28799 - Disallow Maximus users to perform certain actions (#837)

* 28799 - Disallow Maximus users to perform certain actions

* updated in response to Sev's comments

* fixed in response to Sev's comment

* removed async since it's not needed

Author: JazzarKarim

app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "name-request",
-  "version": "5.5.40",
+  "version": "5.5.41",
   "private": true,
   "appName": "Name Request UI",
   "sbcName": "SBC Common Components",

app/src/App.vue

@@ -174,11 +174,12 @@ export default class App extends Mixins(
   @Getter getIncorporateNowErrorStatus!: boolean
   @Getter getNrId!: number
   @Getter isAuthenticated!: boolean
-  @Getter isRoleStaff!: boolean
+  // @Getter isRoleStaff!: boolean
   @Getter isMobile!: boolean
   // @Getter isNewBusiness!: boolean
 
   // Global actions
+  @Action fetchAuthorizedActions!: () => void
   @Action resetAnalyzeName!: ActionBindingIF
   @Action setName!: ActionBindingIF
   @Action setDisplayedComponent!: ActionBindingIF
@@ -304,6 +305,9 @@ export default class App extends Mixins(
         this.staffPaymentErrorDialog = true
       }
     })
+
+    // fetch the user's authorized actions
+    this.fetchAuthorizedActions()
   }
 
   /** Fetches and stores the current JS date. */

app/src/components/existing-request/nr-approved-gray-box.vue

@@ -75,7 +75,7 @@
           v-else
           class="amalgamate-now-btn mt-30"
           min-width="20rem"
-          :disabled="disabled"
+          :disabled="disabled || !isAmalgamationAllowed"
           @click="$emit('affiliateYourBusiness')"
         >
           <strong>Amalgamate Now</strong>
@@ -102,9 +102,9 @@
         </v-btn>
         <v-btn
           v-else
-          class="amalgamate-now-btn mt-30"
+          class="continue-in-btn mt-30"
           min-width="20rem"
-          :disabled="disabled"
+          :disabled="disabled || !isContinuationInAllowed"
           @click="$emit('affiliateYourBusiness')"
         >
           <strong>Begin Continuation</strong>
@@ -241,7 +241,7 @@ import { Component, Mixins, Prop } from 'vue-property-decorator'
 import { Getter } from 'vuex-class'
 import { CommonMixin } from '@/mixins'
 import { NameRequestI } from '@/interfaces'
-import { EntityTypes, NrRequestActionCodes, NrState } from '@/enums'
+import { AuthorizedActions, EntityTypes, NrRequestActionCodes, NrState } from '@/enums'
 import ContactInfo from '@/components/common/contact-info.vue'
 
 @Component({
@@ -257,6 +257,7 @@ export default class NrApprovedGrayBox extends Mixins(CommonMixin) {
 
   @Getter getNr!: Partial<NameRequestI>
   @Getter getIsLearBusiness!: boolean
+  @Getter getAuthorizedActions!: AuthorizedActions[]
 
   isBusinesCheckDone = false
 
@@ -370,6 +371,16 @@ export default class NrApprovedGrayBox extends Mixins(CommonMixin) {
       this.isApprovedOrConsentUnRequired
     )
   }
+
+  /** Check if amalgamation is allowed based on user actions */
+  get isAmalgamationAllowed (): boolean {
+    return this.getAuthorizedActions.includes(AuthorizedActions.AMALGAMATION_FILING)
+  }
+
+  /** Check if continuation in is allowed based on user actions */
+  get isContinuationInAllowed (): boolean {
+    return this.getAuthorizedActions.includes(AuthorizedActions.CONTINUATION_IN_FILING)
+  }
 }
 
 </script>

app/src/components/new-request/search.vue

@@ -320,6 +320,7 @@
           <v-btn
             id="action-now-button"
             class="px-9"
+            :disabled="(isAmalgamation && !isAmalgamationAllowed) || (isContinuationIn && !isContinuationInAllowed)"
             @click="actionNowClicked()"
           >
             {{ actionNowButtonText }}
@@ -416,7 +417,7 @@ import RequestAction from '@/components/new-request/search-components/request-ac
 import XproFederalBullets from '@/components/new-request/search-components/xpro-federal-bullets.vue'
 import SocietiesInfo from '@/components/dialogs/societies-info-dialog.vue'
 
-import { EntityTypes } from '@/enums'
+import { AuthorizedActions, EntityTypes } from '@/enums'
 import { CommonMixin, NrAffiliationMixin, SearchMixin } from '@/mixins'
 import { Designations, XproMapping } from '@/list-data'
 import { Navigate } from '@/plugins'
@@ -446,7 +447,8 @@ export default class Search extends Mixins(CommonMixin, NrAffiliationMixin, Sear
   @Action setSocietiesModalVisible!: ActionBindingIF
 
   @Getter getIsLearBusiness!: boolean
-  @Getter isRoleStaff!: boolean
+  // @Getter isRoleStaff!: boolean
+  @Getter getAuthorizedActions!: string[]
 
   // Constant
   readonly colinLink = sessionStorage.getItem('CORPORATE_ONLINE_URL')
@@ -681,6 +683,16 @@ export default class Search extends Mixins(CommonMixin, NrAffiliationMixin, Sear
     return null
   }
 
+  /** Check if amalgamation is allowed based on user actions */
+  get isAmalgamationAllowed (): boolean {
+    return this.getAuthorizedActions.includes(AuthorizedActions.AMALGAMATION_FILING)
+  }
+
+  /** Check if continuation in is allowed based on user actions */
+  get isContinuationInAllowed (): boolean {
+    return this.getAuthorizedActions.includes(AuthorizedActions.CONTINUATION_IN_FILING)
+  }
+
   get showCheckNameButton (): boolean {
     // Conditional for "New BC-based business" Flow.
     // Show button if we're in "Start a new BC-based business" and non-numbered entity is selected.

app/src/enums/authorized-actions.ts

@@ -0,0 +1,5 @@
+/** List of authorized actions (permissions). */
+export enum AuthorizedActions {
+  AMALGAMATION_FILING = 'AMALGAMATION_FILING',
+  CONTINUATION_IN_FILING = 'CONTINUATION_IN_FILING'
+}

app/src/enums/index.ts

@@ -1,5 +1,6 @@
 export * from './account-type'
 export * from './advanced-search-tabs'
+export * from './authorized-actions'
 export * from './company-types'
 export * from './entity-types'
 export * from './furnished'

app/src/interfaces/state-interface.ts

@@ -1,10 +1,12 @@
+import { AuthorizedActions } from '@/enums'
 import { NewRequestIF } from '@/interfaces/new-request-interface'
 import { NameCheckModelIF, StaffPaymentIF, RefundParamsIF } from '@/interfaces'
 
 export interface StateModelIF {
   common: {
     currentJsDate: Date,
     keycloakRoles: Array<string>
+    authorizedActions: Array<AuthorizedActions>
   }
   newRequestModel: NewRequestIF
   staffPayment: StaffPaymentIF

app/src/services/business-services.ts

@@ -29,4 +29,20 @@ export default class BusinessServices {
 
     return axios.post(url, businessRequest, { headers: extraHeaders })
   }
+
+  /**
+   * Get authorized actions from business/legal api.
+   * @returns response object
+   */
+  static async getAuthorizedActions (): Promise<any> {
+    const url = `${this.legalApiUrl()}/permissions`
+
+    // Add API gateway-specific headers (in addition to interceptor)
+    const extraHeaders = GetFeatureFlag('use-business-api-gw-url') ? {
+      'Account-Id': JSON.parse(sessionStorage.getItem('CURRENT_ACCOUNT'))?.id || '',
+      'X-Apikey': process.env.VUE_APP_BUSINESS_API_KEY || ''
+    } : {}
+
+    return axios.get(url, { headers: extraHeaders })
+  }
 }

app/src/store/actions.ts

@@ -1,6 +1,7 @@
 import querystring from 'qs'
 import axios from 'axios'
 import {
+  AuthorizedActions,
   CompanyTypes,
   EntityStates,
   EntityTypes,
@@ -18,6 +19,7 @@ import {
 import { BAD_REQUEST, NOT_FOUND, OK, SERVICE_UNAVAILABLE } from 'http-status-codes'
 import removeAccents from 'remove-accents'
 import { GetFeatureFlag, Sleep, sanitizeName } from '@/plugins'
+import BusinessServices from '@/services/business-services'
 import NamexServices from '@/services/namex-services'
 import { appBaseURL } from '../router/router'
 import { DFLT_MIN_LENGTH, DFLT_MAX_LENGTH, MRAS_MIN_LENGTH, MRAS_MAX_LENGTH }
@@ -747,6 +749,22 @@ export const setKeycloakRoles = ({ commit }, keycloakRoles: string[]): void => {
   commit('mutateKeycloakRoles', keycloakRoles)
 }
 
+export const setAuthorizedActions = ({ commit }, authorizedActions: AuthorizedActions[]): void => {
+  commit('mutateAuthorizedActions', authorizedActions)
+}
+
+export const fetchAuthorizedActions = async ({ commit }): Promise<void> => {
+  try {
+    const response = await BusinessServices.getAuthorizedActions()
+    const authorizedActions = response.data.authorizedPermissions || []
+    commit('mutateAuthorizedActions', authorizedActions)
+  } catch (error) {
+    // eslint-disable-next-line no-console
+    console.error('Error fetching authorized actions:', error)
+    commit('mutateAuthorizedActions', [])
+  }
+}
+
 export const setStaffPayment = ({ commit }, staffPayment: StaffPaymentIF): void => {
   commit('mutateStaffPayment', staffPayment)
 }

app/src/store/getters.ts

@@ -28,6 +28,7 @@ import {
   SubmissionTypeT
 } from '@/interfaces'
 import {
+  AuthorizedActions,
   CompanyTypes,
   EntityTypes,
   Location,
@@ -1144,6 +1145,11 @@ export const getKeycloakRoles = (state: StateIF): Array<string> => {
   return state.stateModel.common.keycloakRoles
 }
 
+/** The user's authorized actions. */
+export const getAuthorizedActions = (state: StateIF): Array<AuthorizedActions> => {
+  return state.stateModel.common.authorizedActions
+}
+
 /** Whether the user has "staff" keycloak role. */
 export const isRoleStaff = (state: StateIF): boolean => {
   return state.stateModel.common.keycloakRoles.includes('staff')