Decouple update sharing permission from add sharing permissions

IABTechLab · Oct 6, 2023 · 67830db · 67830db
2 parents dfb6f0d + a86cde5
commit 67830db
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 31 deletions.
diff --git a/src/api/entities/AuditTrail.ts b/src/api/entities/AuditTrail.ts
@@ -1,5 +1,6 @@
 import { Model } from 'objection';
 
+import { ClientType } from '../services/adminServiceHelpers';
 import { BaseModel } from './BaseModel';
 import { ModelObjectOpt } from './ModelObjectOpt';
 
@@ -11,13 +12,15 @@ export enum AuditAction {
 
 export enum AuditTrailEvents {
   UpdateSharingPermissions = 'UpdateSharingPermissions',
+  UpdateSharingTypes = 'UpdateSharingTypes',
   ApproveAccount = 'ApproveAccount',
   ManageKeyPair = 'ManageKeyPair',
 }
 
 export type AuditTrailEventData =
   | UpdateSharingPermissionEventData
   | ApproveAccountEventData
+  | UpdateSharingTypesEventData
   | ManageKeyPairEventData;
 
 export type UpdateSharingPermissionEventData = {
@@ -26,6 +29,11 @@ export type UpdateSharingPermissionEventData = {
   sharingPermissions: number[];
 };
 
+export type UpdateSharingTypesEventData = {
+  siteId: number;
+  allowedTypes: ClientType[];
+};
+
 export type ApproveAccountEventData = {
   siteId: number;
   oldName?: string;

diff --git a/src/api/routers/participantsRouter.ts b/src/api/routers/participantsRouter.ts
@@ -18,6 +18,7 @@ import {
   insertApproveAccountAuditTrail,
   insertKeyPairAuditTrails,
   insertSharingAuditTrails,
+  insertSharingTypesAuditTrail,
   updateAuditTrailToProceed,
 } from '../services/auditTrailService';
 import { assignClientRoleToUser, createNewUser, sendInviteEmail } from '../services/kcUsersService';
@@ -29,6 +30,7 @@ import {
   ParticipantRequest,
   sendNewParticipantEmail,
   sendParticipantApprovedEmail,
+  UpdateSharingTypes,
 } from '../services/participantsService';
 import {
   createUserInPortal,
@@ -213,12 +215,6 @@ export function createParticipantsRouter() {
 
   const sharingRelationParser = z.object({
     newParticipantSites: z.array(z.number()),
-    newTypes: z.array(ClientTypeEnum),
-  });
-
-  const keyPairParser = z.object({
-    name: z.string(),
-    disabled: z.boolean(),
   });
 
   participantsRouter.post(
@@ -228,7 +224,7 @@ export function createParticipantsRouter() {
       if (!participant?.siteId) {
         return res.status(400).send('Site id is not set');
       }
-      const { newParticipantSites, newTypes } = sharingRelationParser.parse(req.body);
+      const { newParticipantSites } = sharingRelationParser.parse(req.body);
       const currentUser = await findUserByEmail(req.auth?.payload?.email as string);
       const auditTrail = await insertSharingAuditTrails(
         participant,
@@ -240,15 +236,19 @@ export function createParticipantsRouter() {
 
       const sharingParticipants = await addSharingParticipants(
         participant.siteId,
-        newParticipantSites,
-        newTypes
+        newParticipantSites
       );
 
       await updateAuditTrailToProceed(auditTrail.id);
       return res.status(200).json(sharingParticipants);
     }
   );
 
+  const keyPairParser = z.object({
+    name: z.string(),
+    disabled: z.boolean(),
+  });
+
   participantsRouter.post(
     '/:participantId/keyPair/add',
     async (req: ParticipantRequest, res: Response) => {
@@ -289,7 +289,6 @@ export function createParticipantsRouter() {
 
   const removeSharingRelationParser = z.object({
     sharingSitesToRemove: z.array(z.number()),
-    types: z.array(ClientTypeEnum),
   });
 
   participantsRouter.post(
@@ -299,7 +298,7 @@ export function createParticipantsRouter() {
       if (!participant?.siteId) {
         return res.status(400).send('Site id is not set');
       }
-      const { sharingSitesToRemove, types } = removeSharingRelationParser.parse(req.body);
+      const { sharingSitesToRemove } = removeSharingRelationParser.parse(req.body);
       const currentUser = await findUserByEmail(req.auth?.payload?.email as string);
       const auditTrail = await insertSharingAuditTrails(
         participant,
@@ -311,10 +310,36 @@ export function createParticipantsRouter() {
 
       const sharingParticipants = await deleteSharingParticipants(
         participant.siteId,
-        sharingSitesToRemove,
+        sharingSitesToRemove
+      );
+
+      await updateAuditTrailToProceed(auditTrail.id);
+
+      return res.status(200).json(sharingParticipants);
+    }
+  );
+
+  const sharingTypesParser = z.object({
+    types: z.array(ClientTypeEnum),
+  });
+  participantsRouter.post(
+    '/:participantId/sharingPermission/shareWithTypes',
+    async (req: ParticipantRequest, res: Response) => {
+      const { participant } = req;
+      if (!participant?.siteId) {
+        return res.status(400).send('Site id is not set');
+      }
+      const { types } = sharingTypesParser.parse(req.body);
+      const currentUser = await findUserByEmail(req.auth?.payload?.email as string);
+      const auditTrail = await insertSharingTypesAuditTrail(
+        participant,
+        currentUser!.id,
+        currentUser!.email,
         types
       );
 
+      const sharingParticipants = await UpdateSharingTypes(participant.siteId, types);
+
       await updateAuditTrailToProceed(auditTrail.id);
 
       return res.status(200).json(sharingParticipants);

diff --git a/src/api/services/auditTrailService.ts b/src/api/services/auditTrailService.ts
@@ -9,6 +9,7 @@ import {
 } from '../entities/AuditTrail';
 import { Participant, ParticipantApprovalPartial } from '../entities/Participant';
 import { getLoggers } from '../helpers/loggingHelpers';
+import { ClientType } from './adminServiceHelpers';
 import { findUserByEmail } from './usersService';
 
 const arraysHaveSameElements = (a: unknown[], b: unknown[]): boolean => {
@@ -52,6 +53,33 @@ export const insertSharingAuditTrails = async (
   }
 };
 
+export const insertSharingTypesAuditTrail = async (
+  participant: Participant,
+  userId: number,
+  userEmail: string,
+  types: ClientType[]
+) => {
+  try {
+    const sharingAuditTrail: Omit<AuditTrailDTO, 'id'> = {
+      participantId: participant.id,
+      userId,
+      userEmail,
+      event: AuditTrailEvents.UpdateSharingTypes,
+      eventData: {
+        siteId: participant.siteId!,
+        allowedTypes: types,
+      },
+      succeeded: false,
+    };
+
+    return await AuditTrail.query().insert(sharingAuditTrail);
+  } catch (error) {
+    const [logger] = getLoggers();
+    logger.error(`Audit trails inserted failed: ${error}`);
+    throw error;
+  }
+};
+
 export const insertKeyPairAuditTrails = async (
   participant: Participant,
   userId: number,

diff --git a/src/api/services/participantsService.ts b/src/api/services/participantsService.ts
@@ -75,30 +75,46 @@ export const getParticipantsBySiteIds = async (siteIds: number[]) => {
 
 export const addSharingParticipants = async (
   participantSiteId: number,
-  siteIds: number[],
-  types: ClientType[]
+  siteIds: number[]
 ): Promise<SharingListResponse> => {
   const sharingListResponse = await getSharingList(participantSiteId);
   const newSharingSet = new Set([...sharingListResponse.allowed_sites, ...siteIds]);
   const response = await updateSharingList(
     participantSiteId,
     sharingListResponse.hash,
     [...newSharingSet],
-    types
+    sharingListResponse.allowed_types
   );
   return response;
 };
 
 export const deleteSharingParticipants = async (
   participantSiteId: number,
-  siteIds: number[],
-  types: ClientType[]
+  siteIds: number[]
 ): Promise<SharingListResponse> => {
   const sharingListResponse = await getSharingList(participantSiteId);
   const newSharingList = sharingListResponse.allowed_sites.filter(
     (siteId) => !siteIds.includes(siteId)
   );
-  return updateSharingList(participantSiteId, sharingListResponse.hash, newSharingList, types);
+  return updateSharingList(
+    participantSiteId,
+    sharingListResponse.hash,
+    newSharingList,
+    sharingListResponse.allowed_types
+  );
+};
+
+export const UpdateSharingTypes = async (
+  participantSiteId: number,
+  types: ClientType[]
+): Promise<SharingListResponse> => {
+  const sharingListResponse = await getSharingList(participantSiteId);
+  return updateSharingList(
+    participantSiteId,
+    sharingListResponse.hash,
+    sharingListResponse.allowed_sites,
+    types
+  );
 };
 
 export const sendParticipantApprovedEmail = async (users: User[]) => {

diff --git a/src/web/screens/sharingPermissions.tsx b/src/web/screens/sharingPermissions.tsx
@@ -12,6 +12,7 @@ import {
   CompleteRecommendations,
   DeleteSharingParticipants,
   GetSharingList,
+  UpdateSharingTypes,
 } from '../services/participant';
 import { preloadAllSitesList, preloadAvailableSiteList } from '../services/site';
 import { PortalRoute } from './routeUtils';
@@ -27,7 +28,7 @@ function SharingPermissions() {
 
   const handleSaveSharingType = async (selectedTypes: ClientType[]) => {
     try {
-      const response = await AddSharingParticipants(participant!.id, sharedSiteIds, selectedTypes);
+      const response = await UpdateSharingTypes(participant!.id, selectedTypes);
       setStatusPopup({
         type: 'Success',
         message: `${
@@ -53,7 +54,7 @@ function SharingPermissions() {
 
   const handleAddSharingSite = async (selectedSiteIds: number[]) => {
     try {
-      const response = await AddSharingParticipants(participant!.id, selectedSiteIds, sharedTypes);
+      const response = await AddSharingParticipants(participant!.id, selectedSiteIds);
       setStatusPopup({
         type: 'Success',
         message: `${
@@ -73,11 +74,7 @@ function SharingPermissions() {
 
   const handleDeleteSharingSite = async (siteIdsToDelete: number[]) => {
     try {
-      const response = await DeleteSharingParticipants(
-        participant!.id,
-        siteIdsToDelete,
-        sharedTypes
-      );
+      const response = await DeleteSharingParticipants(participant!.id, siteIdsToDelete);
       setStatusPopup({
         type: 'Success',
         message: `${siteIdsToDelete.length} sharing ${

diff --git a/src/web/services/participant.ts b/src/web/services/participant.ts
@@ -134,15 +134,13 @@ export async function GetSharingList(participantId?: number): Promise<SharingLis
 
 export async function AddSharingParticipants(
   participantId: number,
-  newParticipantSites: number[],
-  newTypes: ClientType[]
+  newParticipantSites: number[]
 ): Promise<SharingListResponse> {
   try {
     const result = await axios.post<SharingListResponse>(
       `/participants/${participantId}/sharingPermission/add`,
       {
         newParticipantSites,
-        newTypes,
       }
     );
     return result.data;
@@ -153,15 +151,13 @@ export async function AddSharingParticipants(
 
 export async function DeleteSharingParticipants(
   participantId: number,
-  sharingSitesToRemove: number[],
-  types: ClientType[]
+  sharingSitesToRemove: number[]
 ): Promise<SharingListResponse> {
   try {
     const result = await axios.post<SharingListResponse>(
       `/participants/${participantId}/sharingPermission/delete`,
       {
         sharingSitesToRemove,
-        types,
       }
     );
     return result.data;
@@ -170,6 +166,23 @@ export async function DeleteSharingParticipants(
   }
 }
 
+export async function UpdateSharingTypes(
+  participantId: number,
+  types: ClientType[]
+): Promise<SharingListResponse> {
+  try {
+    const result = await axios.post<SharingListResponse>(
+      `/participants/${participantId}/sharingPermission/shareWithTypes`,
+      {
+        types,
+      }
+    );
+    return result.data;
+  } catch (e: unknown) {
+    throw backendError(e, 'Could not update sharing types');
+  }
+}
+
 export type BusinessContactResponse = z.infer<typeof BusinessContactSchema>;
 
 export type BusinessContactForm = {