EDX-1897: Fixes for Independent/Offshore roles + new INSTITUTE_READ_O…

…NLY role
bcgov · Oct 20, 2023 · fd4fe66 · fd4fe66
1 parent 6a391ef
commit fd4fe66
Show file tree

Hide file tree

Showing 10 changed files with 33 additions and 36 deletions.
diff --git a/backend/src/components/institute/institute.js b/backend/src/components/institute/institute.js
@@ -142,11 +142,7 @@ async function updateDistrict(req, res) {
       note.createDate = null;
     });
 
-    districtPayload.contacts.forEach(function(contact) {
-      contact.updateDate = null;
-      contact.createDate = null;
-    });
-
+    districtPayload.contacts = null;
     districtPayload.createDate = null;
     districtPayload.updateDate = null;
     districtPayload.updateUser = utils.getUser(req).idir_username;
@@ -802,17 +798,17 @@ async function updateAuthority(req, res) {
       authorityPayload.addresses = authorityPayload.addresses.filter(address => address.addressTypeCode !== 'PHYSICAL');
     }
 
-    authorityPayload.addresses.forEach(function(addy) {
+    authorityPayload?.addresses?.forEach(function(addy) {
       addy.updateDate = null;
       addy.createDate = null;
     });
 
-    authorityPayload.notes.forEach(function(note) {
+    authorityPayload?.notes?.forEach(function(note) {
       note.updateDate = null;
       note.createDate = null;
     });
 
-    authorityPayload.contacts.forEach(function(contact) {
+    authorityPayload?.contacts?.forEach(function(contact) {
       contact.updateDate = null;
       contact.createDate = null;
     });
@@ -843,9 +839,7 @@ function hasSchoolAdminRole(req, school){
 }
 
 function hasAuthorityAdminRole(req, authority){
-  if(authority && authority.authorityTypeCode === 'INDEPENDNT') {
-    return req.session.roles.includes('INDEPENDENT_AUTHORITY_ADMIN') || req.session.roles.includes('INDEPENDENT_SCHOOLS_ADMIN');
-  } else if(authority && authority.authorityTypeCode === 'OFFSHORE'){
+  if(authority && authority.authorityTypeCode === 'OFFSHORE'){
     return req.session.roles.includes('INDEPENDENT_AUTHORITY_ADMIN') || req.session.roles.includes('OFFSHORE_SCHOOLS_ADMIN');
   }
   return req.session.roles.includes('INDEPENDENT_AUTHORITY_ADMIN');

diff --git a/backend/src/components/roles.js b/backend/src/components/roles.js
@@ -24,9 +24,10 @@ const roles = {
     Exchange: ['SECURE_EXCHANGE'],
     //Help functions created in auth module: isValidPenTeamRoleUserToken, isValidPenTeamRoleUser
     PenTeamRole: config.get('server:edx:teamRoles:pen'),
-    //Help functions created in auth module: isValidSchoolMoveUserToken, isValidSchoolMoveUser
-    School: ['SCHOOL_ADMIN'],
-    EDX: [config.get('server:edx:roleAdmin')]
+    //Help functions created in auth module: isValidSchoolUserToken, isValidSchoolUser
+    Institute: config.get('server:institute:rolesAllowed'),
+    //Help functions created in auth module: isValidEDXUserToken, isValidEDXUser
+    EDX: [config.get('server:edx:roleAdmin')],
   },
   Admin: {
     //Help functions created in auth module: isValidGMPAdmin

diff --git a/backend/src/config/index.js b/backend/src/config/index.js
@@ -140,6 +140,7 @@ nconf.defaults({
         '/reporting-requirement-codes',
       schoolContactTypeCodesURL: process.env.INSTITUTE_API_URL + '/school-contact-type-codes',
       authorityContactTypeCodesURL: process.env.INSTITUTE_API_URL + '/authority-contact-type-codes',
+      rolesAllowed: process.env.INSTITUTE_ROLES ? process.env.INSTITUTE_ROLES.split(',') : '',
     },
     macro: {
       rootURL: process.env.MACRO_API_URL,

diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
@@ -14,8 +14,8 @@ const {
   validationResult
 } = require('express-validator');
 
-const isValidStaffUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & StudentSearch & StaffAdministration & NominalRoll & NominalRollReadOnly & GUMPAnalytics & PenRequestBatchAnalytics & Exchange & EDX', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.StudentSearch, ...roles.User.StaffAdministration, ...roles.User.NominalRoll , ...roles.User.NominalRollReadOnly, ...roles.User.GUMPAnalytics, ...roles.User.PenRequestBatchAnalytics, ...roles.User.Exchange, ...roles.User.EDX]);
-const isValidWebSocketUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & Exchange & School', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.Exchange, ...roles.User.School]);
+const isValidStaffUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & StudentSearch & StaffAdministration & NominalRoll & NominalRollReadOnly & GUMPAnalytics & PenRequestBatchAnalytics & Exchange & EDX & Institute', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.StudentSearch, ...roles.User.StaffAdministration, ...roles.User.NominalRoll , ...roles.User.NominalRollReadOnly, ...roles.User.GUMPAnalytics, ...roles.User.PenRequestBatchAnalytics, ...roles.User.Exchange, ...roles.User.EDX, ...roles.User.Institute]);
+const isValidWebSocketUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & Exchange & Institute', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.Exchange, ...roles.User.Institute]);
 
 const router = express.Router();
 

diff --git a/frontend/src/components/institute/AuthorityDetails.vue b/frontend/src/components/institute/AuthorityDetails.vue
@@ -204,7 +204,7 @@ export default {
   },
   computed: {
     ...mapState(instituteStore, ['authorityTypeCodes', 'provinceCodes', 'countryCodes']),
-    ...mapState(authStore, ['INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+    ...mapState(authStore, ['INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
     notesLoading() {
       return this.noteRequestCount > 0;
     },
@@ -256,9 +256,7 @@ export default {
     },
     deepCloneObject,
     canEditAuthorities() {
-      if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'INDEPENDNT') {
-        return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.INDEPENDENT_SCHOOLS_ADMIN_ROLE;
-      } else if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
+      if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
         return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.OFFSHORE_SCHOOLS_ADMIN_ROLE;
       }
       return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE;

diff --git a/frontend/src/components/institute/authority/AuthoritiesContacts.vue b/frontend/src/components/institute/authority/AuthoritiesContacts.vue
@@ -169,15 +169,13 @@ export default {
     };
   },
   computed: {
-    ...mapState(authStore, ['isAuthenticated', 'INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+    ...mapState(authStore, ['isAuthenticated', 'INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
     ...mapState(instituteStore, ['authorityContactTypeCodes', 'independentAuthorityAuthorityContacts', 'offshoreAuthorityContacts', 'regularAuthorityContactTypes']),
     loading() {
       return this.loadingCount !== 0;
     },
     canEditAuthorityContact() {
-      if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'INDEPENDNT') {
-        return (this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.INDEPENDENT_SCHOOLS_ADMIN_ROLE) && this.isNotClosedAndNeverOpened();
-      } else if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
+      if(this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
         return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.OFFSHORE_SCHOOLS_ADMIN_ROLE;
       }
       return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE && this.isNotClosedAndNeverOpened();

diff --git a/frontend/src/components/institute/authority/Details.vue b/frontend/src/components/institute/authority/Details.vue
@@ -904,7 +904,7 @@ export default {
   },
   computed: {
     ...mapState(instituteStore, ['authorityTypeCodes', 'provinceCodes', 'countryCodes']),
-    ...mapState(authStore, ['INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+    ...mapState(authStore, ['INDEPENDENT_AUTHORITY_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
     notesLoading() {
       return this.noteRequestCount > 0;
     },
@@ -1061,9 +1061,7 @@ export default {
       }
     },
     canEditAuthorities() {
-      if (this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'INDEPENDNT') {
-        return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.INDEPENDENT_SCHOOLS_ADMIN_ROLE;
-      } else if (this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
+      if (this.authority?.authorityTypeCode && this.authority?.authorityTypeCode === 'OFFSHORE') {
         return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE || this.OFFSHORE_SCHOOLS_ADMIN_ROLE;
       }
       return this.INDEPENDENT_AUTHORITY_ADMIN_ROLE;

diff --git a/frontend/src/components/util/NavBar.vue b/frontend/src/components/util/NavBar.vue
@@ -170,7 +170,7 @@ export default {
   },
   computed: {
     ...mapState(appStore, ['config']),
-    ...mapState(authStore, ['isAuthorizedUser', 'ADVANCED_SEARCH_ROLE', 'VIEW_EDIT_PEN_REQUEST_BATCH_FILES_ROLE', 'EDIT_MACROS_ROLE', 'VIEW_GMP_REQUESTS_ROLE', 'VIEW_UMP_REQUESTS_ROLE', 'PROCESS_STUDENT_ROLE', 'VIEW_PEN_COORDINATOR_INFO_ROLE', 'NOMINAL_ROLL_ROLE', 'STAFF_ADMINISTRATION_ADMIN', 'HAS_STATS_ROLE', 'STUDENT_ANALYTICS_STUDENT_PROFILE', 'STUDENT_ANALYTICS_BATCH', 'EXCHANGE_ROLE', 'EXCHANGE_ACCESS_ROLE', 'PEN_TEAM_ROLE', 'INSTITUTIONS_ADMINISTRATION_ADMIN']),
+    ...mapState(authStore, ['isAuthorizedUser', 'ADVANCED_SEARCH_ROLE', 'VIEW_EDIT_PEN_REQUEST_BATCH_FILES_ROLE', 'EDIT_MACROS_ROLE', 'VIEW_GMP_REQUESTS_ROLE', 'VIEW_UMP_REQUESTS_ROLE', 'PROCESS_STUDENT_ROLE', 'VIEW_PEN_COORDINATOR_INFO_ROLE', 'NOMINAL_ROLL_ROLE', 'STAFF_ADMINISTRATION_ADMIN', 'HAS_STATS_ROLE', 'STUDENT_ANALYTICS_STUDENT_PROFILE', 'STUDENT_ANALYTICS_BATCH', 'EXCHANGE_ROLE', 'EXCHANGE_ACCESS_ROLE', 'PEN_TEAM_ROLE']),
     items() {
       return [
         {
@@ -254,22 +254,22 @@ export default {
         },
         {
           title: 'Institutions',
-          authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN,
+          authorized: this.isAuthorizedUser,
           items: [
             {
               title: 'Schools',
               link: 'instituteSchoolList',
-              authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN
+              authorized: this.isAuthorizedUser
             },
             {
               title: 'Districts',
               link: 'instituteDistrict',
-              authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN
+              authorized: this.isAuthorizedUser
             },
             {
               title: 'Authorities',
               link: 'instituteAuthoritiesList',
-              authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN
+              authorized: this.isAuthorizedUser
             }
           ],
         },

diff --git a/frontend/src/store/modules/auth.js b/frontend/src/store/modules/auth.js
@@ -70,8 +70,7 @@ export const authStore = defineStore('auth', {
     INDEPENDENT_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolIndependentAdmin,
     OFFSHORE_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolOffshoreAdmin,
     INDEPENDENT_AUTHORITY_ADMIN_ROLE: state => state.isValidIndependentAuthorityAdmin,
-    INSTITUTIONS_ADMINISTRATION_ADMIN: state => state.isValidSchoolAdmin || state.isValidDistrictAdmin || state.isValidSchoolIndependentAdmin || state.isValidSchoolOffshoreAdmin || state.isValidIndependentAuthorityAdmin,
-  },
+   },
   actions: {
     //sets Json web token and determines whether user is authenticated
     async setJwtToken(token = null) {