From 21fa1211be949a10b89a53f86635a641c68f8001 Mon Sep 17 00:00:00 2001 From: gchauhan-aot <113390759+gchauhan-aot@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:11:12 -0600 Subject: [PATCH] Permission Changes For LoA And Special Auth (#1624) --- .../modules/special-auth/loa.controller.ts | 48 ++++++++++++++++--- .../special-auth/special-auth.controller.ts | 25 ++++++++-- 2 files changed, 62 insertions(+), 11 deletions(-) diff --git a/vehicles/src/modules/special-auth/loa.controller.ts b/vehicles/src/modules/special-auth/loa.controller.ts index 2f0c8e17e..1a63b1eda 100644 --- a/vehicles/src/modules/special-auth/loa.controller.ts +++ b/vehicles/src/modules/special-auth/loa.controller.ts @@ -40,10 +40,14 @@ import { LoaIdPathParamDto } from './dto/request/pathParam/loa-Id.path-params.dt import { GetDocumentQueryParamsDto } from '../common/dto/request/queryParam/getDocument.query-params.dto'; import { IsFeatureFlagEnabled } from '../../common/decorator/is-feature-flag-enabled.decorator'; import { Permissions } from 'src/common/decorator/permissions.decorator'; -import { Claim } from 'src/common/enum/claims.enum'; import { ReadLoaDto } from './dto/response/read-loa.dto'; import { GetLoaQueryParamsDto } from './dto/request/queryParam/get-loa.query-params.dto'; import { UpdateLoaFileDto } from './dto/request/update-loa-file.dto'; +import { + CLIENT_USER_ROLE_LIST, + IDIR_USER_ROLE_LIST, + IDIRUserRole, +} from 'src/common/enum/user-role.enum'; @ApiBearerAuth() @ApiTags('Letter of Authorization (LoA)') @@ -78,7 +82,12 @@ export class LoaController { type: ReadLoaDto, }) @ApiConsumes('multipart/form-data') - @Permissions({ claim: Claim.WRITE_LOA }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Post() @UseInterceptors(FileInterceptor('file'), JsonReqBodyInterceptor) async create( @@ -109,6 +118,10 @@ export class LoaController { summary: 'Get all LoA for a company.', description: 'Returns all LOAs for a company in the database.', }) + @Permissions({ + allowedIdirRoles: IDIR_USER_ROLE_LIST, + allowedBCeIDRoles: CLIENT_USER_ROLE_LIST, + }) @Get() async get( @Param() { companyId }: CompanyIdPathParamDto, @@ -125,7 +138,10 @@ export class LoaController { summary: 'Get LoA by Id.', description: 'Returns the LoA object from the database.', }) - @Permissions({ claim: Claim.READ_LOA }) + @Permissions({ + allowedIdirRoles: IDIR_USER_ROLE_LIST, + allowedBCeIDRoles: CLIENT_USER_ROLE_LIST, + }) @Get('/:loaId') async getById( @Req() request: Request, @@ -141,7 +157,12 @@ export class LoaController { description: 'Updates and returns the LoA object from the database.', }) @ApiConsumes('multipart/form-data') - @Permissions({ claim: Claim.WRITE_LOA }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Put('/:loaId') @UseInterceptors(FileInterceptor('file'), JsonReqBodyInterceptor) async update( @@ -174,7 +195,12 @@ export class LoaController { summary: 'Delete LoA by Id.', description: 'Deletes the LoA object from the database.', }) - @Permissions({ claim: Claim.WRITE_LOA }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Delete('/:loaId') async delete( @Req() request: Request, @@ -189,7 +215,10 @@ export class LoaController { summary: 'Get LoA Document', description: 'Retrieve the LoA document from the database.', }) - @Permissions({ claim: Claim.READ_LOA }) + @Permissions({ + allowedIdirRoles: IDIR_USER_ROLE_LIST, + allowedBCeIDRoles: CLIENT_USER_ROLE_LIST, + }) @Get('/:loaId/documents') async getLoaDocument( @Req() request: Request, @@ -215,7 +244,12 @@ export class LoaController { summary: 'Delete LoA Document', description: 'Deletes the LoA document from the database.', }) - @Permissions({ claim: Claim.WRITE_LOA }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Delete('/:loaId/documents') async deleteLoaDocument( @Req() request: Request, diff --git a/vehicles/src/modules/special-auth/special-auth.controller.ts b/vehicles/src/modules/special-auth/special-auth.controller.ts index 0df4088ac..9bd7e4b23 100644 --- a/vehicles/src/modules/special-auth/special-auth.controller.ts +++ b/vehicles/src/modules/special-auth/special-auth.controller.ts @@ -18,8 +18,12 @@ import { Request } from 'express'; import { CreateLcvDto } from './dto/request/create-lcv.dto'; import { CreateNoFeeDto } from './dto/request/create-no-fee.dto'; import { Permissions } from '../../common/decorator/permissions.decorator'; -import { Claim } from '../../common/enum/claims.enum'; import { IsFeatureFlagEnabled } from 'src/common/decorator/is-feature-flag-enabled.decorator'; +import { + CLIENT_USER_ROLE_LIST, + IDIR_USER_ROLE_LIST, + IDIRUserRole, +} from 'src/common/enum/user-role.enum'; @ApiBearerAuth() @ApiTags('Special Authorization') @@ -48,7 +52,10 @@ export class SpecialAuthController { description: 'Returns all special authorizations for a company in the database.', }) - @Permissions({ claim: Claim.READ_SPECIAL_AUTH }) + @Permissions({ + allowedIdirRoles: IDIR_USER_ROLE_LIST, + allowedBCeIDRoles: CLIENT_USER_ROLE_LIST, + }) @Get() async get( @Param() { companyId }: CompanyIdPathParamDto, @@ -65,7 +72,12 @@ export class SpecialAuthController { description: 'LCV allowance updated successfully.', type: ReadSpecialAuthDto, }) - @Permissions({ claim: Claim.WRITE_LCV_FLAG }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Put('/lcv') async updateLcv( @Req() request: Request, @@ -89,7 +101,12 @@ export class SpecialAuthController { description: 'No fee type updated successfully.', type: ReadSpecialAuthDto, }) - @Permissions({ claim: Claim.WRITE_NOFEE }) + @Permissions({ + allowedIdirRoles: [ + IDIRUserRole.HQ_ADMINISTRATOR, + IDIRUserRole.SYSTEM_ADMINISTRATOR, + ], + }) @Put('/no-fee') async updateNoFee( @Req() request: Request,