Merge pull request #1922 from bcgov/fix/signatories-permission

Fix/signatories permission

Author: SodhiA1

backend/src/components/permissionUtils.js

@@ -511,6 +511,25 @@ async function checkUserAccessToDuplicateSdcSchoolCollections(req, res, next) {
   return next();
 }
 
+async function checkDistrictBelongsInSdcDistrictCollection(req, res, next) {
+  if (!res.locals.requestedSdcDistrictCollection) {
+    return res.status(HttpStatus.BAD_REQUEST).json({
+      message: 'SdcDistrictCollectionID is required.'
+    });
+  }
+  if (!res.locals.requestedInstituteIdentifier) {
+    return res.status(HttpStatus.BAD_REQUEST).json({
+      message: 'DistrictID is required.'
+    });
+  }
+  if(res.locals.requestedSdcDistrictCollection.districtID !== res.locals.requestedInstituteIdentifier) {
+    return res.status(HttpStatus.FORBIDDEN).json({
+      message: 'District does not belong to this sdc district collection.'
+    });
+  }
+  return next();
+}
+
 const permUtils = {
   checkEDXUserAccessToRequestedInstitute,
   checkEdxUserPermission,
@@ -557,7 +576,8 @@ const permUtils = {
   findSchoolContactId_params,
   findSdcSchoolCollectionsInDuplicate,
   checkSdcDuplicateAccess,
-  checkUserAccessToDuplicateSdcSchoolCollections
+  checkUserAccessToDuplicateSdcSchoolCollections,
+  checkDistrictBelongsInSdcDistrictCollection
 };
 
 module.exports = permUtils;

backend/src/routes/sdc.js

@@ -396,6 +396,20 @@ const postStartFromPriorCollectionSchema = object({
   query: object(),
 }).unknown();
 
+const getSdcDistrictUsersSchema = object({
+  body: object().noUnknown(),
+  params: object({
+    sdcDistrictCollectionID: string().nonNullable()
+  }),
+  query: object({
+    digitalId: string().nullable().optional(),
+    schoolID: string().nullable().optional(),
+    firstName: string().nullable().optional(),
+    lastName: string().nullable().optional(),
+    districtID: string().nullable().optional()
+  }).noUnknown(),
+}).noUnknown();
+
 
 module.exports = {
   putSdcStudentSchema,
@@ -422,5 +436,6 @@ module.exports = {
   schoolFileCollectionSchema: postSchoolFileCollectionSchema,
   resolveDuplicateSchema: postResolveDuplicateSchema,
   markDiffSchema: postMarKDiffSchema,
-  startFromPriorCollectionSchema: postStartFromPriorCollectionSchema
+  startFromPriorCollectionSchema: postStartFromPriorCollectionSchema,
+  getSdcDistrictUsersSchema
 };

backend/src/validations/sdc.js

@@ -179,7 +179,7 @@ export default {
 
     async getUsersData() {
       const payload = {params: {districtID: this.districtCollection.districtID}};
-      await ApiService.apiAxios.get(ApiRoutes.edx.USERS_URL, payload)
+      await ApiService.apiAxios.get(ApiRoutes.sdc.SDC_DISTRICT_COLLECTION + '/' + this.districtCollection.sdcDistrictCollectionID + '/users', payload)
         .then(response => {
           this.users = response.data;
           let signatures = this.districtCollection.submissionSignatures;
@@ -198,6 +198,10 @@ export default {
               });
             } 
           }
+        })
+        .catch(error => {
+          console.error(error);
+          setFailureAlert('An error occurred while attempting to load sign-off details. Please try again later.');
         });
     },
     mapRoletext(role) {