Merge pull request #3987 from bcgov/feat/3792

feat(3792): add reviewer roles and deprecate admin emails

.secrets.baseline

@@ -199,88 +199,102 @@
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "585e08a40cba4d9adeb6049fdd1746d2039c7baa",
+        "hashed_secret": "354622109cd1e6dfbaeaf20ddaeb2f1dcf75f2ad",
         "is_verified": false,
         "line_number": 121
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "7b06ce0513cc895e467822b68c524db554ed906f",
+        "hashed_secret": "06a636d3d250b283efe3efe5a054f53c8a1fcc71",
         "is_verified": false,
         "line_number": 133
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "84f085263bbe0175d3671eb2ae41c3f4a3374ae4",
+        "hashed_secret": "585e08a40cba4d9adeb6049fdd1746d2039c7baa",
         "is_verified": false,
         "line_number": 145
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "f53fa175ff6c9e55bb1d7e5f337326dc16ac23e9",
+        "hashed_secret": "7b06ce0513cc895e467822b68c524db554ed906f",
         "is_verified": false,
         "line_number": 157
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "a0ad2797adaa2a4958055e4ac3e5252c94b65232",
+        "hashed_secret": "84f085263bbe0175d3671eb2ae41c3f4a3374ae4",
         "is_verified": false,
         "line_number": 169
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "b3de471f685196e83921c94db7012a9f159a2e2a",
+        "hashed_secret": "f53fa175ff6c9e55bb1d7e5f337326dc16ac23e9",
         "is_verified": false,
         "line_number": 181
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "8f891e2a8065b14c9061b4bcb2e130c39253f11f",
+        "hashed_secret": "a0ad2797adaa2a4958055e4ac3e5252c94b65232",
         "is_verified": false,
         "line_number": 193
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "57ba24c18ae64066d62df9945a6e6279a4dcc2f0",
+        "hashed_secret": "b3de471f685196e83921c94db7012a9f159a2e2a",
         "is_verified": false,
         "line_number": 205
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "792f030f6d9644c3b5871693936d0fc455bfc418",
+        "hashed_secret": "8f891e2a8065b14c9061b4bcb2e130c39253f11f",
         "is_verified": false,
         "line_number": 217
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "dd842220bc67e24722ab2b217662cd513afffde6",
+        "hashed_secret": "57ba24c18ae64066d62df9945a6e6279a4dcc2f0",
         "is_verified": false,
         "line_number": 229
       },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
-        "hashed_secret": "d65792c96c75e6c2ada1e8d13ea4f9585ee6bfed",
+        "hashed_secret": "792f030f6d9644c3b5871693936d0fc455bfc418",
         "is_verified": false,
         "line_number": 241
       },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "localdev/m365proxy/mocks.json",
+        "hashed_secret": "dd842220bc67e24722ab2b217662cd513afffde6",
+        "is_verified": false,
+        "line_number": 253
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "localdev/m365proxy/mocks.json",
+        "hashed_secret": "d65792c96c75e6c2ada1e8d13ea4f9585ee6bfed",
+        "is_verified": false,
+        "line_number": 265
+      },
       {
         "type": "Hex High Entropy String",
         "filename": "localdev/m365proxy/mocks.json",
         "hashed_secret": "4ea7429ddae71e5a40029e90995a4870b15a3917",
         "is_verified": false,
-        "line_number": 619
+        "line_number": 685
       }
     ]
   },
-  "generated_at": "2024-10-10T23:08:18Z"
+  "generated_at": "2024-10-14T18:33:46Z"
 }

app/.env.example

@@ -45,9 +45,6 @@ AWS_ROLES_CLIENT_ID=roles
 AWS_ROLES_CLIENT_SECRET=testsecret
 AWS_ROLES_REALM_NAME=public-cloud
 
-PRIVATE_ADMIN_EMAILS=
-PUBLIC_ADMIN_EMAILS=
-
 PRIVATE_NATS_HOST=localhost
 PRIVATE_NATS_PORT=4222
 PUBLIC_NATS_HOST=localhost

app/app/analytics/page.tsx

@@ -1,10 +1,10 @@
 import { loginEvents } from '@/analytics/general/login';
 import CombinedAreaGraph from '@/components/analytics/CombinedAreaGraph';
+import { GlobalPermissions } from '@/constants';
 import createServerPage from '@/core/server-page';
-import { PermissionsEnum } from '@/types/permissions';
 
 const analyticsDashboard = createServerPage({
-  permissions: [PermissionsEnum.ViewGeneralAnalytics],
+  permissions: [GlobalPermissions.ViewGeneralAnalytics],
 });
 export default analyticsDashboard(async () => {
   const loginEventData = await loginEvents();

app/app/api/analytics/csv/login/route.ts

@@ -1,10 +1,10 @@
 import { loginEvents } from '@/analytics/general/login';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse, NoContent } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewGeneralAnalytics],
+  permissions: [GlobalPermissions.ViewGeneralAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/analytics/csv/quota/route.ts

@@ -1,14 +1,14 @@
 import { ProjectStatus } from '@prisma/client';
 import _sum from 'lodash-es/sum';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import prisma from '@/core/prisma';
 import { CsvResponse, NoContent } from '@/core/responses';
 import { ministryKeyToName } from '@/helpers/product';
-import { PermissionsEnum } from '@/types/permissions';
 import { extractNumbers } from '@/utils/string';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewGeneralAnalytics],
+  permissions: [GlobalPermissions.ViewGeneralAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/billing/[idOrAccountCoding]/download/route.tsx

@@ -1,10 +1,10 @@
 import { Provider, Cluster, RequestType } from '@prisma/client';
 import { z } from 'zod';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import prisma from '@/core/prisma';
 import { PdfResponse, BadRequestResponse } from '@/core/responses';
 import { generateEmouPdf, Product } from '@/helpers/pdfs/emou';
-import { PermissionsEnum } from '@/types/permissions';
 import { processNumber, processUpperEnumString, processBoolean } from '@/utils/zod';
 import { getBillingIdWhere } from '../helpers';
 
@@ -18,7 +18,7 @@ const queryParamSchema = z.object({
 });
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.DownloadBillingMou],
+  permissions: [GlobalPermissions.DownloadBillingMou],
   validations: { pathParams: pathParamSchema, queryParams: queryParamSchema },
 });
 

app/app/api/private-cloud/analytics/csv/contact-changes/route.ts

@@ -1,10 +1,10 @@
 import { contactChangeRequests } from '@/analytics/private-cloud/contact-changes';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/analytics/csv/decision-time/route.ts

@@ -1,10 +1,10 @@
 import { requestDecisionTime } from '@/analytics/private-cloud/request-decision-time';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/analytics/csv/products/route.ts

@@ -1,10 +1,10 @@
 import { numberOfProductsOverTime } from '@/analytics/private-cloud/products';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/analytics/csv/quota-request-users/route.ts

@@ -1,10 +1,10 @@
 import { usersWithQuotaEditRequests } from '@/analytics/private-cloud/quota-changes';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/analytics/csv/quota-requests/route.ts

@@ -1,10 +1,10 @@
 import { quotaEditRequests } from '@/analytics/private-cloud/quota-changes';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/analytics/csv/requests/route.ts

@@ -1,10 +1,10 @@
 import { combinedRequests } from '@/analytics/private-cloud/requests';
+import { GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CsvResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 
 const apiHandler = createApiHandler({
-  permissions: [PermissionsEnum.ViewPrivateAnalytics],
+  permissions: [GlobalPermissions.ViewPrivateAnalytics],
 });
 
 export const GET = apiHandler(async () => {

app/app/api/private-cloud/products/[licencePlate]/comments/[commentId]/route.ts

@@ -1,8 +1,7 @@
 import { z } from 'zod';
-import { GlobalRole } from '@/constants';
+import { GlobalRole, GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { OkResponse, NotFoundResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 import { deleteOp } from '../_operations/delete';
 import { readOp } from '../_operations/read';
 import { updateOp } from '../_operations/update';
@@ -14,7 +13,7 @@ const licencePlateSchema = z.object({
 
 export const GET = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.ViewAllPrivateProductComments],
+  permissions: [GlobalPermissions.ViewAllPrivateProductComments],
   validations: {
     pathParams: licencePlateSchema,
   },
@@ -33,7 +32,7 @@ const updateCommentBodySchema = z.object({
 
 export const PUT = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.EditAllPrivateProductComments],
+  permissions: [GlobalPermissions.EditAllPrivateProductComments],
   validations: {
     pathParams: licencePlateSchema,
     body: updateCommentBodySchema,
@@ -50,7 +49,7 @@ export const PUT = createApiHandler({
 
 export const DELETE = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.DeleteAllPrivateProductComments],
+  permissions: [GlobalPermissions.DeleteAllPrivateProductComments],
   validations: {
     pathParams: licencePlateSchema,
   },

app/app/api/private-cloud/products/[licencePlate]/comments/_operations/list.test.ts

@@ -31,7 +31,7 @@ describe('Private Cloud Comments - Permissions', () => {
   });
 
   it('should successfully approve the request by admin', async () => {
-    await mockSessionByRole(GlobalRole.Admin);
+    await mockSessionByRole(GlobalRole.PrivateReviewer);
 
     const response = await makePrivateCloudRequestDecision(requests.create.id, {
       ...requests.create.decisionData,
@@ -128,6 +128,7 @@ describe('Private Cloud Comments - Validations', () => {
     localLicencePlate = createResponseBody.licencePlate;
     activeProjectId = createResponseBody.id;
 
+    await mockSessionByRole(GlobalRole.PrivateReviewer);
     const approveResponse = await makePrivateCloudRequestDecision(activeProjectId, {
       ...createResponseBody.decisionData,
       type: RequestType.CREATE,

app/app/api/private-cloud/products/[licencePlate]/comments/route.ts

@@ -1,8 +1,7 @@
 import { z } from 'zod';
-import { GlobalRole } from '@/constants';
+import { GlobalRole, GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { CreatedResponse, OkResponse, BadRequestResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 import { createOp } from './_operations/create';
 import { listOp } from './_operations/list';
 
@@ -19,7 +18,7 @@ const createCommentBodySchema = z
 
 export const POST = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.CreatePrivateProductComments],
+  permissions: [GlobalPermissions.CreatePrivateProductComments],
   validations: {
     body: createCommentBodySchema,
   },
@@ -39,7 +38,7 @@ const queryParamsSchema = z.object({
 
 export const GET = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.ViewAllPrivateProductComments],
+  permissions: [GlobalPermissions.ViewAllPrivateProductComments],
   validations: {
     pathParams: pathParamsSchema,
     queryParams: queryParamsSchema,

app/app/api/private-cloud/products/[licencePlate]/count/route.ts

@@ -1,8 +1,7 @@
 import { z } from 'zod';
-import { GlobalRole } from '@/constants';
+import { GlobalRole, GlobalPermissions } from '@/constants';
 import createApiHandler from '@/core/api-handler';
 import { OkResponse, BadRequestResponse } from '@/core/responses';
-import { PermissionsEnum } from '@/types/permissions';
 import { getCommentCountOp } from './_operations/count';
 
 const pathParamsSchema = z.object({
@@ -15,7 +14,7 @@ const queryParamsSchema = z.object({
 
 export const GET = createApiHandler({
   roles: [GlobalRole.Admin, GlobalRole.PrivateAdmin],
-  permissions: [PermissionsEnum.ViewAllPrivateProductComments],
+  permissions: [GlobalPermissions.ViewAllPrivateProductComments],
   validations: {
     pathParams: pathParamsSchema,
     queryParams: queryParamsSchema,

app/app/api/private-cloud/products/[licencePlate]/requests/route.test.ts

@@ -37,7 +37,7 @@ describe('List Private Cloud Product Requests - Permissions', () => {
 
     expect(res1.status).toBe(200);
 
-    await mockSessionByRole(GlobalRole.Admin);
+    await mockSessionByRole(GlobalRole.PrivateReviewer);
 
     const res2 = await makePrivateCloudRequestDecision(dat1.id, {
       ...dat1.decisionData,