feat: VOL-5103 limit the access of read only users to certain data an…

…d actions (dvsa/olcs-internal#100)

* fix: VOL-5055 limit the access of read only users to certain data and actions

* switch to permission service, hide submission buttons for internal read only users

* bump common to 6.2.2

app/internal/module/Admin/src/Form/Model/Fieldset/FormSaveCancelPreview.php

@@ -31,7 +31,7 @@ class FormSaveCancelPreview
      * })
      * @Form\Options({
      *     "label": "Cancel",
-     *     "keepForReadonly": true,
+     *     "keepForReadOnly": true,
      * })
      * @Form\Type("\Common\Form\Elements\InputFilters\ActionButton")
      */
@@ -45,7 +45,7 @@ class FormSaveCancelPreview
      * })
      * @Form\Options({
      *     "label": "Preview",
-     *     "keepForReadonly": true,
+     *     "keepForReadOnly": true,
      * })
      * @Form\Type("\Common\Form\Elements\InputFilters\ActionButton")
      */

app/internal/module/Admin/src/Form/Model/Fieldset/TranslationKeyActions.php

@@ -29,7 +29,7 @@ class TranslationKeyActions
      * })
      * @Form\Options({
      *     "label": "Cancel",
-     *     "keepForReadonly": true,
+     *     "keepForReadOnly": true,
      * })
      * @Form\Type("\Common\Form\Elements\InputFilters\ActionButton")
      */

app/internal/module/Olcs/src/Controller/Cases/Submission/SubmissionController.php

@@ -3,6 +3,7 @@
 namespace Olcs\Controller\Cases\Submission;
 
 use Common\Controller\Traits\GenericUpload;
+use Common\Rbac\Service\Permission;
 use Common\Service\Data\CategoryDataService;
 use Common\Service\Helper\FileUploadHelperService;
 use Common\Service\Helper\FlashMessengerHelperService;
@@ -19,7 +20,6 @@
 use Dvsa\Olcs\Transfer\Command\Submission\UpdateSubmission as UpdateDto;
 use Dvsa\Olcs\Transfer\Query\Submission\Submission as ItemDto;
 use Dvsa\Olcs\Transfer\Query\Submission\SubmissionList as ListDto;
-use Laminas\Mvc\MvcEvent;
 use Laminas\Navigation\Navigation;
 use Laminas\Stdlib\ArrayUtils;
 use Laminas\View\Model\ViewModel;
@@ -190,6 +190,7 @@ class SubmissionController extends AbstractInternalController implements Submiss
     protected FileUploadHelperService $uploadHelper;
     protected array $configHelper;
     protected ViewRenderer $viewRenderer;
+    private Permission $permissionService;
 
     public function __construct(
         TranslationHelperService $translationHelper,
@@ -200,12 +201,14 @@ public function __construct(
         array $configHelper,
         ViewRenderer $viewRenderer,
         Submission $submissionDataService,
+        Permission $permissionService,
         FileUploadHelperService $uploadHelper
     ) {
         $this->urlHelper = $urlHelper;
         $this->configHelper = $configHelper;
         $this->viewRenderer = $viewRenderer;
         $this->submissionDataService = $submissionDataService;
+        $this->permissionService = $permissionService;
         $this->uploadHelper = $uploadHelper;
 
         parent::__construct($translationHelper, $formHelper, $flashMessenger, $navigation);
@@ -435,8 +438,9 @@ private function generateSubmissionView($params, $printView = false)
 
                 $allSectionsRefData = $this->getAllSectionsRefData();
                 $submissionConfig = $this->getSubmissionConfig();
+                $isInternalReadOnly = $this->permissionService->isInternalReadOnly();
 
-                $readOnly = (bool)($printView || $data['isClosed']);
+                $readOnly = ($printView || $data['isClosed'] || $isInternalReadOnly);
                 $this->placeholder()->setPlaceholder(
                     'selectedSectionsArray',
                     $this->generateSelectedSectionsArray($data, $allSectionsRefData, $submissionConfig, $readOnly)
@@ -446,6 +450,7 @@ private function generateSubmissionView($params, $printView = false)
                 $this->placeholder()->setPlaceholder('submissionConfig', $submissionConfig['sections']);
                 $this->placeholder()->setPlaceholder('submission', $data);
                 $this->placeholder()->setPlaceholder('readonly', $readOnly);
+                $this->placeholder()->setPlaceholder('isInternalReadOnly', $isInternalReadOnly);
             }
         }
     }

app/internal/module/Olcs/src/Controller/Cases/Submission/SubmissionControllerFactory.php

@@ -2,6 +2,7 @@
 
 namespace Olcs\Controller\Cases\Submission;
 
+use Common\Rbac\Service\Permission;
 use Common\Service\Data\PluginManager;
 use Common\Service\Helper\FileUploadHelperService;
 use Common\Service\Helper\FlashMessengerHelperService;
@@ -39,7 +40,7 @@ public function __invoke(ContainerInterface $container, $requestedName, array $o
         assert($viewRenderer instanceof ViewRenderer);
 
         $submissionDataService = $container->get(PluginManager::class)->get(Submission::class);
-
+        $permissionService = $container->get(Permission::class);
         $uploadHelper = $container->get(FileUploadHelperService::class);
 
         return new SubmissionController(
@@ -51,6 +52,7 @@ public function __invoke(ContainerInterface $container, $requestedName, array $o
             $configHelper,
             $viewRenderer,
             $submissionDataService,
+            $permissionService,
             $uploadHelper
         );
     }

app/internal/module/Olcs/src/FormService/Form/Lva/AbstractLvaFormFactory.php

@@ -3,6 +3,7 @@
 namespace Olcs\FormService\Form\Lva;
 
 use Common\FormService\FormServiceManager;
+use Common\Rbac\Service\Permission;
 use Common\Service\Helper\FormHelperService;
 use Common\Service\Helper\TranslationHelperService;
 use Common\Service\Helper\UrlHelperService;
@@ -222,9 +223,9 @@ public function __invoke($container, $requestedName, array $options = null)
                 $formServiceLocator = $serviceLocator->get(FormServiceManager::class);
                 return new LicenceTypeOfLicence($formHelper, $authService, $formServiceLocator);
             case self::FORM_SERVICE_CLASS_ALIASES['lva-application-type-of-licence']:
-                $authService = $serviceLocator->get(AuthorizationService::class);
+                $permissionService = $serviceLocator->get(Permission::class);
                 $formServiceLocator = $serviceLocator->get(FormServiceManager::class);
-                return new ApplicationTypeOfLicence($formHelper, $authService, $formServiceLocator);
+                return new ApplicationTypeOfLicence($formHelper, $permissionService, $formServiceLocator);
             case self::FORM_SERVICE_CLASS_ALIASES['lva-variation-type-of-licence']:
                 $authService = $serviceLocator->get(AuthorizationService::class);
                 $formServiceLocator = $serviceLocator->get(FormServiceManager::class);

app/internal/module/Olcs/src/FormService/Form/Lva/ApplicationTypeOfLicence.php

@@ -3,23 +3,20 @@
 namespace Olcs\FormService\Form\Lva;
 
 use Common\FormService\FormServiceManager;
+use Common\Rbac\Service\Permission;
 use Common\Service\Helper\FormHelperService;
 use Laminas\Form\Form;
 use Common\FormService\Form\Lva\TypeOfLicence\ApplicationTypeOfLicence as CommonApplicationTypeOfLicence;
-use LmcRbacMvc\Service\AuthorizationService;
 
-/**
- * Application Type Of Licence
- */
 class ApplicationTypeOfLicence extends CommonApplicationTypeOfLicence
 {
     protected FormHelperService $formHelper;
-    protected AuthorizationService $authService;
+    protected Permission $permissionService;
     protected FormServiceManager $formServiceLocator;
 
-    public function __construct(FormHelperService $formHelper, AuthorizationService $authService, FormServiceManager $formServiceLocator)
+    public function __construct(FormHelperService $formHelper, Permission $permissionService, FormServiceManager $formServiceLocator)
     {
-        parent::__construct($formHelper, $authService, $formServiceLocator);
+        parent::__construct($formHelper, $permissionService, $formServiceLocator);
     }
 
     /**

app/internal/module/Olcs/src/Table/Tables/operator-people.table.php

@@ -1,6 +1,7 @@
 <?php
 
 use Common\Service\Table\Formatter\Date;
+use Common\Service\Table\Formatter\DisqualifyUrl;
 use Common\Service\Table\Formatter\Name;
 
 return array(
@@ -48,13 +49,7 @@
         ),
         array(
             'title' => 'Disqual',
-            'formatter' => function ($row) {
-                return sprintf(
-                    '<a href="%s" class="govuk-link js-modal-ajax">%s</a>',
-                    $this->generateUrl(array('person' => $row['personId']), 'operator/disqualify_person'),
-                    $row['disqualificationStatus']
-                );
-            }
+            'formatter' => DisqualifyUrl::class,
         ),
         array(
             'name' => 'select',

app/internal/module/Olcs/view/sections/cases/pages/submission.phtml

@@ -8,6 +8,7 @@ $submissionConfig = $this->placeholder('submissionConfig')->getValue();
 
 $allSections = $this->placeholder('allSections')->getValue();
 $readonly = $this->placeholder('readonly')->getValue();
+$isInternalReadOnly = $this->placeholder('isInternalReadOnly')->getValue();
 
 $freetext = '';
 
@@ -41,7 +42,7 @@ foreach ($allSections as $sectionId => $sectionDescription) {
     }
 }
 $actions = [];
-if ($submission['canClose']) {
+if ($submission['canClose'] && !$isInternalReadOnly) {
     $params = ['case' => $submission['case']['id'], 'submission' => $submission['id'], 'action' => 'close'];
     $closeActionUrl = [
         'label' => 'Close submission',
@@ -51,7 +52,7 @@ if ($submission['canClose']) {
     ];
     array_push($actions, $closeActionUrl);
 }
-if ($submission['canReopen']) {
+if ($submission['canReopen'] && !$isInternalReadOnly) {
     $params = ['case' => $submission['case']['id'], 'submission' => $submission['id'], 'action' => 'reopen'];
     $closeActionUrl = [
         'label' => 'Reopen submission',
@@ -96,17 +97,20 @@ array_push($actions, [
         ]
     )
 ]);
-array_push($actions, [
+
+if (!$isInternalReadOnly) {
+  array_push($actions, [
     'label' => 'Create snapshot',
     'class' => 'govuk-button govuk-button--secondary',
     'url' => $this->url(
-        'submission', [
-            'case' => $case['id'],
-            'action' => 'snapshot',
-            'submission' => $submission['id']
-        ]
+      'submission', [
+        'case' => $case['id'],
+        'action' => 'snapshot',
+        'submission' => $submission['id']
+      ]
     )
-]);
+  ]);
+}
 
 //last submission
 echo $this->render('partials/read-only/header',

app/internal/test/Olcs/src/Mvc/Controller/Plugin/ConfirmTest.php

@@ -1,7 +1,10 @@
 <?php
 
+declare(strict_types=1);
+
 namespace OlcsTest\Mvc\Controller\Plugin;
 
+use Common\Rbac\Service\Permission;
 use Common\Service\Helper\FileUploadHelperService;
 use Common\Service\Helper\FlashMessengerHelperService;
 use Common\Service\Helper\FormHelperService;
@@ -12,16 +15,13 @@
 use Mockery as m;
 use Mockery\Adapter\Phpunit\MockeryTestCase as TestCase;
 use Olcs\Controller\Cases\Submission\SubmissionController;
+use Olcs\Mvc\Controller\Plugin\Confirm;
 use Olcs\Service\Data\Submission;
 
-/**
- * Class ComfirmPluginTest
- *
- * @package OlcsTest\Mvc\Controller\Plugin
- */
 class ConfirmTest extends TestCase
 {
     protected $sut;
+    private $permissionService;
     public function setUp(): void
     {
 
@@ -33,6 +33,7 @@ public function setUp(): void
         $this->configHelper = array();
         $this->viewRenderer = m::mock(ViewRenderer::class);
         $this->submissionService = m::mock(Submission::class);
+        $this->permissionService = m::mock(Permission::class);
         $this->uploadHelper = m::mock(FileUploadHelperService::class);
         $this->sut = m::mock(SubmissionController::class, [
             $this->translationHelper,
@@ -43,16 +44,17 @@ public function setUp(): void
             $this->configHelper,
             $this->viewRenderer,
             $this->submissionService,
+            $this->permissionService,
             $this->uploadHelper
         ])->makePartial();
     }
     /**
      * @group        confirmPlugin
      * @dataProvider dpTestInvokeGenerateForm
      */
-    public function testInvokeGenerateForm($confirmLabel, $cancelLabel, $defaultLabelParams)
+    public function testInvokeGenerateForm($confirmLabel, $cancelLabel, $defaultLabelParams): void
     {
-        $plugin = new \Olcs\Mvc\Controller\Plugin\Confirm();
+        $plugin = new Confirm();
         $this->configHelper = array();
         $mockFormCustomLabels = m::mock('Laminas\Form\Form')
             ->shouldReceive('getAttribute')
@@ -112,7 +114,7 @@ public function testInvokeGenerateForm($confirmLabel, $cancelLabel, $defaultLabe
         $this->assertInstanceOf('\Laminas\View\Model\ViewModel', $result);
     }
 
-    public function dpTestInvokeGenerateForm()
+    public function dpTestInvokeGenerateForm(): array
     {
         return [
             ['Continue', 'Cancel', true],
@@ -123,9 +125,9 @@ public function dpTestInvokeGenerateForm()
     /**
      * @group confirmPlugin
      */
-    public function testInvokeProcessForm()
+    public function testInvokeProcessForm(): void
     {
-        $plugin = new \Olcs\Mvc\Controller\Plugin\Confirm();
+        $plugin = new Confirm();
 
         $mockForm = m::mock('Laminas\Form\Form');
         $mockForm->shouldReceive('setData')->withAnyArgs()->andReturn($mockForm);
@@ -164,9 +166,9 @@ public function testInvokeProcessForm()
     /**
      * @group confirmPlugin
      */
-    public function testInvokeProcessInvalidForm()
+    public function testInvokeProcessInvalidForm(): void
     {
-        $plugin = new \Olcs\Mvc\Controller\Plugin\Confirm();
+        $plugin = new Confirm();
 
         $mockForm = m::mock('Laminas\Form\Form');
         $mockForm->shouldReceive('setData')->withAnyArgs()->andReturn($mockForm);