chore(j-s): Security&Integrity (#16863)

* Throws proper exceptions from digital mailbox * Refactors code * Refactors code * Refactors code * Removes unused imports * Removes unused imports * Removes unused import * Removes redundant code * Rewrites internal indictment case endpoint * Adds unit tests * Reorders query conditions * Rewrites defendant indictment cases endpoint * Adds civil claimant exists guard to update and delete civil claimant * Removes unused endpoint * Uses proper subpoena gueard for limited access subpoena controller * Splits subpoena exists guard and reorders controller decorators * Adds unit test * Renames variables for clarity * Uses correct http method when getting cases * Moves subpoena status updates to subpoena module * Removes comments * Removes comments * Adds unit tests * Renames unit test * Updates unit tests * Refactors code * Adds unit tests * Adds unit tests * Fixes subpoena refresh * Cleans up some code * Removes unnecessary export * Rmoves console log. * Update apps/judicial-system/backend/src/app/modules/case/guards/test/indictmentCaseExistsForDefendantGuard.spec.ts * Updates unit test * Fixes type import * Fixes typo * Fixes typo * Fixes type decorators * Fixes typo * Refactors code * Rewrites subpoena info diff --------- Co-authored-by: unakb <una@kolibri.is> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
island-is · Dec 3, 2024 · 9f4f9ae · 9f4f9ae
1 parent 04edebb
commit 9f4f9ae
Show file tree

Hide file tree

Showing 73 changed files with 1,246 additions and 519 deletions.
diff --git a/apps/judicial-system/api/src/app/app.module.ts b/apps/judicial-system/api/src/app/app.module.ts
@@ -34,6 +34,7 @@ import {
   IndictmentCountModule,
   InstitutionModule,
   PoliceModule,
+  SubpoenaModule,
   UserModule,
 } from './modules'
 
@@ -68,6 +69,7 @@ const autoSchemaFile = production
     CaseListModule,
     DefendantModule,
     DefenderModule,
+    SubpoenaModule,
     IndictmentCountModule,
     FileModule,
     InstitutionModule,

diff --git a/apps/judicial-system/api/src/app/modules/backend/backend.service.ts b/apps/judicial-system/api/src/app/modules/backend/backend.service.ts
@@ -41,9 +41,9 @@ import { Institution } from '../institution'
 import {
   PoliceCaseFile,
   PoliceCaseInfo,
-  SubpoenaStatus,
   UploadPoliceCaseFileResponse,
 } from '../police'
+import { Subpoena } from '../subpoena'
 import { backendModuleConfig } from './backend.config'
 
 @Injectable()
@@ -326,13 +326,6 @@ export class BackendService extends DataSource<{ req: Request }> {
     return this.get(`case/${caseId}/policeFiles`)
   }
 
-  getSubpoenaStatus(
-    caseId: string,
-    subpoenaId: string,
-  ): Promise<SubpoenaStatus> {
-    return this.get(`case/${caseId}/subpoenaStatus/${subpoenaId}`)
-  }
-
   getPoliceCaseInfo(caseId: string): Promise<PoliceCaseInfo[]> {
     return this.get(`case/${caseId}/policeCaseInfo`)
   }
@@ -369,6 +362,16 @@ export class BackendService extends DataSource<{ req: Request }> {
     return this.delete(`case/${caseId}/defendant/${defendantId}`)
   }
 
+  getSubpoena(
+    caseId: string,
+    defendantId: string,
+    subpoenaId: string,
+  ): Promise<Subpoena> {
+    return this.get(
+      `case/${caseId}/defendant/${defendantId}/subpoena/${subpoenaId}`,
+    )
+  }
+
   createCivilClaimant(
     caseId: string,
     createCivilClaimant: unknown,

diff --git a/apps/judicial-system/api/src/app/modules/defendant/index.ts b/apps/judicial-system/api/src/app/modules/defendant/index.ts
@@ -2,4 +2,3 @@ export { Defendant } from './models/defendant.model'
 export { DeleteDefendantResponse } from './models/delete.response'
 export { CivilClaimant } from './models/civilClaimant.model'
 export { DeleteCivilClaimantResponse } from './models/deleteCivilClaimant.response'
-export { Subpoena } from './models/subpoena.model'
diff --git a/apps/judicial-system/api/src/app/modules/defendant/models/defendant.model.ts b/apps/judicial-system/api/src/app/modules/defendant/models/defendant.model.ts
@@ -8,7 +8,7 @@ import {
   SubpoenaType,
 } from '@island.is/judicial-system/types'
 
-import { Subpoena } from './subpoena.model'
+import { Subpoena } from '../../subpoena'
 
 registerEnumType(Gender, { name: 'Gender' })
 registerEnumType(DefendantPlea, { name: 'DefendantPlea' })

diff --git a/apps/judicial-system/api/src/app/modules/index.ts b/apps/judicial-system/api/src/app/modules/index.ts
@@ -17,3 +17,4 @@ export { EventLogModule } from './event-log/eventLog.module'
 export { backendModuleConfig } from './backend/backend.config'
 export { BackendService } from './backend/backend.service'
 export { BackendModule } from './backend/backend.module'
+export { SubpoenaModule } from './subpoena/subpoena.module'
diff --git a/apps/judicial-system/api/src/app/modules/police/index.ts b/apps/judicial-system/api/src/app/modules/police/index.ts
@@ -1,4 +1,3 @@
 export { PoliceCaseInfo } from './models/policeCaseInfo.model'
-export { SubpoenaStatus } from './models/subpoenaStatus.model'
 export { PoliceCaseFile } from './models/policeCaseFile.model'
 export { UploadPoliceCaseFileResponse } from './models/uploadPoliceCaseFile.response'
diff --git a/apps/judicial-system/api/src/app/modules/police/models/subpoenaStatus.model.ts b/apps/judicial-system/api/src/app/modules/police/models/subpoenaStatus.model.ts
diff --git a/apps/judicial-system/api/src/app/modules/police/police.resolver.ts b/apps/judicial-system/api/src/app/modules/police/police.resolver.ts
@@ -17,11 +17,9 @@ import type { User } from '@island.is/judicial-system/types'
 import { BackendService } from '../backend'
 import { PoliceCaseFilesQueryInput } from './dto/policeCaseFiles.input'
 import { PoliceCaseInfoQueryInput } from './dto/policeCaseInfo.input'
-import { SubpoenaStatusQueryInput } from './dto/subpoenaStatus.input'
 import { UploadPoliceCaseFileInput } from './dto/uploadPoliceCaseFile.input'
 import { PoliceCaseFile } from './models/policeCaseFile.model'
 import { PoliceCaseInfo } from './models/policeCaseInfo.model'
-import { SubpoenaStatus } from './models/subpoenaStatus.model'
 import { UploadPoliceCaseFileResponse } from './models/uploadPoliceCaseFile.response'
 
 @UseGuards(JwtGraphQlAuthGuard)
@@ -51,26 +49,6 @@ export class PoliceResolver {
     )
   }
 
-  @Query(() => SubpoenaStatus, { nullable: true })
-  subpoenaStatus(
-    @Args('input', { type: () => SubpoenaStatusQueryInput })
-    input: SubpoenaStatusQueryInput,
-    @CurrentGraphQlUser() user: User,
-    @Context('dataSources')
-    { backendService }: { backendService: BackendService },
-  ): Promise<SubpoenaStatus> {
-    this.logger.debug(
-      `Getting subpoena status for subpoena ${input.subpoenaId} of case ${input.caseId}`,
-    )
-
-    return this.auditTrailService.audit(
-      user.id,
-      AuditedAction.GET_SUBPOENA_STATUS,
-      backendService.getSubpoenaStatus(input.caseId, input.subpoenaId),
-      input.caseId,
-    )
-  }
-
   @Query(() => [PoliceCaseInfo], { nullable: true })
   policeCaseInfo(
     @Args('input', { type: () => PoliceCaseInfoQueryInput })

diff --git a/...odules/police/dto/subpoenaStatus.input.ts → ...pp/modules/subpoena/dto/subpoena.input.ts b/...odules/police/dto/subpoenaStatus.input.ts → ...pp/modules/subpoena/dto/subpoena.input.ts
@@ -3,11 +3,15 @@ import { Allow } from 'class-validator'
 import { Field, ID, InputType } from '@nestjs/graphql'
 
 @InputType()
-export class SubpoenaStatusQueryInput {
+export class SubpoenaQueryInput {
   @Allow()
   @Field(() => ID)
   readonly caseId!: string
 
+  @Allow()
+  @Field(() => ID)
+  readonly defendantId!: string
+
   @Allow()
   @Field(() => ID)
   readonly subpoenaId!: string

diff --git a/apps/judicial-system/api/src/app/modules/subpoena/index.ts b/apps/judicial-system/api/src/app/modules/subpoena/index.ts
@@ -0,0 +1 @@
+export { Subpoena } from './models/subpoena.model'
diff --git a/...odules/defendant/models/subpoena.model.ts → ...modules/subpoena/models/subpoena.model.ts b/...odules/defendant/models/subpoena.model.ts → ...modules/subpoena/models/subpoena.model.ts
diff --git a/apps/judicial-system/api/src/app/modules/subpoena/subpoena.module.ts b/apps/judicial-system/api/src/app/modules/subpoena/subpoena.module.ts
@@ -0,0 +1,8 @@
+import { Module } from '@nestjs/common'
+
+import { SubpoenaResolver } from './subpoena.resolver'
+
+@Module({
+  providers: [SubpoenaResolver],
+})
+export class SubpoenaModule {}
diff --git a/apps/judicial-system/api/src/app/modules/subpoena/subpoena.resolver.ts b/apps/judicial-system/api/src/app/modules/subpoena/subpoena.resolver.ts
@@ -0,0 +1,53 @@
+import { Inject, UseGuards } from '@nestjs/common'
+import { Args, Context, Query, Resolver } from '@nestjs/graphql'
+
+import type { Logger } from '@island.is/logging'
+import { LOGGER_PROVIDER } from '@island.is/logging'
+
+import {
+  AuditedAction,
+  AuditTrailService,
+} from '@island.is/judicial-system/audit-trail'
+import {
+  CurrentGraphQlUser,
+  JwtGraphQlAuthGuard,
+} from '@island.is/judicial-system/auth'
+import type { User } from '@island.is/judicial-system/types'
+
+import { BackendService } from '../backend'
+import { SubpoenaQueryInput } from './dto/subpoena.input'
+import { Subpoena } from './models/subpoena.model'
+
+@UseGuards(JwtGraphQlAuthGuard)
+@Resolver()
+export class SubpoenaResolver {
+  constructor(
+    private readonly auditTrailService: AuditTrailService,
+    @Inject(LOGGER_PROVIDER)
+    private readonly logger: Logger,
+  ) {}
+
+  @Query(() => Subpoena, { nullable: true })
+  subpoena(
+    @Args('input', { type: () => SubpoenaQueryInput })
+    input: SubpoenaQueryInput,
+    @CurrentGraphQlUser() user: User,
+    @Context('dataSources')
+    { backendService }: { backendService: BackendService },
+  ): Promise<Subpoena> {
+    this.logger.debug(
+      `Getting subpoena ${input.subpoenaId} for defendant ${input.defendantId} of case ${input.caseId}`,
+    )
+
+    return this.auditTrailService.audit(
+      user.id,
+      AuditedAction.GET_SUBPOENA,
+      backendService.getSubpoena(
+        input.caseId,
+        input.defendantId,
+        input.subpoenaId,
+      ),
+      input.caseId,
+    )
+  }
+}
diff --git a/apps/judicial-system/backend/src/app/modules/case/case.controller.ts b/apps/judicial-system/backend/src/app/modules/case/case.controller.ts
@@ -354,7 +354,7 @@ export class CaseController {
   )
   @UseInterceptors(CompletedAppealAccessedInterceptor, CaseInterceptor)
   @Get('case/:caseId')
-  @ApiOkResponse({ type: Case, description: 'Gets an existing case' })
+  @ApiOkResponse({ type: Case, description: 'Gets an existing case by id' })
   getById(@Param('caseId') caseId: string, @CurrentCase() theCase: Case): Case {
     this.logger.debug(`Getting case ${caseId} by id`)
 

diff --git a/apps/judicial-system/backend/src/app/modules/case/dto/internalCases.dto.ts b/apps/judicial-system/backend/src/app/modules/case/dto/internalCases.dto.ts
diff --git a/apps/judicial-system/backend/src/app/modules/case/filters/cases.filter.ts b/apps/judicial-system/backend/src/app/modules/case/filters/cases.filter.ts
@@ -187,14 +187,14 @@ const getPrisonStaffUserCasesQueryFilter = (): WhereOptions => {
   return {
     [Op.and]: [
       { is_archived: false },
-      { state: CaseState.ACCEPTED },
       {
         type: [
           CaseType.CUSTODY,
           CaseType.ADMISSION_TO_FACILITY,
           CaseType.PAROLE_REVOCATION,
         ],
       },
+      { state: CaseState.ACCEPTED },
       { decision: [CaseDecision.ACCEPTING, CaseDecision.ACCEPTING_PARTIALLY] },
     ],
   }
@@ -205,8 +205,8 @@ const getPrisonAdminUserCasesQueryFilter = (): WhereOptions => {
     is_archived: false,
     [Op.or]: [
       {
-        state: CaseState.ACCEPTED,
         type: [...restrictionCases, CaseType.PAROLE_REVOCATION],
+        state: CaseState.ACCEPTED,
       },
       {
         type: indictmentCases,

diff --git a/apps/judicial-system/backend/src/app/modules/case/filters/test/cases.filter.spec.ts b/apps/judicial-system/backend/src/app/modules/case/filters/test/cases.filter.spec.ts
@@ -347,14 +347,14 @@ describe('getCasesQueryFilter', () => {
     expect(res).toStrictEqual({
       [Op.and]: [
         { is_archived: false },
-        { state: CaseState.ACCEPTED },
         {
           type: [
             CaseType.CUSTODY,
             CaseType.ADMISSION_TO_FACILITY,
             CaseType.PAROLE_REVOCATION,
           ],
         },
+        { state: CaseState.ACCEPTED },
         {
           decision: [CaseDecision.ACCEPTING, CaseDecision.ACCEPTING_PARTIALLY],
         },
@@ -382,8 +382,8 @@ describe('getCasesQueryFilter', () => {
 
       [Op.or]: [
         {
-          state: CaseState.ACCEPTED,
           type: [...restrictionCases, CaseType.PAROLE_REVOCATION],
+          state: CaseState.ACCEPTED,
         },
         {
           type: indictmentCases,

diff --git a/...cial-system/backend/src/app/modules/case/guards/indictmentCaseExistsForDefendant.guard.ts b/...cial-system/backend/src/app/modules/case/guards/indictmentCaseExistsForDefendant.guard.ts
@@ -0,0 +1,37 @@
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common'
+
+import { InternalCaseService } from '../internalCase.service'
+
+@Injectable()
+export class IndictmentCaseExistsForDefendantGuard implements CanActivate {
+  constructor(private readonly internalCaseService: InternalCaseService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest()
+
+    const caseId = request.params.caseId
+
+    if (!caseId) {
+      throw new BadRequestException('Missing case id')
+    }
+
+    const defendantNationalId = request.params.defendantNationalId
+
+    if (!defendantNationalId) {
+      throw new BadRequestException('Missing defendant national id')
+    }
+
+    request.case =
+      await this.internalCaseService.findByIdAndDefendantNationalId(
+        caseId,
+        defendantNationalId,
+      )
+
+    return true
+  }
+}
diff --git a/apps/judicial-system/backend/src/app/modules/case/guards/mergedCaseExists.guard.ts b/apps/judicial-system/backend/src/app/modules/case/guards/mergedCaseExists.guard.ts
@@ -34,7 +34,7 @@ export class MergedCaseExistsGuard implements CanActivate {
     )
 
     if (!mergedCase) {
-      throw new BadRequestException('Merged case not found')
+      throw new BadRequestException(`Merged case ${mergedCaseId} not found`)
     }
 
     request.mergedCaseParent = theCase
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		export { Subpoena } from './models/subpoena.model'