Implements subscription limitations

api/transaction.go

@@ -29,7 +29,7 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// check if the user is a member of the organization
-	if !user.IsMemberOf(signReq.Address) {
+	if !user.HasRoleFor(signReq.Address, db.AnyRole) {
 		ErrUnauthorized.With("user is not an organization member").Write(w)
 		return
 	}

db/const.go

@@ -5,6 +5,7 @@ const (
 	AdminRole   UserRole = "admin"
 	ManagerRole UserRole = "manager"
 	ViewerRole  UserRole = "viewer"
+	AnyRole     UserRole = "any"
 	// organization types
 	AssemblyType               OrganizationType = "assembly"
 	AssociationType            OrganizationType = "association"
@@ -31,13 +32,15 @@ var writableRoles = map[UserRole]bool{
 	AdminRole:   true,
 	ManagerRole: true,
 	ViewerRole:  false,
+	AnyRole:     false,
 }
 
 // UserRoleNames is a map that contains the user role names by role
 var UserRolesNames = map[UserRole]string{
 	AdminRole:   "Admin",
 	ManagerRole: "Manager",
 	ViewerRole:  "Viewer",
+	AnyRole:     "Any",
 }
 
 // HasWriteAccess function checks if the user role has write access
@@ -81,6 +84,7 @@ var validRoles = map[UserRole]bool{
 	AdminRole:   true,
 	ManagerRole: true,
 	ViewerRole:  true,
+	AnyRole:     true,
 }
 
 // IsValidUserRole function checks if the user role is valid

db/types.go

@@ -25,16 +25,9 @@ type UserVerification struct {
 
 func (u *User) HasRoleFor(address string, role UserRole) bool {
 	for _, org := range u.Organizations {
-		if org.Address == address && string(org.Role) == string(role) {
-			return true
-		}
-	}
-	return false
-}
-
-func (u *User) IsMemberOf(address string) bool {
-	for _, org := range u.Organizations {
-		if org.Address == address {
+		if org.Address == address &&
+			// Check if the role is "any: or if the role matches the organization role
+			(string(role) == string(AnyRole) || string(org.Role) == string(role)) {
 			return true
 		}
 	}