Allow prisons to see appeal rulings

island-is · Sep 24, 2024 · b8774ed · b8774ed
1 parent 1f684cf
commit b8774ed
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 32 deletions.
diff --git a/apps/judicial-system/backend/src/app/modules/file/guards/caseFileCategory.ts b/apps/judicial-system/backend/src/app/modules/file/guards/caseFileCategory.ts
@@ -6,6 +6,7 @@ import {
   isDefenceUser,
   isIndictmentCase,
   isPrisonAdminUser,
+  isPrisonStaffUser,
   isRequestCase,
   User,
 } from '@island.is/judicial-system/types'
@@ -39,6 +40,8 @@ const prisonAdminCaseFileCategories = [
   CaseFileCategory.RULING,
 ]
 
+const prisonStaffCaseFileCategories = [CaseFileCategory.APPEAL_RULING]
+
 export const canLimitedAcccessUserViewCaseFile = (
   user: User,
   caseType: CaseType,
@@ -68,12 +71,20 @@ export const canLimitedAcccessUserViewCaseFile = (
     }
   }
 
-  if (
-    isPrisonAdminUser(user) &&
-    isCompletedCase(caseState) &&
-    prisonAdminCaseFileCategories.includes(caseFileCategory)
-  ) {
-    return true
+  if (isCompletedCase(caseState)) {
+    if (
+      isPrisonStaffUser(user) &&
+      prisonStaffCaseFileCategories.includes(caseFileCategory)
+    ) {
+      return true
+    }
+
+    if (
+      isPrisonAdminUser(user) &&
+      prisonAdminCaseFileCategories.includes(caseFileCategory)
+    ) {
+      return true
+    }
   }
 
   return false

diff --git a/...al-system/backend/src/app/modules/file/guards/test/limitedAccessViewCaseFileGuard.spec.ts b/...al-system/backend/src/app/modules/file/guards/test/limitedAccessViewCaseFileGuard.spec.ts
@@ -213,11 +213,7 @@ describe('Limited Access View Case File Guard', () => {
     })
   })
 
-  describe('prison system users', () => {
-    const prisonUser = {
-      role: UserRole.PRISON_SYSTEM_STAFF,
-      institution: { type: InstitutionType.PRISON },
-    }
+  describe('prison admin users', () => {
     const prisonAdminUser = {
       role: UserRole.PRISON_SYSTEM_STAFF,
       institution: { type: InstitutionType.PRISON_ADMIN },
@@ -231,7 +227,7 @@ describe('Limited Access View Case File Guard', () => {
         ]
 
         describe.each(allowedCaseFileCategories)(
-          'prison system users can view %s',
+          'prison admin users can view %s',
           (category) => {
             let thenPrisonAdmin: Then
 
@@ -256,31 +252,20 @@ describe('Limited Access View Case File Guard', () => {
             (category) =>
               !allowedCaseFileCategories.includes(category as CaseFileCategory),
           ),
-        )('prison system users can not view %s', (category) => {
-          let thenPrison: Then
+        )('prison admin users can not view %s', (category) => {
           let thenPrisonAdmin: Then
 
           beforeEach(() => {
-            mockRequest.mockImplementationOnce(() => ({
-              user: prisonUser,
-              case: { type, state },
-              caseFile: { category },
-            }))
             mockRequest.mockImplementationOnce(() => ({
               user: prisonAdminUser,
               case: { type, state },
               caseFile: { category },
             }))
 
-            thenPrison = givenWhenThen()
             thenPrisonAdmin = givenWhenThen()
           })
 
           it('should throw ForbiddenException', () => {
-            expect(thenPrison.error).toBeInstanceOf(ForbiddenException)
-            expect(thenPrison.error.message).toBe(
-              `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
-            )
             expect(thenPrisonAdmin.error).toBeInstanceOf(ForbiddenException)
             expect(thenPrisonAdmin.error.message).toBe(
               `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
@@ -295,36 +280,115 @@ describe('Limited Access View Case File Guard', () => {
         ),
       )('in state %s', (state) => {
         describe.each(Object.keys(CaseFileCategory))(
-          'prison system users can not view %s',
+          'prison admin users can not view %s',
           (category) => {
-            let thenPrison: Then
             let thenPrisonAdmin: Then
 
+            beforeEach(() => {
+              mockRequest.mockImplementationOnce(() => ({
+                user: prisonAdminUser,
+                case: { type, state },
+                caseFile: { category },
+              }))
+
+              thenPrisonAdmin = givenWhenThen()
+            })
+
+            it('should throw ForbiddenException', () => {
+              expect(thenPrisonAdmin.error).toBeInstanceOf(ForbiddenException)
+              expect(thenPrisonAdmin.error.message).toBe(
+                `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
+              )
+            })
+          },
+        )
+      })
+    })
+  })
+
+  describe('prison users', () => {
+    const prisonUser = {
+      role: UserRole.PRISON_SYSTEM_STAFF,
+      institution: { type: InstitutionType.PRISON },
+    }
+
+    describe.each(Object.keys(CaseType))('for %s cases', (type) => {
+      describe.each(completedCaseStates)('in state %s', (state) => {
+        const allowedCaseFileCategories = [CaseFileCategory.APPEAL_RULING]
+
+        describe.each(allowedCaseFileCategories)(
+          'prison users can view %s',
+          (category) => {
+            let thenPrisonUser: Then
+
             beforeEach(() => {
               mockRequest.mockImplementationOnce(() => ({
                 user: prisonUser,
                 case: { type, state },
                 caseFile: { category },
               }))
+
+              thenPrisonUser = givenWhenThen()
+            })
+
+            it('should activate', () => {
+              expect(thenPrisonUser.result).toBe(true)
+            })
+          },
+        )
+
+        describe.each(
+          Object.keys(CaseFileCategory).filter(
+            (category) =>
+              !allowedCaseFileCategories.includes(category as CaseFileCategory),
+          ),
+        )('prison users can not view %s', (category) => {
+          let thenPrison: Then
+
+          beforeEach(() => {
+            mockRequest.mockImplementationOnce(() => ({
+              user: prisonUser,
+              case: { type, state },
+              caseFile: { category },
+            }))
+
+            thenPrison = givenWhenThen()
+          })
+
+          it('should throw ForbiddenException', () => {
+            expect(thenPrison.error).toBeInstanceOf(ForbiddenException)
+            expect(thenPrison.error.message).toBe(
+              `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
+            )
+          })
+        })
+      })
+
+      describe.each(
+        Object.keys(CaseState).filter(
+          (state) => !completedCaseStates.includes(state as CaseState),
+        ),
+      )('in state %s', (state) => {
+        describe.each(Object.keys(CaseFileCategory))(
+          'prison users can not view %s',
+          (category) => {
+            let thenPrison: Then
+
+            beforeEach(() => {
               mockRequest.mockImplementationOnce(() => ({
-                user: prisonAdminUser,
+                user: prisonUser,
                 case: { type, state },
                 caseFile: { category },
               }))
 
               thenPrison = givenWhenThen()
-              thenPrisonAdmin = givenWhenThen()
             })
 
             it('should throw ForbiddenException', () => {
               expect(thenPrison.error).toBeInstanceOf(ForbiddenException)
               expect(thenPrison.error.message).toBe(
                 `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
               )
-              expect(thenPrisonAdmin.error).toBeInstanceOf(ForbiddenException)
-              expect(thenPrisonAdmin.error.message).toBe(
-                `Forbidden for ${UserRole.PRISON_SYSTEM_STAFF}`,
-              )
             })
           },
         )