Skip to content

CDB3-7948 GFW. Перевірити та розширити логіку ролей для всіх гет ендпоінтів

ROLES definition:

broker auth token - read_procedure permission

system auth token - read_procedure, read_protected_data permissions

  • public - no auth token, no access token
  • broker - broker auth token
  • owner - broker auth token, procedure access token
  • bidder - broker auth token, bid access token
  • system - system auth token

ROLES - ENDPOINTS access relation:

--PROCEDURE--

get procedure and procedure history

('procedures/{procedure_id}', 'procedures/{procedure_id}/history/{archive_id}', 'procedures/{procedure_id}/history')

active_tendering, active_awarded, pending_payment, unsuccessful, cancelled statuses

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - failed 403 response

complete status

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - success 200 response

get procedure document(s) and document(s) history

('procedures/{procedure_id}/documents', 'procedures/{procedure_id}/documents/{doc_id}', 'procedures/{procedure_id}/documents/history', 'procedures/{procedure_id}/documents/{doc_id}/history')

active_tendering, active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - failed 403 response

download procedure document

('procedures/{procedure_id}/documents/{doc_id}/download')

active_tendering, active_awarded, pending_payment, unsuccessful, cancelled statuses

  • owner, bidder, broker, system - success 302 response (broker, system - without token)
  • no gfw broker, public failed 403 response

complete status

  • owner, bidder, broker, system - success 302 response (broker, system - without token)
  • no gfw broker, public - failed 403 response

--BID--

get bid

('procedures/{procedure_id}/bids/{bid_id}')

active_tendering, active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • bidder - success 200 response (only bid owner)
  • owner, broker, system, no gfw broker, public - failed 403 response

get bid document(s)

('procedures/{procedure_id}/bids/{bid_id}/documents', 'procedures/{procedure_id}/bids/{bid_id}/documents/{doc_id}')

active_tendering status

  • bidder - success 200 response (only bid owner)
  • owner, broker, system, no gfw broker, public - failed 403 response

active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 200 response (only bid owner)
  • broker, no gfw broker, public - failed 403 response

get bid document(s) history

('procedures/{procedure_id}/bids/{bid_id}/documents/history', 'procedures/{procedure_id}/bids/{bid_id}/documents/{doc_id}/history')

active_tendering status

  • bidder - success 200 response (only bid owner)
  • owner, broker, system, no gfw broker, public - failed 403 response

active_awarded, pending_payment, unsuccessful, complete statuses

  • owner, bidder, system - success 200 response (only bid owner)
  • broker, no gfw broker, public - failed 403 response

cancelled

  • owner, bidder, system, broker, no gfw broker, public - success 404 response (forbidd to get bid history in deleted status, main logic)

download bid document

('procedures/{procedure_id}/bids/{bid_id}/documents/{doc_id}/download')

active_tendering status

  • bidder - success 302 response (only bid owner)
  • owner, broker, system, no gfw broker, public - failed 403 response

active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 302 response (only bid owner)
  • broker, no gfw broker, public - failed 403 response

--AWARD--

get award document(s) and document(s) history

('procedures/{procedure_id}/awards/{award_id}/documents', 'procedures/{procedure_id}/awards/{award_id}/documents/{doc_id}', 'procedures/{procedure_id}/awards/{award_id}/documents/history', 'procedures/{procedure_id}/awards/{award_id}/documents/{doc_id}/history')

active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 200 response (only bid owner)
  • broker, no gfw broker, public - failed 403 response

download award document

('procedures/{procedure_id}/awards/{award_id}/documents/{doc_id}/download')

active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 302 response (system - without token)
  • broker, no gfw broker, public - failed 403 response

--CONTRACT--

get contract document(s) and document(s) history

('procedures/{procedure_id}/contracts/{contract_id}/documents', 'procedures/{procedure_id}/contracts/{contract_id}/documents/{doc_id}', 'procedures/{procedure_id}/contracts/{contract_id}/documents/history', 'procedures/{procedure_id}/contracts/{contract_id}/documents/{doc_id}/history')

active_tendering active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 200 response (only bid owner)
  • broker, no gfw broker, public - failed 403 response

download contract document

('procedures/{procedure_id}/contracts/{contract_id}/documents/{doc_id}/download')

active_awarded, pending_payment, unsuccessful, cancelled, complete statuses

  • owner, bidder, system - success 302 response (system - without token)
  • broker, no gfw broker, public - failed 403 response

--CANCELLATION--

get document

('procedures/{procedure_id}/cancellations/{cancellation_id}/documents', 'procedures/{procedure_id}/cancellations/{cancellation_id}/documents/{doc_id}')

cancelled status

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - failed 403 response

download document

('procedures/{procedure_id}/cancellations/{cancellation_id}/documents/{doc_id}/download')

cancelled status

  • owner, bidder, broker, system - success 302 response (broker, system - without token)
  • no gfw broker, public - failed 403 response

--ADDITIONAL INFORMATION--

get object and document(s) history

('procedures/{procedure_id}/additionalInformation/{add_info_id}/history', 'procedures/{procedure_id}/additionalInformation/{add_info_id}/documents/history', 'procedures/{procedure_id}/additionalInformation/{add_info_id}/documents/{doc_id}/history')

active_tendering, active_awarded, pending_payment, unsuccessful, cancelled statuses

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - failed 403 response

complete status

  • owner, bidder, broker, system - success 200 response
  • no gfw broker, public - success 200 response
Edited by Viacheslav Sukhovieiev