bcgov · micheal-w-wells · Jul 22, 2024 · Jul 16, 2024 · Jul 16, 2024 · Jul 16, 2024
diff --git a/api/src/paths/update-request.ts b/api/src/paths/update-request.ts
@@ -9,6 +9,7 @@ import { grantRoleByValueSQL } from 'queries/role-queries';
 import {
   approveUpdateRequestsSQL,
   createUpdateRequestSQL,
+  doesUserExistSQL,
   getUpdateRequestsSQL,
   updateUpdateRequestStatusSQL
 } from 'queries/update-request-queries';
@@ -25,10 +26,10 @@ POST.apiDoc = {
   tags: ['update-request'],
   security: SECURITY_ON
     ? [
-        {
-          Bearer: ALL_ROLES
-        }
-      ]
+      {
+        Bearer: ALL_ROLES
+      }
+    ]
     : [],
   requestBody: {
     description: 'Access request post request object.',
@@ -164,7 +165,6 @@ function postHandler(): RequestHandler {
  * Create an update request
  */
 async function createUpdateRequest(req, res, next, newUpdateRequest) {
-  // TODO: Ensure user exists before creating update request
   defaultLog.debug({ label: 'update-request', message: 'create', body: newUpdateRequest });
   const connection = await getDBConnection();
   if (!connection) {
@@ -176,26 +176,37 @@ async function createUpdateRequest(req, res, next, newUpdateRequest) {
     });
   }
   try {
+    const tokenUser = req.authContext.friendlyUsername;
+    const tokenUserIsRequestUser: boolean = [
+      req.body.newUpdateRequest.idir,
+      req.body.newUpdateRequest.bceid
+    ].includes(tokenUser.toLowerCase())
+
+    const userSQL: SQLStatement = doesUserExistSQL(tokenUser);
     const sqlStatement: SQLStatement = createUpdateRequestSQL(newUpdateRequest);
-    if (!sqlStatement) {
+
+    if (!sqlStatement || !userSQL) {
       return res.status(500).json({
         message: 'Failed to build SQL statement',
         req: req.body,
         namespace: 'update-request',
         code: 500
       });
     }
-    const response = await connection.query(sqlStatement.text, sqlStatement.values);
-    return res.status(201).json({
-      message: 'Update request created',
-      request: req.body,
-      result: response.rows,
-      count: response.rowCount,
-      namespace: 'update-request',
-      code: 201
-    });
+
+    const dbResp = await connection.query(userSQL.text, userSQL.values);
+    if (dbResp.rows.length > 0 && tokenUserIsRequestUser) {
+      const response = await connection.query(sqlStatement.text, sqlStatement.values);
+      return res.status(201).json({
+        message: 'Update request created',
+        request: req.body,
+        result: response.rows,
+        count: response.rowCount,
+        namespace: 'update-request',
+        code: 201
+      });
+    }
   } catch (error) {
-    defaultLog.debug({ label: 'create', message: 'error', error });
     return res.status(500).json({
       message: 'Failed to create update request',
       req: req.body,

diff --git a/api/src/queries/update-request-queries.ts b/api/src/queries/update-request-queries.ts
@@ -39,6 +39,20 @@ export const getUpdateRequestForUserSQL = (username: string, email?: string): SQ
   }
 };
 
+/**
+ * @desc SQL Statement for confirming a user exists.
+ * @param id User ID 'example@idir'
+ */
+export const doesUserExistSQL = (id: string): SQLStatement => (
+  SQL`
+    SELECT user_id
+    FROM application_user
+    WHERE (idir_account_name = LOWER(${id})
+    OR bceid_account_name = LOWER(${id}))
+    AND activation_status = 1;
+  `
+)
+
 export function appendNRQ(input: string) {
   if (input)
     if (input.indexOf('NRQ') == -1) return input + ',NRQ';
@@ -85,7 +99,7 @@ export const createUpdateRequestSQL = (updateRequest): SQLStatement => {
         ${updateRequest.psn2 ? updateRequest.psn2 : null},
         ${updateRequest.requestedRoles ? updateRequest.requestedRoles : null},
         ${updateRequest.comments ? updateRequest.comments : ''},
-        ${updateRequest.status},
+        'NOT_APPROVED',
         ${updateRequest.idirUserId ? updateRequest.idirUserId : null},
         ${updateRequest.bceidUserId ? updateRequest.bceidUserId : null},
         'UPDATE'
@@ -146,8 +160,7 @@ export const approveUpdateRequestsSQL = (updateRequest): SQLStatement => {
             pac_number=${updateRequest.pac_number},
             pac_service_number_1=${updateRequest.pac_service_number_1},
             pac_service_number_2=${updateRequest.pac_service_number_2}
-            where (bceid_userid is not null and bceid_userid=${
-              updateRequest.bceid_userid
-            }) OR (idir_userid is not null and idir_userid=${updateRequest.idir_userid});
+            where (bceid_userid is not null and bceid_userid=${updateRequest.bceid_userid
+    }) OR (idir_userid is not null and idir_userid=${updateRequest.idir_userid});
     `;
 };
diff --git a/app/src/UI/Header/Header.tsx b/app/src/UI/Header/Header.tsx
@@ -307,12 +307,7 @@ const LoginOrOutMemo = React.memo(() => {
   };
 
   const navToUpdateRequest = () => {
-    history.push({
-      pathname: '/AccessRequest',
-      state: {
-        updateInfo: true
-      }
-    });
+    history.push({ pathname: '/AccessRequest', });
     dispatch({
       type: TOGGLE_PANEL,
       payload: { panelOpen: true, fullScreen: true }

diff --git a/app/src/UI/Overlay/AccessRequest/AccessRequestPage.tsx b/app/src/UI/Overlay/AccessRequest/AccessRequestPage.tsx
@@ -85,7 +85,7 @@ const AccessRequestPage: React.FC<IAccessRequestPage> = (props) => {
   const [fundingAgenciesErrorText, setFundingAgenciesErrorText] = React.useState('');
   const [requestedRolesErrorText, setRequestedRolesErrorText] = React.useState('');
 
-  let isUpdating = false;
+  let isUpdating = authState?.roles?.length > 0 && authState?.extendedInfo?.account_status === 1;
 
   const isValid = (decline: boolean = false, valid: boolean = true): boolean => {
     const requiredFields = [
@@ -169,7 +169,6 @@ const AccessRequestPage: React.FC<IAccessRequestPage> = (props) => {
         fundingAgencies: fundingAgencies?.toString(),
         requestedRoles: requestedRoles?.toString(),
         comments: comments,
-        status: 'NOT_APPROVED',
         idirUserId: idir_userid,
         bceidUserId: bceid_userid
       };
@@ -202,13 +201,6 @@ const AccessRequestPage: React.FC<IAccessRequestPage> = (props) => {
       setSubmitted(true);
     }
   };
-
-  if (props?.location?.state?.updateInfo && props?.location?.state?.updateInfo === true) {
-    isUpdating = true;
-  } else {
-    isUpdating = false;
-  }
-
   const [userInfo, setUserInfo] = useState(undefined);
 
   useEffect(() => {
@@ -655,7 +647,6 @@ const AccessRequestPage: React.FC<IAccessRequestPage> = (props) => {
                           >
                             <TextField
                               style={{ width: 640 }}
-                              //classes={{ root: classes.root }}
                               multiline
                               rows={4}
                               value={comments}

diff --git a/app/src/hooks/useInvasivesApi.ts b/app/src/hooks/useInvasivesApi.ts
@@ -27,7 +27,7 @@ export const useInvasivesApi = () => {
       method: 'POST',
       headers: {
         Authorization: await getCurrentJWT(),
-        'Content-Type': 'applicatoin/josn'
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify(activitiesSearchCriteria)
     });