#1964 - Added role to restrict MSFAA reissue

sources/packages/backend/apps/api/src/auth/roles.enum.ts

@@ -30,4 +30,5 @@ export enum Role {
   InstitutionCreateNote = "institution-create-note",
   InstitutionApproveDeclineDesignation = "institution-approve-decline-designation",
   InstitutionApproveDeclineOfferingChanges = "institution-approve-decline-offering-changes",
+  StudentReissueMSFAA = "student-reissue-msfaa",
 }

sources/packages/backend/apps/api/src/route-controllers/application/_tests_/application.aest.reissueMSFAA.e2e-spec.ts

@@ -349,6 +349,40 @@ describe("ApplicationAESTController(e2e)-reissueMSFAA", () => {
     }
   }
 
+  it("Should not reissue an MSFAA when user is not a business administrator.", async () => {
+    // Arrange
+    const student = await saveFakeStudent(db.dataSource);
+    const currentMSFAA = createFakeMSFAANumber(
+      { student },
+      {
+        state: MSFAAStates.Signed | MSFAAStates.CancelledOtherProvince,
+      },
+    );
+    await db.msfaaNumber.save(currentMSFAA);
+    const application = await saveFakeApplicationDisbursements(
+      db.dataSource,
+      { student, msfaaNumber: currentMSFAA },
+      {
+        applicationStatus: ApplicationStatus.Completed,
+        createSecondDisbursement: true,
+      },
+    );
+
+    const endpoint = `/aest/application/${application.id}/reissue-msfaa`;
+    const token = await getAESTToken(AESTGroups.OperationsAdministrators);
+
+    // Act/Assert
+    await request(app.getHttpServer())
+      .post(endpoint)
+      .auth(token, BEARER_AUTH_TYPE)
+      .expect(HttpStatus.FORBIDDEN)
+      .expect({
+        statusCode: HttpStatus.FORBIDDEN,
+        message: "Forbidden resource",
+        error: "Forbidden",
+      });
+  });
+
   afterAll(async () => {
     await app?.close();
   });

sources/packages/backend/apps/api/src/route-controllers/application/application.aest.controller.ts

@@ -10,7 +10,12 @@ import {
 import { ApplicationService } from "../../services";
 import BaseController from "../BaseController";
 import { ApplicationBaseAPIOutDTO } from "./models/application.dto";
-import { AllowAuthorizedParty, Groups, UserToken } from "../../auth/decorators";
+import {
+  AllowAuthorizedParty,
+  Groups,
+  Roles,
+  UserToken,
+} from "../../auth/decorators";
 import { AuthorizedParties } from "../../auth/authorized-parties.enum";
 import { UserGroups } from "../../auth/user-groups.enum";
 import {
@@ -28,7 +33,7 @@ import {
   APPLICATION_NOT_FOUND,
   INVALID_OPERATION_IN_THE_CURRENT_STATUS,
 } from "@sims/services/constants";
-import { IUserToken } from "../../auth";
+import { IUserToken, Role } from "../../auth";
 
 @AllowAuthorizedParty(AuthorizedParties.aest)
 @Groups(UserGroups.AESTUser)
@@ -80,6 +85,7 @@ export class ApplicationAESTController extends BaseController {
    * @param applicationId reference application id.
    * @returns the newly created MSFAA.
    */
+  @Roles(Role.StudentReissueMSFAA)
   @Post(":applicationId/reissue-msfaa")
   @ApiNotFoundResponse({ description: "Application id not found." })
   @ApiUnprocessableEntityResponse({

sources/packages/backend/apps/api/test/auth.aest.e2e-spec.ts

@@ -0,0 +1,18 @@
+import { JwtService } from "@nestjs/jwt";
+import { IUserToken, Role } from "../src/auth";
+import { AESTGroups, getAESTToken } from "../src/testHelpers";
+
+const jwtService = new JwtService();
+
+describe("Auth Ministry", () => {
+  it("Should have all roles when ministry user is a business administrator.", async () => {
+    //Act
+    const token = await getAESTToken(AESTGroups.BusinessAdministrators);
+    const decodedToken = jwtService.decode(token) as IUserToken;
+    decodedToken.resource_access.aest.roles.sort((a, b) => a.localeCompare(b));
+    const allAESTRoles = Object.values(Role).sort((a, b) => a.localeCompare(b));
+
+    //Assert
+    expect(decodedToken.resource_access.aest.roles).toEqual(allAESTRoles);
+  });
+});

sources/packages/web/src/types/contracts/aest/roles.ts

@@ -30,4 +30,5 @@ export enum Role {
   InstitutionCreateNote = "institution-create-note",
   InstitutionApproveDeclineDesignation = "institution-approve-decline-designation",
   InstitutionApproveDeclineOfferingChanges = "institution-approve-decline-offering-changes",
+  StudentReissueMSFAA = "student-reissue-msfaa",
 }

sources/packages/web/src/views/aest/student/applicationDetails/NoticeOfAssessment.vue

@@ -12,7 +12,7 @@
     </template>
     <notice-of-assessment-form-view
       :assessment-id="assessmentId"
-      :can-reissue-m-s-f-a-a="true"
+      :can-reissue-m-s-f-a-a="hasStudentReissueMSFAARole"
       @reissue-m-s-f-a-a="reissueMSFAA"
     />
   </full-page-container>
@@ -23,7 +23,8 @@ import { defineComponent } from "vue";
 import NoticeOfAssessmentFormView from "@/components/common/NoticeOfAssessmentFormView.vue";
 import { AESTRoutesConst } from "@/constants/routes/RouteConstants";
 import { ApplicationService } from "@/services/ApplicationService";
-import { useSnackBar } from "@/composables";
+import { useAuth, useSnackBar } from "@/composables";
+import { Role } from "@/types";
 
 export default defineComponent({
   components: {
@@ -45,6 +46,8 @@ export default defineComponent({
   },
   setup() {
     const snackBar = useSnackBar();
+    const { hasRole } = useAuth();
+    const hasStudentReissueMSFAARole = hasRole(Role.StudentReissueMSFAA);
     const reissueMSFAA = async (
       applicationId: number,
       reloadNOA: () => Promise<void>,
@@ -62,7 +65,7 @@ export default defineComponent({
       }
     };
 
-    return { reissueMSFAA, AESTRoutesConst };
+    return { reissueMSFAA, AESTRoutesConst, hasStudentReissueMSFAARole };
   },
 });
 </script>