Merge pull request #2298 from bcgov/fix/egc-316

Allow staff district login

Author: arcshiftsolutions

backend/src/components/cache-service.js

@@ -13,6 +13,8 @@ let sdcStaffDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'DIS_
 let sdcStaffSchoolPermissions = ['EDX_SCHOOL_VIEW', 'SCH_SDC_EDIT', 'SCH_SDC_VIEW'];
 let gradStaffAdminSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_SCH_UPLOAD', 'GRAD_ERR_RPT_VIEW'];
 let gradStaffViewSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_ERR_RPT_VIEW'];
+let gradStaffAdminDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_DIS_UPLOAD', 'GRAD_ERR_RPT_VIEW'];
+let gradStaffViewDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_ERR_RPT_VIEW'];
 let schoolMap = new Map();
 let schools = [];
 let districts = [];
@@ -181,6 +183,12 @@ const cacheService = {
   getGradStaffSchoolViewerPermissions() {
     return gradStaffViewSchoolPermissions;
   },
+  getGradStaffDistrictAdminPermissions() {
+    return gradStaffAdminDistrictPermissions;
+  },
+  getGradStaffDistrictViewerPermissions() {
+    return gradStaffViewDistrictPermissions;
+  },
   getSDCStaffSchoolPermissions() {
     return sdcStaffSchoolPermissions;
   },

backend/src/components/secureExchange.js

@@ -983,13 +983,21 @@ async function setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, scho
   }
 }
 
-async function setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID) {
+async function setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, isGradAdmin) {
   log.info('Set InstituteTypeIdentifierAndRedirectToDistrict And Redirect called');
 
   if(sdcDistrictCollectionID && districtID){
     log.info('Staff user logged in, redirecting to selected school');
     setSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
     res.redirect(config.get('server:frontend') + '/open-district-collection-summary/' + districtID);
+  }else if(directToGrad && districtID && isGradAdmin){
+    log.info('Staff admin user logged in, redirecting to selected district');
+    setGradStaffAdminSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
+    res.redirect(config.get('server:frontend') + '/graduation/' + districtID);
+  }else if(directToGrad && districtID && !isGradAdmin){
+    log.info('Staff viewer user logged in, redirecting to selected district');
+    setGradStaffViewerSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
+    res.redirect(config.get('server:frontend') + '/graduation/' + districtID);
   }else {
     log.info('User has no associated schools or districts redirecting to Unauthorized Page');
     res.redirect(config.get('server:frontend') + '/unauthorized');
@@ -1042,7 +1050,7 @@ function getAndSetupStaffUserAndRedirectWithSchoolCollectionLink(req, res, acces
   }
 }
 
-function getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, accessToken, districtID, sdcDistrictCollectionID) {
+function getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, accessToken, districtID, sdcDistrictCollectionID, directToGrad) {
   let roles = req.session.passport.user._json.realm_access.roles;
   if(roles.includes('EDX_ADMIN')){
     Promise.all([
@@ -1063,9 +1071,24 @@ function getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, acc
           res.redirect(config.get('server:frontend') + '/unauthorizedNoEDXUser');
           return;
         }
-        await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID);
+        await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, false);
       });
-  }else{
+  } else if((roles.includes('GRAD_DATA_COLLECTION_ADMIN') || (roles.includes('GRAD_DATA_COLLECTION_VIEWER'))) && directToGrad){
+    Promise.all([
+      getData(accessToken, config.get('edx:edxUsersURL') + '/user-districts', req.session.correlationID)
+    ])
+      .then(async ([userDistricts]) => {
+        req.session.userDistrictIDs = userDistricts?.filter((el) => {
+          return !!isDistrictActive(cacheService.getDistrictJSONByDistrictID(el));
+        });//this is list of active districtIDs associated to the user
+
+        if(roles.includes('GRAD_DATA_COLLECTION_ADMIN')){
+          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, true);
+        }else{
+          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, false);
+        }
+      });
+  } else{
     log.info('IDIR user logged in without EDX_ADMIN role; redirecting to Unauthorized Page');
     res.redirect(config.get('server:frontend') + '/unauthorized');
   }
@@ -1133,7 +1156,11 @@ function setGradStaffAdminSessionInstituteIdentifiers(req, activeInstituteIdenti
   let permissionsArray = [];
 
   if(req.session.passport.user._json.idir_guid){
-    permissionsArray = cacheService.getGradStaffSchoolAdminPermissions();
+    if(activeInstituteType === 'SCHOOL') {
+      permissionsArray = cacheService.getGradStaffSchoolAdminPermissions();
+    } else {
+      permissionsArray = cacheService.getGradStaffDistrictAdminPermissions();
+    }
   }
 
   req.session.activeInstitutePermissions = permissionsArray;
@@ -1145,7 +1172,11 @@ function setGradStaffViewerSessionInstituteIdentifiers(req, activeInstituteIdent
   let permissionsArray = [];
 
   if(req.session.passport.user._json.idir_guid){
-    permissionsArray = cacheService.getGradStaffSchoolViewerPermissions();
+    if(activeInstituteType === 'SCHOOL') {
+      permissionsArray = cacheService.getGradStaffSchoolViewerPermissions();
+    } else {
+      permissionsArray = cacheService.getGradStaffDistrictViewerPermissions();
+    }
   }
 
   req.session.activeInstitutePermissions = permissionsArray;

backend/src/routes/auth.js

@@ -114,6 +114,10 @@ router.get('/silent_sdc_idir_login', async function (req, res, next) {
     await client.set(idir_guid + '::staffLinkInstituteID', req.query.schoolID, 'EX', 1800);
     await client.set(idir_guid + '::staffLinkGradDashboard', 'true', 'EX', 1800);
     await client.set(idir_guid + '::staffLinkInstituteType', 'SCHOOL', 'EX', 1800);
+  }else if(req.query.districtID && req.query.gradDashboard){
+    await client.set(idir_guid + '::staffLinkInstituteID', req.query.districtID, 'EX', 1800);
+    await client.set(idir_guid + '::staffLinkGradDashboard', 'true', 'EX', 1800);
+    await client.set(idir_guid + '::staffLinkInstituteType', 'DISTRICT', 'EX', 1800);
   }else{
     res.status(401).json(UnauthorizedRsp);
   }
@@ -149,8 +153,10 @@ router.get(
       getAndSetupStaffUserAndRedirectWithSchoolCollectionLink(req, res, accessToken, instituteID.toString(), instituteCollectionID.toString(), false);
     }else if(instituteType === 'SCHOOL' && staffLinkDashboard){
       getAndSetupStaffUserAndRedirectWithSchoolCollectionLink(req, res, accessToken, instituteID.toString(), null, true);
-    }else if(instituteID && instituteCollectionID){
-      getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, accessToken, instituteID.toString(), instituteCollectionID.toString());
+    }else if(instituteType === 'DISTRICT' && instituteCollectionID){
+      getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, accessToken, instituteID.toString(), instituteCollectionID.toString(), false);
+    }else if(instituteType === 'DISTRICT' && staffLinkDashboard){
+      getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, accessToken, instituteID.toString(), null, true);
     }else{
       await res.redirect(config.get('server:frontend') + '/unauthorized');
     }