show edit button if api:treatments:update is allowed too; clean up

env.js

@@ -136,12 +136,9 @@ function updateSettings() {
   //should always find extended settings last
   env.extendedSettings = findExtendedSettings(process.env);
 
-  console.info('>>>authDefaultRoles', env.settings.authDefaultRoles);
   if (!readENV('TREATMENTS_AUTH', true)) {
     env.settings.authDefaultRoles = env.settings.authDefaultRoles || [ ];
     env.settings.authDefaultRoles += ' careportal';
-
-    console.info('>>>added careportal to authDefaultRoles', env.settings.authDefaultRoles);
   }
 
 

lib/admin_plugins/roles.js

@@ -35,8 +35,6 @@ function createOrSaveRole (role, client, callback) {
 
   var method = _.isEmpty(role._id) ? 'POST' : 'PUT';
 
-  console.info('>>>createOrSaveRole', method, role);
-
   $.ajax({
     method: method
     , url: '/api/v2/authorization/roles/'
@@ -127,8 +125,6 @@ function openDialog (role, client) {
               .value();
           role.notes = $('#edrole_notes').val();
 
-          console.info('>>>save role', role);
-
           var self = this;
           delete role.autoGenerated;
           createOrSaveRole(role, client, function callback () {

lib/client/index.js

@@ -114,16 +114,15 @@ client.init = function init(serverSettings, plugins) {
   client.hashauth = require('../hashauth');
   client.hashauth.init(client, $).initAuthentication(function afterAuth(isAuthenticated) {
 
-    var treatmentCreateAllowed = client.authorized ? client.authorized.shiro.check('api:treatments:create') : client.hashauth.isAuthenticated();
-    console.info('>>>client.authorized', client.authorized);
-    console.info('>>>client.hashauth.isAuthenticated()', client.hashauth.isAuthenticated());
-    console.info('>>>treatmentCreateAllowed', treatmentCreateAllowed);
+    var treatmentCreateAllowed = client.authorized ? client.authorized.shiro.check('api:treatments:create') : isAuthenticated;
+    var treatmentUpdateAllowed = client.authorized ? client.authorized.shiro.check('api:treatments:update') : isAuthenticated;
+
     $('#lockedToggle').toggle(!treatmentCreateAllowed && client.settings.showPlugins.indexOf('careportal') > -1);
     $('#treatmentDrawerToggle').toggle(treatmentCreateAllowed && client.settings.showPlugins.indexOf('careportal') > -1);
     $('#boluscalcDrawerToggle').toggle(treatmentCreateAllowed && client.settings.showPlugins.indexOf('boluscalc') > -1);
 
     // Edit mode
-    $('#editbutton').toggle(client.settings.editMode && isAuthenticated);
+    $('#editbutton').toggle(client.settings.editMode && treatmentUpdateAllowed);
     $('#editbutton').click(function editModeClick (event) {
       client.editMode = !client.editMode;
       if (client.editMode) {

tests/security.test.js

@@ -10,7 +10,6 @@ describe('API_SECRET', function ( ) {
   var scope = this;
   function setup_app (env, fn) {
     require('../lib/bootevent')(env).boot(function booted (ctx) {
-      console.info('>>>ctx.authorization', ctx.authorization);
       ctx.app = api(env, ctx);
       scope.app = ctx.app;
       scope.entries = ctx.entries;