19673 - Create eft_staff role to access EFT shortname functionality (b…

…cgov#2711) * Create eft_staff role to access EFT shortname functionality * change new role to manage_eft * unit test fix * unit test fix * change role to ShortNameDetailsView
pwei1018 · Feb 7, 2024 · 7d92f60 · 7d92f60
1 parent 3d400e8
commit 7d92f60
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 5 deletions.
diff --git a/auth-api/src/auth_api/resources/v1/org.py b/auth-api/src/auth_api/resources/v1/org.py
@@ -98,8 +98,9 @@ def search_organizations():
 @bp.route('/simple', methods=['GET', 'OPTIONS'])
 @cross_origin(origins='*', methods=['GET'])
 @TRACER.trace()
+@validate_roles(allowed_roles=[Role.MANAGE_EFT.value, Role.SYSTEM.value])
 @_jwt.has_one_of_roles(
-    [Role.SYSTEM.value, Role.STAFF_VIEW_ACCOUNTS.value])
+    [Role.SYSTEM.value, Role.MANAGE_EFT.value])
 def search_simple_orgs():
     """Return simplified organization information."""
     current_app.logger.info('<search_simple_orgs')

diff --git a/auth-api/src/auth_api/utils/roles.py b/auth-api/src/auth_api/utils/roles.py
@@ -27,6 +27,7 @@ class Role(Enum):
     GOV_ACCOUNT_USER = 'gov_account_user'
     ANONYMOUS_USER = 'anonymous_user'
     ACCOUNT_IDENTITY = 'account_identity'
+    MANAGE_EFT = 'manage_eft'
 
     SYSTEM = 'system'
     TESTER = 'tester'

diff --git a/auth-api/tests/unit/api/test_simple_org.py b/auth-api/tests/unit/api/test_simple_org.py
@@ -62,7 +62,7 @@ def test_simple_org_search(client, jwt, session, keycloak_mock):  # pylint:disab
                                type_code=OrgType.PREMIUM.value,
                                status_code=OrgStatus.ACTIVE.value).save()
 
-    headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_view_accounts_role)
+    headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.manage_eft_role)
 
     # Assert status filter by inactive orgs
     rv = client.get(f'/api/v1/orgs/simple?status={OrgStatus.INACTIVE.value}',

diff --git a/auth-api/tests/utilities/factory_scenarios.py b/auth-api/tests/utilities/factory_scenarios.py
@@ -269,6 +269,23 @@ class TestJwtClaims(dict, Enum):
         'loginSource': LoginSource.STAFF.value
     }
 
+    manage_eft_role = {
+        'iss': CONFIG.JWT_OIDC_TEST_ISSUER,
+        'sub': 'f7a4a1d3-73a8-4cbc-a40f-bb1145302064',
+        'idp_userid': 'f7a4a1d3-73a8-4cbc-a40f-bb1145302064',
+        'firstname': fake.first_name(),
+        'lastname': fake.last_name(),
+        'preferred_username': fake.user_name(),
+        'realm_access': {
+            'roles': [
+                'staff',
+                'view_accounts',
+                'manage_eft'
+            ]
+        },
+        'loginSource': LoginSource.STAFF.value
+    }
+
     staff_admin_dir_search_role = {
         'iss': CONFIG.JWT_OIDC_TEST_ISSUER,
         'sub': 'f7a4a1d3-73a8-4cbc-a40f-bb1145302064',

diff --git a/auth-web/src/routes/router.ts b/auth-web/src/routes/router.ts
@@ -801,7 +801,7 @@ export function getRoutes (): RouteConfig[] {
       path: '/pay/manage-shortnames',
       name: 'manage-shortnames',
       component: ShortNameMappingView,
-      meta: { requiresAuth: true, allowedRoles: [Role.Staff] }, // TODO rewire this in #19673
+      meta: { requiresAuth: true, allowedRoles: [Role.ManageEft] },
       props: true
     },
     {
@@ -810,7 +810,7 @@ export function getRoutes (): RouteConfig[] {
       component: ShortNameDetailsView,
       meta: {
         requiresAuth: true,
-        allowedRoles: [Role.Staff],
+        allowedRoles: [Role.ManageEft],
         breadcrumb: [
           StaffDashboardBreadcrumb,
           ShortNameMappingBreadcrumb,

diff --git a/auth-web/src/util/constants.ts b/auth-web/src/util/constants.ts
@@ -44,7 +44,8 @@ export enum Role {
     GOVMAccountUser = 'gov_account_user',
     ManageGlCodes = 'manage_gl_codes',
     FasSearch = 'fas_search',
-    ViewAllTransactions = 'view_all_transactions'
+    ViewAllTransactions = 'view_all_transactions',
+    ManageEft = 'manage_eft'
 }
 
 export enum Pages {