Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | 283x 7579x 7574x 283x 2156x 283x 1x 283x 225x 283x 4x 283x 26x 283x 5167x 283x 283x 33x 283x 13x 7x 6x 7x 283x 9x 283x 1x 390x 390x 283x 283x | import {
CMS_READ_ONLY_ROLES,
CMS_ROLES,
CMS_WRITE_ROLES,
FullUser,
STATE_ROLES,
USER_MANAGER_ROLES,
UserDetails,
} from "shared-types";
import {
ROLES_ALLOWED_TO_REQUEST,
ROLES_ALLOWED_TO_UPDATE,
roleUpdatePermissionsMap,
UserRole,
} from "shared-types/events/legacy-user";
/** Function receives a user's cognito attributes and list of authorized roles,
* and will confirm the user has one or more authorized UserRoles */
const userHasAuthorizedRole = (user: FullUser | UserDetails | null, authorized: UserRole[]) => {
if (!user) return false;
return authorized.includes(user.role);
};
/** Confirms user is any kind of CMS user */
export const isCmsUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_ROLES);
/** Confirms user is help desk user */
export const isHelpDeskUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, ["helpdesk"]);
/** Confirms user is a CMS user who can create data */
export const isCmsWriteUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_WRITE_ROLES);
/** Confirms user is a CMS user who can only view data */
export const isCmsReadonlyUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_READ_ONLY_ROLES);
/** Confirms user can manage other users */
export const isUserManagerUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, USER_MANAGER_ROLES);
/** Confirms user is a State user */
export const isStateUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, STATE_ROLES);
/** Confirms user is a State user */
// export const isCmsSuperUser = (user: FullUser | null) => userHasAuthorizedRole(user, []);
/** Confirms user is an IDM user */
export const isIDM = (user: FullUser | null) => user?.username.startsWith("IDM_");
/** Checks if role is a state role */
export const isStateRole = (role: UserRole): boolean => {
return STATE_ROLES.includes(role as (typeof STATE_ROLES)[number]);
};
// Check if current user can update access for a certain role
export const canUpdateAccess = (currentUserRole: UserRole, roleToUpdate: UserRole): boolean => {
if (ROLES_ALLOWED_TO_UPDATE.includes(currentUserRole)) {
if (roleUpdatePermissionsMap[currentUserRole]?.includes(roleToUpdate)) {
return true;
}
}
return false;
};
// Check if current user can request to change their own role
export const canRequestAccess = (role: UserRole): boolean => {
return ROLES_ALLOWED_TO_REQUEST.includes(role);
};
// Check if current user is a statesubmitter and is revoking their own state access
export const canSelfRevokeAccess = (
currentRole: UserRole,
currentEmail: string,
emailToUpdate: string,
) => {
return currentRole === "statesubmitter" && currentEmail === emailToUpdate;
};
// gets the role that approves current user
export function getApprovingRole(role: string) {
const approvingUserRole = {
statesubmitter: "statesystemadmin",
statesystemadmin: "cmsroleapprover",
cmsroleapprover: "systemadmin",
defaultcmsuser: "cmsroleapprover",
helpdesk: "systemadmin",
cmsreviewer: "cmsroleapprover",
norole: "systemadmin",
};
return approvingUserRole[role as keyof typeof approvingUserRole] ?? role;
}
export const userRoleMap = {
defaultcmsuser: "CMS Read-only User",
cmsroleapprover: "CMS Role Approver",
cmsreviewer: "CMS Read-only User",
statesystemadmin: "State System Admin",
helpdesk: "Help Desk",
statesubmitter: "State Submitter",
systemadmin: "CMS System Admin",
norole: "No Role",
};
export const newUserRoleMap = {
defaultcmsuser: "CMS Read Only",
cmsroleapprover: "CMS Role Approver",
cmsreviewer: "CMS Read Only",
statesystemadmin: "State System Administrator",
helpdesk: "Help Desk",
statesubmitter: "State Submitter",
systemadmin: "CMS System Administrator",
norole: "No Role",
};
|