Merge pull request #421 from bcgov/ofmcc-6684-application-permission

ofmcc-6684 - update validatePermission to allow multiple parameters

backend/src/middlewares/validatePermission.js

@@ -3,12 +3,12 @@ const { getRoles } = require('../components/lookup')
 
 /**
  * Validates that the user has the specified permission.
- * @param {*} permission
+ * @param {*} requiredPermissions
  * @returns
  */
-module.exports = function (permission) {
+module.exports = function (...requiredPermissions) {
   return async function (req, res, next) {
-    log.verbose(`validating permission ${permission}`)
+    log.verbose(`validating permission ${requiredPermissions}`)
 
     const userRole = req.session?.passport?.user?.role
 
@@ -18,9 +18,9 @@ module.exports = function (permission) {
 
     const roles = await getRoles()
     const matchingRole = roles.find((role) => role.data.roleId === userRole.ofm_portal_roleid)
-    const permissions = matchingRole ? matchingRole.data.permissions : []
+    const permissions = matchingRole ? matchingRole.data.permissions?.map((p) => p.permissionName) : []
 
-    const valid = permissions.some((p) => p.permissionName === permission)
+    const valid = requiredPermissions?.some((p) => permissions.includes(p))
 
     valid ? next() : res.sendStatus(403)
   }

backend/src/routes/facilities.js

@@ -19,7 +19,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.VIEW_ORG_FACILITY),
-  [param('facilityId', 'URL param: [facilityId] is required').not().isEmpty()],
+  [param('facilityId', 'URL param: [facilityId] is required').notEmpty().isUUID()],
   validateFacility(false),
   (req, res) => {
     validationResult(req).throw()
@@ -35,7 +35,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.VIEW_ORG_FACILITY),
-  [param('facilityId', 'URL param: [facilityId] is required').not().isEmpty()],
+  [param('facilityId', 'URL param: [facilityId] is required').notEmpty().isUUID()],
   validateFacility(false),
   (req, res) => {
     validationResult(req).throw()
@@ -50,8 +50,8 @@ router.patch(
   '/:facilityId',
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
-  validatePermission(PERMISSIONS.UPDATE_ORG_FACILITY),
-  [param('facilityId', 'URL param: [facilityId] is required').not().isEmpty()],
+  validatePermission(PERMISSIONS.UPDATE_ORG_FACILITY, PERMISSIONS.APPLY_FOR_FUNDING),
+  [param('facilityId', 'URL param: [facilityId] is required').notEmpty().isUUID()],
   validateFacility(true),
   (req, res) => {
     validationResult(req).throw()
@@ -67,7 +67,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.VIEW_ORG_FACILITY),
-  [param('facilityId', 'URL param: [facilityId] is required').not().isEmpty()],
+  [param('facilityId', 'URL param: [facilityId] is required').notEmpty().isUUID()],
   validateFacility(false),
   (req, res) => {
     validationResult(req).throw()

backend/src/routes/organizations.js

@@ -19,7 +19,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.VIEW_ORG_FACILITY),
-  [param('organizationId', 'URL param: [organizationId] is required').not().isEmpty()],
+  [param('organizationId', 'URL param: [organizationId] is required').notEmpty().isUUID()],
   validateOrganization(),
   (req, res) => {
     validationResult(req).throw()
@@ -35,7 +35,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.VIEW_ORG_FACILITY),
-  [param('organizationId', 'URL param: [organizationId] is required').not().isEmpty()],
+  [param('organizationId', 'URL param: [organizationId] is required').notEmpty().isUUID()],
   validateOrganization(),
   (req, res) => {
     validationResult(req).throw()
@@ -50,9 +50,9 @@ router.put(
   '/:organizationId',
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
-  validatePermission(PERMISSIONS.UPDATE_ORG_FACILITY),
+  validatePermission(PERMISSIONS.UPDATE_ORG_FACILITY, PERMISSIONS.APPLY_FOR_FUNDING),
   validateOrganization(),
-  [param('organizationId', 'URL param: [organizationId] is required').not().isEmpty()],
+  [param('organizationId', 'URL param: [organizationId] is required').notEmpty().isUUID()],
   (req, res) => {
     validationResult(req).throw()
     return updateOrganization(req, res)
@@ -67,7 +67,7 @@ router.get(
   passport.authenticate('jwt', { session: false }),
   isValidBackendToken,
   validatePermission(PERMISSIONS.MANAGE_USERS_EDIT),
-  [param('organizationId', 'URL param: [organizationId] is required').not().isEmpty()],
+  [param('organizationId', 'URL param: [organizationId] is required').notEmpty().isUUID()],
   validateOrganization(),
   (req, res) => {
     validationResult(req).throw()

frontend/src/views/applications/FacilityDetailsView.vue

@@ -33,6 +33,7 @@
               v-model="primaryContact"
               :items="contacts"
               :disabled="readonly"
+              :hide-details="readonly"
               item-title="fullName"
               item-value="contactId"
               label="Select Primary Contact"
@@ -62,6 +63,7 @@
               v-model="secondaryContact"
               :items="availableSecondaryContacts"
               :disabled="readonly"
+              :hide-details="readonly"
               item-title="fullName"
               label="Select Secondary Contact"
               density="compact"
@@ -90,6 +92,7 @@
               v-model="expenseAuthority"
               :items="availableExpenseAuthorities"
               :disabled="readonly"
+              :hide-details="readonly"
               item-title="fullName"
               label="Select Expense Authority"
               :rules="rules.required"