From 79f5a52f4ae8a0305eea728e508541ddcd6c4024 Mon Sep 17 00:00:00 2001
From: Praveen Raju <80779423+praju-aot@users.noreply.github.com>
Date: Fri, 26 Jul 2024 13:55:54 -0400
Subject: [PATCH] ORV2-2542 Credit Accounts - Roles and Permissions - Part 2
 (#1520)

---
 .../credit-account.controller.ts              |  3 +-
 .../credit-account/credit-account.service.ts  | 75 +++++++++++++++++++
 .../read-credit-account-metadata.dto.ts       |  8 ++
 3 files changed, 84 insertions(+), 2 deletions(-)

diff --git a/vehicles/src/modules/credit-account/credit-account.controller.ts b/vehicles/src/modules/credit-account/credit-account.controller.ts
index 6e904db2a..4f82f3243 100644
--- a/vehicles/src/modules/credit-account/credit-account.controller.ts
+++ b/vehicles/src/modules/credit-account/credit-account.controller.ts
@@ -20,7 +20,6 @@ import { IUserJWT } from '../../common/interface/user-jwt.interface';
 import { CompanyIdPathParamDto } from '../common/dto/request/pathParam/companyId.path-param.dto';
 import { CreditAccountService } from './credit-account.service';
 import { CreateCreditAccountDto } from './dto/request/create-credit-account.dto';
-import { ReadCreditAccountUserDto } from './dto/response/read-credit-account-user.dto';
 import { ReadCreditAccountDto } from './dto/response/read-credit-account.dto';
 import { CreditAccountIdPathParamDto } from './dto/request/pathParam/creditAccountUsers.path-params.dto';
 import { UpdateCreditAccountStatusDto } from './dto/request/update-credit-account-status.dto';
@@ -103,7 +102,7 @@ export class CreditAccountController {
     description: 'The retrieved credit account.',
     type: ReadCreditAccountMetadataDto,
   })
-  @Get('meta-data')
+  @Get()
   @Roles(Role.READ_CREDIT_ACCOUNT)
   async getCreditAccountMetadata(
     @Req() request: Request,
diff --git a/vehicles/src/modules/credit-account/credit-account.service.ts b/vehicles/src/modules/credit-account/credit-account.service.ts
index 95b47b132..e1ee91226 100644
--- a/vehicles/src/modules/credit-account/credit-account.service.ts
+++ b/vehicles/src/modules/credit-account/credit-account.service.ts
@@ -277,6 +277,19 @@ export class CreditAccountService {
     ) {
       // Throw exception if companyId is a Credit Account User and user is Company Admin.
       throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     const readCreditAccountDto = await this.classMapper.mapAsync(
@@ -319,6 +332,19 @@ export class CreditAccountService {
 
     if (!creditAccount) {
       throw new DataNotFoundException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     creditAccount.creditAccountUsers =
@@ -337,6 +363,15 @@ export class CreditAccountService {
       readCreditAccountMetadataDto.userType =
         CreditAccountUserType.ACCOUNT_USER;
     }
+    if (
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_ACTIVE &&
+      !creditAccount?.company.isSuspended
+    ) {
+      readCreditAccountMetadataDto.isValidPaymentMethod = true;
+    } else {
+      readCreditAccountMetadataDto.isValidPaymentMethod = false;
+    }
     return readCreditAccountMetadataDto;
   }
 
@@ -984,6 +1019,19 @@ export class CreditAccountService {
     ) {
       // Throw exception if companyId is a Credit Account User and user is Company Admin.
       throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     creditAccount.creditAccountUsers =
@@ -1044,6 +1092,29 @@ export class CreditAccountService {
 
     if (!creditAccount) {
       throw new DataNotFoundException();
+    } else if (
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_ON_HOLD &&
+      doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
+      ]) &&
+      creditAccount?.company.companyId === companyId
+    ) {
+      // Throw exception if companyId is a Credit Account User and user is Company Admin.
+      throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     } else if (
       doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
         ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
@@ -1209,6 +1280,10 @@ export class CreditAccountService {
           case IDIRUserAuthGroup.HQ_ADMINISTRATOR:
           case IDIRUserAuthGroup.PPC_CLERK:
           case IDIRUserAuthGroup.PPC_SUPERVISOR:
+            return {
+              company: true,
+              creditAccountUsers: { company: true },
+            };
           case ClientUserAuthGroup.COMPANY_ADMINISTRATOR:
           case ClientUserAuthGroup.PERMIT_APPLICANT:
             return { company: true };
diff --git a/vehicles/src/modules/credit-account/dto/response/read-credit-account-metadata.dto.ts b/vehicles/src/modules/credit-account/dto/response/read-credit-account-metadata.dto.ts
index 46540465c..53d5689be 100644
--- a/vehicles/src/modules/credit-account/dto/response/read-credit-account-metadata.dto.ts
+++ b/vehicles/src/modules/credit-account/dto/response/read-credit-account-metadata.dto.ts
@@ -16,4 +16,12 @@ export class ReadCreditAccountMetadataDto {
     example: CreditAccountUserType.ACCOUNT_HOLDER,
   })
   userType: CreditAccountUserType;
+
+  @AutoMap()
+  @ApiProperty({
+    description:
+      'Indicates whether the credit account can be used as a valid payment method.',
+    example: false,
+  })
+  isValidPaymentMethod: boolean;
 }