Merge pull request #1939 from bcgov/fix/EDX-2946

Changes to allow signature with roles "Superintendent" or "Secretary …
bcgov · Sep 18, 2024 · 01663e1 · 01663e1
2 parents 932273b + 1e0ce6a
commit 01663e1
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 6 deletions.
diff --git a/backend/src/components/permissionUtils.js b/backend/src/components/permissionUtils.js
@@ -177,6 +177,27 @@ function checkSdcDistrictCollectionAccess(req, res, next) {
  return next();
 }
 
+function checkAnyEdxUserSignoffPermission(permissions) {
+ return function(req, res, next) {
+ const hasPermission = permissions.some(permission => req.session.activeInstitutePermissions.includes(permission));
+ if (!hasPermission) {
+ return res.status(HttpStatus.FORBIDDEN).json({
+ message: 'User doesn\'t have permission.'
+ });
+ }
+ return next();
+ };
+}
+
+function checkPermissionForSignOff(req, res, next) {
+ if (!req.session.activeInstitutePermissions.includes(req.body.districtSignatoryRole)) {
+ return res.status(HttpStatus.FORBIDDEN).json({
+ message: 'User doesn\'t have permission.'
+ });
+ }
+ return next();
+}
+
 //Find Institute IDs
 function findInstituteInformation_query(req, res, next) {
  res.locals.requestedInstituteType = req.query.schoolID ? 'SCHOOL' : 'DISTRICT';
@@ -577,7 +598,9 @@ const permUtils = {
  findSdcSchoolCollectionsInDuplicate,
  checkSdcDuplicateAccess,
  checkUserAccessToDuplicateSdcSchoolCollections,
- checkDistrictBelongsInSdcDistrictCollection
+ checkDistrictBelongsInSdcDistrictCollection,
+ checkAnyEdxUserSignoffPermission,
+ checkPermissionForSignOff
 };
 
 module.exports = permUtils;
diff --git a/backend/src/routes/sdc.js b/backend/src/routes/sdc.js
diff --git a/backend/src/util/Permission.js b/backend/src/util/Permission.js
@@ -10,10 +10,13 @@ const PERMISSION = Object.freeze(
  DISTRICT_SDC_EDIT: 'DIS_SDC_EDIT',
  SCHOOL_SDC_EDIT: 'SCH_SDC_EDIT',
  DISTRICT_SDC_VIEW: 'DIS_SDC_VIEW',
- SCHOOL_SDC_VIEW: 'SCH_SDC_VIEW'
+ SCHOOL_SDC_VIEW: 'SCH_SDC_VIEW',
+ SUPERINT: 'SUPERINT',
+ SECR_TRES: 'SECR_TRES'
  }
 );
 
+
 module.exports = {
- PERMISSION,
+ PERMISSION
 };
diff --git a/backend/src/validations/sdc.js b/backend/src/validations/sdc.js
@@ -1,5 +1,6 @@
 const { object, string, boolean, number, array } = require('yup');
 const {baseRequestSchema} = require('./base');
+const { PERMISSION } = require('../util/Permission');
 
 const baseQuerySchema = object({
  type: string().optional(),
@@ -108,7 +109,7 @@ const baseDistrictCollectionSchema = object({
 }).concat(baseRequestSchema);
 
 const baseSignature = object({
- districtSignatoryRole: string().nonNullable(),
+ districtSignatoryRole: string().nonNullable().oneOf([PERMISSION.SUPERINT, PERMISSION.SECR_TRES, PERMISSION.DISTRICT_SDC_EDIT]),
  districtSignatoryUserID: string().nullable().optional(),
 }).noUnknown();