Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | 284x 7609x 7604x 284x 2156x 284x 1x 284x 277x 284x 4x 284x 26x 284x 5145x 284x 284x 33x 284x 13x 7x 6x 7x 284x 9x 284x 1x 390x 390x 284x 284x | import {
CMS_READ_ONLY_ROLES,
CMS_ROLES,
CMS_WRITE_ROLES,
FullUser,
STATE_ROLES,
USER_MANAGER_ROLES,
UserDetails,
} from "shared-types";
import {
ROLES_ALLOWED_TO_REQUEST,
ROLES_ALLOWED_TO_UPDATE,
roleUpdatePermissionsMap,
UserRole,
} from "shared-types/events/legacy-user";
/** Function receives a user's cognito attributes and list of authorized roles,
* and will confirm the user has one or more authorized UserRoles */
const userHasAuthorizedRole = (user: FullUser | UserDetails | null, authorized: UserRole[]) => {
if (!user) return false;
return authorized.includes(user.role);
};
/** Confirms user is any kind of CMS user */
export const isCmsUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_ROLES);
/** Confirms user is help desk user */
export const isHelpDeskUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, ["helpdesk"]);
/** Confirms user is a CMS user who can create data */
export const isCmsWriteUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_WRITE_ROLES);
/** Confirms user is a CMS user who can only view data */
export const isCmsReadonlyUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, CMS_READ_ONLY_ROLES);
/** Confirms user can manage other users */
export const isUserManagerUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, USER_MANAGER_ROLES);
/** Confirms user is a State user */
export const isStateUser = (user: FullUser | UserDetails | null) =>
userHasAuthorizedRole(user, STATE_ROLES);
/** Confirms user is a State user */
// export const isCmsSuperUser = (user: FullUser | null) => userHasAuthorizedRole(user, []);
/** Confirms user is an IDM user */
export const isIDM = (user: FullUser | null) => user?.username.startsWith("IDM_");
/** Checks if role is a state role */
export const isStateRole = (role: UserRole): boolean => {
return STATE_ROLES.includes(role as (typeof STATE_ROLES)[number]);
};
// Check if current user can update access for a certain role
export const canUpdateAccess = (currentUserRole: UserRole, roleToUpdate: UserRole): boolean => {
if (ROLES_ALLOWED_TO_UPDATE.includes(currentUserRole)) {
if (roleUpdatePermissionsMap[currentUserRole]?.includes(roleToUpdate)) {
return true;
}
}
return false;
};
// Check if current user can request to change their own role
export const canRequestAccess = (role: UserRole): boolean => {
return ROLES_ALLOWED_TO_REQUEST.includes(role);
};
// Check if current user is a statesubmitter and is revoking their own state access
export const canSelfRevokeAccess = (
currentRole: UserRole,
currentEmail: string,
emailToUpdate: string,
) => {
return currentRole === "statesubmitter" && currentEmail === emailToUpdate;
};
// gets the role that approves current user
export function getApprovingRole(role: string) {
const approvingUserRole = {
statesubmitter: "statesystemadmin",
statesystemadmin: "cmsroleapprover",
cmsroleapprover: "systemadmin",
defaultcmsuser: "cmsroleapprover",
helpdesk: "systemadmin",
cmsreviewer: "cmsroleapprover",
norole: "systemadmin",
};
return approvingUserRole[role as keyof typeof approvingUserRole] ?? role;
}
export const userRoleMap = {
defaultcmsuser: "CMS Read-only User",
cmsroleapprover: "CMS Role Approver",
cmsreviewer: "CMS Read-only User",
statesystemadmin: "State System Admin",
helpdesk: "Help Desk",
statesubmitter: "State Submitter",
systemadmin: "CMS System Admin",
norole: "No Role",
};
export const newUserRoleMap = {
defaultcmsuser: "CMS Read Only",
cmsroleapprover: "CMS Role Approver",
cmsreviewer: "CMS Read Only",
statesystemadmin: "State System Administrator",
helpdesk: "Help Desk",
statesubmitter: "State Submitter",
systemadmin: "CMS System Administrator",
norole: "No Role",
};
|