PIMS-2258 Adjust when property agency changes are restricted (#2886)

Co-authored-by: Sharala-Perumal <[email protected]>
bcgov · Dec 19, 2024 · 5acba61 · 5acba61
1 parent 233d175
commit 5acba61
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/express-api/src/services/buildings/buildingServices.ts b/express-api/src/services/buildings/buildingServices.ts
@@ -69,12 +69,14 @@ export const updateBuildingById = async (
   user: PimsRequestUser,
 ) => {
   const existingBuilding = await getBuildingById(building.Id);
+  // Does this building exist?
   if (!existingBuilding) {
     throw new ErrorWithCode('Building does not exists.', 404);
   }
+  // Does the user have permissions to change its agency?
   const validUserAgencies = await userServices.getAgencies(user.Username);
   const isAdmin = user.hasOneOfRoles([Roles.ADMIN]);
-  if (!isAdmin && !validUserAgencies.includes(building.AgencyId)) {
+  if (!isAdmin && building.AgencyId && !validUserAgencies.includes(building.AgencyId)) {
     throw new ErrorWithCode('This agency change is not permitted.', 403);
   }
   if (building.Fiscals && building.Fiscals.length) {

diff --git a/express-api/src/services/parcels/parcelServices.ts b/express-api/src/services/parcels/parcelServices.ts
@@ -159,13 +159,15 @@ const updateParcel = async (incomingParcel: DeepPartial<Parcel>, user: PimsReque
   if (incomingParcel.PID == null && incomingParcel.PIN == null) {
     throw new ErrorWithCode('Must include PID or PIN in parcel data.', 400);
   }
+  // Does this parcel exist?
   const findParcel = await getParcelById(incomingParcel.Id);
   if (findParcel == null || findParcel.Id !== incomingParcel.Id) {
     throw new ErrorWithCode('Parcel not found', 404);
   }
+  // Does the user have permissions to change its agency?
   const validUserAgencies = await userServices.getAgencies(user.Username);
   const isAdmin = user.hasOneOfRoles([Roles.ADMIN]);
-  if (!isAdmin && !validUserAgencies.includes(incomingParcel.AgencyId)) {
+  if (!isAdmin && incomingParcel.AgencyId && !validUserAgencies.includes(incomingParcel.AgencyId)) {
     throw new ErrorWithCode('This agency change is not permitted.', 403);
   }
   if (incomingParcel.Fiscals && incomingParcel.Fiscals.length) {

diff --git a/express-api/tests/unit/services/buildings/buildingService.test.ts b/express-api/tests/unit/services/buildings/buildingService.test.ts
@@ -147,7 +147,7 @@ describe('updateBuildingById', () => {
       RoleId: Roles.GENERAL_USER,
       hasOneOfRoles: () => false,
     });
-    const updateBuilding = produceBuilding();
+    const updateBuilding = produceBuilding({ AgencyId: 1 });
     expect(
       async () => await buildingService.updateBuildingById(updateBuilding, generalUser),
     ).rejects.toThrow();