feat: ORV2-2542 ORV2-2543 ORV2-2544 Role based access to Credit Accou…

…nt apis and refactoring (#1517)
bcgov · Jul 25, 2024 · 89f3762 · 89f3762
1 parent 1b2c830
commit 89f3762
Show file tree

Hide file tree

Showing 13 changed files with 527 additions and 192 deletions.
diff --git a/database/mssql/scripts/versions/revert/v_36_ddl_revert.sql b/database/mssql/scripts/versions/revert/v_36_ddl_revert.sql
@@ -0,0 +1,26 @@
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+SET NOCOUNT ON
+GO
+
+SET XACT_ABORT ON
+
+BEGIN TRY
+  BEGIN TRANSACTION
+
+    DELETE FROM [access].[ORBC_GROUP_ROLE] WHERE ROLE_TYPE = 'ORBC-READ-CREDIT-ACCOUNT' AND USER_AUTH_GROUP_TYPE='PAPPLICANT'
+  COMMIT
+END TRY
+
+BEGIN CATCH
+  IF @@TRANCOUNT > 0 
+    ROLLBACK;
+  THROW
+END CATCH
+
+DECLARE @VersionDescription VARCHAR(255)
+SET @VersionDescription = 'Reverting ORBC-READ-CREDIT-ACCOUNT role for PAPPLICANT.'
+
+INSERT [dbo].[ORBC_SYS_VERSION] ([VERSION_ID], [DESCRIPTION], [RELEASE_DATE]) VALUES (35, @VersionDescription, getutcdate())
diff --git a/database/mssql/scripts/versions/v_36_ddl.sql b/database/mssql/scripts/versions/v_36_ddl.sql
@@ -0,0 +1,43 @@
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+SET NOCOUNT ON
+GO
+
+SET XACT_ABORT ON
+GO
+SET TRANSACTION ISOLATION LEVEL SERIALIZABLE
+GO
+BEGIN TRANSACTION
+GO
+IF @@ERROR <> 0 SET NOEXEC ON
+GO
+
+INSERT [access].[ORBC_GROUP_ROLE] ([USER_AUTH_GROUP_TYPE], [ROLE_TYPE]) VALUES (N'PAPPLICANT', N'ORBC-READ-CREDIT-ACCOUNT')
+GO
+
+IF @@ERROR <> 0 SET NOEXEC ON
+GO
+
+DECLARE @VersionDescription VARCHAR(255)
+SET @VersionDescription = 'Credit Account roles for PAPPLICANT'
+
+INSERT [dbo].[ORBC_SYS_VERSION] ([VERSION_ID], [DESCRIPTION], [UPDATE_SCRIPT], [REVERT_SCRIPT], [RELEASE_DATE]) VALUES (36, @VersionDescription, '$(UPDATE_SCRIPT)', '$(REVERT_SCRIPT)', getutcdate())
+IF @@ERROR <> 0 SET NOEXEC ON
+GO
+
+COMMIT TRANSACTION
+GO
+IF @@ERROR <> 0 SET NOEXEC ON
+GO
+DECLARE @Success AS BIT
+SET @Success = 1
+SET NOEXEC OFF
+IF (@Success = 1) PRINT 'The database update succeeded'
+ELSE BEGIN
+   IF @@TRANCOUNT > 0 ROLLBACK TRANSACTION
+   PRINT 'The database update failed'
+END
+GO
+
diff --git a/database/mssql/test/versions/v_36_1_test.sql b/database/mssql/test/versions/v_36_1_test.sql
@@ -0,0 +1,5 @@
+-- Test that the role types have been inserted correctly against user auth groups
+SET NOCOUNT ON
+
+SELECT COUNT(*) FROM $(DB_NAME).[access].[ORBC_GROUP_ROLE] 
+WHERE ROLE_TYPE = 'ORBC-READ-CREDIT-ACCOUNT' AND USER_AUTH_GROUP_TYPE='PAPPLICANT'
diff --git a/database/mssql/test/versions/v_36_test.sh b/database/mssql/test/versions/v_36_test.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Retrieve arguments
+source ${SCRIPT_DIR}/utility/getopt.sh
+USAGE="-u USER -p PASS -s SERVER -d DATABASE"
+parse_options "${USAGE}" ${@}
+
+# All database tests for database version 36 are run from this shell script.
+# TESTS_DIR variable set by the calling test-runner script.
+
+TEST_36_1_RESULT=$(/opt/mssql-tools/bin/sqlcmd -U ${USER} -P "${PASS}" -S ${SERVER} -v DB_NAME=${DATABASE} -h -1 -i ${TESTS_DIR}/v_36_1_test.sql | xargs)
+if [[ $TEST_36_1_RESULT -eq 1 ]]; then
+    echo "Test 36.1 passed: Role types inserted correctly"
+else
+    echo "******** Test 36.1 failed: Role types not inserted correctly"
+fi
diff --git a/vehicles/src/modules/credit-account/credit-account-user.controller.ts b/vehicles/src/modules/credit-account/credit-account-user.controller.ts
@@ -32,6 +32,10 @@ import { CreditAccountIdPathParamDto } from './dto/request/pathParam/creditAccou
 import { GetCreditAccountUserQueryParamsDto } from './dto/request/queryParam/getCreditAccountUser.query-params.dto';
 import { ReadCreditAccountUserDto } from './dto/response/read-credit-account-user.dto';
 import { IsFeatureFlagEnabled } from '../../common/decorator/is-feature-flag-enabled.decorator';
+import {
+  ClientUserAuthGroup,
+  IDIR_USER_AUTH_GROUP_LIST,
+} from '../../common/enum/user-auth-group.enum';
 
 @ApiBearerAuth()
 @ApiTags('Credit Account Users')
@@ -53,7 +57,7 @@ import { IsFeatureFlagEnabled } from '../../common/decorator/is-feature-flag-ena
 })
 @IsFeatureFlagEnabled('CREDIT-ACCOUNT')
 @Controller(
-  'companies/:companyId/credit-account/:creditAccountId/credit-account-user',
+  'companies/:companyId/credit-accounts/:creditAccountId/credit-account-users',
 )
 export class CreditAccountUserController {
   constructor(private readonly creditAccountService: CreditAccountService) {}
@@ -141,7 +145,13 @@ export class CreditAccountUserController {
     type: [ReadCreditAccountUserDto],
   })
   @Get()
-  @Roles(Role.READ_CREDIT_ACCOUNT)
+  @Roles({
+    userAuthGroup: [
+      ...IDIR_USER_AUTH_GROUP_LIST,
+      ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
+    ],
+    oneOf: [Role.READ_CREDIT_ACCOUNT],
+  })
   async getCreditAccountUsers(
     @Req() request: Request,
     @Param() { companyId, creditAccountId }: CreditAccountIdPathParamDto,

diff --git a/vehicles/src/modules/credit-account/credit-account.controller.ts b/vehicles/src/modules/credit-account/credit-account.controller.ts
@@ -24,6 +24,14 @@ import { ReadCreditAccountUserDto } from './dto/response/read-credit-account-use
 import { ReadCreditAccountDto } from './dto/response/read-credit-account.dto';
 import { CreditAccountIdPathParamDto } from './dto/request/pathParam/creditAccountUsers.path-params.dto';
 import { UpdateCreditAccountStatusDto } from './dto/request/update-credit-account-status.dto';
+import { ReadCreditAccountActivityDto } from './dto/response/read-credit-account-activity.dto';
+import {
+  ClientUserAuthGroup,
+  IDIR_USER_AUTH_GROUP_LIST,
+  IDIRUserAuthGroup,
+} from '../../common/enum/user-auth-group.enum';
+import { ReadCreditAccountMetadataDto } from './dto/response/read-credit-account-metadata.dto';
+import { ReadCreditAccountLimitDto } from './dto/response/read-credit-account-limit.dto';
 
 @ApiBearerAuth()
 @ApiTags('Credit Accounts')
@@ -44,7 +52,7 @@ import { UpdateCreditAccountStatusDto } from './dto/request/update-credit-accoun
   type: ExceptionDto,
 })
 @IsFeatureFlagEnabled('CREDIT-ACCOUNT')
-@Controller('companies/:companyId/credit-account')
+@Controller('companies/:companyId/credit-accounts')
 export class CreditAccountController {
   constructor(private readonly creditAccountService: CreditAccountService) {}
 
@@ -60,7 +68,7 @@ export class CreditAccountController {
   })
   @ApiCreatedResponse({
     description: 'The created credit account.',
-    type: ReadCreditAccountUserDto,
+    type: ReadCreditAccountDto,
   })
   @ApiBadRequestResponse({
     description: 'The response containing a message of why a request failed.',
@@ -80,11 +88,45 @@ export class CreditAccountController {
   }
 
   /**
-   * Retrieves a credit account.
+   * Retrieves a credit account metadata.
    *
    * @param { companyId } - The companyId path parameter.
    * @returns The result of the creation operation.
    */
+  @ApiOperation({
+    summary:
+      'Retrieves a credit account (if available) metadata associated with a company.',
+    description:
+      'Retrieves a credit account (if available) metadata associated with a company, enforcing authentication.',
+  })
+  @ApiOkResponse({
+    description: 'The retrieved credit account.',
+    type: ReadCreditAccountMetadataDto,
+  })
+  @Get('meta-data')
+  @Roles(Role.READ_CREDIT_ACCOUNT)
+  async getCreditAccountMetadata(
+    @Req() request: Request,
+    @Param() { companyId }: CompanyIdPathParamDto,
+  ): Promise<ReadCreditAccountMetadataDto> {
+    const readCreditAccounMetadataDto =
+      await this.creditAccountService.getCreditAccountMetadata({
+        companyId,
+        currentUser: request.user as IUserJWT,
+      });
+    if (!readCreditAccounMetadataDto) {
+      throw new DataNotFoundException();
+    }
+    return readCreditAccounMetadataDto;
+  }
+
+  /**
+   * Retrieves a credit account.
+   *
+   * @param { companyId } - The companyId path parameter.
+   * @param { creditAccountId } - The creditAccountId path parameter.
+   * @returns The result of the retrieval operation OR a relevant exception.
+   */
   @ApiOperation({
     summary:
       'Retrieves a credit account (if available) associated with a company.',
@@ -95,23 +137,106 @@ export class CreditAccountController {
     description: 'The retrieved credit account.',
     type: ReadCreditAccountDto,
   })
-  @Get()
-  @Roles(Role.READ_CREDIT_ACCOUNT)
+  @Get(':creditAccountId')
+  @Roles({
+    userAuthGroup: [
+      ...IDIR_USER_AUTH_GROUP_LIST,
+      ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
+    ],
+    oneOf: [Role.READ_CREDIT_ACCOUNT],
+  })
   async getCreditAccount(
     @Req() request: Request,
-    @Param() { companyId }: CompanyIdPathParamDto,
+    @Param() { companyId, creditAccountId }: CreditAccountIdPathParamDto,
   ): Promise<ReadCreditAccountDto> {
     const readCreditAccountDto =
-      await this.creditAccountService.getCreditAccount(
-        request.user as IUserJWT,
+      await this.creditAccountService.getCreditAccount({
         companyId,
-      );
+        creditAccountId,
+        currentUser: request.user as IUserJWT,
+      });
     if (!readCreditAccountDto) {
       throw new DataNotFoundException();
     }
     return readCreditAccountDto;
   }
 
+  /**
+   * Retrieves a credit account (if available) limits.
+   *
+   * @param {Object} params - The path parameters.
+   * @param {string} params.companyId - The companyId path parameter.
+   * @param {string} params.creditAccountId - The creditAccountId path parameter.
+   * @returns {Promise<ReadCreditAccountLimitDto>} The retrieved credit account limits.
+   */
+  @ApiOperation({
+    summary: 'Retrieves a credit account (if available) limits.',
+    description:
+      'Retrieves a credit account (if available) limits, enforcing authentication.',
+  })
+  @ApiOkResponse({
+    description: 'The retrieved credit account limits.',
+    type: ReadCreditAccountLimitDto,
+  })
+  @Get(':creditAccountId/limits')
+  @Roles({
+    userAuthGroup: [
+      IDIRUserAuthGroup.FINANCE,
+      IDIRUserAuthGroup.HQ_ADMINISTRATOR,
+      IDIRUserAuthGroup.SYSTEM_ADMINISTRATOR,
+      ClientUserAuthGroup.COMPANY_ADMINISTRATOR,
+    ],
+    oneOf: [Role.READ_CREDIT_ACCOUNT],
+  })
+  async getCreditAccountLimit(
+    @Req() request: Request,
+    @Param() { companyId, creditAccountId }: CreditAccountIdPathParamDto,
+  ): Promise<ReadCreditAccountLimitDto> {
+    const readCreditAccountLimitDto =
+      await this.creditAccountService.getCreditAccountLimit({
+        companyId,
+        creditAccountId,
+        currentUser: request.user as IUserJWT,
+      });
+    return readCreditAccountLimitDto;
+  }
+
+  /**
+   * Retrieves a credit account History.
+   *
+   * @param {Object} params - The path parameters.
+   * @param {string} params.companyId - The companyId path parameter.
+   * @param {string} params.creditAccountId - The creditAccountId path parameter.
+   * @returns {Promise<ReadCreditAccountActivityDto[]>} The retrieved credit account history.
+   */
+  @ApiOperation({
+    summary: 'Retrieves a credit account (if available) history.',
+    description:
+      'Retrieves a credit account (if available) history, enforcing authentication.',
+  })
+  @ApiOkResponse({
+    description: 'The retrieved credit account history.',
+    isArray: true,
+    type: ReadCreditAccountActivityDto,
+  })
+  @Get(':creditAccountId/history')
+  @Roles({
+    userAuthGroup: [IDIRUserAuthGroup.FINANCE],
+    oneOf: [Role.READ_CREDIT_ACCOUNT],
+  })
+  async getCreditAccountHistory(
+    @Req() request: Request,
+    @Param() { companyId, creditAccountId }: CreditAccountIdPathParamDto,
+  ): Promise<ReadCreditAccountActivityDto[]> {
+    const readCreditAccountActivityDto =
+      await this.creditAccountService.getCreditAccountActivity({
+        companyId,
+        creditAccountId,
+        currentUser: request.user as IUserJWT,
+      });
+    return readCreditAccountActivityDto;
+  }
+
   /**
    * Updates the status of a credit account user.
    *
@@ -127,7 +252,7 @@ export class CreditAccountController {
   })
   @ApiOkResponse({
     description: 'The updated credit account status details.',
-    type: ReadCreditAccountUserDto,
+    type: ReadCreditAccountDto,
   })
   @Put(':creditAccountId/status')
   @Roles(Role.WRITE_CREDIT_ACCOUNT)