Merge pull request #597 from IABTechLab/ans-UID2-5026-add-super-user-role

ashleysmithTTD · web-flow · commit 1bf32be07910 · 2025-02-28T13:31:50.000-07:00
Add super user role
diff --git a/src/api/entities/UserRole.ts b/src/api/entities/UserRole.ts
@@ -5,6 +5,7 @@ export enum UserRoleId {
   Admin = 1,
   Operations = 2,
   UID2Support = 3,
+  SuperUser = 4,
 }
 
 export const getUserRoleById = (id: number) => {
@@ -15,6 +16,8 @@ export const getUserRoleById = (id: number) => {
       return 'Operations';
     case 3:
       return 'Support';
+    case 4:
+      return 'SuperUser';
     default:
       return 'Invalid';
   }
diff --git a/src/api/middleware/userRoleMiddleware.ts b/src/api/middleware/userRoleMiddleware.ts
@@ -24,6 +24,25 @@ export const isUid2SupportCheck: Handler = async (req: ParticipantRequest, res,
   next();
 };
 
+export const isSuperUser = async (userEmail: string) => {
+  const user = await findUserByEmail(userEmail);
+  const userWithSuperUserRole = await UserToParticipantRole.query()
+    .where('userId', user!.id)
+    .andWhere('userRoleId', UserRoleId.SuperUser)
+    .first();
+  return !!userWithSuperUserRole;
+};
+
+export const isSuperUserCheck: Handler = async (req: ParticipantRequest, res, next) => {
+  if (!(await isSuperUser(req.auth?.payload?.email as string))) {
+    return res.status(403).json({
+      message: 'Unauthorized. You do not have the necessary permissions.',
+      errorHash: req.headers.traceId,
+    });
+  }
+  next();
+};
+
 export const isAdminOrUid2SupportCheck: Handler = async (req: ParticipantRequest, res, next) => {
   const { participant } = req;
   const userEmail = req.auth?.payload.email as string;
diff --git a/src/api/middleware/usersMiddleware.ts b/src/api/middleware/usersMiddleware.ts
@@ -5,7 +5,7 @@ import { User } from '../entities/User';
 import { getLoggers, getTraceId } from '../helpers/loggingHelpers';
 import { UserParticipantRequest } from '../services/participantsService';
 import { findUserByEmail, UserRequest } from '../services/usersService';
-import { isUid2Support } from './userRoleMiddleware';
+import { isSuperUser, isUid2Support } from './userRoleMiddleware';
 
 export const isUserBelongsToParticipant = async (
   email: string,
@@ -50,11 +50,21 @@ export const enrichCurrentUser = async (req: UserRequest, res: Response, next: N
   return next();
 };
 
-export const enrichUserWithUid2Support = async (user: User) => {
+export const enrichUserWithSupportRoles = async (user: User) => {
   const userIsUid2Support = await isUid2Support(user.email);
+  const userIsSuperUser = await isSuperUser(user.email);
   return {
     ...user,
     isUid2Support: userIsUid2Support,
+    isSuperUser: userIsSuperUser,
+  };
+};
+
+export const enrichUserWithSuperUser = async (user: User) => {
+  const userIsSuperUser = await isSuperUser(user.email);
+  return {
+    ...user,
+    isSuperUser: userIsSuperUser,
   };
 };
 
diff --git a/src/api/services/uid2SupportService.ts b/src/api/services/uid2SupportService.ts
diff --git a/src/api/services/userService.ts b/src/api/services/userService.ts
@@ -9,7 +9,7 @@ import { UserToParticipantRole } from '../entities/UserToParticipantRole';
 import { getTraceId } from '../helpers/loggingHelpers';
 import { mapClientTypeToParticipantType } from '../helpers/siteConvertingHelpers';
 import { getKcAdminClient } from '../keycloakAdminClient';
-import { enrichUserWithUid2Support } from '../middleware/usersMiddleware';
+import { enrichUserWithSupportRoles } from '../middleware/usersMiddleware';
 import { getSite } from './adminServiceClient';
 import { getApiRoles } from './apiKeyService';
 import {
@@ -37,15 +37,15 @@ export class UserService {
   public async getCurrentUser(req: UserRequest) {
     const userEmail = req.auth?.payload?.email as string;
     const user = await findUserByEmail(userEmail);
-    const userWithUid2Support = await enrichUserWithUid2Support(user!);
-    if (userWithUid2Support.isUid2Support) {
+    const userWithSupportRoles = await enrichUserWithSupportRoles(user!);
+    if (userWithSupportRoles.isUid2Support) {
       const allParticipants = await getAllParticipants();
-      userWithUid2Support.participants = allParticipants;
+      userWithSupportRoles.participants = allParticipants;
     }
-    userWithUid2Support.participants = userWithUid2Support?.participants?.sort((a, b) =>
+    userWithSupportRoles.participants = userWithSupportRoles?.participants?.sort((a, b) =>
       a.name.localeCompare(b.name)
     );
-    return userWithUid2Support;
+    return userWithSupportRoles;
   }
 
   public async getDefaultParticipant(req: UserRequest) {
diff --git a/src/api/services/usersService.ts b/src/api/services/usersService.ts
@@ -28,6 +28,7 @@ export interface SelfResendInviteRequest extends Request {
 
 export type UserWithParticipantRoles = UserDTO & {
   isUid2Support: boolean;
+  isSuperUser?: boolean;
   currentParticipantUserRoles?: UserRoleDTO[];
 };
 
diff --git a/src/database/migrations/20250228040900_CreateSuperUserRole.ts b/src/database/migrations/20250228040900_CreateSuperUserRole.ts
@@ -0,0 +1,12 @@
+import { Knex } from 'knex';
+
+export async function up(knex: Knex): Promise<void> {
+  await knex('userRoles').insert({
+    id: 4,
+    roleName: 'Super User',
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  await knex('userRoles').where({ id: 4 }).del();
+}
diff --git a/src/web/components/Navigation/SideNav.tsx b/src/web/components/Navigation/SideNav.tsx
@@ -36,8 +36,9 @@ function MenuItem({
 export type SideNavProps = Readonly<{
   standardMenu: PortalRoute[];
   uid2SupportMenu: PortalRoute[];
+  superUserMenu: PortalRoute[];
 }>;
-export function SideNav({ standardMenu, uid2SupportMenu }: SideNavProps) {
+export function SideNav({ standardMenu, uid2SupportMenu, superUserMenu }: SideNavProps) {
   return (
     <NavigationMenu className='side-nav'>
       <NavigationMenuList className='main-nav'>
@@ -54,6 +55,14 @@ export function SideNav({ standardMenu, uid2SupportMenu }: SideNavProps) {
               .map((m) => MenuItem(m))}
           </>
         )}
+        {superUserMenu.length > 0 && (
+          <>
+            <div className='side-nav-divider' />
+            {superUserMenu
+              .filter((m) => (m.location ?? 'default') === 'default')
+              .map((m) => MenuItem(m))}
+          </>
+        )}
       </NavigationMenuList>
       <NavigationMenuList className='nav-footer'>
         <NavigationMenuItem className='side-nav-item portal-documentation-link'>
diff --git a/src/web/screens/dashboard.tsx b/src/web/screens/dashboard.tsx
@@ -33,7 +33,14 @@ export const StandardRoutes: PortalRoute[] = [
 
 export const Uid2SupportRoutes: PortalRoute[] = [ManageParticipantsRoute];
 
-export const DashboardRoutes: PortalRoute[] = [...StandardRoutes, ...Uid2SupportRoutes];
+// TODO: add route for Users List once created
+export const SuperUserRoutes: PortalRoute[] = [];
+
+export const DashboardRoutes: PortalRoute[] = [
+  ...StandardRoutes,
+  ...Uid2SupportRoutes,
+  ...SuperUserRoutes,
+];
 
 const standardMenu = StandardRoutes.filter((r) => r.description);
 
@@ -42,10 +49,17 @@ function Dashboard() {
   const uid2SupportMenu = LoggedInUser?.user?.isUid2Support
     ? Uid2SupportRoutes.filter((r) => r.description)
     : [];
+  const superUserMenu = LoggedInUser?.user?.isSuperUser
+    ? SuperUserRoutes.filter((r) => r.description)
+    : [];
 
   return (
     <div className='app-panel'>
-      <SideNav standardMenu={standardMenu} uid2SupportMenu={uid2SupportMenu} />
+      <SideNav
+        standardMenu={standardMenu}
+        uid2SupportMenu={uid2SupportMenu}
+        superUserMenu={superUserMenu}
+      />
       <div className='dashboard-content'>
         {!LoggedInUser?.user?.acceptedTerms ? <TermsAndConditionsDialog /> : <Outlet />}
       </div>
