feat(portals-admin-ids-admin): Add LegalRepresentative delegation type

[saevarma]

What

Add LegalRepresentative delegation type to the IDS Admin UI for super user.

Why

To manage this setting in IDS admin.

Screenshots / Gifs

On a client

On a scope

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced support for a new delegation type, LegalRepresentative, enhancing delegation management.
  • Added messaging definitions for "District Commissioner" and "Legal Representative" to improve user clarity.

• Bug Fixes

  • Improved access control checks for super user delegation types to ensure proper permissions are enforced.

• Documentation

  • Updated message IDs for better categorization and clarity regarding delegation types.

• Chores

  • Removed outdated filtering utility for Personal Representative delegation types, streamlining the codebase.

[coderabbitai]

Walkthrough

The pull request introduces significant enhancements to the handling of delegation types within the authorization framework of the application. Key changes include the addition of the AuthDelegationType.LegalRepresentative, updates to test cases for super user delegation types, and improvements in data transfer objects to enforce stricter type validation. Additionally, utility functions for filtering delegation types based on user permissions are introduced, and existing message definitions are refined for clarity.

Changes

File Path	Change Summary
apps/services/auth/admin-api/src/app/v2/clients/test/me-clients.spec.ts	Added support for AuthDelegationType.LegalRepresentative and updated tests to include this type. Introduced checks for super user delegation types to ensure normal users cannot modify them.
apps/services/auth/admin-api/src/app/v2/scopes/test/me-scopes.spec.ts	Enhanced test cases for super user delegation types, incorporating a new constant SUPER_USER_DELEGATION_TYPES and modifying the PatchTestCase interface to include optional properties for delegation types.
libs/auth-api-lib/src/index.ts	Added export for SUPER_USER_DELEGATION_TYPES from the utils module, expanding the module's interface for delegation management.
libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts	Updated delegation type handling logic to use delegationTypeSuperUserFilter and refined checks for user permissions regarding super user delegation types.
libs/auth-api-lib/src/lib/clients/admin/dto/admin-create-client.dto.ts	Introduced supportedDelegationTypes as an array of AuthDelegationType, enhancing type safety and validation.
libs/auth-api-lib/src/lib/clients/admin/dto/admin-patch-client.dto.ts	Changed types of addedDelegationTypes and removedDelegationTypes from string[] to AuthDelegationType[], improving type safety.
libs/auth-api-lib/src/lib/resources/admin/admin-scope.service.ts	Modified delegation type filtering logic to incorporate delegationTypeSuperUserFilter and updated checks for personal representative updates.
libs/auth-api-lib/src/lib/resources/admin/dto/admin-create-scope.dto.ts	Enhanced validation of supportedDelegationTypes to ensure it is an array of AuthDelegationType.
libs/auth-api-lib/src/lib/resources/admin/dto/admin-patch-scope.dto.ts	Updated types for addedDelegationTypes and removedDelegationTypes to AuthDelegationType[], enhancing type safety.
libs/auth-api-lib/src/lib/resources/utils/filters.ts	Introduced utility functions for filtering delegation types based on user permissions and defined SUPER_USER_DELEGATION_TYPES.
libs/auth-api-lib/src/lib/resources/utils/personalRepresentativeFilter.ts	Removed the personalRepresentativeFilter.ts file as its functionality has been replaced.
libs/portals/admin/ids-admin/src/lib/messages.ts	Renamed message IDs and added new entries related to delegation types and providers, enhancing clarity in the messaging system.

Possibly related PRs

• feat(ids-api): Add legal representative delegation type and return in delegation list. #15837: Adds support for the AuthDelegationType.LegalRepresentative, directly related to the changes in the test suite for MeClientsController.
• feat(auth-admin): General mandate delegation type #16005: Introduces the GeneralMandate delegation type, relevant to the management of delegation types.
• fix(auth-admin-api): Fix delegation type reset when adding new type #16016: Fixes issues related to delegation type resets, pertinent to managing delegation types effectively.
• fix(service-portal): parliamentary refactor signee view #16030: Refactors the signee view, potentially impacting how delegation types are displayed or managed in the UI.
• fix(service-portal): owner view iteration #16038: Enhances the owner view, which may include improvements in the presentation or interaction with delegation types.

Suggested labels

high priority

Suggested reviewers

• gunnlaugurg
• saevarma

---

Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 6be7dee and bf779ee.

Files selected for processing (1)

• libs/portals/admin/ids-admin/src/lib/messages.ts (3 hunks)

Files skipped from review as they are similar to previous changes (1)

• libs/portals/admin/ids-admin/src/lib/messages.ts

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

Outside diff range and nitpick comments (4)

libs/auth-api-lib/src/lib/resources/utils/filters.ts (1)

1-19: Add unit tests for the new utility functions

To ensure the correctness and reliability of the newly added SUPER_USER_DELEGATION_TYPES constant and delegationTypeSuperUserFilter function, consider adding unit tests. This will help verify their behavior and prevent future regressions.

libs/auth-api-lib/src/lib/clients/admin/dto/admin-patch-client.dto.ts (2)

76-78: Add type and example to @ApiPropertyOptional for addedDelegationTypes

For better API documentation and consistency, consider adding type, enum, isArray, and example to the @ApiPropertyOptional decorator for addedDelegationTypes.

Apply this diff:

 @ApiPropertyOptional({
   description: 'Only super users can update this value.',
+  type: [AuthDelegationType],
+  enum: AuthDelegationType,
+  isArray: true,
+  example: [AuthDelegationType.Custom],
 })
 addedDelegationTypes?: AuthDelegationType[]

---

83-85: Add type and example to @ApiPropertyOptional for removedDelegationTypes

Similarly, for removedDelegationTypes, consider adding type, enum, isArray, and example to the @ApiPropertyOptional decorator for completeness.

Apply this diff:

 @ApiPropertyOptional({
   description: 'Only super users can update this value.',
+  type: [AuthDelegationType],
+  enum: AuthDelegationType,
+  isArray: true,
+  example: [AuthDelegationType.Custom],
 })
 removedDelegationTypes?: AuthDelegationType[]

libs/auth-api-lib/src/index.ts (1)

102-102: Consider exporting delegationTypeSuperUserFilter

Currently, only SUPER_USER_DELEGATION_TYPES is exported from ./lib/resources/utils/filters. If delegationTypeSuperUserFilter is intended for use outside of its module, consider exporting it in index.ts for better reusability.

Apply this diff:

-export { SUPER_USER_DELEGATION_TYPES } from './lib/resources/utils/filters'
+export { SUPER_USER_DELEGATION_TYPES, delegationTypeSuperUserFilter } from './lib/resources/utils/filters'

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ca6099e and 09276db.

Files selected for processing (12)

• apps/services/auth/admin-api/src/app/v2/clients/test/me-clients.spec.ts (10 hunks)
• apps/services/auth/admin-api/src/app/v2/scopes/test/me-scopes.spec.ts (12 hunks)
• libs/auth-api-lib/src/index.ts (1 hunks)
• libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (3 hunks)
• libs/auth-api-lib/src/lib/clients/admin/dto/admin-create-client.dto.ts (2 hunks)
• libs/auth-api-lib/src/lib/clients/admin/dto/admin-patch-client.dto.ts (2 hunks)
• libs/auth-api-lib/src/lib/resources/admin/admin-scope.service.ts (3 hunks)
• libs/auth-api-lib/src/lib/resources/admin/dto/admin-create-scope.dto.ts (2 hunks)
• libs/auth-api-lib/src/lib/resources/admin/dto/admin-patch-scope.dto.ts (2 hunks)
• libs/auth-api-lib/src/lib/resources/utils/filters.ts (1 hunks)
• libs/auth-api-lib/src/lib/resources/utils/personalRepresentativeFilter.ts (0 hunks)
• libs/portals/admin/ids-admin/src/lib/messages.ts (3 hunks)

Files not reviewed due to no reviewable changes (1)

• libs/auth-api-lib/src/lib/resources/utils/personalRepresentativeFilter.ts

Additional context used

Path-based instructions (11)

libs/auth-api-lib/src/lib/resources/utils/filters.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/resources/admin/dto/admin-create-scope.dto.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/clients/admin/dto/admin-create-client.dto.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/resources/admin/dto/admin-patch-scope.dto.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/clients/admin/dto/admin-patch-client.dto.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/index.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/resources/admin/admin-scope.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

apps/services/auth/admin-api/src/app/v2/scopes/test/me-scopes.spec.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/admin-api/src/app/v2/clients/test/me-clients.spec.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

libs/portals/admin/ids-admin/src/lib/messages.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

Additional comments not posted (19)

libs/auth-api-lib/src/lib/resources/admin/admin-scope.service.ts (3)

30-33: Importing delegation utilities for super user handling

The addition of delegationTypeSuperUserFilter and SUPER_USER_DELEGATION_TYPES imports ensures that the service has access to the necessary utilities for managing super user delegation types.

---

171-173: Filtering out super user delegation types for non-super admins

By applying delegationTypeSuperUserFilter to input.supportedDelegationTypes, non-super admin users are prevented from assigning super user delegation types when creating scopes. This enforces proper access control.

---

415-416: Validating user permissions when updating delegation types

The logic correctly checks if the user is a super admin before allowing updates to super user delegation types. If a non-super admin attempts to update these types, the function returns false, preventing unauthorized changes.

Also applies to: 419-420

libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (3)

44-47: Importing delegation type filters for client management

Including delegationTypeSuperUserFilter and SUPER_USER_DELEGATION_TYPES ensures that the client service can correctly handle delegation types related to super users.

---

185-187: Filtering super user delegation types during client creation

The use of delegationTypeSuperUserFilter filters out super user delegation types from clientDto.supportedDelegationTypes when the user is not a super admin, maintaining proper access restrictions.

---

665-676: Checking for unauthorized updates to super user delegation types

The validation accurately identifies if a non-super admin is attempting to add or remove super user delegation types and blocks the action by returning false. This protects against unauthorized modifications.

apps/services/auth/admin-api/src/app/v2/scopes/test/me-scopes.spec.ts (4)

15-15: Adding SUPER_USER_DELEGATION_TYPES for comprehensive testing

Importing SUPER_USER_DELEGATION_TYPES allows the test suite to include scenarios involving super user delegation types, enhancing test coverage.

---

131-134: Including AuthDelegationType.LegalRepresentative in test data

Adding AuthDelegationType.LegalRepresentative to the delegation types ensures that this new type is properly tested within the scope of delegation type management.

---

382-383: Extending PatchTestCase to support delegation type modifications

Introducing addedDelegationTypes and removedDelegationTypes properties allows test cases to simulate adding and removing delegation types, including super user types.

---

523-560: Testing forbidden access for non-super admins modifying super user delegation types

The added test cases correctly verify that non-super admin users receive a 403 Forbidden response when attempting to add or remove super user delegation types, ensuring access control is enforced.

apps/services/auth/admin-api/src/app/v2/clients/test/me-clients.spec.ts (5)

10-15: Importing delegation-related utilities for client tests

Including SUPER_USER_DELEGATION_TYPES and related utilities ensures that the client tests can validate behavior concerning super user delegation types.

---

56-59: Adding AuthDelegationType.LegalRepresentative to client test setup

Including LegalRepresentative in the test data ensures that the new delegation type is considered in client-related tests, enhancing test coverage.

---

Line range hint 629-646: Testing client creation with all delegation types for super users

The test confirms that super admin users can create clients with all delegation types, including LegalRepresentative, ensuring that super users have the necessary permissions.

---

Line range hint 997-1055: Verifying addition and removal of delegation types by super users

The tests correctly validate that super users can add and remove delegation types, and that the client's delegation settings are updated accordingly, including super user delegation types.

---

1084-1142: Ensuring non-super admins cannot modify super user delegation types

The test cases appropriately assert that normal users receive a 403 Forbidden response when attempting to add or remove super user delegation types, enforcing proper access control.

libs/portals/admin/ids-admin/src/lib/messages.ts (4)

114-117: Consistent Message ID Naming

The id for displayNameDescription has been updated to include the ap.ids-admin: prefix, enhancing consistency across the codebase.

---

923-931: Addition of Syslumenn Delegation Provider Messages

The new messages clientDelegationProviderSyslumennName and clientDelegationProviderSyslumennDescription are correctly added and provide clear descriptions for the District Commissioner delegation provider.

---

988-991: Addition of Syslumenn Delegation Provider Messages for API Scopes

The messages apiScopeDelegationProviderSyslumennName are appropriately added, enhancing the messaging for API scope delegation providers.

---

992-999: Consistent Naming for Legal Representative Delegation Type

The additions of apiScopeDelegationTypeLegalRepresentativeName and apiScopeDelegationTypeLegalRepresentativeDescription are correct and improve clarity for the legal representative delegation type.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.66%. Comparing base (8926579) to head (bf779ee).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16069   +/-   ##
=======================================
  Coverage   36.66%   36.66%           
=======================================
  Files        6747     6748    +1     
  Lines      138711   138720    +9     
  Branches    39404    39403    -1     
=======================================
+ Hits        50853    50862    +9     
  Misses      87858    87858           

Flag	Coverage Δ
air-discount-scheme-web	0.00% <ø> (ø)
api	3.39% <ø> (ø)
api-domains-auth-admin	49.89% <ø> (ø)
application-api-files	57.59% <ø> (ø)
application-core	71.62% <ø> (+0.08%)	⬆️
application-system-api	41.52% <ø> (ø)
application-template-api-modules	23.45% <ø> (-0.02%)	⬇️
application-templates-accident-notification	22.14% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	26.63% <ø> (ø)
application-templates-driving-license	18.63% <ø> (ø)
application-templates-estate	12.34% <ø> (ø)
application-templates-example-payment	25.41% <ø> (ø)
application-templates-financial-aid	14.34% <ø> (ø)
application-templates-general-petition	23.68% <ø> (ø)
application-templates-health-insurance	26.62% <ø> (ø)
application-templates-inheritance-report	6.45% <ø> (ø)
application-templates-marriage-conditions	15.23% <ø> (ø)
application-templates-mortgage-certificate	43.96% <ø> (ø)
application-templates-parental-leave	30.15% <ø> (ø)
application-types	6.71% <ø> (ø)
application-ui-components	1.28% <ø> (ø)
application-ui-shell	21.29% <ø> (ø)
auth-react	22.80% <ø> (ø)
clients-charge-fjs-v2	24.11% <ø> (ø)
contentful-apps	5.76% <ø> (ø)
financial-aid-backend	56.52% <ø> (ø)
financial-aid-shared	19.03% <ø> (ø)
island-ui-core	28.57% <ø> (ø)
judicial-system-web	28.66% <ø> (ø)
portals-admin-regulations-admin	1.95% <ø> (ø)
portals-core	16.17% <ø> (ø)
services-auth-admin-api	52.95% <100.00%> (+0.09%)	⬆️
services-auth-delegation-api	61.28% <53.57%> (-0.07%)	⬇️
services-auth-ids-api	53.99% <53.57%> (+0.02%)	⬆️
services-auth-personal-representative	47.91% <53.57%> (-0.02%)	⬇️
services-auth-personal-representative-public	43.87% <53.57%> (+0.06%)	⬆️
services-auth-public-api	51.76% <53.57%> (+0.01%)	⬆️
services-user-notification	47.17% <ø> (ø)
services-user-profile	62.28% <ø> (ø)
shared-components	27.68% <ø> (ø)
shared-form-fields	31.61% <ø> (ø)
web	1.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
libs/auth-api-lib/src/index.ts	100.00% <100.00%> (ø)
...lib/src/lib/clients/admin/admin-clients.service.ts	86.86% <100.00%> (+0.84%)	⬆️
...c/lib/clients/admin/dto/admin-create-client.dto.ts	100.00% <100.00%> (ø)
...rc/lib/clients/admin/dto/admin-patch-client.dto.ts	100.00% <100.00%> (ø)
...lib/src/lib/resources/admin/admin-scope.service.ts	91.62% <100.00%> (+1.11%)	⬆️
.../lib/resources/admin/dto/admin-create-scope.dto.ts	100.00% <100.00%> (ø)
...c/lib/resources/admin/dto/admin-patch-scope.dto.ts	100.00% <100.00%> (ø)
...bs/auth-api-lib/src/lib/resources/utils/filters.ts	100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8926579...bf779ee. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs 4b33fda 🔗

✅ 43 Total Test Services: 0 Failed, 42 Passed
🔻 Test Sessions change in coverage: 1 decreased (-0.25%), 4 increased, 160 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
air-discount-scheme-web	0	0	0	2	0	8.4s	1 no change	Link
api	0	0	0	4	0	2.73s	1 no change	Link
api-domains-auth-admin	0	0	0	18	0	12.52s	1 no change	Link
application-api-files	0	0	0	12	0	5.73s	1 no change	Link
application-core	0	0	0	90	0	18.77s	1 increased (+0.11%)	Link
application-system-api	0	0	0	111	2	3m 5.63s	1 no change	Link
application-template-api-modules	0	0	0	109	0	1m 47.43s	1 no change	Link
application-templates-accident-notification	0	0	0	98	0	18.29s	1 no change	Link
application-templates-criminal-record	0	0	0	2	0	10.24s	1 no change	Link
application-templates-driving-license	0	0	0	13	0	14.49s	1 no change	Link

🔻 Code Coverage Decreases vs Default Branch (1)

• services-auth-delegation-api - jest 60.02% (-0.25%) - Details

[GunnlaugurG]

LGTM 🚀