bcgov · andrepestana-aot · Jun 6, 2023 · Jun 1, 2023 · Jun 1, 2023 · Jun 2, 2023
diff --git a/sources/packages/backend/apps/api/src/auth/roles.enum.ts b/sources/packages/backend/apps/api/src/auth/roles.enum.ts
@@ -30,4 +30,5 @@ export enum Role {
   InstitutionCreateNote = "institution-create-note",
   InstitutionApproveDeclineDesignation = "institution-approve-decline-designation",
   InstitutionApproveDeclineOfferingChanges = "institution-approve-decline-offering-changes",
+  StudentReissueMSFAA = "student-reissue-msfaa",
 }
diff --git a/...s/api/src/route-controllers/application/_tests_/application.aest.reissueMSFAA.e2e-spec.ts b/...s/api/src/route-controllers/application/_tests_/application.aest.reissueMSFAA.e2e-spec.ts
@@ -316,6 +316,7 @@ describe("ApplicationAESTController(e2e)-reissueMSFAA", () => {
     // Arrange
     const endpoint = `/aest/application/9999/reissue-msfaa`;
     const token = await getAESTToken(AESTGroups.BusinessAdministrators);
+
     // Act/Assert
     await request(app.getHttpServer())
       .post(endpoint)
@@ -349,6 +350,23 @@ describe("ApplicationAESTController(e2e)-reissueMSFAA", () => {
     }
   }
 
+  it("Should not reissue an MSFAA when user is not a business administrator.", async () => {
+    // Arrange
+    const endpoint = "/aest/application/123/reissue-msfaa";
+    const token = await getAESTToken(AESTGroups.OperationsAdministrators);
+
+    // Act/Assert
+    await request(app.getHttpServer())
+      .post(endpoint)
+      .auth(token, BEARER_AUTH_TYPE)
+      .expect(HttpStatus.FORBIDDEN)
+      .expect({
+        statusCode: HttpStatus.FORBIDDEN,
+        message: "Forbidden resource",
+        error: "Forbidden",
+      });
+  });
+
   afterAll(async () => {
     await app?.close();
   });

diff --git a/...ackages/backend/apps/api/src/route-controllers/application/application.aest.controller.ts b/...ackages/backend/apps/api/src/route-controllers/application/application.aest.controller.ts
@@ -10,7 +10,12 @@ import {
 import { ApplicationService } from "../../services";
 import BaseController from "../BaseController";
 import { ApplicationBaseAPIOutDTO } from "./models/application.dto";
-import { AllowAuthorizedParty, Groups, UserToken } from "../../auth/decorators";
+import {
+  AllowAuthorizedParty,
+  Groups,
+  Roles,
+  UserToken,
+} from "../../auth/decorators";
 import { AuthorizedParties } from "../../auth/authorized-parties.enum";
 import { UserGroups } from "../../auth/user-groups.enum";
 import {
@@ -28,7 +33,7 @@ import {
   APPLICATION_NOT_FOUND,
   INVALID_OPERATION_IN_THE_CURRENT_STATUS,
 } from "@sims/services/constants";
-import { IUserToken } from "../../auth";
+import { IUserToken, Role } from "../../auth";
 
 @AllowAuthorizedParty(AuthorizedParties.aest)
 @Groups(UserGroups.AESTUser)
@@ -80,6 +85,7 @@ export class ApplicationAESTController extends BaseController {
    * @param applicationId reference application id.
    * @returns the newly created MSFAA.
    */
+  @Roles(Role.StudentReissueMSFAA)
   @Post(":applicationId/reissue-msfaa")
   @ApiNotFoundResponse({ description: "Application id not found." })
   @ApiUnprocessableEntityResponse({

diff --git a/...end/apps/api/src/testHelpers/auth/_tests_/e2e/aest-token-helpers.getAESTToken.e2e-spec.ts b/...end/apps/api/src/testHelpers/auth/_tests_/e2e/aest-token-helpers.getAESTToken.e2e-spec.ts
@@ -0,0 +1,18 @@
+import { JwtService } from "@nestjs/jwt";
+import { IUserToken, Role } from "../../../../auth";
+import { AESTGroups, getAESTToken } from "../../..";
+
+const jwtService = new JwtService();
+
+describe("Auth(e2e)-getAESTToken()", () => {
+  it("Should have all roles when ministry user is a business administrator.", async () => {
+    // Act
+    const token = await getAESTToken(AESTGroups.BusinessAdministrators);
+    const decodedToken = jwtService.decode(token) as IUserToken;
+    decodedToken.resource_access.aest.roles.sort((a, b) => a.localeCompare(b));
+    const allAESTRoles = Object.values(Role).sort((a, b) => a.localeCompare(b));
+
+    // Assert
+    expect(decodedToken.resource_access.aest.roles).toEqual(allAESTRoles);
+  });
+});
diff --git a/sources/packages/web/src/types/contracts/aest/roles.ts b/sources/packages/web/src/types/contracts/aest/roles.ts
@@ -30,4 +30,5 @@ export enum Role {
   InstitutionCreateNote = "institution-create-note",
   InstitutionApproveDeclineDesignation = "institution-approve-decline-designation",
   InstitutionApproveDeclineOfferingChanges = "institution-approve-decline-offering-changes",
+  StudentReissueMSFAA = "student-reissue-msfaa",
 }
diff --git a/sources/packages/web/src/views/aest/student/applicationDetails/NoticeOfAssessment.vue b/sources/packages/web/src/views/aest/student/applicationDetails/NoticeOfAssessment.vue
@@ -12,7 +12,7 @@
     </template>
     <notice-of-assessment-form-view
       :assessment-id="assessmentId"
-      :can-reissue-m-s-f-a-a="true"
+      :can-reissue-m-s-f-a-a="hasStudentReissueMSFAARole"
       @reissue-m-s-f-a-a="reissueMSFAA"
     />
   </full-page-container>
@@ -23,7 +23,8 @@ import { defineComponent } from "vue";
 import NoticeOfAssessmentFormView from "@/components/common/NoticeOfAssessmentFormView.vue";
 import { AESTRoutesConst } from "@/constants/routes/RouteConstants";
 import { ApplicationService } from "@/services/ApplicationService";
-import { useSnackBar } from "@/composables";
+import { useAuth, useSnackBar } from "@/composables";
+import { Role } from "@/types";
 
 export default defineComponent({
   components: {
@@ -45,6 +46,8 @@ export default defineComponent({
   },
   setup() {
     const snackBar = useSnackBar();
+    const { hasRole } = useAuth();
+    const hasStudentReissueMSFAARole = hasRole(Role.StudentReissueMSFAA);
     const reissueMSFAA = async (
       applicationId: number,
       reloadNOA: () => Promise<void>,
@@ -62,7 +65,7 @@ export default defineComponent({
       }
     };
 
-    return { reissueMSFAA, AESTRoutesConst };
+    return { reissueMSFAA, AESTRoutesConst, hasStudentReissueMSFAARole };
   },
 });
 </script>