24455 - Changes to skip membership check (#3149)

bcgov · Nov 18, 2024 · 5678e2a · 5678e2a
1 parent 17c3339
commit 5678e2a
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/auth-api/src/auth_api/resources/v1/org.py b/auth-api/src/auth_api/resources/v1/org.py
@@ -402,7 +402,12 @@ def post_organization_affiliation(org_id):
         else:
             response, status = (
                 AffiliationService.create_affiliation(
-                    org_id, business_identifier, env, request_json.get("passCode"), request_json.get("certifiedByName")
+                    org_id,
+                    business_identifier,
+                    env,
+                    request_json.get("passCode"),
+                    request_json.get("certifiedByName"),
+                    skip_membership_check=_jwt.has_one_of_roles([Role.SKIP_AFFILIATION_AUTH.value]),
                 ).as_dict(),
                 HTTPStatus.CREATED,
             )

diff --git a/auth-api/src/auth_api/services/affiliation.py b/auth-api/src/auth_api/services/affiliation.py
@@ -163,14 +163,21 @@ def find_affiliation(org_id, business_identifier, environment=None):
         return Affiliation(affiliation).as_dict()
 
     @staticmethod
-    def create_affiliation(org_id, business_identifier, environment=None, pass_code=None, certified_by_name=None):
+    def create_affiliation(
+        org_id,
+        business_identifier,
+        environment=None,
+        pass_code=None,
+        certified_by_name=None,
+        skip_membership_check=False,
+    ):
         """Create an Affiliation."""
         # Validate if org_id is valid by calling Org Service.
         logger.info(f"<create_affiliation org_id:{org_id} business_identifier:{business_identifier}")
-        # Security check below.
-        org = OrgService.find_by_org_id(org_id, allowed_roles=ALL_ALLOWED_ROLES + (Role.SKIP_AFFILIATION_AUTH.value,))
-        if org is None:
-            raise BusinessException(Error.DATA_NOT_FOUND, None)
+        if skip_membership_check is False:
+            org = OrgService.find_by_org_id(org_id, allowed_roles=ALL_ALLOWED_ROLES)
+            if org is None:
+                raise BusinessException(Error.DATA_NOT_FOUND, None)
 
         entity = EntityService.find_by_business_identifier(business_identifier, skip_auth=True)
         if entity is None: