Merge pull request #602 from IABTechLab/ans-UID2-5008-show-user-permissions-and-audits

Show user permissions and user audit trail

Author: ashleysmithTTD

src/api/controllers/userController.ts

@@ -146,6 +146,15 @@ export class UserController {
         ]);
       return;
     }
+    if (
+      userRoleData.userRoleId === UserRoleId.UID2Support ||
+      userRoleData.userRoleId === UserRoleId.SuperUser
+    ) {
+      res
+        .status(403)
+        .send([{ message: 'Unauthorized. You do not have permission to update to this role.' }]);
+      return;
+    }
     await this.userService.updateUser(req);
     res.sendStatus(200);
   }

src/api/middleware/usersMiddleware.ts

@@ -63,14 +63,6 @@ export const enrichUserWithSupportRoles = async (user: User) => {
   };
 };
 
-export const enrichUserWithSuperUser = async (user: User) => {
-  const userIsSuperUser = await isSuperUser(user.email);
-  return {
-    ...user,
-    isSuperUser: userIsSuperUser,
-  };
-};
-
 const userIdSchema = z.object({
   userId: z.coerce.number(),
 });

src/api/routers/managementRouter.ts

@@ -2,14 +2,27 @@ import express, { Response } from 'express';
 import { z } from 'zod';
 
 import { isSuperUserCheck } from '../middleware/userRoleMiddleware';
+import { GetUserAuditTrail } from '../services/auditTrailService';
 import { getAllUsersList, getUserById, updateUserLock } from '../services/managementService';
-import { ParticipantRequest } from '../services/participantsService';
+import { getUserParticipants, ParticipantRequest } from '../services/participantsService';
 
 const handleGetAllUsers = async (req: ParticipantRequest, res: Response) => {
   const userList = await getAllUsersList();
   return res.status(200).json(userList);
 };
 
+const handleGetUserAuditTrail = async (req: ParticipantRequest, res: Response) => {
+  const { userId } = z.object({ userId: z.coerce.number() }).parse(req.params);
+  const auditTrail = await GetUserAuditTrail(userId);
+  return res.status(200).json(auditTrail ?? []);
+};
+
+const handleGetUserParticipants = async (req: ParticipantRequest, res: Response) => {
+  const { userId } = z.object({ userId: z.coerce.number() }).parse(req.params);
+  const participants = await getUserParticipants(userId);
+  return res.status(200).json(participants ?? []);
+};
+
 const handleChangeUserLock = async (req: ParticipantRequest, res: Response) => {
   const { userId } = z.object({ userId: z.coerce.number() }).parse(req.params);
   const { isLocked } = z.object({ isLocked: z.boolean() }).parse(req.body);
@@ -26,6 +39,8 @@ export function createManagementRouter() {
   const managementRouter = express.Router();
 
   managementRouter.get('/users', isSuperUserCheck, handleGetAllUsers);
+  managementRouter.get('/:userId/auditTrail', isSuperUserCheck, handleGetUserAuditTrail);
+  managementRouter.get('/:userId/participants', isSuperUserCheck, handleGetUserParticipants);
   managementRouter.patch('/:userId/changeLock', isSuperUserCheck, handleChangeUserLock);
 
   return managementRouter;

src/api/routers/participants/participantsAuditTrail.ts

@@ -3,7 +3,7 @@ import { Response } from 'express';
 import { GetParticipantAuditTrail } from '../../services/auditTrailService';
 import { UserParticipantRequest } from '../../services/participantsService';
 
-export async function handleGetAuditTrail(req: UserParticipantRequest, res: Response) {
+export async function handleGetParticipantAuditTrail(req: UserParticipantRequest, res: Response) {
   const { participant } = req;
   const auditTrail = await GetParticipantAuditTrail(participant!);
   return res.status(200).json(auditTrail ?? []);

src/api/routers/participants/participantsRouter.ts

@@ -20,7 +20,7 @@ import {
 } from './participantsApiKeys';
 import { handleGetParticipantApiRoles } from './participantsApiRoles';
 import { handleGetParticipantAppNames, handleSetParticipantAppNames } from './participantsAppIds';
-import { handleGetAuditTrail } from './participantsAuditTrail';
+import { handleGetParticipantAuditTrail } from './participantsAuditTrail';
 import { handleCreateParticipant } from './participantsCreation';
 import {
   handleGetParticipantDomainNames,
@@ -65,7 +65,7 @@ export function createParticipantsRouter() {
   participantsRouter.get(
     '/:participantId/auditTrail',
     isAdminOrUid2SupportCheck,
-    handleGetAuditTrail
+    handleGetParticipantAuditTrail
   );
 
   participantsRouter.get('/:participantId/sharingPermission', handleGetSharingPermission);

src/api/services/auditTrailService.ts

@@ -43,3 +43,8 @@ export const GetParticipantAuditTrail = async (participant: Participant) => {
   );
   return auditTrail;
 };
+
+export const GetUserAuditTrail = async (userId: number) => {
+  const auditTrail = (await AuditTrail.query().where('userId', userId)).sort((a, b) => b.id - a.id);
+  return auditTrail;
+};

src/api/services/managementService.ts

@@ -9,7 +9,10 @@ import { UserParticipantRequest } from './participantsService';
 import { findUserByEmail } from './usersService';
 
 export const getAllUsersList = async () => {
-  const userList = await User.query().where('deleted', 0).orderBy('email');
+  const userList = await User.query()
+    .where('deleted', 0)
+    .orderBy('email')
+    .withGraphFetched('userToParticipantRoles');
   return userList;
 };
 

src/api/services/participantsService.ts

@@ -81,6 +81,14 @@ export const getAllParticipants = async (): Promise<Participant[]> => {
     .withGraphFetched('[apiRoles, approver, types, users]');
 };
 
+export const getUserParticipants = async (userId: number): Promise<Participant[]> => {
+  return Participant.query()
+    .withGraphFetched('participantToUserRoles')
+    .modifyGraph('participantToUserRoles', (row) => {
+      row.where('userId', userId);
+    });
+};
+
 export const getParticipantsBySiteIds = async (siteIds: number[]) => {
   return Participant.query().whereIn('siteId', siteIds).withGraphFetched('types');
 };

src/web/components/UserManagement/UserAuditTrailDialog.scss

@@ -0,0 +1,4 @@
+.audit-trail-dialog {
+  max-width: 1200px;
+  overflow-y: scroll;
+}

src/web/components/UserManagement/UserAuditTrailDialog.tsx

@@ -0,0 +1,51 @@
+import { Suspense, useEffect, useState } from 'react';
+
+import { AuditTrailDTO } from '../../../api/entities/AuditTrail';
+import { UserDTO } from '../../../api/entities/User';
+import { GetUserAuditTrail } from '../../services/auditTrailService';
+import AuditTrailTable from '../AuditTrail/AuditTrailTable';
+import { Dialog } from '../Core/Dialog/Dialog';
+import { Loading } from '../Core/Loading/Loading';
+import { ScreenContentContainer } from '../Core/ScreenContentContainer/ScreenContentContainer';
+
+import './UserAuditTrailDialog.scss';
+
+type UserAuditTrailDialogProps = Readonly<{
+  user: UserDTO;
+  onOpenChange: () => void;
+}>;
+
+function UserAuditTrailDialog({ user, onOpenChange }: UserAuditTrailDialogProps) {
+  const [userAuditTrail, setUserAuditTrail] = useState<AuditTrailDTO[]>();
+  const [isLoading, setIsLoading] = useState<boolean>(true);
+
+  useEffect(() => {
+    const getAuditTrail = async () => {
+      const auditTrail = await GetUserAuditTrail(user.id);
+      setUserAuditTrail(auditTrail);
+      setIsLoading(false);
+    };
+    getAuditTrail();
+  }, [user]);
+
+  return (
+    <Dialog
+      title={`Audit Trail for ${user.firstName} ${user.lastName}`}
+      onOpenChange={onOpenChange}
+      closeButtonText='Cancel'
+      className='audit-trail-dialog'
+    >
+      {isLoading ? (
+        <Loading message='Loading audit trail...' />
+      ) : (
+        <ScreenContentContainer>
+          <Suspense fallback={<Loading message='Loading audit trail...' />}>
+            <AuditTrailTable auditTrail={userAuditTrail ?? []} />
+          </Suspense>
+        </ScreenContentContainer>
+      )}
+    </Dialog>
+  );
+}
+
+export default UserAuditTrailDialog;

src/web/components/UserManagement/UserManagementItem.scss

@@ -55,4 +55,14 @@
       transform: translateX(19px);
     }
   }
+
+  .viewable-button {
+    cursor: pointer;
+    color: var(--theme-action);
+    border: none;
+    white-space: nowrap;
+    align-items: center;
+    padding-left: 0;
+    padding-right: 10px;
+  }
 }

src/web/components/UserManagement/UserManagementItem.tsx

@@ -1,6 +1,9 @@
 import * as Switch from '@radix-ui/react-switch';
+import { useState } from 'react';
 
 import { UserDTO } from '../../../api/entities/User';
+import UserAuditTrailDialog from './UserAuditTrailDialog';
+import UserParticipantsDialog from './UserParticipantsDialog';
 
 import './UserManagementItem.scss';
 
@@ -10,17 +13,43 @@ type UserManagementItemProps = Readonly<{
 }>;
 
 export function UserManagementItem({ user, onChangeUserLock }: UserManagementItemProps) {
+  const [showUserParticipantsDialog, setShowUserParticipantsDialog] = useState<boolean>(false);
+  const [showUserAuditTrailDialog, setShowUserAuditTrailDialog] = useState<boolean>(false);
+
   const onLockedToggle = async () => {
     await onChangeUserLock(user.id, !user.locked);
   };
 
+  const onUserParticipantsDialogChange = () => {
+    setShowUserParticipantsDialog(!showUserParticipantsDialog);
+  };
+
+  const onUserAuditTrailDialogChange = () => {
+    setShowUserAuditTrailDialog(!showUserAuditTrailDialog);
+  };
+
   return (
     <tr className='user-management-item'>
       <td>{user.email}</td>
       <td>{user.firstName}</td>
       <td>{user.lastName}</td>
       <td>{user.jobFunction}</td>
       <td>{user.acceptedTerms ? 'True' : 'False'}</td>
+      <td>
+        <button type='button' className='viewable-button' onClick={onUserParticipantsDialogChange}>
+          View Participants
+        </button>
+        {showUserParticipantsDialog && (
+          <UserParticipantsDialog user={user} onOpenChange={onUserParticipantsDialogChange} />
+        )}
+
+        <button type='button' className='viewable-button' onClick={onUserAuditTrailDialogChange}>
+          View Audit Trail
+        </button>
+        {showUserAuditTrailDialog && (
+          <UserAuditTrailDialog user={user} onOpenChange={onUserAuditTrailDialogChange} />
+        )}
+      </td>
       <td>
         <div className='theme-switch action-cell' title='Disable User Access'>
           <Switch.Root

src/web/components/UserManagement/UserManagementTable.tsx

@@ -97,6 +97,7 @@ function UserManagementTableContent({ users, onChangeUserLock }: UserManagementT
             <SortableTableHeader<UserDTO> sortKey='lastName' header='Last Name' />
             <SortableTableHeader<UserDTO> sortKey='jobFunction' header='Job Function' />
             <th>Accepted Terms</th>
+            <th className='dialogs'>Additional User Info</th>
             <th className='action'>Locked</th>
           </tr>
         </thead>

src/web/components/UserManagement/UserPartcipantsTable.tsx

@@ -0,0 +1,68 @@
+import { ParticipantDTO } from '../../../api/entities/Participant';
+import { UserDTO } from '../../../api/entities/User';
+import { UserRoleId } from '../../../api/entities/UserRole';
+import { SortableProvider } from '../../contexts/SortableTableProvider';
+import { TableNoDataPlaceholder } from '../Core/Tables/TableNoDataPlaceholder';
+
+import './UserParticipantsTable.scss';
+
+type UserParticipantRowProps = Readonly<{
+  participantName?: string;
+  roleName?: string;
+}>;
+
+function UserParticipantRow({ participantName, roleName }: UserParticipantRowProps) {
+  return (
+    <tr>
+      <td className='participant-name'>{participantName ?? 'Cannot find participant name'}</td>
+      <td className='role-name'>{roleName ?? 'Cannot find participant role'}</td>
+    </tr>
+  );
+}
+
+type UserParticipantsTableProps = Readonly<{
+  user: UserDTO;
+  userParticipants: ParticipantDTO[];
+}>;
+
+function UserParticipantsTableComponent({ user, userParticipants }: UserParticipantsTableProps) {
+  return (
+    <div className='users-participants-table-container'>
+      <table className='users-participants-table'>
+        <thead>
+          <tr>
+            <th>Participant Name</th>
+            <th>User Role</th>
+          </tr>
+        </thead>
+        <tbody>
+          {user.userToParticipantRoles?.map((role) => {
+            return (
+              <UserParticipantRow
+                key={role.participantId}
+                participantName={userParticipants.find((p) => p.id === role.participantId)?.name}
+                roleName={UserRoleId[role.userRoleId]}
+              />
+            );
+          })}
+        </tbody>
+      </table>
+      {userParticipants.length === 0 && (
+        <TableNoDataPlaceholder
+          icon={<img src='/document.svg' alt='email-icon' />}
+          title='No Participants'
+        >
+          <span>This user does not belong to any participant.</span>
+        </TableNoDataPlaceholder>
+      )}
+    </div>
+  );
+}
+
+export default function UserParticipantsTable(props: UserParticipantsTableProps) {
+  return (
+    <SortableProvider>
+      <UserParticipantsTableComponent {...props} />
+    </SortableProvider>
+  );
+}

src/web/components/UserManagement/UserParticipantsDialog.tsx

@@ -0,0 +1,54 @@
+import { useEffect, useState } from 'react';
+
+import { ParticipantDTO } from '../../../api/entities/Participant';
+import { UserDTO } from '../../../api/entities/User';
+import { UserRoleId } from '../../../api/entities/UserRole';
+import { GetUserParticipants } from '../../services/participant';
+import { Dialog } from '../Core/Dialog/Dialog';
+import { Loading } from '../Core/Loading/Loading';
+import UserParticipantsTable from './UserPartcipantsTable';
+
+type UserParticipantsDialogProps = Readonly<{
+  user: UserDTO;
+  onOpenChange: () => void;
+}>;
+
+function UserParticipantsDialog({ user, onOpenChange }: UserParticipantsDialogProps) {
+  const [userParticipants, setUserParticipants] = useState<ParticipantDTO[]>();
+  const [isLoading, setIsLoading] = useState<boolean>(true);
+
+  useEffect(() => {
+    const getParticipants = async () => {
+      const participants = await GetUserParticipants(user.id);
+      setUserParticipants(participants);
+      setIsLoading(false);
+    };
+    getParticipants();
+  }, [user]);
+
+  return (
+    <Dialog
+      title={`Participants List for ${user.firstName} ${user.lastName}`}
+      onOpenChange={onOpenChange}
+      closeButtonText='Cancel'
+    >
+      {isLoading ? (
+        <Loading message='Loading participants...' />
+      ) : (
+        <div>
+          {user.userToParticipantRoles?.find(
+            (role) => role.userRoleId === UserRoleId.UID2Support
+          ) ? (
+            <div>This user has the UID2 support role and has admin access to all participants.</div>
+          ) : (
+            <div>
+              <UserParticipantsTable user={user} userParticipants={userParticipants ?? []} />
+            </div>
+          )}
+        </div>
+      )}
+    </Dialog>
+  );
+}
+
+export default UserParticipantsDialog;

src/web/components/UserManagement/UserParticipantsTable.scss

@@ -0,0 +1,7 @@
+tbody {
+  td {
+    &.participant-name {
+      padding-right: 10rem;
+    }
+  }
+}