Prod roll

README.md

@@ -94,5 +94,6 @@ The GroupContains relation contains these fields:
 
 - id: the relationship UUID
 - type: the relationship type, 'group' or 'user'
+- roles: the roles of the user in the group
 - createdAt: the created at date string
 - createdBy: the created by user id

app-constants.js

@@ -20,10 +20,13 @@ const GroupStatus = {
   InActive: 'inactive'
 }
 
+const GroupRoleName = ['groupManager', 'groupAdmin']
+
 module.exports = {
   UserRoles,
   MembershipTypes,
   EVENT_ORIGINATOR,
   EVENT_MIME_TYPE,
-  GroupStatus
+  GroupStatus,
+  GroupRoleName
 }

config/default.js

@@ -37,6 +37,12 @@ module.exports = {
   KAFKA_GROUP_DELETE_TOPIC: process.env.KAFKA_GROUP_DELETE_TOPIC || 'groups.notification.delete',
   KAFKA_GROUP_MEMBER_ADD_TOPIC: process.env.KAFKA_GROUP_MEMBER_ADD_TOPIC || 'groups.notification.member.add',
   KAFKA_GROUP_MEMBER_DELETE_TOPIC: process.env.KAFKA_GROUP_MEMBER_DELETE_TOPIC || 'groups.notification.member.delete',
+  KAFKA_GROUP_UNIVERSAL_MEMBER_ADD_TOPIC: process.env.KAFKA_GROUP_UNIVERSAL_MEMBER_ADD_TOPIC || 'groups.notification.universalmember.add',
+  KAFKA_GROUP_UNIVERSAL_MEMBER_DELETE_TOPIC: process.env.KAFKA_GROUP_UNIVERSAL_MEMBER_DELETE_TOPIC || 'groups.notification.universalmember.delete',
+  KAFKA_GROUP_MEMBER_ROLE_ADD_TOPIC: process.env.KAFKA_GROUP_MEMBER_ROLE_ADD_TOPIC || 'groups.notification.create',
+  KAFKA_GROUP_MEMBER_ROLE_DELETE_TOPIC: process.env.KAFKA_GROUP_MEMBER_ROLE_DELETE_TOPIC || 'groups.notification.create',
+  KAFKA_SUBGROUP_CREATE_TOPIC: process.env.KAFKA_SUBGROUP_CREATE_TOPIC || 'groups.notification.create',
+  KAFKA_SUBGROUP_DELETE_TOPIC: process.env.KAFKA_SUBGROUP_DELETE_TOPIC || 'groups.notification.create',
 
   USER_ROLES: {
     Admin: 'Administrator',

docs/swagger.yml

@@ -44,7 +44,7 @@ paths:
       description: |
         Add a member to the specified group
 
-        If the group is private, the user needs to be a member of the group, or an admin.
+        If the group is private, the user needs to be a member of the group, or an admin or the user making the request is having the role of groupManager or groupAdmin.
       tags:
         - group membership
       security:
@@ -92,7 +92,7 @@ paths:
       description: |
         Remove a member from specified group
 
-        The user has to have admin role and the group allows self registration.
+        The user has to have admin role or the role of groupManager or groupAdmin and the group allows self registration.
       tags:
         - group membership
       security:
@@ -365,6 +365,131 @@ paths:
           $ref: "#/components/responses/NotFound"
         500:
           $ref: "#/components/responses/InternalServerError"
+
+  /groups/{groupId}/subGroup:
+    post:
+      description: |
+        Creation of a new sub group
+
+        The user has to have admin role or have a "groupAdmin" role for that group.
+      tags:
+        - sub groups
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/groupId'
+      requestBody:
+        $ref: '#/components/requestBodies/NewGroupBodyParam'
+      responses:
+        200:
+          $ref: "#/components/responses/GroupResponse"
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+
+  /groups/{groupId}/subGroup/{subGroupId}:
+    delete:
+      description: |
+        Creation of a new sub group
+
+        The user has to have admin role or have a "groupAdmin" role for that group.
+      tags:
+        - sub groups
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/groupId'
+        - $ref: '#/components/parameters/subGroupId'
+      responses:
+        204:
+          description: The resource was deleted successfully.
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+
+  /groupRoles/users/{memberId}:
+    get:
+      description: |
+        Returns the groups and roles of the user identified by memberId.
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+        - $ref: '#/components/parameters/page'
+        - $ref: '#/components/parameters/perPage'
+      responses:
+        200:
+          $ref: '#/components/responses/GroupMemberRoleResponse'
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+    post:
+      description: |
+        Creation of new group role for a user
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+      requestBody:
+        $ref: '#/components/requestBodies/GroupRoleBodyParam'
+      responses:
+        201:
+          description: CREATED
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+    delete:
+      description: |
+        Delete a group role
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+      requestBody:
+        $ref: '#/components/requestBodies/GroupRoleBodyParam'
+      responses:
+        204:
+          description: The resource was deleted successfully.
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
 
   /groups/health:
     get:
@@ -400,6 +525,14 @@ components:
       schema:
         type: string
       example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
+    subGroupId:
+      name: subGroupId
+      in: path
+      description: The sub group id.
+      required: true
+      schema:
+        type: string
+      example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
     oldId:
       name: oldId
       in: path
@@ -617,10 +750,15 @@ components:
       content:
         application/json:
           schema:
-            type: object
-            properties:
-              result:
-                $ref: '#/components/schemas/Group'
+            $ref: '#/components/schemas/Group'
+    GroupMemberRoleResponse:
+      description: The group role response
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              $ref: '#/components/schemas/GroupRole'
 
   schemas:
     GroupMembership:
@@ -695,6 +833,24 @@ components:
           type: array
           items:
               $ref: '#/components/schemas/Group'
+
+    GroupRole:
+      description: The group role entity
+      properties:
+        groupId:
+          type: string
+          description: The group id
+        role:
+          type: string
+          enum: ['groupManager', 'groupAdmin']
+          description: The group role
+        createdAt:
+          type: string
+          format: date-time
+          description: The time the group role created at
+        createdBy:
+          type: string
+          description: The id of the user who created the group role
 
   requestBodies:
     NewGroupMembershipBodyParam:
@@ -738,4 +894,20 @@ components:
               status:
                 type: string
                 enum: ['active', 'inactive']
-                description: Value indicating the status of the group
+                description: Value indicating the status of the group
+    GroupRoleBodyParam:
+      description: A JSON object containing group role body information
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              groupId:
+                type: string
+                description: The group id
+                example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
+              role:
+                type: string
+                enum: ['groupManager', 'groupAdmin']
+                description: The group role