From bef0ca3effaf2675cce93b4fe221a38d7f6a34ae Mon Sep 17 00:00:00 2001
From: NickSaglioni <117364634+NickSaglioni@users.noreply.github.com>
Date: Fri, 9 Feb 2024 19:08:17 -0300
Subject: [PATCH] fix: fixing bugs from previous 1059 task (#1192)

Co-authored-by: Nicola Saglioni <nicola.saglioni@mobeus.com>
Co-authored-by: catherine meng <mcatherine1994@gmail.com>
---
 .../components/grantaccess/GrantAccess.vue    | 57 ++++-----------
 .../grantaccess/GrantApplicationAdmin.vue     | 33 ++++-----
 .../components/grantaccess/StepContainer.vue  |  6 +-
 .../grantaccess/form/UserDomainSelect.vue     |  6 +-
 .../grantaccess/form/UserNameInput.vue        |  8 +--
 .../managePermissions/ManagePermissions.vue   |  8 +--
 frontend/src/enum/SeverityEnum.ts             | 19 +++--
 frontend/src/errors/FamCustomError.ts         |  4 +-
 frontend/src/router/index.ts                  |  2 +
 frontend/src/router/routeHandlers.ts          | 33 ++++++---
 frontend/src/services/AuthService.ts          | 30 +++++---
 frontend/src/store/Constants.ts               |  3 +-
 frontend/src/store/NotificationState.ts       | 72 +++++++++++--------
 frontend/src/store/ToastState.ts              |  2 +-
 .../admin_management/api/app/utils/utils.py   |  2 +-
 15 files changed, 151 insertions(+), 134 deletions(-)

diff --git a/frontend/src/components/grantaccess/GrantAccess.vue b/frontend/src/components/grantaccess/GrantAccess.vue
index 8b1ce7941..887ba52a7 100644
--- a/frontend/src/components/grantaccess/GrantAccess.vue
+++ b/frontend/src/components/grantaccess/GrantAccess.vue
@@ -7,9 +7,8 @@ import { number, object, string } from 'yup';
 
 import Button from '@/components/common/Button.vue';
 import { IconSize } from '@/enum/IconEnum';
-import { Severity } from '@/enum/SeverityEnum';
+import { Severity, ErrorCode } from '@/enum/SeverityEnum';
 import { AppActlApiService } from '@/services/ApiServiceFactory';
-import { selectedApplicationDisplayText } from '@/store/ApplicationState';
 import { isLoading } from '@/store/LoadingState';
 import { setGrantAccessNotificationMsg } from '@/store/NotificationState';
 import { FOREST_CLIENT_INPUT_MAX_LENGTH } from '@/store/Constants';
@@ -21,6 +20,7 @@ import {
 import UserDomainSelect from '@/components/grantaccess/form/UserDomainSelect.vue';
 import UserNameInput from '@/components/grantaccess/form/UserNameInput.vue';
 import ForestClientInput from '@/components/grantaccess/form/ForestClientInput.vue';
+import { selectedApplicationDisplayText } from '@/store/ApplicationState';
 
 const props = defineProps({
     applicationRoleOptions: {
@@ -120,11 +120,10 @@ const areVerificationsPassed = () => {
 
 const handleSubmit = async () => {
     const successForestClientIdList: string[] = [];
-    const warningForestClientIdList: string[] = [];
 
     // msg override the default error notification message
     const errorNotification = {
-        msg: '',
+        code: ErrorCode.Default,
         errorForestClientIdList: [] as string[],
     };
     do {
@@ -137,23 +136,20 @@ const handleSubmit = async () => {
             })
             .catch((error) => {
                 if (error.response?.status === 409) {
-                    warningForestClientIdList.push(forestClientNumber || '');
+                    errorNotification.code = ErrorCode.Conflict;
                 } else if (
                     error.response.data.detail.code === 'self_grant_prohibited'
                 ) {
-                    errorNotification.msg =
-                        'Granting roles to self is not allowed.';
-                } else {
-                    errorNotification.errorForestClientIdList.push(
-                        forestClientNumber || ''
-                    );
+                    errorNotification.code = ErrorCode.SelfGrantProhibited;
                 }
+                errorNotification.errorForestClientIdList.push(
+                    forestClientNumber || ''
+                );
             });
     } while (formData.value.verifiedForestClients.length > 0);
 
     composeAndPushNotificationMessages(
         successForestClientIdList,
-        warningForestClientIdList,
         errorNotification
     );
 
@@ -179,52 +175,34 @@ function toRequestPayload(formData: any, forestClientNumber: string) {
 
 const composeAndPushNotificationMessages = (
     successIdList: string[],
-    warningIdList: string[],
-    errorMsg: { msg: string; errorForestClientIdList: string[] }
+    errorMsg: { code: string; errorForestClientIdList: string[] }
 ) => {
     const username = formData.value.userId.toUpperCase();
     if (successIdList.length > 0) {
         setGrantAccessNotificationMsg(
             successIdList,
             username,
-            Severity.success,
-            getSelectedRole()?.role_name
-        );
-    }
-    if (warningIdList.length > 0) {
-        setGrantAccessNotificationMsg(
-            warningIdList,
-            username,
-            Severity.warning,
+            Severity.Success,
             getSelectedRole()?.role_name
         );
     }
-
-    if (errorMsg.msg) {
+    if (errorMsg.errorForestClientIdList.length > 0) {
         setGrantAccessNotificationMsg(
             errorMsg.errorForestClientIdList,
             username,
-            Severity.error,
+            Severity.Error,
             getSelectedRole()?.role_name,
-            `An error has occured. ${errorMsg.msg}`
-        );
-    } else if (errorMsg.errorForestClientIdList.length > 0) {
-        setGrantAccessNotificationMsg(
-            errorMsg.errorForestClientIdList,
-            username,
-            Severity.error,
-            getSelectedRole()?.role_name
+            errorMsg.code
         );
     }
     return '';
 };
-
 </script>
 
 <template>
     <PageTitle
         title="Add user permission"
-        subtitle="Add a new permission to a user. All fields are mandatory unless noted"
+        :subtitle="`Adding user permission to ${selectedApplicationDisplayText}. All fields are mandatory`"
     />
     <VeeForm
         ref="form"
@@ -234,10 +212,7 @@ const composeAndPushNotificationMessages = (
     >
         <div class="page-body">
             <form id="grantAccessForm" class="form-container">
-                <StepContainer
-                    title="User information"
-                    :subtitle="`Enter the user information to add a new user to ${selectedApplicationDisplayText}`"
-                >
+                <StepContainer title="User information">
                     <UserDomainSelect
                         :domain="formData.domain"
                         @change="userDomainChange"
@@ -252,7 +227,6 @@ const composeAndPushNotificationMessages = (
 
                 <StepContainer
                     title="Add user roles"
-                    subtitle="Enter a specific role for this user"
                     :divider="isAbstractRoleSelected()"
                 >
                     <label>Assign a role to the user</label>
@@ -328,4 +302,3 @@ const composeAndPushNotificationMessages = (
         </div>
     </VeeForm>
 </template>
-<style lang="scss" scoped></style>
diff --git a/frontend/src/components/grantaccess/GrantApplicationAdmin.vue b/frontend/src/components/grantaccess/GrantApplicationAdmin.vue
index d6bee7cb0..97f135201 100644
--- a/frontend/src/components/grantaccess/GrantApplicationAdmin.vue
+++ b/frontend/src/components/grantaccess/GrantApplicationAdmin.vue
@@ -10,14 +10,14 @@ import type { FamAppAdminCreateRequest } from 'fam-admin-mgmt-api/model/fam-app-
 import type { FamApplicationGetResponse } from 'fam-admin-mgmt-api/model/fam-application-get-response';
 import Button from '@/components/common/Button.vue';
 import { IconSize } from '@/enum/IconEnum';
-import { Severity } from '@/enum/SeverityEnum';
+import { Severity, ErrorDescription } from '@/enum/SeverityEnum';
 
 import { isLoading } from '@/store/LoadingState';
 import { setNotificationMsg } from '@/store/NotificationState';
 
 const defaultFormData = {
     userId: '',
-    application: Number,
+    application: null,
 };
 const formData = ref(JSON.parse(JSON.stringify(defaultFormData))); // clone default input
 const formValidationSchema = object({
@@ -67,7 +67,7 @@ const handleSubmit = async () => {
         .createApplicationAdmin(data)
         .then(() => {
             setNotificationMsg(
-                Severity.success,
+                Severity.Success,
                 `Admin privilege has been added to ${formData.value.userId.toUpperCase()} for application ${
                     formData.value.application.application_name
                 }`
@@ -76,20 +76,22 @@ const handleSubmit = async () => {
         .catch((error) => {
             if (error.response?.status === 409) {
                 setNotificationMsg(
-                    Severity.warning,
-                    error.response.data.detail
+                    Severity.Error,
+                    `User ${formData.value.userId.toUpperCase()} is already a ${
+                        formData.value.application.application_name
+                    } admin`
                 );
             } else if (
                 error.response.data.detail.code === 'self_grant_prohibited'
             ) {
                 setNotificationMsg(
-                    Severity.error,
-                    'Granting admin privilege to self is not allowed.'
+                    Severity.Error,
+                    ErrorDescription.SelfGrantProhibited
                 );
             } else {
                 setNotificationMsg(
-                    Severity.success,
-                    `An error has occured. ${error.response.data.detail.description}`
+                    Severity.Error,
+                    `${ErrorDescription.Default} ${error.response.data.detail.description}`
                 );
             }
         })
@@ -101,7 +103,7 @@ const handleSubmit = async () => {
 <template>
     <PageTitle
         title="Add application admin"
-        subtitle="Add a new application admin. All fields are mandatory unless noted"
+        subtitle="All fields are mandatory"
     />
     <VeeForm
         ref="form"
@@ -111,18 +113,11 @@ const handleSubmit = async () => {
     >
         <div class="page-body">
             <form id="grantAdminForm" class="form-container">
-                <StepContainer
-                    title="User information"
-                    :subtitle="`Enter the user information to add a new admin ${
-                        formData.application
-                            ? 'to ' + formData.application.application_name
-                            : ''
-                    }`"
-                >
+                <StepContainer title="User information">
                     <UserNameInput
                         :domain="UserType.I"
                         :userId="formData.userId"
-                        helper-text="Only IDIR usernames are allowed"
+                        helper-text="Only IDIR users are allowed to be added as application admins"
                         @change="userIdChange"
                         @setVerifyResult="setVerifyUserIdPassed"
                     />
diff --git a/frontend/src/components/grantaccess/StepContainer.vue b/frontend/src/components/grantaccess/StepContainer.vue
index cb992e02c..0c38cdc00 100644
--- a/frontend/src/components/grantaccess/StepContainer.vue
+++ b/frontend/src/components/grantaccess/StepContainer.vue
@@ -6,7 +6,7 @@ const props = defineProps({
     },
     subtitle: {
         type: String,
-        required: true,
+        required: false,
     },
     divider: {
         type: Boolean,
@@ -18,8 +18,8 @@ const props = defineProps({
 <template>
     <div>
         <h1 class="title">{{ props.title }}</h1>
-        <h2 class="subtitle">{{ props.subtitle }}</h2>
-        <div class="step-content">
+        <h2 v-if="subtitle" class="subtitle">{{ props.subtitle }}</h2>
+        <div :class="subtitle ? 'step-content' : ''">
             <slot />
         </div>
         <Divider v-if="props.divider" />
diff --git a/frontend/src/components/grantaccess/form/UserDomainSelect.vue b/frontend/src/components/grantaccess/form/UserDomainSelect.vue
index b2872e257..4874ddb18 100644
--- a/frontend/src/components/grantaccess/form/UserDomainSelect.vue
+++ b/frontend/src/components/grantaccess/form/UserDomainSelect.vue
@@ -43,4 +43,8 @@ const computedDomain = computed({
         </div>
     </div>
 </template>
-<style lang="scss" scoped></style>
+<style lang="scss" scoped>
+label {
+    margin-bottom: 0px;
+}
+</style>
diff --git a/frontend/src/components/grantaccess/form/UserNameInput.vue b/frontend/src/components/grantaccess/form/UserNameInput.vue
index 4bb60941c..836f38d19 100644
--- a/frontend/src/components/grantaccess/form/UserNameInput.vue
+++ b/frontend/src/components/grantaccess/form/UserNameInput.vue
@@ -12,10 +12,7 @@ const props = defineProps({
     domain: { type: String, required: true },
     userId: { type: String, default: '' },
     fieldId: { type: String, default: 'userId' },
-    helperText: {
-        type: String,
-        default: 'Enter and verify the username for this user',
-    },
+    helperText: { type: String },
 });
 
 const emit = defineEmits(['change', 'setVerifyResult']);
@@ -58,7 +55,6 @@ watch(
         resetVerifiedUserIdentity();
     }
 );
-
 </script>
 
 <template>
@@ -89,7 +85,7 @@ watch(
                     <small
                         id="userIdInput-helper"
                         class="helper-text"
-                        v-if="!errorMessage"
+                        v-if="helperText && !errorMessage"
                         >{{ helperText }}</small
                     >
                     <ErrorMessage
diff --git a/frontend/src/components/managePermissions/ManagePermissions.vue b/frontend/src/components/managePermissions/ManagePermissions.vue
index 1ca3a90f5..95b1d1d9a 100644
--- a/frontend/src/components/managePermissions/ManagePermissions.vue
+++ b/frontend/src/components/managePermissions/ManagePermissions.vue
@@ -75,12 +75,12 @@ const deleteUserRoleAssignment = async (
         );
 
         setNotificationMsg(
-            Severity.success,
+            Severity.Success,
             `You removed ${assignment.role.role_name} access to ${assignment.user.user_name}`
         );
     } catch (error: any) {
         setNotificationMsg(
-            Severity.error,
+            Severity.Error,
             `An error has occured. ${error.response.data.detail.description}`
         );
     }
@@ -93,12 +93,12 @@ const deleteAppAdmin = async (admin: FamAppAdminGetResponse) => {
         );
 
         setNotificationMsg(
-            Severity.success,
+            Severity.Success,
             `You removed ${admin.user.user_name}'s admin privilege`
         );
     } catch (error: any) {
         setNotificationMsg(
-            Severity.error,
+            Severity.Error,
             `An error has occured. ${error.response.data.detail.description}`
         );
     }
diff --git a/frontend/src/enum/SeverityEnum.ts b/frontend/src/enum/SeverityEnum.ts
index 363acfdd5..5562c6628 100644
--- a/frontend/src/enum/SeverityEnum.ts
+++ b/frontend/src/enum/SeverityEnum.ts
@@ -1,5 +1,16 @@
 export enum Severity {
-    success = 'success',
-    warning = 'warn',
-    error = 'error',
-}
\ No newline at end of file
+    Success = 'success',
+    Warning = 'warn',
+    Error = 'error',
+}
+
+export enum ErrorCode {
+    Conflict = 'Conflict',
+    SelfGrantProhibited = 'SelfGrantProhibited',
+    Default = 'Default',
+}
+
+export const ErrorDescription = {
+    SelfGrantProhibited: 'Granting admin privilege to self is not allowed.',
+    Default: 'An error has occured.',
+}
diff --git a/frontend/src/errors/FamCustomError.ts b/frontend/src/errors/FamCustomError.ts
index 19d09aeb7..5e80f9e90 100644
--- a/frontend/src/errors/FamCustomError.ts
+++ b/frontend/src/errors/FamCustomError.ts
@@ -14,10 +14,10 @@ export class FamCustomError extends Error {
 export enum RouteErrorName {
     NOT_AUTHENTICATED_ERROR = 'NOT_AUTHENTICATED_ERROR',
     NO_APPLICATION_SELECTED_ERROR = 'NO_APPLICATION_SELECTED_ERROR',
-    NOT_FAM_ADMIN = "NOT_FAM_ADMIN"
+    ACCESS_RESTRICTED = "ACCESS_RESTRICTED"
 }
 
-type RouteInfo = {to: any, from: any};
+type RouteInfo = { to: any, from: any };
 /**
  * FAM custom route error.
  * For use only when needing to throw during router transition.
diff --git a/frontend/src/router/index.ts b/frontend/src/router/index.ts
index 79908011d..248b32ab8 100644
--- a/frontend/src/router/index.ts
+++ b/frontend/src/router/index.ts
@@ -11,6 +11,7 @@ import GrantAccessView from '@/views/GrantAccessView.vue';
 import GrantApplicationAdminView from '@/views/GrantApplicationAdminView.vue';
 import LandingView from '@/views/LandingView.vue';
 import ManagePermissionsView from '@/views/ManagePermissionsView.vue';
+import { FAM_ADMIN_ROLE } from '@/store/Constants';
 
 // WARNING: any components referenced below that themselves reference the router cannot be automatically hot-reloaded in local development due to circular dependency
 // See vitejs issue https://github.com/vitejs/vite/issues/3033 for discussion.
@@ -91,6 +92,7 @@ const routes = [
         meta: {
             requiresAuth: true,
             requiresAppSelected: true,
+            requiredPrivileges: [FAM_ADMIN_ROLE],
             title: routeItems.grantAppAdmin.label,
             layout: 'ProtectedLayout',
             hasBreadcrumb: true,
diff --git a/frontend/src/router/routeHandlers.ts b/frontend/src/router/routeHandlers.ts
index da6c969a4..070672bee 100644
--- a/frontend/src/router/routeHandlers.ts
+++ b/frontend/src/router/routeHandlers.ts
@@ -29,6 +29,11 @@ import type { RouteLocationNormalized } from 'vue-router';
  * state for it to be handled elsewhere.
  */
 
+const ACCESS_RESTRICTED_ERROR = new FamRouteError(
+    RouteErrorName.ACCESS_RESTRICTED,
+    "Access restricted"
+);
+
 // --- beforeEnter Route Handler
 
 const beforeEnterDashboardRoute = async (to: RouteLocationNormalized) => {
@@ -51,9 +56,14 @@ const beforeEnterDashboardRoute = async (to: RouteLocationNormalized) => {
 };
 
 const beforeEnterGrantUserPermissionRoute = async (
-    to: RouteLocationNormalized
+    to: RouteLocationNormalized,
+    from: RouteLocationNormalized
 ) => {
-    populateBreadcrumb([routeItems.dashboard, routeItems.grantUserPermission]);
+
+    if (selectedApplicationId.value === FAM_APPLICATION_ID) {
+        emitRouteToastError(ACCESS_RESTRICTED_ERROR);
+        return { path: routeItems.dashboard.path };
+    }
 
     const appRolesFetchResult = await asyncWrap(
         fetchApplicationRoles(selectedApplication.value!.application_id)
@@ -63,6 +73,7 @@ const beforeEnterGrantUserPermissionRoute = async (
         return { path: routeItems.dashboard.path };
     }
 
+    populateBreadcrumb([routeItems.dashboard, routeItems.grantUserPermission]);
     // Passing fetched data to router.meta (so it is available for assigning to 'props' later)
     Object.assign(to.meta, {
         applicationRoleOptions: appRolesFetchResult.data,
@@ -74,13 +85,9 @@ const beforeEnterGrantApplicationAdminRoute = async (
     to: RouteLocationNormalized,
     from: RouteLocationNormalized
 ) => {
+
     if (selectedApplicationId.value !== FAM_APPLICATION_ID) {
-        const routeError = new FamRouteError(
-            RouteErrorName.NOT_FAM_ADMIN,
-            "This access is restricted",
-            { to, from }
-        );
-        emitRouteToastError(routeError);
+        emitRouteToastError(ACCESS_RESTRICTED_ERROR);
         return { path: routeItems.dashboard.path };
     }
     populateBreadcrumb([routeItems.dashboard, routeItems.grantAppAdmin]);
@@ -127,6 +134,16 @@ export const beforeEachRouteHandler = async (
         return { path: routeItems.dashboard.path };
     }
 
+    // Access privilege guard. This logic might need to be adjusted soon.
+    if (to.meta.requiredPrivileges) {
+        for (let role of (to.meta.requiredPrivileges as Array<string>)) {
+            if (!AuthService.methods.hasAccessRole(role)) {
+                emitRouteToastError(ACCESS_RESTRICTED_ERROR);
+                return { path: routeItems.dashboard.path };
+            }
+        }
+    }
+
     // Refresh token before navigation.
     if (AuthService.state.value.famLoginUser) {
         // condition needed to prevent infinite redirect
diff --git a/frontend/src/services/AuthService.ts b/frontend/src/services/AuthService.ts
index 2d7b3adbd..4e1b26b46 100644
--- a/frontend/src/services/AuthService.ts
+++ b/frontend/src/services/AuthService.ts
@@ -19,20 +19,20 @@ export interface FamLoginUser {
 const state = ref({
     famLoginUser: localStorage.getItem(FAM_LOGIN_USER)
         ? (JSON.parse(localStorage.getItem(FAM_LOGIN_USER) as string) as
-              | FamLoginUser
-              | undefined
-              | null)
+            | FamLoginUser
+            | undefined
+            | null)
         : undefined,
 });
 
 // functions
 
-function isLoggedIn(): boolean {
+const isLoggedIn = (): boolean => {
     const loggedIn = !!state.value.famLoginUser?.authToken; // TODO check if token expired later?
     return loggedIn;
 }
 
-async function login() {
+const login = async () => {
     /*
         See Aws-Amplify documenation:
         https://docs.amplify.aws/lib/auth/social/q/platform/js/
@@ -46,13 +46,13 @@ async function login() {
     });
 }
 
-async function logout() {
+const logout = async () => {
     Auth.signOut();
     removeFamUser();
     console.log('User logged out.');
 }
 
-async function handlePostLogin() {
+const handlePostLogin = async () => {
     return Auth.currentAuthenticatedUser()
         .then(async (_userData) => {
             await refreshToken();
@@ -73,7 +73,7 @@ async function handlePostLogin() {
  *
  * Automatically logout if unable to get currentSession().
  */
-async function refreshToken(): Promise<FamLoginUser | undefined> {
+const refreshToken = async (): Promise<FamLoginUser | undefined> => {
     try {
         console.log('Refreshing Token...');
         const currentAuthToken: CognitoUserSession =
@@ -99,7 +99,7 @@ async function refreshToken(): Promise<FamLoginUser | undefined> {
  * Note, current user data return for 'userData.username' is matched to "cognito:username" on Cognito.
  * Which isn't what we really want to display. The display username is "custom:idp_username" from token.
  */
-function parseToken(authToken: CognitoUserSession): FamLoginUser {
+const parseToken = (authToken: CognitoUserSession): FamLoginUser => {
     const decodedIdToken = authToken.getIdToken().decodePayload();
     const decodedAccessToken = authToken.getAccessToken().decodePayload();
     const famLoginUser = {
@@ -113,13 +113,13 @@ function parseToken(authToken: CognitoUserSession): FamLoginUser {
     return famLoginUser;
 }
 
-function removeFamUser() {
+const removeFamUser = () => {
     storeFamUser(undefined);
     // clean up local storage for selected application
     localStorage.removeItem(CURRENT_SELECTED_APPLICATION_KEY);
 }
 
-function storeFamUser(famLoginUser: FamLoginUser | null | undefined) {
+const storeFamUser = (famLoginUser: FamLoginUser | null | undefined) => {
     state.value.famLoginUser = famLoginUser;
     if (famLoginUser) {
         localStorage.setItem(FAM_LOGIN_USER, JSON.stringify(famLoginUser));
@@ -128,6 +128,13 @@ function storeFamUser(famLoginUser: FamLoginUser | null | undefined) {
     }
 }
 
+const hasAccessRole = (role: string): boolean => {
+    if (state.value.famLoginUser?.roles?.includes(role)) {
+        return true;
+    }
+    return false;
+}
+
 // -----
 
 const methods = {
@@ -136,6 +143,7 @@ const methods = {
     logout,
     refreshToken,
     removeFamUser,
+    hasAccessRole
 };
 
 const getters = {
diff --git a/frontend/src/store/Constants.ts b/frontend/src/store/Constants.ts
index ea827465a..11b13c07e 100644
--- a/frontend/src/store/Constants.ts
+++ b/frontend/src/store/Constants.ts
@@ -1,3 +1,4 @@
 export const FOREST_CLIENT_INPUT_MAX_LENGTH = 8;
 export const FAM_APPLICATION_NAME = 'FAM';
-export const FAM_APPLICATION_ID = 1;
\ No newline at end of file
+export const FAM_APPLICATION_ID = 1;
+export const FAM_ADMIN_ROLE = 'FAM_ADMIN';
\ No newline at end of file
diff --git a/frontend/src/store/NotificationState.ts b/frontend/src/store/NotificationState.ts
index 41912a496..801a447d5 100644
--- a/frontend/src/store/NotificationState.ts
+++ b/frontend/src/store/NotificationState.ts
@@ -4,7 +4,7 @@
     It is intended to be used in conjunction with the NotificationStack component.
 */
 import { ref } from 'vue';
-import type { Severity } from '@/enum/SeverityEnum';
+import { ErrorDescription, ErrorCode, Severity } from '@/enum/SeverityEnum';
 
 const defaultNotification = {
     success: { msg: '', fullMsg: '' },
@@ -38,49 +38,59 @@ export const showFullNotificationMsg = (severity: Severity) => {
     notifications.value[severity].msg = notifications.value[severity].fullMsg;
 };
 
+export interface CommonObjectType {
+    [key: string]: any;
+}
+
 export const setGrantAccessNotificationMsg = (
     forestClientNumberList: string[],
     userId: string,
     severity: Severity,
     role = '',
-    specificMsg = ''
+    code: string = ErrorCode.Default
 ) => {
     let notificationFullMsg = '';
-    let notificationMsg = specificMsg;
 
-    if (specificMsg == '') {
-        const isPlural = forestClientNumberList.length === 1 ? 'ID' : 'IDs';
-        const msgByType = {
-            success:
+    const isPlural = forestClientNumberList.length === 1 ? 'ID' : 'IDs';
+
+    const msgByType: CommonObjectType = {
+        [Severity.Success]: {
+            [ErrorCode.Default]:
                 forestClientNumberList[0] === ''
-                    ? `was successfully added with the role ${role}`
-                    : `was successfully added with Client ${isPlural}:`,
-            warn:
+                    ? `${userId} was successfully added with the role ${role}`
+                    : `${userId} was successfully added with Client ${isPlural}:`,
+        },
+        [Severity.Error]: {
+            [ErrorCode.Conflict]:
                 forestClientNumberList[0] === ''
-                    ? `already exists with the role ${role}`
-                    : `already exists with Client ${isPlural}:`,
-            error:
+                    ? `${userId} already exists with the role ${role}`
+                    : `${userId} already exists with Client ${isPlural}:`,
+            [ErrorCode.SelfGrantProhibited]:
                 forestClientNumberList[0] === ''
-                    ? `was not added with Client IDs: ${role}`
-                    : `was not added with Client ${isPlural}:`,
-        };
-
-        const clientIdList = forestClientNumberList.slice(0, 2);
-        if (forestClientNumberList.length > 2) {
-            notificationFullMsg = `${userId} ${
-                msgByType[severity]
-            } ${forestClientNumberList.join(', ')}`;
-        }
+                    ? `${ErrorDescription.SelfGrantProhibited} ${userId} was not added with the role: ${role}`
+                    : `${ErrorDescription.SelfGrantProhibited} ${userId} was not added with Client ${isPlural}:`,
+            [ErrorCode.Default]:
+                forestClientNumberList[0] === ''
+                    ? `${ErrorDescription.Default} ${userId} was not added with the role: ${role}`
+                    : `${ErrorDescription.Default} ${userId} was not added with Client ${isPlural}:`,
+        },
+    };
 
-        notificationMsg = `
-            ${userId} ${msgByType[severity]} ${clientIdList.join(', ')}
-            ${
-                isPlural === 'IDs' && forestClientNumberList.length > 2
-                    ? 'and ' + (forestClientNumberList.length - 2) + ' more...'
-                    : ''
-            }
-        `;
+    const clientIdList = forestClientNumberList.slice(0, 2);
+    if (forestClientNumberList.length > 2) {
+        notificationFullMsg = `${
+            msgByType[severity][code]
+        } ${forestClientNumberList.join(', ')}`;
     }
 
+    const notificationMsg = `
+        ${msgByType[severity][code]} ${clientIdList.join(', ')}
+        ${
+            isPlural === 'IDs' && forestClientNumberList.length > 2
+                ? 'and ' + (forestClientNumberList.length - 2) + ' more...'
+                : ''
+        }
+    `;
+
     setNotificationMsg(severity, notificationMsg, notificationFullMsg);
 };
diff --git a/frontend/src/store/ToastState.ts b/frontend/src/store/ToastState.ts
index e551df99a..3867c32ef 100644
--- a/frontend/src/store/ToastState.ts
+++ b/frontend/src/store/ToastState.ts
@@ -75,7 +75,7 @@ export const getToastErrorMsg = (error: any) => {
 const handleRouteErrorMessage = (error: FamRouteError): string => {
     if (RouteErrorName.NOT_AUTHENTICATED_ERROR == error.name ||
         RouteErrorName.NO_APPLICATION_SELECTED_ERROR == error.name ||
-        RouteErrorName.NOT_FAM_ADMIN == error.name) {
+        RouteErrorName.ACCESS_RESTRICTED == error.name) {
         return error.message;
     }
     return genericErrorMsg.text;
diff --git a/server/admin_management/api/app/utils/utils.py b/server/admin_management/api/app/utils/utils.py
index 5537c4119..483458e19 100644
--- a/server/admin_management/api/app/utils/utils.py
+++ b/server/admin_management/api/app/utils/utils.py
@@ -6,4 +6,4 @@
 
 def raise_http_exception(status_code: str, error_msg: str):
     LOGGER.info(error_msg)
-    raise HTTPException(status_code=status_code, detail=error_msg)
\ No newline at end of file
+    raise HTTPException(status_code=status_code, detail=error_msg)