Merge pull request #2364 from bcgov/feature/eac-166

alexmcdermid · web-flow · commit b59591dacb26 · 2025-09-04T13:54:58.000-07:00
Permission fix
diff --git a/backend/src/components/cache-service.js b/backend/src/components/cache-service.js
@@ -11,12 +11,10 @@ const constants = require('../util/constants');
 
 let sdcStaffDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'DIS_SDC_EDIT', 'DIS_SDC_VIEW', 'SCH_SDC_EDIT', 'SCH_SDC_VIEW'];
 let sdcStaffSchoolPermissions = ['EDX_SCHOOL_VIEW', 'SCH_SDC_EDIT', 'SCH_SDC_VIEW'];
-let gradStaffAdminSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_SCH_UPLOAD', 'GRAD_ERR_RPT_VIEW', 'EAS_SCH_EDIT'];
-let gradStaffViewSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_ERR_RPT_VIEW'];
-let gradStaffAdminDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_DIS_UPLOAD', 'GRAD_ERR_RPT_VIEW', 'EAS_DIS_EDIT', 'CHALLENGE_REPORTS'];
-let gradStaffViewDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_ERR_RPT_VIEW'];
-let assessmentStaffAdminSchoolPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW','EAS_SCH_EDIT', 'EAS_SCH_VIEW'];
-let assessmentStaffAdminDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW','EAS_DIS_EDIT', 'EAS_DIS_VIEW'];
+let gradStaffAdminSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_SCH_UPLOAD', 'GRAD_ERR_RPT_VIEW', 'EAS_SCH_EDIT', 'EAS_SCH_VIEW'];
+let gradStaffViewSchoolPermissions = ['EDX_SCHOOL_VIEW', 'GRAD_SCH_TVR_VIEW', 'GRAD_SCH_RPT_VIEW', 'GRAD_ERR_RPT_VIEW', 'EAS_SCH_VIEW'];
+let gradStaffAdminDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_DIS_UPLOAD', 'GRAD_ERR_RPT_VIEW', 'EAS_DIS_EDIT', 'CHALLENGE_REPORTS', 'EAS_DIS_VIEW'];
+let gradStaffViewDistrictPermissions = ['EDX_DISTRICT_VIEW', 'EDX_SCHOOL_VIEW', 'GRAD_DIS_TVR_VIEW', 'GRAD_DIS_RPT_VIEW', 'GRAD_ERR_RPT_VIEW', 'EAS_DIS_VIEW'];
 let schoolMap = new Map();
 let districtToSchoolsMap = new Map();
 let schools = [];
@@ -195,18 +193,12 @@ const cacheService = {
   getGradStaffSchoolAdminPermissions() {
     return gradStaffAdminSchoolPermissions;
   },
-  getAssessmentStaffSchoolAdminPermissions() {
-    return assessmentStaffAdminSchoolPermissions;
-  },
   getGradStaffSchoolViewerPermissions() {
     return gradStaffViewSchoolPermissions;
   },
   getGradStaffDistrictAdminPermissions() {
     return gradStaffAdminDistrictPermissions;
   },
-  getAssessmentStaffDistrictAdminPermissions() {
-    return assessmentStaffAdminDistrictPermissions;
-  },
   getGradStaffDistrictViewerPermissions() {
     return gradStaffViewDistrictPermissions;
   },
diff --git a/backend/src/components/secureExchange.js b/backend/src/components/secureExchange.js
@@ -962,7 +962,7 @@ async function setInstituteTypeIdentifierAndRedirect(req, res) {
   }
 }
 
-async function setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, isGradAdmin,  isAssessmentAdmin) {
+async function setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, isGradAdmin) {
   log.info('Set InstituteTypeIdentifierAndRedirectToSchool And Redirect called');
 
   if(sdcSchoolCollectionID && schoolID){
@@ -973,10 +973,6 @@ async function setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, scho
     log.info('Staff admin user logged in, redirecting to selected school');
     setGradStaffAdminSessionInstituteIdentifiers(req, schoolID, 'SCHOOL');
     res.redirect(config.get('server:frontend') + '/graduation/' + schoolID);
-  }else if(directToGrad && schoolID && isAssessmentAdmin){
-    log.info('Staff admin user logged in, redirecting to selected school');
-    setAssessmentStaffAdminSessionInstituteIdentifiers(req, schoolID, 'SCHOOL');
-    res.redirect(config.get('server:frontend') + '/graduation/' + schoolID);
   } else if(directToGrad && schoolID && !isGradAdmin){
     log.info('Staff viewer user logged in, redirecting to selected school');
     setGradStaffViewerSessionInstituteIdentifiers(req, schoolID, 'SCHOOL');
@@ -987,7 +983,7 @@ async function setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, scho
   }
 }
 
-async function setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, isGradAdmin, isAssessmentAdmin) {
+async function setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, isGradAdmin) {
   log.info('Set InstituteTypeIdentifierAndRedirectToDistrict And Redirect called');
 
   if(sdcDistrictCollectionID && districtID){
@@ -998,10 +994,6 @@ async function setInstituteTypeIdentifierAndRedirectToDistrict(req, res, distric
     log.info('Staff admin user logged in, redirecting to selected district');
     setGradStaffAdminSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
     res.redirect(config.get('server:frontend') + '/graduation/' + districtID);
-  }else if(directToGrad && districtID && isAssessmentAdmin){
-    log.info('Staff admin user logged in, redirecting to selected district');
-    setAssessmentStaffAdminSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
-    res.redirect(config.get('server:frontend') + '/graduation/' + districtID);
   } else if(directToGrad && districtID && !isGradAdmin){
     log.info('Staff viewer user logged in, redirecting to selected district');
     setGradStaffViewerSessionInstituteIdentifiers(req, districtID, 'DISTRICT');
@@ -1033,9 +1025,9 @@ function getAndSetupStaffUserAndRedirectWithSchoolCollectionLink(req, res, acces
           res.redirect(config.get('server:frontend') + '/unauthorizedNoEDXUser');
           return;
         }
-        await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, false, false);
+        await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, false);
       });
-  }else if((roles.includes('GRAD_DATA_COLLECTION_ADMIN') || (roles.includes('GRAD_DATA_COLLECTION_VIEWER')) || (roles.includes('ASSESSMENT_ADMIN'))) && directToGrad){
+  } else if((roles.includes('GRAD_DATA_COLLECTION_ADMIN') || (roles.includes('GRAD_DATA_COLLECTION_VIEWER')) || (roles.includes('ASSESSMENT_ADMIN'))) && directToGrad){
     Promise.all([
       getData(accessToken, config.get('edx:edxUsersURL') + '/user-schools', req.session.correlationID)
     ])
@@ -1046,14 +1038,10 @@ function getAndSetupStaffUserAndRedirectWithSchoolCollectionLink(req, res, acces
           }
         });
 
-        if(roles.includes('GRAD_DATA_COLLECTION_ADMIN')){
-          await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, true, false);
-        }
-        else if (roles.includes('ASSESSMENT_ADMIN')){
-          await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, false, true);
-        }
-        else{
-          await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, false, false);
+        if(roles.includes('GRAD_DATA_COLLECTION_ADMIN') || roles.includes('ASSESSMENT_ADMIN')){
+          await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, true);
+        } else{
+          await setStaffInstituteTypeIdentifierAndRedirectToSchool(req, res, schoolID, sdcSchoolCollectionID, directToGrad, false);
         }
       });
   }else{
@@ -1102,13 +1090,10 @@ function getAndSetupStaffUserAndRedirectWithDistrictCollectionLink(req, res, acc
           return !!isDistrictActive(cacheService.getDistrictJSONByDistrictID(el));
         });//this is list of active districtIDs associated to the user
 
-        if(roles.includes('GRAD_DATA_COLLECTION_ADMIN')){
-          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, true, false);
-        }else if (roles.includes('ASSESSMENT_ADMIN')) {
-          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, true, true);
-        }
-        else{
-          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, false, false);
+        if(roles.includes('GRAD_DATA_COLLECTION_ADMIN') || roles.includes('ASSESSMENT_ADMIN')){
+          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, true);
+        } else{
+          await setInstituteTypeIdentifierAndRedirectToDistrict(req, res, districtID, sdcDistrictCollectionID, directToGrad, false);
         }
       });
   } else{
@@ -1189,22 +1174,6 @@ function setGradStaffAdminSessionInstituteIdentifiers(req, activeInstituteIdenti
   req.session.activeInstitutePermissions = permissionsArray;
 }
 
-function setAssessmentStaffAdminSessionInstituteIdentifiers(req, activeInstituteIdentifier, activeInstituteType) {
-  req.session.activeInstituteIdentifier = activeInstituteIdentifier;
-  req.session.activeInstituteType = activeInstituteType;
-  let permissionsArray = [];
-
-  if(req.session.passport.user._json.idir_guid){
-    if(activeInstituteType === 'SCHOOL') {
-      permissionsArray = cacheService.getAssessmentStaffSchoolAdminPermissions();
-    } else {
-      permissionsArray = cacheService.getAssessmentStaffDistrictAdminPermissions();
-    }
-  }
-
-  req.session.activeInstitutePermissions = permissionsArray;
-}
-
 function setGradStaffViewerSessionInstituteIdentifiers(req, activeInstituteIdentifier, activeInstituteType) {
   req.session.activeInstituteIdentifier = activeInstituteIdentifier;
   req.session.activeInstituteType = activeInstituteType;
