chore(api):extract registry manager security preset to shared middleware

Author: pierreavizou

packages/reva-api/modules/certification-authority/certification-authority.security.ts

@@ -1,8 +1,9 @@
-import { hasRole } from "../shared/security/middlewares";
+import { hasRole, whenHasRole } from "../shared/security/middlewares";
 import {
   defaultSecurity,
   isAdmin,
   isAdminOrCertificationAuthority,
+  isAdminOrCertificationRegistryManagerOfCertification,
   isAdminOrManager,
   isAnyone,
 } from "../shared/security/presets";
@@ -45,7 +46,8 @@ export const resolversSecurityMap = {
   "Mutation.certification_authority_updateCertificationAuthorityDepartments":
     isAdmin,
 
-  "Certification.certificationAuthorityStructure": isAdmin,
+  "Certification.certificationAuthorityStructure":
+    isAdminOrCertificationRegistryManagerOfCertification,
 
   "CertificationAuthority.certificationAuthorityStructure": isAdmin,
   "CertificationAuthority.account": isAdmin,

packages/reva-api/modules/referential/referential.security.ts

@@ -1,14 +1,9 @@
-import { isCertificationRegistryManagerOfCertification } from "../certification-authority/security/isCertificationRegistryManagerOfCertification.security";
 import { hasRole, whenHasRole } from "../shared/security/middlewares";
-import { defaultSecurity, isAnyone } from "../shared/security/presets";
-
-const isAdminOrCertificationRegistryManagerOfCertification = [
-  hasRole(["admin", "manage_certification_registry"]),
-  whenHasRole(
-    "manage_certification_registry",
-    isCertificationRegistryManagerOfCertification,
-  ),
-];
+import {
+  defaultSecurity,
+  isAdminOrCertificationRegistryManagerOfCertification,
+  isAnyone,
+} from "../shared/security/presets";
 
 export const referentialResolversSecurityMap = {
   "Mutation.*": defaultSecurity,

packages/reva-api/modules/certification-authority/security/isCertificationRegistryManagerOfCertification.security.ts renamed to packages/reva-api/modules/shared/security/middlewares/isCertificationRegistryManagerOfCertification.security.ts

@@ -1,5 +1,5 @@
 import { IFieldResolver, MercuriusContext } from "mercurius";
-import { isUserCertificationRegistryManagerOfCertification } from "../features/isUserCertificationRegistryManagerOfCertification";
+import { isUserCertificationRegistryManagerOfCertification } from "../../../certification-authority/features/isUserCertificationRegistryManagerOfCertification";
 
 export const isCertificationRegistryManagerOfCertification =
   (next: IFieldResolver<unknown>) =>

packages/reva-api/modules/shared/security/presets.ts

@@ -9,6 +9,7 @@ import {
 import { isCandidateOwnerOfCandidacy } from "./middlewares/isCandidateOwnerOfCandidacy.security";
 import { isFeasibilityManager } from "./middlewares/isFeasibilityManager";
 import { isUserOwnerOfCandidate } from "./middlewares/isUserOwnerOfCandidate";
+import { isCertificationRegistryManagerOfCertification } from "./middlewares/isCertificationRegistryManagerOfCertification.security";
 
 export const isAdminOrManager = [hasRole(["admin", "manage_candidacy"])];
 
@@ -55,3 +56,11 @@ export const isOwnerOrCanManageCandidacy = [
   whenHasRole("manage_candidacy", isCandidacyOwner),
   whenHasRole("candidate", isCandidateOwnerOfCandidacy),
 ];
+
+export const isAdminOrCertificationRegistryManagerOfCertification = [
+  hasRole(["admin", "manage_certification_registry"]),
+  whenHasRole(
+    "manage_certification_registry",
+    isCertificationRegistryManagerOfCertification,
+  ),
+];