From 5acba61dd9dd0a203771fdb25a2a7eb211ff9506 Mon Sep 17 00:00:00 2001 From: Dylan Barkowsky <37922247+dbarkowsky@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:07:16 -0800 Subject: [PATCH] PIMS-2258 Adjust when property agency changes are restricted (#2886) Co-authored-by: Sharala-Perumal <80914899+Sharala-Perumal@users.noreply.github.com> --- express-api/src/services/buildings/buildingServices.ts | 4 +++- express-api/src/services/parcels/parcelServices.ts | 4 +++- .../tests/unit/services/buildings/buildingService.test.ts | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/express-api/src/services/buildings/buildingServices.ts b/express-api/src/services/buildings/buildingServices.ts index 63cb189f4c..97605fbfde 100644 --- a/express-api/src/services/buildings/buildingServices.ts +++ b/express-api/src/services/buildings/buildingServices.ts @@ -69,12 +69,14 @@ export const updateBuildingById = async ( user: PimsRequestUser, ) => { const existingBuilding = await getBuildingById(building.Id); + // Does this building exist? if (!existingBuilding) { throw new ErrorWithCode('Building does not exists.', 404); } + // Does the user have permissions to change its agency? const validUserAgencies = await userServices.getAgencies(user.Username); const isAdmin = user.hasOneOfRoles([Roles.ADMIN]); - if (!isAdmin && !validUserAgencies.includes(building.AgencyId)) { + if (!isAdmin && building.AgencyId && !validUserAgencies.includes(building.AgencyId)) { throw new ErrorWithCode('This agency change is not permitted.', 403); } if (building.Fiscals && building.Fiscals.length) { diff --git a/express-api/src/services/parcels/parcelServices.ts b/express-api/src/services/parcels/parcelServices.ts index 2580e748c0..adeffaed84 100644 --- a/express-api/src/services/parcels/parcelServices.ts +++ b/express-api/src/services/parcels/parcelServices.ts @@ -159,13 +159,15 @@ const updateParcel = async (incomingParcel: DeepPartial, user: PimsReque if (incomingParcel.PID == null && incomingParcel.PIN == null) { throw new ErrorWithCode('Must include PID or PIN in parcel data.', 400); } + // Does this parcel exist? const findParcel = await getParcelById(incomingParcel.Id); if (findParcel == null || findParcel.Id !== incomingParcel.Id) { throw new ErrorWithCode('Parcel not found', 404); } + // Does the user have permissions to change its agency? const validUserAgencies = await userServices.getAgencies(user.Username); const isAdmin = user.hasOneOfRoles([Roles.ADMIN]); - if (!isAdmin && !validUserAgencies.includes(incomingParcel.AgencyId)) { + if (!isAdmin && incomingParcel.AgencyId && !validUserAgencies.includes(incomingParcel.AgencyId)) { throw new ErrorWithCode('This agency change is not permitted.', 403); } if (incomingParcel.Fiscals && incomingParcel.Fiscals.length) { diff --git a/express-api/tests/unit/services/buildings/buildingService.test.ts b/express-api/tests/unit/services/buildings/buildingService.test.ts index 18d660a7ba..455d703189 100644 --- a/express-api/tests/unit/services/buildings/buildingService.test.ts +++ b/express-api/tests/unit/services/buildings/buildingService.test.ts @@ -147,7 +147,7 @@ describe('updateBuildingById', () => { RoleId: Roles.GENERAL_USER, hasOneOfRoles: () => false, }); - const updateBuilding = produceBuilding(); + const updateBuilding = produceBuilding({ AgencyId: 1 }); expect( async () => await buildingService.updateBuildingById(updateBuilding, generalUser), ).rejects.toThrow();