ORV2-2073 Adding allApplications query parameter (#1324)

vehicles/src/app.module.ts

@@ -94,7 +94,7 @@ const envPath = path.resolve(process.cwd() + '/../');
     AuthModule,
     PaymentModule,
     ShoppingCartModule,
-    PermitReceiptDocumentModule,    
+    PermitReceiptDocumentModule,
     ApplicationModule, //! Application Module should be imported before PermitModule to avoid URI conflict
     PermitModule,
     FeatureFlagsModule,

vehicles/src/modules/shopping-cart/dto/request/queryParam/getApplicationsInCart.query-param.dto.ts

@@ -0,0 +1,22 @@
+import { ApiPropertyOptional } from '@nestjs/swagger';
+import { Transform, Type } from 'class-transformer';
+import { IsBoolean, IsOptional } from 'class-validator';
+
+export class GetApplicationInCartQueryParams {
+  @ApiPropertyOptional({
+    description:
+      `If true, all applications in the company are retrieved; ` +
+      `if false, only the current user's own applications are retrieved.` +
+      `This field is only accepted for company administrators or staff;` +
+      `Ignored otherwise.`,
+    example: true,
+  })
+  @Type(() => Boolean)
+  @Transform(({ obj, key }: { obj: Record<string, unknown>; key: string }) => {
+    if (obj[key] === 'true') return true;
+    return obj[key] === 'false' ? false : obj[key];
+  })
+  @IsOptional()
+  @IsBoolean()
+  allApplications?: boolean;
+}

vehicles/src/modules/shopping-cart/shopping-cart.controller.ts

@@ -5,6 +5,7 @@ import {
   Get,
   Param,
   Post,
+  Query,
   Req,
 } from '@nestjs/common';
 import {
@@ -28,6 +29,7 @@ import { UpdateShoppingCartDto } from './dto/request/update-shopping-cart.dto';
 import { ReadShoppingCartDto } from './dto/response/read-shopping-cart.dto';
 import { ResultDto } from './dto/response/result.dto';
 import { ShoppingCartService } from './shopping-cart.service';
+import { GetApplicationInCartQueryParams } from './dto/request/queryParam/getApplicationsInCart.query-param.dto';
 
 @ApiBearerAuth()
 @ApiTags('Shopping Cart')
@@ -97,10 +99,12 @@ export class ShoppingCartController {
   async getApplicationsInCart(
     @Req() request: Request,
     @Param() { companyId }: CompanyIdPathParamDto,
+    @Query() { allApplications }: GetApplicationInCartQueryParams,
   ): Promise<ReadShoppingCartDto[]> {
     return await this.shoppingCartService.findApplicationsInCart(
       request.user as IUserJWT,
       companyId,
+      allApplications,
     );
   }
 

vehicles/src/modules/shopping-cart/shopping-cart.service.ts

@@ -77,13 +77,14 @@ export class ShoppingCartService {
   async findApplicationsInCart(
     currentUser: IUserJWT,
     companyId: number,
+    allApplications?: boolean,
   ): Promise<ReadShoppingCartDto[]> {
     const { userGUID, orbcUserAuthGroup } = currentUser;
-    const applications = await this.getSelectShoppingCartQB(
-      companyId,
+    const applications = await this.getSelectShoppingCartQB(companyId, {
       userGUID,
       orbcUserAuthGroup,
-    )
+      allApplications,
+    })
       .orderBy({ 'application.updatedDateTime': 'DESC' })
       .getMany();
 
@@ -114,11 +115,13 @@ export class ShoppingCartService {
     companyId: number,
   ): Promise<number> {
     const { userGUID, orbcUserAuthGroup } = currentUser;
-    return await this.getSelectShoppingCartQB(
-      companyId,
+    return await this.getSelectShoppingCartQB(companyId, {
       userGUID,
       orbcUserAuthGroup,
-    ).getCount();
+      // For a company admin, the cart count is the count of all the
+      // applications of the company with IN_CART status.
+      allApplications: true,
+    }).getCount();
   }
 
   /**
@@ -133,8 +136,15 @@ export class ShoppingCartService {
    */
   private getSelectShoppingCartQB(
     companyId: number,
-    userGUID?: string,
-    orbcUserAuthGroup?: UserAuthGroup,
+    {
+      userGUID,
+      orbcUserAuthGroup,
+      allApplications,
+    }: {
+      userGUID?: string;
+      orbcUserAuthGroup?: UserAuthGroup;
+      allApplications?: boolean;
+    },
   ): SelectQueryBuilder<Application> {
     const queryBuilder = this.applicationRepository
       .createQueryBuilder('application')
@@ -148,15 +158,20 @@ export class ShoppingCartService {
     });
     queryBuilder.andWhere('company.companyId = :companyId', { companyId });
 
-    // If user is a Permit Applicant, get only their own applications in cart
-    if (orbcUserAuthGroup === ClientUserAuthGroup.PERMIT_APPLICANT) {
+    // Get only their own applications in cart.
+    //  - If the user is a Permit Applicant
+    //  - If the user has passed the allApplications query parameter
+    if (
+      orbcUserAuthGroup === ClientUserAuthGroup.PERMIT_APPLICANT ||
+      !allApplications
+    ) {
       queryBuilder.andWhere('applicationOwner.userGUID = :userGUID', {
         userGUID,
       });
     }
-    // If user is a Company Admin, get all applications in cart for that company
-    // EXCEPT for those created by staff user.
-    else if (orbcUserAuthGroup === ClientUserAuthGroup.COMPANY_ADMINISTRATOR) {
+    // If the user is a BCeID user, select only those applications
+    // where the applicationOwner isn't a staff user.
+    if (!doesUserHaveAuthGroup(orbcUserAuthGroup, IDIR_USER_AUTH_GROUP_LIST)) {
       queryBuilder.andWhere(
         new NotBrackets((qb) => {
           qb.where('applicationOwner.directory = :directory', {
@@ -243,7 +258,7 @@ export class ShoppingCartService {
           {
             permitId: applicationId,
             company: { companyId },
-            ...(userGUID && { userGUID }),
+            ...(userGUID && { applicationOwner: { userGUID } }),
           },
           {
             permitStatus: statusToUpdateTo,