24652 - updates for KC group contact_centre_staff (#1865)

bcgov · Dec 18, 2024 · 61e653d · 61e653d
1 parent 6f26f1c
commit 61e653d
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 11 deletions.
diff --git a/pay-api/src/pay_api/resources/v1/account.py b/pay-api/src/pay_api/resources/v1/account.py
@@ -268,10 +268,12 @@ def post_search_purchase_history(account_number: str):
         return error_to_response(Error.INVALID_REQUEST, invalid_params="account_number")
 
     any_org_transactions = request.args.get("viewAll", None) == "true"
-    required_roles = (
-        [Role.EDITOR.value, Role.VIEW_ALL_TRANSACTIONS.value] if any_org_transactions else [Role.EDITOR.value]
-    )
-    check_auth(business_identifier=None, account_id=account_number, all_of_roles=required_roles)
+    if any_org_transactions:
+        check_auth(business_identifier=None, account_id=account_number,
+                   all_of_roles=[Role.EDITOR.value, Role.VIEW_ALL_TRANSACTIONS.value])
+    else:
+        check_auth(business_identifier=None, account_id=account_number,
+                   one_of_roles=[Role.EDITOR.value, Role.VIEW_ACCOUNT_TRANSACTIONS.value])
 
     account_to_search = None if any_org_transactions else account_number
     page: int = int(request.args.get("page", "1"))
@@ -306,7 +308,8 @@ def post_account_purchase_report(account_number: str):
         report_name = f"{report_name}.csv"
 
     # Check if user is authorized to perform this action
-    check_auth(business_identifier=None, account_id=account_number, contains_role=EDIT_ROLE)
+    check_auth(business_identifier=None, account_id=account_number,
+               one_of_roles=[EDIT_ROLE, Role.VIEW_ACCOUNT_TRANSACTIONS.value])
     try:
         report = Payment.create_payment_report(account_number, request_json, response_content_type, report_name)
         response = Response(report, 201)

diff --git a/pay-api/src/pay_api/resources/v1/account_statements.py b/pay-api/src/pay_api/resources/v1/account_statements.py
@@ -23,7 +23,7 @@
 from pay_api.utils.auth import jwt as _jwt
 from pay_api.utils.constants import EDIT_ROLE
 from pay_api.utils.endpoints_enums import EndpointEnum
-from pay_api.utils.enums import ContentType
+from pay_api.utils.enums import ContentType, Role
 from pay_api.utils.util import string_to_bool
 
 bp = Blueprint(
@@ -40,7 +40,7 @@ def get_account_statements(account_id):
     """Get all statements records for an account."""
     current_app.logger.info("<get_account_statements")
     # Check if user is authorized to perform this action
-    check_auth(business_identifier=None, account_id=account_id, contains_role=EDIT_ROLE)
+    check_auth(business_identifier=None, account_id=account_id, one_of_roles=[EDIT_ROLE, Role.VIEW_STATEMENTS.value])
 
     page: int = int(request.args.get("page", "1"))
     limit: int = int(request.args.get("limit", "10"))
@@ -63,7 +63,8 @@ def get_account_statement(account_id: str, statement_id: str):
     response_content_type = request.headers.get("Accept", ContentType.PDF.value)
 
     # Check if user is authorized to perform this action
-    auth = check_auth(business_identifier=None, account_id=account_id, contains_role=EDIT_ROLE)
+    auth = check_auth(business_identifier=None, account_id=account_id, one_of_roles=[EDIT_ROLE,
+                                                                                     Role.VIEW_STATEMENTS.value])
 
     report, report_name = StatementService.get_statement_report(
         statement_id=statement_id, content_type=response_content_type, auth=auth

diff --git a/pay-api/src/pay_api/resources/v1/account_statements_notifications.py b/pay-api/src/pay_api/resources/v1/account_statements_notifications.py
@@ -24,6 +24,7 @@
 from pay_api.utils.auth import jwt as _jwt
 from pay_api.utils.constants import CHANGE_STATEMENT_SETTINGS, EDIT_ROLE
 from pay_api.utils.endpoints_enums import EndpointEnum
+from pay_api.utils.enums import Role
 from pay_api.utils.errors import Error
 
 bp = Blueprint(
@@ -44,7 +45,7 @@ def get_account_notifications(account_id):
     check_auth(
         business_identifier=None,
         account_id=account_id,
-        contains_role=EDIT_ROLE,
+        one_of_roles=[EDIT_ROLE, Role.VIEW_STATEMENT_SETTINGS.value],
         is_premium=True,
     )
     statement_notification_details = StatementRecipients.find_statement_notification_details(account_id)

diff --git a/pay-api/src/pay_api/resources/v1/account_statements_settings.py b/pay-api/src/pay_api/resources/v1/account_statements_settings.py
@@ -23,6 +23,7 @@
 from pay_api.utils.auth import jwt as _jwt
 from pay_api.utils.constants import CHANGE_STATEMENT_SETTINGS, EDIT_ROLE
 from pay_api.utils.endpoints_enums import EndpointEnum
+from pay_api.utils.enums import Role
 
 bp = Blueprint(
     "ACCOUNT_SETTINGS",
@@ -42,7 +43,7 @@ def get_account_statement_settings(account_id):
     check_auth(
         business_identifier=None,
         account_id=account_id,
-        contains_role=EDIT_ROLE,
+        one_of_roles=[EDIT_ROLE, Role.VIEW_STATEMENT_SETTINGS.value],
         is_premium=True,
     )
 

diff --git a/pay-api/src/pay_api/utils/enums.py b/pay-api/src/pay_api/utils/enums.py
@@ -141,6 +141,9 @@ class Role(Enum):
     EFT_REFUND = "eft_refund"
     EFT_REFUND_APPROVER = "eft_refund_approver"
     TIP_INTERNAL_PAYMENT_OVERRIDE = "tip_internal_payment_override"
+    VIEW_STATEMENTS = "view_statements"
+    VIEW_STATEMENT_SETTINGS = "view_statement_settings"
+    VIEW_ACCOUNT_TRANSACTIONS = "view_account_transactions"
 
 
 class Code(Enum):

diff --git a/pay-api/src/pay_api/version.py b/pay-api/src/pay_api/version.py
@@ -22,4 +22,4 @@
 Development release segment: .devN
 """
 
-__version__ = "1.22.11"  # pylint: disable=invalid-name
+__version__ = "1.22.13"  # pylint: disable=invalid-name