diff --git a/backend/src/components/edx/exchange.js b/backend/src/components/edx/exchange.js
index 2fd71721c..b9d7d4971 100644
--- a/backend/src/components/edx/exchange.js
+++ b/backend/src/components/edx/exchange.js
@@ -1117,13 +1117,6 @@ async function getExchangeStats(req, res) {
async function createSchool(req, res) {
try {
- if (!req.session.roles.includes('SCHOOL_ADMIN')) {
- return res.status(HttpStatus.UNAUTHORIZED).json({
- status: HttpStatus.UNAUTHORIZED,
- message: 'You are not authorized to add or edit schools'
- });
- }
-
const {school, user} = req.body;
const isEmptyString = str => typeof str === 'string' && str.trim() === '';
diff --git a/backend/src/components/institute/institute.js b/backend/src/components/institute/institute.js
index 1e62f9232..5105f6ae3 100644
--- a/backend/src/components/institute/institute.js
+++ b/backend/src/components/institute/institute.js
@@ -60,9 +60,9 @@ async function addDistrictContact(req, res) {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.body.districtID);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
@@ -125,9 +125,9 @@ async function updateDistrict(req, res) {
let district = cacheService.getDistrictJSONByDistrictId(req.body.districtId);
- if (!district || !hasDistrictAdminRole(req)) {
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if (!district) {
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
const districtPayload = req.body;
@@ -158,9 +158,9 @@ async function updateDistrictContact(req, res) {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.body.districtId);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
@@ -188,9 +188,9 @@ async function deleteDistrictContact(req, res) {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.params.districtId);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
@@ -245,9 +245,9 @@ async function addNewDistrictNote(req, res) {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.body.districtId);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
const params = {
@@ -271,9 +271,9 @@ async function updateDistrictNote(req, res) {
try {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.body.districtId);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
const payload = {
@@ -293,9 +293,9 @@ async function deleteDistrictNote(req, res) {
try {
const token = getBackendToken(req);
let district = cacheService.getDistrictJSONByDistrictId(req.params.districtId);
- if(!district || !hasDistrictAdminRole(req)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!district){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'District not found'
});
}
await utils.deleteData(token, `${config.get('server:institute:instituteDistrictURL')}/${req.params.districtId}/note/${req.params.noteId}`);
@@ -345,12 +345,6 @@ async function addSchool(req, res) {
try {
const token = getBackendToken(req);
- if(!hasSchoolAdminRole(req, req.body)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
- });
- }
-
const payload = {
createUser: utils.getUser(req).idir_username,
createDate: null,
@@ -433,9 +427,9 @@ async function addNewSchoolNote(req, res) {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.body.schoolId);
- if(!school || !hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
@@ -472,9 +466,9 @@ async function updateSchoolNote(req, res) {
try {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.body.schoolId);
- if (!school || !hasSchoolAdminRole(req, school)) {
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if (!school) {
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
const payload = {
@@ -494,9 +488,9 @@ async function deleteSchoolNote(req, res) {
try {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.params.schoolId);
- if(!school || !hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
await utils.deleteData(token, `${config.get('server:institute:instituteSchoolURL')}/${req.params.schoolId}/note/${req.params.noteId}`);
@@ -512,9 +506,9 @@ async function addSchoolContact(req, res) {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.body.schoolID);
- if(!school || !hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
@@ -554,9 +548,9 @@ async function updateSchoolContact(req, res) {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.body.schoolID);
- if(!school || !hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
@@ -587,9 +581,9 @@ async function deleteSchoolContact(req, res) {
const token = getBackendToken(req);
let school = cacheService.getSchoolBySchoolID(req.params.schoolId);
- if(!school || !hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
@@ -844,20 +838,6 @@ async function updateAuthority(req, res) {
}
}
-function hasDistrictAdminRole(req){
- return req.session.roles.includes('DISTRICT_ADMIN');
-}
-
-function hasSchoolAdminRole(req, school){
- if(school.schoolCategoryCode === 'INDEPEND' || school.schoolCategoryCode === 'INDP_FNS'){
- return req.session.roles.includes('SCHOOL_ADMIN') || req.session.roles.includes('INDEPENDENT_SCHOOLS_ADMIN');
- } else if(school.schoolCategoryCode === 'OFFSHORE'){
- return req.session.roles.includes('SCHOOL_ADMIN') || req.session.roles.includes('OFFSHORE_SCHOOLS_ADMIN');
- }
-
- return req.session.roles.includes('SCHOOL_ADMIN');
-}
-
function hasAuthorityAdminRole(req, authority){
if(authority?.authorityTypeCode === 'INDEPENDNT') {
return req.session.roles.includes('INDEPENDENT_AUTHORITY_ADMIN') || req.session.roles.includes('INDEPENDENT_SCHOOLS_ADMIN');
@@ -984,9 +964,9 @@ async function updateSchool(req, res) {
let school = cacheService.getSchoolBySchoolID(req.body.schoolId);
- if (!school || !hasSchoolAdminRole(req, school)) {
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if (!school) {
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
const payload = req.body;
@@ -1086,13 +1066,6 @@ async function getSchoolsPaginated(req, res){
async function moveSchool(req, res) {
try {
const token = getBackendToken(req);
-
- if(!hasSchoolAdminRole(req, req.body.toSchool)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
- });
- }
-
let school = cacheService.getSchoolBySchoolID(req.body.fromSchoolId);
if(!school || school.schoolCategoryCode === 'OFFSHORE') {
diff --git a/backend/src/components/roles.js b/backend/src/components/roles.js
index 64e968085..163eabc20 100644
--- a/backend/src/components/roles.js
+++ b/backend/src/components/roles.js
@@ -39,8 +39,6 @@ const roles = {
//Help functions created in auth module: isValidStaffAdministrationAdmin
StaffAdministration: config.get('server:administration:roleAdmin'),
NominalRoll: config.get('server:nominalRoll:roleAdmin'),
- District: 'DISTRICT_ADMIN',
- School: 'SCHOOL_ADMIN',
SchoolIndependent: 'INDEPENDENT_SCHOOLS_ADMIN',
IndependentAuthority: 'INDEPENDENT_AUTHORITY_ADMIN',
SchoolOffshore: 'OFFSHORE_SCHOOLS_ADMIN'
diff --git a/backend/src/components/sdc/sdc.js b/backend/src/components/sdc/sdc.js
index 07756307c..994de54e0 100644
--- a/backend/src/components/sdc/sdc.js
+++ b/backend/src/components/sdc/sdc.js
@@ -9,15 +9,7 @@ async function getFundingGroupDataForSchool(req, res) {
try {
const accessToken = getBackendToken(req);
validateAccessToken(accessToken, res);
-
- let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
-
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
- });
- }
-
+
const data = await getData(accessToken, `${config.get('sdc:fundingGroupDataURL')}/search/${req.params.schoolID}`);
return res.status(HttpStatus.OK).json(data);
} catch (e) {
@@ -29,16 +21,7 @@ async function getFundingGroupDataForSchool(req, res) {
async function getSnapshotFundingDataForSchool(req, res) {
try {
const accessToken = getBackendToken(req);
- validateAccessToken(accessToken, res);
-
- let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
-
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
- });
- }
-
+ validateAccessToken(accessToken, res);
const data = await getData(accessToken, `${config.get('sdc:fundingGroupDataURL')}/snapshot/${req.params.schoolID}/${req.params.collectionID}`);
return res.status(HttpStatus.OK).json(data);
} catch (e) {
@@ -53,10 +36,9 @@ async function deleteFundingDataForSchool(req, res) {
validateAccessToken(accessToken, res);
let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
-
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(!school){
+ return res.status(HttpStatus.NOT_FOUND).json({
+ message: 'School not found'
});
}
@@ -75,9 +57,9 @@ async function updateFundingDataForSchool(req, res) {
let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+ if(school?.schoolCategoryCode !== 'INDEPEND' && school?.schoolCategoryCode !== 'INDP_FNS') {
+ return res.status(HttpStatus.BAD_REQUEST).json({
+ message: 'Unable to update funding code for this school category'
});
}
@@ -100,10 +82,10 @@ async function addNewFundingForSchool(req, res) {
validateAccessToken(accessToken, res);
let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
-
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
+
+ if(school?.schoolCategoryCode !== 'INDEPEND' && school?.schoolCategoryCode !== 'INDP_FNS') {
+ return res.status(HttpStatus.BAD_REQUEST).json({
+ message: 'Unable to add funding code for this school category'
});
}
@@ -122,16 +104,7 @@ async function addNewFundingForSchool(req, res) {
async function getAllCollectionsForSchool(req, res) {
try {
const accessToken = getBackendToken(req);
- validateAccessToken(accessToken, res);
-
- let school = cacheService.getSchoolBySchoolID(req.params.schoolID);
-
- if(!hasSchoolAdminRole(req, school)){
- return res.status(HttpStatus.UNAUTHORIZED).json({
- message: 'You do not have the required access for this function'
- });
- }
-
+ validateAccessToken(accessToken, res);
const data = await getData(accessToken, `${config.get('sdc:schoolCollectionURL')}/searchAll/${req.params.schoolID}`);
return res.status(HttpStatus.OK).json(data);
} catch (e) {
@@ -140,15 +113,6 @@ async function getAllCollectionsForSchool(req, res) {
}
}
-function hasSchoolAdminRole(req, school){
- if(school.schoolCategoryCode === 'INDEPEND' || school.schoolCategoryCode === 'INDP_FNS'){
- return req.session.roles.includes('SCHOOL_ADMIN') || req.session.roles.includes('INDEPENDENT_SCHOOLS_ADMIN');
- }
-
- return req.session.roles.includes('SCHOOL_ADMIN');
-}
-
-
module.exports = {
getFundingGroupDataForSchool,
deleteFundingDataForSchool,
diff --git a/backend/src/routes/edx-router.js b/backend/src/routes/edx-router.js
index 105bc8dd1..b9b1bd6ac 100644
--- a/backend/src/routes/edx-router.js
+++ b/backend/src/routes/edx-router.js
@@ -92,6 +92,6 @@ router.post('/exchange/:secureExchangeID/documents', passport.authenticate('jwt'
router.get('/exchange/:secureExchangeID/documents/:documentId', auth.isValidExchangeUserToken, getExchangeDocumentById());
// Create School Saga
-router.post('/create-school', passport.authenticate('jwt', {session: false}, undefined), auth.isValidSchoolAdmin, createSchool);
+router.post('/create-school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), createSchool);
module.exports = router;
diff --git a/backend/src/routes/institute.js b/backend/src/routes/institute.js
index 2544b0b3e..5ed545ccc 100644
--- a/backend/src/routes/institute.js
+++ b/backend/src/routes/institute.js
@@ -19,25 +19,25 @@ router.get('/district', passport.authenticate('jwt', {session: false}, undefined
router.get('/district/:districtId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_DISTRICT_PERMISSION), extendSession, getDistrictByDistrictID);
-router.put('/district/:districtId', passport.authenticate('jwt', {session: false}, undefined), auth.isValidDistrictAdmin, extendSession, updateDistrict);
+router.put('/district/:districtId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, updateDistrict);
router.get('/studentRegistrationContacts', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, getStudentRegistrationContacts);
router.get('/studentRegistrationContact/:mincode', passport.authenticate('jwt', {session: false}, undefined), extendSession, getStudentRegistrationContactByMincode);
-router.put('/district/contact/:contactId', passport.authenticate('jwt', {session: false}, undefined), auth.isValidDistrictAdmin, extendSession, updateDistrictContact);
+router.put('/district/contact/:contactId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, updateDistrictContact);
-router.delete('/district/contact/:districtId/:contactId', passport.authenticate('jwt', {session: false}, undefined), auth.isValidDistrictAdmin, extendSession, deleteDistrictContact);
+router.delete('/district/contact/:districtId/:contactId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, deleteDistrictContact);
router.get('/district/:districtId/notes', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_DISTRICT_PERMISSION), extendSession, getDistrictNotes);
-router.post('/district/note', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addNewDistrictNote);
+router.post('/district/note', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, addNewDistrictNote);
-router.put('/district/note/:noteId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateDistrictNote);
+router.put('/district/note/:noteId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, updateDistrictNote);
-router.delete('/district/note/:districtId/:noteId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, deleteDistrictNote);
+router.delete('/district/note/:districtId/:noteId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, deleteDistrictNote);
-router.post('/district/contact', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addDistrictContact);
+router.post('/district/contact', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_DISTRICT_PERMISSION), extendSession, addDistrictContact);
router.put('/authority/contact/:contactId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateAuthorityContact);
@@ -49,33 +49,33 @@ router.post('/authority/contact', passport.authenticate('jwt', {session: false},
router.get('/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchools);
-router.post('/school', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addSchool);
+router.post('/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, addSchool);
router.get('/school/:schoolId/notes', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchoolNotes);
-router.post('/school/note', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addNewSchoolNote);
+router.post('/school/note', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, addNewSchoolNote);
-router.put('/school/note/:noteId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateSchoolNote);
+router.put('/school/note/:noteId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, updateSchoolNote);
-router.delete('/school/note/:schoolId/:noteId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, deleteSchoolNote);
+router.delete('/school/note/:schoolId/:noteId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, deleteSchoolNote);
-router.delete('/school/contact/:schoolId/:contactId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, deleteSchoolContact);
+router.delete('/school/contact/:schoolId/:contactId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, deleteSchoolContact);
-router.put('/school/contact/:contactId', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateSchoolContact);
+router.put('/school/contact/:contactId', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, updateSchoolContact);
-router.post('/school/contact', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addSchoolContact);
+router.post('/school/contact', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, addSchoolContact);
router.get('/school/:id', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchoolByID);
router.get('/school/mincode/:mincode', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchoolByMincode);
-router.put('/school/:id', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateSchool);
+router.put('/school/:id', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, updateSchool);
router.get('/schoolsPaginated', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchoolsPaginated);
router.get('/schoolHistoryPaginated', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getSchoolHistoryPaginated);
-router.post('/school/moveSchool', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, moveSchool);
+router.post('/school/moveSchool', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, moveSchool);
router.get('/authoritiesPaginated', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_AUTHORITY_PERMISSION), extendSession, getAuthoritiesPaginated);
diff --git a/backend/src/routes/sdc.js b/backend/src/routes/sdc.js
index 64116e7ce..0cf53ea22 100644
--- a/backend/src/routes/sdc.js
+++ b/backend/src/routes/sdc.js
@@ -2,20 +2,21 @@ const passport = require('passport');
const express = require('express');
const router = express.Router();
const utils = require('../components/utils');
+const perm = require('../util/Permission');
const extendSession = utils.extendSession();
const { getFundingGroupDataForSchool, deleteFundingDataForSchool, updateFundingDataForSchool,
getSnapshotFundingDataForSchool, addNewFundingForSchool, getAllCollectionsForSchool} = require('../components/sdc/sdc');
-const auth = require('../components/auth');
const {getCachedSDCData} = require('../components/sdc/sdc-cache');
const constants = require('../util/constants');
+const PERMISSION = perm.PERMISSION;
-router.post('/funding-groups/:schoolID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, addNewFundingForSchool);
-router.get('/funding-groups/:schoolID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, getFundingGroupDataForSchool);
-router.delete('/funding-groups/:schoolID/funding/:schoolFundingGroupID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, deleteFundingDataForSchool);
-router.put('/funding-groups/:schoolID/funding/:schoolFundingGroupID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, updateFundingDataForSchool);
-router.get('/funding-groups/snapshot/:schoolID/:collectionID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, getSnapshotFundingDataForSchool);
+router.post('/funding-groups/:schoolID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, addNewFundingForSchool);
+router.get('/funding-groups/:schoolID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, getFundingGroupDataForSchool);
+router.delete('/funding-groups/:schoolID/funding/:schoolFundingGroupID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, deleteFundingDataForSchool);
+router.put('/funding-groups/:schoolID/funding/:schoolFundingGroupID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, updateFundingDataForSchool);
+router.get('/funding-groups/snapshot/:schoolID/:collectionID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, getSnapshotFundingDataForSchool);
-router.get('/funding-groups', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, getCachedSDCData(constants.CACHE_KEYS.SDC_FUNDING_GROUPS, 'sdc:fundingGroupsURL'));
-router.get('/sdcSchoolCollection/:schoolID', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, getAllCollectionsForSchool);
+router.get('/funding-groups', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.VIEW_SCHOOL_PERMISSION), extendSession, getCachedSDCData(constants.CACHE_KEYS.SDC_FUNDING_GROUPS, 'sdc:fundingGroupsURL'));
+router.get('/sdcSchoolCollection/:schoolID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.EDIT_SCHOOL_PERMISSION), extendSession, getAllCollectionsForSchool);
module.exports = router;
diff --git a/backend/src/util/Permission.js b/backend/src/util/Permission.js
index 49fd64745..a8161d898 100644
--- a/backend/src/util/Permission.js
+++ b/backend/src/util/Permission.js
@@ -4,7 +4,14 @@ const PERMISSION = Object.freeze(
MANAGE_EDX_SCHOOL_USERS_PERMISSION: 'MANAGE_EDX_SCHOOL_USERS_PERMISSION',
VIEW_SCHOOL_PERMISSION: 'VIEW_SCHOOL_PERMISSION',
VIEW_DISTRICT_PERMISSION: 'VIEW_DISTRICT_PERMISSION',
- VIEW_AUTHORITY_PERMISSION: 'VIEW_AUTHORITY_PERMISSION'
+ VIEW_AUTHORITY_PERMISSION: 'VIEW_AUTHORITY_PERMISSION',
+ EDIT_SCHOOL_PERMISSION: 'EDIT_SCHOOL_PERMISSION',
+ EDIT_DISTRICT_PERMISSION: 'EDIT_DISTRICT_PERMISSION',
+ EDIT_AUTHORITY_PERMISSION: 'EDIT_AUTHORITY_PERMISSION',
+ EDIT_INDEPENDENT_SCHOOL_PERMISSION: 'EDIT_INDEPENDENT_SCHOOL_PERMISSION',
+ EDIT_OFFSHORE_SCHOOL_PERMISSION: 'EDIT_OFFSHORE_SCHOOL_PERMISSION',
+ EDIT_INDEPENDENT_AUTHORITY_PERMISSION: 'EDIT_INDEPENDENT_AUTHORITY_PERMISSION',
+ EDIT_OFFSHORE_AUTHORITY_PERMISSION: 'EDIT_OFFSHORE_AUTHORITY_PERMISSION'
}
);
diff --git a/frontend/src/components/institute/DistrictDetails.vue b/frontend/src/components/institute/DistrictDetails.vue
index 33f91a62d..838546eb9 100644
--- a/frontend/src/components/institute/DistrictDetails.vue
+++ b/frontend/src/components/institute/DistrictDetails.vue
@@ -134,11 +134,15 @@
-
+
-
+
+Address
@@ -1175,6 +1175,10 @@ export default {
type: String,
required: true
},
+ hasAccess: {
+ type: Boolean,
+ required: true
+ },
},
data() {
return {
@@ -1211,7 +1215,7 @@ export default {
};
},
computed: {
- ...mapState(authStore, ['isAuthenticated', 'userInfo', 'SCHOOL_ADMIN_ROLE', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+ ...mapState(authStore, ['isAuthenticated', 'userInfo', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
...mapState(instituteStore, ['facilityTypeCodes', 'schoolCategoryTypeCodes', 'activeSchoolCategoryTypeCodes', 'schoolOrganizationTypeCodes', 'schoolReportingRequirementTypeCodes', 'schoolNeighborhoodLearningCodes', 'gradeCodes', 'provinceCodes', 'countryCodes', 'schoolCategoryFacilityTypesMap', 'gradeOptions']),
...mapState(notificationsStore, ['notification']),
dataReady: function () {
@@ -1495,7 +1499,7 @@ export default {
this.$refs.schoolDetailsForm.validate();
},
showEditLinks(fieldValue) {
- return this.canEditSchoolDetails() && !fieldValue;
+ return this.hasAccess && !fieldValue;
},
cancelClicked() {
this.editing = false;
@@ -1573,15 +1577,6 @@ export default {
});
}
},
- canEditSchoolDetails() {
- if (this.school.schoolCategoryCode && this.independentArray.includes(this.school.schoolCategoryCode)) {
- return this.INDEPENDENT_SCHOOLS_ADMIN_ROLE || this.SCHOOL_ADMIN_ROLE;
- } else if(this.school.schoolCategoryCode && this.offshoreArray.includes(this.school.schoolCategoryCode)) {
- return this.OFFSHORE_SCHOOLS_ADMIN_ROLE || this.SCHOOL_ADMIN_ROLE;
- }
- return this.SCHOOL_ADMIN_ROLE;
- },
-
async clickSameAsAddressButton() {
await this.$nextTick();
await this.$refs.schoolDetailsForm.validate();
diff --git a/frontend/src/components/institute/common/SchoolContacts.vue b/frontend/src/components/institute/common/SchoolContacts.vue
index df5d1a519..b2928fedd 100644
--- a/frontend/src/components/institute/common/SchoolContacts.vue
+++ b/frontend/src/components/institute/common/SchoolContacts.vue
@@ -35,7 +35,7 @@
@@ -173,6 +173,10 @@ export default {
type: String,
required: true
},
+ hasAccess: {
+ type: Boolean,
+ required: true
+ },
},
data() {
return {
@@ -189,19 +193,11 @@ export default {
};
},
computed: {
- ...mapState(authStore, ['isAuthenticated', 'userInfo', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'SCHOOL_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+ ...mapState(authStore, ['isAuthenticated', 'userInfo', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
...mapState(instituteStore, ['schoolContactTypeCodes', 'independentAuthoritySchoolContacts', 'offshoreSchoolContacts', 'regularSchoolContactTypes']),
loading() {
return this.loadingCount !== 0;
- },
- canAddEditSchoolContact() {
- if (this.school.schoolCategoryCode && this.independentArray.includes(this.school.schoolCategoryCode)) {
- return (this.INDEPENDENT_SCHOOLS_ADMIN_ROLE || this.SCHOOL_ADMIN_ROLE) && this.isNotClosedAndNeverOpened();
- } else if(this.school.schoolCategoryCode && this.offshoreArray.includes(this.school.schoolCategoryCode)) {
- return (this.OFFSHORE_SCHOOLS_ADMIN_ROLE || this.SCHOOL_ADMIN_ROLE) && this.isNotClosedAndNeverOpened();
- }
- return this.SCHOOL_ADMIN_ROLE && this.isNotClosedAndNeverOpened();
- },
+ }
},
watch: {
async school(value) {
diff --git a/frontend/src/components/institute/common/SchoolMove.vue b/frontend/src/components/institute/common/SchoolMove.vue
index 75d3f2fc8..a80c88e3d 100644
--- a/frontend/src/components/institute/common/SchoolMove.vue
+++ b/frontend/src/components/institute/common/SchoolMove.vue
@@ -75,6 +75,7 @@ import {getStatusAuthorityOrSchool} from '@/utils/institute/status';
import {appStore} from '@/store/modules/app';
import {authStore} from '@/store/modules/auth';
import {instituteStore} from '@/store/modules/institute';
+import { PERMISSION, hasRequiredPermission } from '@/utils/constants/Permission';
export default {
name: 'SchoolMove',
@@ -110,7 +111,7 @@ export default {
};
},
computed: {
- ...mapState(authStore, ['isAuthenticated', 'userInfo', 'SCHOOL_ADMIN_ROLE', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE']),
+ ...mapState(authStore, ['isAuthenticated', 'userInfo', 'INDEPENDENT_SCHOOLS_ADMIN_ROLE']),
...mapState(appStore, ['schoolMap', 'districtMap', 'independentAuthorityMap']),
},
watch: {
@@ -134,6 +135,7 @@ export default {
appStore().getCodes().then(() => this.getSchoolDetails());
},
methods: {
+ hasRequiredPermission,
...mapActions(instituteStore, ['schoolMovedNotification']),
getPageHeading() {
let school = this.schoolMap?.get(this.schoolID);
@@ -192,10 +194,9 @@ export default {
return formatDob(datetime.substring(0, 10), 'uuuu-MM-dd');
},
canEditSchoolDetails() {
- if (this.school.schoolCategoryCode && this.independentArray.includes(this.school.schoolCategoryCode)) {
- return this.INDEPENDENT_SCHOOLS_ADMIN_ROLE || this.SCHOOL_ADMIN_ROLE;
- }
- return this.SCHOOL_ADMIN_ROLE;
+ return this.hasRequiredPermission(this.userInfo, PERMISSION.EDIT_SCHOOL_PERMISSION) ||
+ (this.independentArray.includes(this.school?.schoolCategoryCode) &&
+ this.hasRequiredPermission(this.userInfo, PERMISSION.EDIT_INDEPENDENT_SCHOOL_PERMISSION));
},
isMoveSchoolAllowed() {
return this.school.status !== 'Closed' && this.school.status !== 'Never Opened' && this.school.schoolCategoryCode !== 'POST_SEC' && this.school.schoolCategoryCode !== 'OFFSHORE' && this.canEditSchoolDetails();
diff --git a/frontend/src/components/institute/district/Details.vue b/frontend/src/components/institute/district/Details.vue
index 5d0189c1a..c3b5dee33 100644
--- a/frontend/src/components/institute/district/Details.vue
+++ b/frontend/src/components/institute/district/Details.vue
@@ -27,7 +27,7 @@
class="d-flex justify-end"
>
@@ -704,7 +704,11 @@ export default {
districtID: {
type: String,
required: true,
- }
+ },
+ hasAccess: {
+ type: Boolean,
+ required: true
+ },
},
data() {
return {
@@ -722,7 +726,7 @@ export default {
};
},
computed: {
- ...mapState(authStore, ['DISTRICT_ADMIN_ROLE', 'OFFSHORE_SCHOOLS_ADMIN_ROLE']),
+ ...mapState(authStore, ['OFFSHORE_SCHOOLS_ADMIN_ROLE']),
...mapState(instituteStore, ['provinceCodes', 'countryCodes']),
...mapState(edxStore, ['schoolSearchParams']),
notesLoading() {
@@ -771,7 +775,7 @@ export default {
this.setHasSamePhysicalFlag();
},
showEditLinks(fieldValue) {
- return this.canEditDistrictDetails() && !fieldValue;
+ return this.hasAccess && !fieldValue;
},
setHasSamePhysicalFlag() {
this.sameAsMailingCheckbox = this.hasSamePhysicalAddress;
@@ -802,9 +806,6 @@ export default {
return 'red';
}
},
- canEditDistrictDetails() {
- return this.DISTRICT_ADMIN_ROLE;
- },
addAddressesIfRequired(district) {
let addresses = district.addresses;
if (!this.hasMailingAddress()) {
diff --git a/frontend/src/components/institute/district/DistrictContacts.vue b/frontend/src/components/institute/district/DistrictContacts.vue
index 3a5fbd7c0..f9f15bae2 100644
--- a/frontend/src/components/institute/district/DistrictContacts.vue
+++ b/frontend/src/components/institute/district/DistrictContacts.vue
@@ -37,7 +37,7 @@
@@ -229,6 +229,10 @@ export default {
required: false,
default: undefined
},
+ hasAccess: {
+ type: Boolean,
+ required: true
+ },
},
data() {
return {
@@ -249,13 +253,10 @@ export default {
};
},
computed: {
- ...mapState(authStore, ['isAuthenticated', 'userInfo', 'DISTRICT_ADMIN_ROLE']),
+ ...mapState(authStore, ['isAuthenticated', 'userInfo']),
loading() {
return this.loadingCount !== 0;
},
- canEditDistrictContact() {
- return this.DISTRICT_ADMIN_ROLE && this.districtDetails.districtStatusCode === 'ACTIVE';
- },
filteredDistrictContactTypes() {
if (!this.isFiltered) {
return this.districtContactTypes;
diff --git a/frontend/src/store/modules/auth.js b/frontend/src/store/modules/auth.js
index af6e29a24..0907f6519 100644
--- a/frontend/src/store/modules/auth.js
+++ b/frontend/src/store/modules/auth.js
@@ -27,8 +27,6 @@ export const authStore = defineStore('auth', {
isValidPenRequestBatchAnalyticsUser: localStorage.getItem('isValidPenRequestBatchAnalyticsUser') !== null,
isValidExchangeUser: localStorage.getItem('isValidExchangeUser') !== null,
isValidPenTeamRoleUser: localStorage.getItem('isValidPenTeamRoleUser') !== null,
- isValidDistrictAdmin: localStorage.getItem('isValidDistrictAdmin') !== null,
- isValidSchoolAdmin: localStorage.getItem('isValidSchoolAdmin') !== null,
isValidIndependentAuthorityAdmin: localStorage.getItem('isValidIndependentAuthorityAdmin') !== null,
isValidSchoolIndependentAdmin: localStorage.getItem('isValidSchoolIndependentAdmin') !== null,
isValidSchoolOffshoreAdmin: localStorage.getItem('isValidSchoolOffshoreAdmin') !== null,
@@ -63,8 +61,6 @@ export const authStore = defineStore('auth', {
HAS_STATS_ROLE: state => state.isValidGUMPAnalyticsUser || state.isValidPenRequestBatchAnalyticsUser,
EXCHANGE_ROLE: state => state.isValidExchangeUser,
PEN_TEAM_ROLE: state => state.isValidPenTeamRoleUser,
- DISTRICT_ADMIN_ROLE: state => state.isValidDistrictAdmin,
- SCHOOL_ADMIN_ROLE: state => state.isValidSchoolAdmin,
INDEPENDENT_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolIndependentAdmin,
OFFSHORE_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolOffshoreAdmin,
INDEPENDENT_AUTHORITY_ADMIN_ROLE: state => state.isValidIndependentAuthorityAdmin,
@@ -242,24 +238,6 @@ export const authStore = defineStore('auth', {
localStorage.removeItem('isValidPenTeamRoleUser');
}
},
- async setIsValidDistrictAdmin(isValidDistrictAdmin) {
- if (isValidDistrictAdmin) {
- this.isValidDistrictAdmin = true;
- localStorage.setItem('isValidDistrictAdmin', 'true');
- } else {
- this.isValidDistrictAdmin = false;
- localStorage.removeItem('isValidDistrictAdmin');
- }
- },
- async setIsValidSchoolAdmin(isValidSchoolAdmin) {
- if (isValidSchoolAdmin) {
- this.isValidSchoolAdmin = true;
- localStorage.setItem('isValidSchoolAdmin', 'true');
- } else {
- this.isValidSchoolAdmin = false;
- localStorage.removeItem('isValidSchoolAdmin');
- }
- },
async setIsValidSchoolIndependentAdmin(isValidSchoolIndependentAdmin) {
if (isValidSchoolIndependentAdmin) {
this.isValidSchoolIndependentAdmin = true;
@@ -360,8 +338,6 @@ export const authStore = defineStore('auth', {
await this.setPenRequestBatchAnalytics(response.isValidPenRequestBatchAnalyticsUser);
await this.setExchangeUser(response.isValidExchangeUser);
await this.setIsValidPenTeamRoleUser(response.isValidPenTeamRoleUser);
- await this.setIsValidDistrictAdmin(response.isValidDistrictAdmin);
- await this.setIsValidSchoolAdmin(response.isValidSchoolAdmin);
await this.setIsValidSchoolIndependentAdmin(response.isValidSchoolIndependentAdmin);
await this.setIsValidSchoolOffshoreAdmin(response.isValidSchoolOffshoreAdmin);
await this.setIsValidIndependentAuthorityAdmin(response.isValidIndependentAuthorityAdmin);
diff --git a/frontend/src/utils/constants/Permission.js b/frontend/src/utils/constants/Permission.js
index 3815e652f..95d11b95e 100644
--- a/frontend/src/utils/constants/Permission.js
+++ b/frontend/src/utils/constants/Permission.js
@@ -16,7 +16,21 @@ export const PERMISSION = Object.freeze(
VIEW_DISTRICT_PERMISSION: 'VIEW_DISTRICT_PERMISSION',
- VIEW_AUTHORITY_PERMISSION: 'VIEW_AUTHORITY_PERMISSION'
+ VIEW_AUTHORITY_PERMISSION: 'VIEW_AUTHORITY_PERMISSION',
+
+ EDIT_SCHOOL_PERMISSION: 'EDIT_SCHOOL_PERMISSION',
+
+ EDIT_DISTRICT_PERMISSION: 'EDIT_DISTRICT_PERMISSION',
+
+ EDIT_AUTHORITY_PERMISSION: 'EDIT_AUTHORITY_PERMISSION',
+
+ EDIT_INDEPENDENT_SCHOOL_PERMISSION: 'EDIT_INDEPENDENT_SCHOOL_PERMISSION',
+
+ EDIT_OFFSHORE_SCHOOL_PERMISSION: 'EDIT_OFFSHORE_SCHOOL_PERMISSION',
+
+ EDIT_INDEPENDENT_AUTHORITY_PERMISSION: 'EDIT_INDEPENDENT_AUTHORITY_PERMISSION',
+
+ EDIT_OFFSHORE_AUTHORITY_PERMISSION: 'EDIT_OFFSHORE_AUTHORITY_PERMISSION'
}
);
diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh
index 68cfa1bb5..556d42bd2 100644
--- a/tools/config/update-configmap.sh
+++ b/tools/config/update-configmap.sh
@@ -434,7 +434,7 @@ BANNER_COLOR="$bannerColor"
WEB_SOCKET_URL="wss://$SERVER_FRONTEND/api/socket"
echo Creating config map $APP_NAME-backend-config-map
-oc create -n $PEN_NAMESPACE-$envValue configmap $APP_NAME-backend-config-map --from-literal=WEB_SOCKET_URL="$WEB_SOCKET_URL" --from-literal=BANNER_COLOR="$BANNER_COLOR" --from-literal=BANNER_ENVIRONMENT="$BANNER_ENVIRONMENT" --from-literal=TZ=$TZVALUE --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY_VAL" --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$siteMinderLogoutUrl" --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY_VAL" --from-literal=ID=$APP_NAME-soam --from-literal=SECRET=$studentAdminClientSecret --from-literal=SERVER_FRONTEND=https://$SERVER_FRONTEND --from-literal=ISSUER=STUDENT_ADMIN_APPLICATION --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" --from-literal=PEN_REQUEST_EMAIL_API_URL="http://student-profile-email-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/gmp" --from-literal=PEN_REQUEST_API_URL="http://pen-request-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-request" --from-literal=DISCOVERY=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/.well-known/openid-configuration --from-literal=KC_DOMAIN=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID --from-literal=PEN_DEMOGRAPHICS_URL="http://pen-demographics-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080" --from-literal=DIGITAL_ID_URL="http://digitalid-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/digital-id" --from-literal=STUDENT_API_URL="http://student-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student" --from-literal=LOG_LEVEL=info --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir --from-literal=REDIS_HOST=redis --from-literal=REDIS_PORT=6379 --from-literal=STUDENT_PROFILE_API_URL="http://student-profile-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile" --from-literal=SCHOOL_API_URL="http://school-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=STUDENT_PROFILE_EMAIL_API_URL="http://student-profile-email-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/ump" --from-literal=PROFILE_REQUEST_SAGA_API_URL="http://student-profile-saga-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile-saga" --from-literal=NATS_URL="$NATS_URL" --from-literal=NATS_CLUSTER="$NATS_CLUSTER" --from-literal=UMP_ROLES="STUDENT_PROFILE_ADMIN,STUDENT_PROFILE_READ_ONLY" --from-literal=GMP_ROLES="STUDENT_ADMIN,STUDENT_ADMIN_READ_ONLY" --from-literal=STUDENT_SEARCH_ADMIN="STUDENT_SEARCH_ADMIN" --from-literal=STUDENT_SEARCH_ROLES="STUDENT_SEARCH_ADMIN,STUDENT_SEARCH_READ_ONLY" --from-literal=STUDENT_ADMIN_ADMINISTRATOR="STUDENT_ADMIN_ADMINISTRATOR" --from-literal=UMP_ROLE_ADMIN="STUDENT_PROFILE_ADMIN" --from-literal=GMP_ROLE_ADMIN="STUDENT_ADMIN" --from-literal=PEN_REQUEST_BATCH_ADMIN="PEN_REQUEST_BATCH_ADMIN" --from-literal=EDX_ADMIN="EDX_ADMIN" --from-literal=PEN_REQUEST_BATCH_API_URL="http://pen-reg-batch-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=PEN_MATCH_API_URL="http://pen-match-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-match" --from-literal=SESSION_MAX_AGE=$sessionMaxAge --from-literal=TOKEN_EXPIRES_IN=$tokenExpiresIn --from-literal=SCHEDULER_CRON_STALE_SAGA_RECORD_REDIS="0/30 * * * * *" --from-literal=MIN_TIME_BEFORE_SAGA_IS_STALE_IN_SECONDS=10 --from-literal=PEN_SERVICES_API_URL="http://pen-services-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-services" --from-literal=PEN_TRAX_API_URL="http://pen-trax-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=SLD_API_URL="http://sld-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=QUEUE_GROUP_NAME="student-admin-node-queue-group" --from-literal=STAN_ENABLED="true" --from-literal=NODE_ENV="openshift" --from-literal=SCHEDULER_CRON_DOC_TYPE_MIGRATION="$SCHEDULER_CRON_DOC_TYPE_MIGRATION" --from-literal=ENABLE_PRR_STUDENT_DEMOGRAPHICS="$ENABLE_PRR_STUDENT_DEMOGRAPHICS" --from-literal=NOMINAL_ROLL="NOMINAL_ROLL_EDIT" --from-literal=MACRO_API_URL="http://macro-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/macro" --from-literal=NOMINAL_ROLL_API_URL="http://pen-nominal-roll-api-main.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/nominal-roll" --from-literal=STUDENT_ANALYTICS_STUDENT_PROFILE="STUDENT_ANALYTICS_STUDENT_PROFILE" --from-literal=STUDENT_ANALYTICS_BATCH="STUDENT_ANALYTICS_BATCH" --from-literal=NOMINAL_ROLL_ROLES="NOMINAL_ROLL,NOMINAL_ROLL_EDIT" --from-literal=EDX_API_URL="http://edx-api-master.$EDX_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/edx" --from-literal=SDC_API_URL="http://student-data-collection-api-master.$EDX_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-data-collection" --from-literal=INSTITUTE_API_URL="http://institute-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/institute" --from-literal=EDX_PEN_TEAM_ROLES="PEN_TEAM_ROLE" --from-literal=INSTITUTE_ROLES="SCHOOL_ADMIN,DISTRICT_ADMIN,INDEPENDENT_SCHOOLS_ADMIN,INDEPENDENT_AUTHORITY_ADMIN,OFFSHORE_SCHOOLS_ADMIN" --from-literal=DISABLE_SDC_FUNCTIONALITY=$disableSdcFunctionality --dry-run -o yaml | oc apply -f -
+oc create -n $PEN_NAMESPACE-$envValue configmap $APP_NAME-backend-config-map --from-literal=WEB_SOCKET_URL="$WEB_SOCKET_URL" --from-literal=BANNER_COLOR="$BANNER_COLOR" --from-literal=BANNER_ENVIRONMENT="$BANNER_ENVIRONMENT" --from-literal=TZ=$TZVALUE --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY_VAL" --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$siteMinderLogoutUrl" --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY_VAL" --from-literal=ID=$APP_NAME-soam --from-literal=SECRET=$studentAdminClientSecret --from-literal=SERVER_FRONTEND=https://$SERVER_FRONTEND --from-literal=ISSUER=STUDENT_ADMIN_APPLICATION --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" --from-literal=PEN_REQUEST_EMAIL_API_URL="http://student-profile-email-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/gmp" --from-literal=PEN_REQUEST_API_URL="http://pen-request-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-request" --from-literal=DISCOVERY=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/.well-known/openid-configuration --from-literal=KC_DOMAIN=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID --from-literal=PEN_DEMOGRAPHICS_URL="http://pen-demographics-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080" --from-literal=DIGITAL_ID_URL="http://digitalid-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/digital-id" --from-literal=STUDENT_API_URL="http://student-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student" --from-literal=LOG_LEVEL=info --from-literal=IDIR_IDP_HINT=keycloak_bcdevexchange_idir --from-literal=REDIS_HOST=redis --from-literal=REDIS_PORT=6379 --from-literal=STUDENT_PROFILE_API_URL="http://student-profile-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile" --from-literal=SCHOOL_API_URL="http://school-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=STUDENT_PROFILE_EMAIL_API_URL="http://student-profile-email-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/ump" --from-literal=PROFILE_REQUEST_SAGA_API_URL="http://student-profile-saga-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile-saga" --from-literal=NATS_URL="$NATS_URL" --from-literal=NATS_CLUSTER="$NATS_CLUSTER" --from-literal=UMP_ROLES="STUDENT_PROFILE_ADMIN,STUDENT_PROFILE_READ_ONLY" --from-literal=GMP_ROLES="STUDENT_ADMIN,STUDENT_ADMIN_READ_ONLY" --from-literal=STUDENT_SEARCH_ADMIN="STUDENT_SEARCH_ADMIN" --from-literal=STUDENT_SEARCH_ROLES="STUDENT_SEARCH_ADMIN,STUDENT_SEARCH_READ_ONLY" --from-literal=STUDENT_ADMIN_ADMINISTRATOR="STUDENT_ADMIN_ADMINISTRATOR" --from-literal=UMP_ROLE_ADMIN="STUDENT_PROFILE_ADMIN" --from-literal=GMP_ROLE_ADMIN="STUDENT_ADMIN" --from-literal=PEN_REQUEST_BATCH_ADMIN="PEN_REQUEST_BATCH_ADMIN" --from-literal=EDX_ADMIN="EDX_ADMIN" --from-literal=PEN_REQUEST_BATCH_API_URL="http://pen-reg-batch-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=PEN_MATCH_API_URL="http://pen-match-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-match" --from-literal=SESSION_MAX_AGE=$sessionMaxAge --from-literal=TOKEN_EXPIRES_IN=$tokenExpiresIn --from-literal=SCHEDULER_CRON_STALE_SAGA_RECORD_REDIS="0/30 * * * * *" --from-literal=MIN_TIME_BEFORE_SAGA_IS_STALE_IN_SECONDS=10 --from-literal=PEN_SERVICES_API_URL="http://pen-services-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-services" --from-literal=PEN_TRAX_API_URL="http://pen-trax-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=SLD_API_URL="http://sld-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1" --from-literal=QUEUE_GROUP_NAME="student-admin-node-queue-group" --from-literal=STAN_ENABLED="true" --from-literal=NODE_ENV="openshift" --from-literal=SCHEDULER_CRON_DOC_TYPE_MIGRATION="$SCHEDULER_CRON_DOC_TYPE_MIGRATION" --from-literal=ENABLE_PRR_STUDENT_DEMOGRAPHICS="$ENABLE_PRR_STUDENT_DEMOGRAPHICS" --from-literal=NOMINAL_ROLL="NOMINAL_ROLL_EDIT" --from-literal=MACRO_API_URL="http://macro-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/macro" --from-literal=NOMINAL_ROLL_API_URL="http://pen-nominal-roll-api-main.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/nominal-roll" --from-literal=STUDENT_ANALYTICS_STUDENT_PROFILE="STUDENT_ANALYTICS_STUDENT_PROFILE" --from-literal=STUDENT_ANALYTICS_BATCH="STUDENT_ANALYTICS_BATCH" --from-literal=NOMINAL_ROLL_ROLES="NOMINAL_ROLL,NOMINAL_ROLL_EDIT" --from-literal=EDX_API_URL="http://edx-api-master.$EDX_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/edx" --from-literal=SDC_API_URL="http://student-data-collection-api-master.$EDX_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-data-collection" --from-literal=INSTITUTE_API_URL="http://institute-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/institute" --from-literal=EDX_PEN_TEAM_ROLES="PEN_TEAM_ROLE" --from-literal=INSTITUTE_ROLES="INDEPENDENT_SCHOOLS_ADMIN,INDEPENDENT_AUTHORITY_ADMIN,OFFSHORE_SCHOOLS_ADMIN" --from-literal=DISABLE_SDC_FUNCTIONALITY=$disableSdcFunctionality --dry-run -o yaml | oc apply -f -
echo
echo Setting environment variables for $APP_NAME-backend-$SOAM_KC_REALM_ID application
oc -n $PEN_NAMESPACE-$envValue set env --from=configmap/$APP_NAME-backend-config-map dc/$APP_NAME-backend-$SOAM_KC_REALM_ID