feat: cbc_admin role

bcgov · May 31, 2024 · 9f41e6f · 9f41e6f
1 parent b92d894
commit 9f41e6f
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 11 deletions.
diff --git a/app/components/Analyst/CBC/AssignField.tsx b/app/components/Analyst/CBC/AssignField.tsx
@@ -39,7 +39,7 @@ const AssignField = ({ fieldName, fieldOptions, fieldType, cbc }) => {
   const [updateField] = useUpdateCbcDataByRowIdMutation();
   const [fieldValue, setFieldValue] = useState(
     fieldType === 'string'
-      ? jsonData[fieldName].toString() || null
+      ? jsonData[fieldName]?.toString() || null
       : jsonData[fieldName] || null
   );
 

diff --git a/app/utils/getAuthRole.ts b/app/utils/getAuthRole.ts
@@ -34,8 +34,17 @@ const getAuthRole = (req: Request) => {
   const roles = req.claims.client_roles as any;
   const isAdmin = roles?.includes('admin');
   const isAnalyst = roles?.includes('analyst');
+  const isCbcAdmin = roles?.includes('cbc_admin');
+
+  console.log(roles);
 
   if (idp === 'idir') {
+    if (isCbcAdmin) {
+      return {
+        pgRole: 'cbc_admin',
+        landingRoute: defaultLandingRoutes.ccbc_analyst,
+      };
+    }
     if (isAdmin) {
       return {
         pgRole: 'ccbc_admin',

diff --git a/app/utils/isRouteAuthorized.ts b/app/utils/isRouteAuthorized.ts
@@ -13,27 +13,27 @@ const pagesAuthorization = [
   {
     routePaths: ['/analyst/application/(.*)'],
     isProtected: true,
-    allowedRoles: ['ccbc_admin', 'ccbc_analyst'],
+    allowedRoles: ['ccbc_admin', 'ccbc_analyst', 'cbc_admin'],
   },
   {
     routePaths: ['/analyst/cbc/(.*)'],
     isProtected: true,
-    allowedRoles: ['ccbc_admin', 'ccbc_analyst'],
+    allowedRoles: ['ccbc_admin', 'ccbc_analyst', 'cbc_admin'],
   },
   {
     routePaths: ['/analyst/dashboard'],
     isProtected: true,
-    allowedRoles: ['ccbc_admin', 'ccbc_analyst'],
+    allowedRoles: ['ccbc_admin', 'ccbc_analyst', 'cbc_admin'],
   },
   {
     routePaths: ['/analyst/assessments'],
     isProtected: true,
-    allowedRoles: ['ccbc_admin', 'ccbc_analyst'],
+    allowedRoles: ['ccbc_admin', 'ccbc_analyst', 'cbc_admin'],
   },
   {
     routePaths: ['/analyst/gis/(.*)'],
     isProtected: true,
-    allowedRoles: ['ccbc_admin', 'ccbc_analyst'],
+    allowedRoles: ['ccbc_admin', 'ccbc_analyst', 'cbc_admin'],
   },
   {
     routePaths: ['/analyst/admin/(.*)'],

diff --git a/...y/tables/cbc_projects_001_permissions.sql → ...eploy/tables/cbc_data_001_permissions.sql b/...y/tables/cbc_projects_001_permissions.sql → ...eploy/tables/cbc_data_001_permissions.sql
@@ -1,15 +1,27 @@
 -- Deploy ccbc:tables/cbc_projects_001_permissions to pg
 begin;
-do $grant$
+do
+$grant$
+begin
+
   perform ccbc_private.grant_permissions('select', 'cbc_data', 'cbc_admin');
 
+  perform ccbc_private.grant_permissions('update', 'cbc_data', 'cbc_admin');
+
+  perform ccbc_private.grant_permissions('insert', 'cbc_data', 'cbc_admin');
+
   perform ccbc_private.grant_permissions('select', 'cbc_data', 'ccbc_admin');
 
   perform ccbc_private.grant_permissions('select', 'cbc_data', 'ccbc_analyst');
 
-  perform ccbc_private.grant_permissions('update', 'cbc_data', 'cbc_admin');
+  perform ccbc_private.grant_permissions('select', 'cbc', 'cbc_admin');
+
+  perform ccbc_private.grant_permissions('insert', 'cbc', 'cbc_admin');
+
+  perform ccbc_private.grant_permissions('update', 'cbc', 'cbc_admin');
+
+  grant ccbc_analyst to cbc_admin;
 
-  perform ccbc_private.grant_permissions('insert', 'cbc_data', 'cbc_admin');
 end
 $grant$;
 commit;
diff --git a/...t/tables/cbc_projects_001_permissions.sql → ...evert/tables/cbc_data_001_permissions.sql b/...t/tables/cbc_projects_001_permissions.sql → ...evert/tables/cbc_data_001_permissions.sql
@@ -19,5 +19,7 @@ begin;
   revoke update on ccbc_public.cbc_data from cbc_admin;
   revoke insert on ccbc_public.cbc_data from cbc_admin;
 
+  revoke ccbc_analyst from cbc_admin;
+
 
 commit;
diff --git a/db/sqitch.plan b/db/sqitch.plan
@@ -571,4 +571,4 @@ tables/application_gis_assessment_hh_001 2024-05-15T20:36:30Z Anthony Bushara <a
 extensions/application_gis_assessment_hh_history 2024-05-15T19:51:28Z Anthony Bushara <anthony@button.is> # Enable audit tracking on gis assessment hh
 computed_columns/application_history [computed_columns/application_history@1.159.0] 2024-05-15T19:31:39Z Anthony Bushara <anthony@button.is> # Rework to include updates to application_gis_data
 create_roles [create_roles@1.159.0] 2024-05-08T20:04:36Z Anthony Bushara <anthony@button.is> # Add cbc_admin role
-tables/cbc_projects_001_permissions 2024-05-10T15:14:19Z Anthony Bushara <anthony@button.is> # Add permissions to new table for users
+tables/cbc_data_001_permissions 2024-05-10T15:14:19Z Anthony Bushara <anthony@button.is> # Add permissions to new table for users
diff --git a/db/test/unit/mutations/create_cbc_project_test.sql b/db/test/unit/mutations/create_cbc_project_test.sql
@@ -28,7 +28,7 @@ set role ccbc_auth_user;
 select ccbc_public.create_application();
 
 -- set role to analyst
-set role ccbc_analyst;
+set role cbc_admin;
 
 select ccbc_public.create_cbc_project('{}'::jsonb);
 

diff --git a/db/verify/tables/cbc_data_001.sql b/db/verify/tables/cbc_data_001.sql
@@ -0,0 +1,7 @@
+-- Verify ccbc:tables/cbc_data_001 on pg
+
+BEGIN;
+
+-- XXX Add verifications here.
+
+ROLLBACK;