Merge pull request #667 from bcgov/yj

ychung-mot · web-flow · commit 00e186e2afd7 · 2024-09-20T11:56:45.000-07:00
feat(dss-868)
diff --git a/server/StrDss.Api/Controllers/RentalListingReportsController.cs b/server/StrDss.Api/Controllers/RentalListingReportsController.cs
@@ -78,11 +78,14 @@ public async Task<ActionResult> GetRentalListingHistory(long? platformId, int pa
             return Ok(history);
         }
 
-        [ApiAuthorize(Permissions.UploadHistoryRead)]
+        [ApiAuthorize(Permissions.LicenceFileUpload, Permissions.ListingFileUpload)]
         [HttpGet("uploads/{uploadId}/errorfile")]
         public async Task<ActionResult> GetRentalListingErrorFile(long uploadId)
         {
-            var bytes = await _uploadService.GetRentalListingErrorFile(uploadId);
+            var (bytes, hasPermission) = await _uploadService.GetRentalListingErrorFile(uploadId);
+
+            if (!hasPermission)
+                return Unauthorized();
 
             if (bytes == null)
                 return NotFound();
diff --git a/server/StrDss.Service/UploadDeliveryService.cs b/server/StrDss.Service/UploadDeliveryService.cs
@@ -19,7 +19,7 @@ public interface IUploadDeliveryService
         Task<Dictionary<string, List<string>>> UploadPlatformData(string reportType, string reportPeriod, long orgId, Stream stream);
         Task<(Dictionary<string, List<string>>, string header)> ValidateAndParseUploadAsync(string reportPeriod, long orgId, string reportType, string hashValue, string[] mandatoryFields, TextReader textReader, List<DssUploadLine> uploadLines);
         Task<PagedDto<UploadHistoryViewDto>> GetUploadHistory(long? orgId, int pageSize, int pageNumber, string orderBy, string direction, string[] reportTypes);
-        Task<byte[]?> GetRentalListingErrorFile(long uploadId);
+        Task<(byte[]?, bool hasAccess)> GetRentalListingErrorFile(long uploadId);
         Task<DssUploadDelivery?> GetNonTakedownUploadToProcessAsync();
         Task<DssUploadDelivery?> GetUploadToProcessAsync(string reportType);
     }
@@ -501,15 +501,25 @@ public async Task<PagedDto<UploadHistoryViewDto>> GetUploadHistory(long? orgId,
             return await _uploadRepo.GetUploadHistory(orgId, pageSize, pageNumber, orderBy, direction, reportTypes);
         }
 
-        public async Task<byte[]?> GetRentalListingErrorFile(long uploadId)
+        public async Task<(byte[]?, bool hasAccess)> GetRentalListingErrorFile(long uploadId)
         {
             var upload = await _uploadRepo.GetRentalListingUploadWithErrors(uploadId);
 
-            if (upload == null) return null;
+            if (upload == null) return (null, true);
 
-            var fullData = upload.UploadDeliveryType == UploadDeliveryTypes.LicenceData;
+            // so far, there are two types of error files - ListingData and LicenceData
+            var licenceData = upload.UploadDeliveryType == UploadDeliveryTypes.LicenceData;
 
-            var linesWithError = await _uploadRepo.GetUploadLineIdsWithErrors(uploadId, fullData);
+            var hasPermission = licenceData
+                ? _currentUser.Permissions.Contains(Permissions.LicenceFileUpload)
+                : _currentUser.Permissions.Contains(Permissions.ListingFileUpload);
+
+            if (!hasPermission)
+            {
+                return (null, false);
+            }
+
+            var linesWithError = await _uploadRepo.GetUploadLineIdsWithErrors(uploadId, licenceData);
 
             var memoryStream = new MemoryStream(upload.SourceBin!);
             using TextReader textReader = new StreamReader(memoryStream, Encoding.UTF8);
@@ -532,7 +542,7 @@ public async Task<PagedDto<UploadHistoryViewDto>> GetUploadHistory(long? orgId,
                 contents.AppendLine(line.LineText.TrimEndNewLine() + $",\"{line.ErrorText ?? ""}\"");
             }
 
-            return Encoding.UTF8.GetBytes(contents.ToString());
+            return (Encoding.UTF8.GetBytes(contents.ToString()), hasPermission);
         }
 
         public async Task<DssUploadDelivery?> GetNonTakedownUploadToProcessAsync()
