CREATOR", "CONTENT_CREATOR", "COURSE_CREATOR", "BOOK_REVIEWER", "CONTENT_REVIEWER"]
+  super.acls_check(acls)
+  
+  # Org check will do an implicit role check so there is no need to invoke super.role_check(roles)
+  token_organisationids := super.org_check(roles)
+
+  # The below payload is being invoked when creating certificate templates
+  input.parsed_body.request.content.channel in token_organisationids
+  input.parsed_body.request.content.createdBy == super.userid
+}
+
 createLock {
   acls := ["createLock"]
   roles := ["BOOK_CREATOR", "CONTENT_CREATOR", "BOOK_REVIEWER", "CONTENT_REVIEWER"]
-- 
GitLab