Permission Changes For LoA And Special Auth (#1624)

bcgov · Sep 27, 2024 · 21fa121 · 21fa121
1 parent 5e14488
commit 21fa121
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 11 deletions.
diff --git a/vehicles/src/modules/special-auth/loa.controller.ts b/vehicles/src/modules/special-auth/loa.controller.ts
@@ -40,10 +40,14 @@ import { LoaIdPathParamDto } from './dto/request/pathParam/loa-Id.path-params.dt
 import { GetDocumentQueryParamsDto } from '../common/dto/request/queryParam/getDocument.query-params.dto';
 import { IsFeatureFlagEnabled } from '../../common/decorator/is-feature-flag-enabled.decorator';
 import { Permissions } from 'src/common/decorator/permissions.decorator';
-import { Claim } from 'src/common/enum/claims.enum';
 import { ReadLoaDto } from './dto/response/read-loa.dto';
 import { GetLoaQueryParamsDto } from './dto/request/queryParam/get-loa.query-params.dto';
 import { UpdateLoaFileDto } from './dto/request/update-loa-file.dto';
+import {
+  CLIENT_USER_ROLE_LIST,
+  IDIR_USER_ROLE_LIST,
+  IDIRUserRole,
+} from 'src/common/enum/user-role.enum';
 
 @ApiBearerAuth()
 @ApiTags('Letter of Authorization (LoA)')
@@ -78,7 +82,12 @@ export class LoaController {
     type: ReadLoaDto,
   })
   @ApiConsumes('multipart/form-data')
-  @Permissions({ claim: Claim.WRITE_LOA })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Post()
   @UseInterceptors(FileInterceptor('file'), JsonReqBodyInterceptor)
   async create(
@@ -109,6 +118,10 @@ export class LoaController {
     summary: 'Get all LoA for a company.',
     description: 'Returns all LOAs for a company in the database.',
   })
+  @Permissions({
+    allowedIdirRoles: IDIR_USER_ROLE_LIST,
+    allowedBCeIDRoles: CLIENT_USER_ROLE_LIST,
+  })
   @Get()
   async get(
     @Param() { companyId }: CompanyIdPathParamDto,
@@ -125,7 +138,10 @@ export class LoaController {
     summary: 'Get LoA by Id.',
     description: 'Returns the LoA object from the database.',
   })
-  @Permissions({ claim: Claim.READ_LOA })
+  @Permissions({
+    allowedIdirRoles: IDIR_USER_ROLE_LIST,
+    allowedBCeIDRoles: CLIENT_USER_ROLE_LIST,
+  })
   @Get('/:loaId')
   async getById(
     @Req() request: Request,
@@ -141,7 +157,12 @@ export class LoaController {
     description: 'Updates and returns the LoA object from the database.',
   })
   @ApiConsumes('multipart/form-data')
-  @Permissions({ claim: Claim.WRITE_LOA })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Put('/:loaId')
   @UseInterceptors(FileInterceptor('file'), JsonReqBodyInterceptor)
   async update(
@@ -174,7 +195,12 @@ export class LoaController {
     summary: 'Delete LoA by Id.',
     description: 'Deletes the LoA object from the database.',
   })
-  @Permissions({ claim: Claim.WRITE_LOA })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Delete('/:loaId')
   async delete(
     @Req() request: Request,
@@ -189,7 +215,10 @@ export class LoaController {
     summary: 'Get LoA Document',
     description: 'Retrieve the LoA document from the database.',
   })
-  @Permissions({ claim: Claim.READ_LOA })
+  @Permissions({
+    allowedIdirRoles: IDIR_USER_ROLE_LIST,
+    allowedBCeIDRoles: CLIENT_USER_ROLE_LIST,
+  })
   @Get('/:loaId/documents')
   async getLoaDocument(
     @Req() request: Request,
@@ -215,7 +244,12 @@ export class LoaController {
     summary: 'Delete LoA Document',
     description: 'Deletes the LoA document from the database.',
   })
-  @Permissions({ claim: Claim.WRITE_LOA })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Delete('/:loaId/documents')
   async deleteLoaDocument(
     @Req() request: Request,

diff --git a/vehicles/src/modules/special-auth/special-auth.controller.ts b/vehicles/src/modules/special-auth/special-auth.controller.ts
@@ -18,8 +18,12 @@ import { Request } from 'express';
 import { CreateLcvDto } from './dto/request/create-lcv.dto';
 import { CreateNoFeeDto } from './dto/request/create-no-fee.dto';
 import { Permissions } from '../../common/decorator/permissions.decorator';
-import { Claim } from '../../common/enum/claims.enum';
 import { IsFeatureFlagEnabled } from 'src/common/decorator/is-feature-flag-enabled.decorator';
+import {
+  CLIENT_USER_ROLE_LIST,
+  IDIR_USER_ROLE_LIST,
+  IDIRUserRole,
+} from 'src/common/enum/user-role.enum';
 
 @ApiBearerAuth()
 @ApiTags('Special Authorization')
@@ -48,7 +52,10 @@ export class SpecialAuthController {
     description:
       'Returns all special authorizations for a company in the database.',
   })
-  @Permissions({ claim: Claim.READ_SPECIAL_AUTH })
+  @Permissions({
+    allowedIdirRoles: IDIR_USER_ROLE_LIST,
+    allowedBCeIDRoles: CLIENT_USER_ROLE_LIST,
+  })
   @Get()
   async get(
     @Param() { companyId }: CompanyIdPathParamDto,
@@ -65,7 +72,12 @@ export class SpecialAuthController {
     description: 'LCV allowance updated successfully.',
     type: ReadSpecialAuthDto,
   })
-  @Permissions({ claim: Claim.WRITE_LCV_FLAG })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Put('/lcv')
   async updateLcv(
     @Req() request: Request,
@@ -89,7 +101,12 @@ export class SpecialAuthController {
     description: 'No fee type updated successfully.',
     type: ReadSpecialAuthDto,
   })
-  @Permissions({ claim: Claim.WRITE_NOFEE })
+  @Permissions({
+    allowedIdirRoles: [
+      IDIRUserRole.HQ_ADMINISTRATOR,
+      IDIRUserRole.SYSTEM_ADMINISTRATOR,
+    ],
+  })
   @Put('/no-fee')
   async updateNoFee(
     @Req() request: Request,