fix: allow admins to delete opps under review

(cherry picked from commit 13dc4e1)
bcgov · Feb 14, 2024 · c9f1ad4 · c9f1ad4
1 parent 303ffb8
commit c9f1ad4
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 14 deletions.
diff --git a/src/back-end/lib/permissions.ts b/src/back-end/lib/permissions.ts
@@ -20,6 +20,7 @@ import {
 import { Affiliation } from "shared/lib/resources/affiliation";
 import {
   CWUOpportunity,
+  CWUOpportunityStatus,
   doesCWUOpportunityStatusAllowGovToViewProposals
 } from "shared/lib/resources/opportunity/code-with-us";
 import {
@@ -351,12 +352,17 @@ export async function editCWUOpportunity(
 export async function deleteCWUOpportunity(
   connection: Connection,
   session: Session,
-  opportunityId: string
+  opportunityId: string,
+  status: CWUOpportunityStatus
 ): Promise<boolean> {
   return (
-    isAdmin(session) ||
+    (isAdmin(session) &&
+      [CWUOpportunityStatus.Draft, CWUOpportunityStatus.UnderReview].includes(
+        status
+      )) ||
     (session &&
       isGovernment(session) &&
+      status === CWUOpportunityStatus.Draft &&
       (await isCWUOpportunityAuthor(
         connection,
         session.user,

diff --git a/src/back-end/lib/resources/opportunity/code-with-us.ts b/src/back-end/lib/resources/opportunity/code-with-us.ts
@@ -1089,28 +1089,26 @@ const delete_: crud.Delete<
 > = (connection: db.Connection) => {
   return {
     async validateRequestBody(request) {
+      const validatedCWUOpportunity = await validateCWUOpportunityId(
+        connection,
+        request.params.id,
+        request.session
+      );
+      if (isInvalid(validatedCWUOpportunity)) {
+        return invalid({ notFound: ["Opportunity not found."] });
+      }
       if (
         !(await permissions.deleteCWUOpportunity(
           connection,
           request.session,
-          request.params.id
+          request.params.id,
+          validatedCWUOpportunity.value.status
         ))
       ) {
         return invalid({
           permissions: [permissions.ERROR_MESSAGE]
         });
       }
-      const validatedCWUOpportunity = await validateCWUOpportunityId(
-        connection,
-        request.params.id,
-        request.session
-      );
-      if (isInvalid(validatedCWUOpportunity)) {
-        return invalid({ notFound: ["Opportunity not found."] });
-      }
-      if (validatedCWUOpportunity.value.status !== CWUOpportunityStatus.Draft) {
-        return invalid({ permissions: [permissions.ERROR_MESSAGE] });
-      }
       return valid(validatedCWUOpportunity.value.id);
     },
     respond: wrapRespond({