ORV2-2542 Credit Accounts - Roles and Permissions - Part 2 (#1520)

vehicles/src/modules/credit-account/credit-account.controller.ts

@@ -20,7 +20,6 @@ import { IUserJWT } from '../../common/interface/user-jwt.interface';
 import { CompanyIdPathParamDto } from '../common/dto/request/pathParam/companyId.path-param.dto';
 import { CreditAccountService } from './credit-account.service';
 import { CreateCreditAccountDto } from './dto/request/create-credit-account.dto';
-import { ReadCreditAccountUserDto } from './dto/response/read-credit-account-user.dto';
 import { ReadCreditAccountDto } from './dto/response/read-credit-account.dto';
 import { CreditAccountIdPathParamDto } from './dto/request/pathParam/creditAccountUsers.path-params.dto';
 import { UpdateCreditAccountStatusDto } from './dto/request/update-credit-account-status.dto';
@@ -103,7 +102,7 @@ export class CreditAccountController {
     description: 'The retrieved credit account.',
     type: ReadCreditAccountMetadataDto,
   })
-  @Get('meta-data')
+  @Get()
   @Roles(Role.READ_CREDIT_ACCOUNT)
   async getCreditAccountMetadata(
     @Req() request: Request,

vehicles/src/modules/credit-account/credit-account.service.ts

@@ -277,6 +277,19 @@ export class CreditAccountService {
     ) {
       // Throw exception if companyId is a Credit Account User and user is Company Admin.
       throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     const readCreditAccountDto = await this.classMapper.mapAsync(
@@ -319,6 +332,19 @@ export class CreditAccountService {
 
     if (!creditAccount) {
       throw new DataNotFoundException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     creditAccount.creditAccountUsers =
@@ -337,6 +363,15 @@ export class CreditAccountService {
       readCreditAccountMetadataDto.userType =
         CreditAccountUserType.ACCOUNT_USER;
     }
+    if (
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_ACTIVE &&
+      !creditAccount?.company.isSuspended
+    ) {
+      readCreditAccountMetadataDto.isValidPaymentMethod = true;
+    } else {
+      readCreditAccountMetadataDto.isValidPaymentMethod = false;
+    }
     return readCreditAccountMetadataDto;
   }
 
@@ -984,6 +1019,19 @@ export class CreditAccountService {
     ) {
       // Throw exception if companyId is a Credit Account User and user is Company Admin.
       throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     }
 
     creditAccount.creditAccountUsers =
@@ -1044,6 +1092,29 @@ export class CreditAccountService {
 
     if (!creditAccount) {
       throw new DataNotFoundException();
+    } else if (
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_ON_HOLD &&
+      doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
+      ]) &&
+      creditAccount?.company.companyId === companyId
+    ) {
+      // Throw exception if companyId is a Credit Account User and user is Company Admin.
+      throw new ForbiddenException();
+    } else if (
+      creditAccount?.company?.companyId === companyId &&
+      creditAccount?.creditAccountStatusType ===
+        CreditAccountStatus.ACCOUNT_CLOSED &&
+      !doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
+        IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+        IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+        IDIRUserAuthGroup.FINANCE,
+        IDIRUserAuthGroup.PPC_CLERK,
+        IDIRUserAuthGroup.PPC_SUPERVISOR,
+      ])
+    ) {
+      throw new DataNotFoundException();
     } else if (
       doesUserHaveAuthGroup(currentUser.orbcUserAuthGroup, [
         ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
@@ -1209,6 +1280,10 @@ export class CreditAccountService {
           case IDIRUserAuthGroup.HQ_ADMINISTRATOR:
           case IDIRUserAuthGroup.PPC_CLERK:
           case IDIRUserAuthGroup.PPC_SUPERVISOR:
+            return {
+              company: true,
+              creditAccountUsers: { company: true },
+            };
           case ClientUserAuthGroup.COMPANY_ADMINISTRATOR:
           case ClientUserAuthGroup.PERMIT_APPLICANT:
             return { company: true };

vehicles/src/modules/credit-account/dto/response/read-credit-account-metadata.dto.ts

@@ -16,4 +16,12 @@ export class ReadCreditAccountMetadataDto {
     example: CreditAccountUserType.ACCOUNT_HOLDER,
   })
   userType: CreditAccountUserType;
+
+  @AutoMap()
+  @ApiProperty({
+    description:
+      'Indicates whether the credit account can be used as a valid payment method.',
+    example: false,
+  })
+  isValidPaymentMethod: boolean;
 }