bcgov · kyle1morel · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025
@@ -13,7 +13,7 @@ import {
   yarsService
 } from '../services';
 import { Initiative, GroupName } from '../utils/enums/application';
-import { getCurrentSubject } from '../utils/utils';
+import { getCurrentSubject, getCurrentUsername } from '../utils/utils';
 
 import type { NextFunction, Request, Response } from 'express';
 import { CurrentAuthorization } from '../types';
@@ -150,3 +150,30 @@ export const hasAccess = (param: string) => {
     next();
   };
 };
+
+export const hasAccessPermit = (param: string) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      if (req.currentAuthorization?.attributes.includes('scope:self')) {
+        const id = req.params[param];
+        const userId = await userService.getCurrentUserId(getCurrentSubject(req.currentContext), NIL);
+
+        let data;
+        const func = paramMap.get(param);
+        if (func) data = await func(id);
+
+        if (!data || data?.createdBy !== userId) {
+          const submission = (await submissionService.searchSubmissions({ activityId: [data.activityId] }))[0];
+          if (!submission || submission?.submittedBy !== getCurrentUsername(req.currentContext))
+            throw new Error('No access');
+        }
+      }
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    } catch (err: any) {
+      return next(new Problem(403, { detail: err.message, instance: req.originalUrl }));
+    }
+
+    // Continue middleware
+    next();
+  };
+};
@@ -2,7 +2,7 @@ import express from 'express';
 
 import permitNote from './permitNote';
 import { permitController } from '../../controllers';
-import { hasAccess, hasAuthorization } from '../../middleware/authorization';
+import { hasAccess, hasAccessPermit, hasAuthorization } from '../../middleware/authorization';
 import { requireSomeAuth } from '../../middleware/requireSomeAuth';
 import { requireSomeGroup } from '../../middleware/requireSomeGroup';
 import { Action, Resource } from '../../utils/enums/application';
@@ -71,7 +71,7 @@ router.get(
 router.get(
   '/:permitId',
   hasAuthorization(Resource.PERMIT, Action.READ),
-  hasAccess('permitId'),
+  hasAccessPermit('permitId'),
   permitValidator.getPermit,
   (req: Request<{ permitId: string }>, res: Response, next: NextFunction): void => {
     permitController.getPermit(req, res, next);

@@ -96,7 +96,7 @@
     "logout": "Log out"
   },
   "permitStatusView": {
-    "additionalUpdates": "Additional updates.",
+    "additionalUpdates": "Additional updates",
     "applicationProgress": "Application progress",
     "askNav": "Ask my Navigator",
     "contactNav": "Contact your Navigator for this project for further updates on this application.",

@@ -179,15 +179,6 @@ const routes: Array<RouteRecordRaw> = [
               access: [NavigationPermission.HOUSING_STATUS_TRACKER]
             },
             children: [
-              {
-                path: '',
-                component: () => import('@/views/housing/project/ProjectListView.vue'),
-                beforeEnter: accessHandler,
-                meta: {
-                  access: [NavigationPermission.HOUSING_STATUS_TRACKER]
-                },
-                name: RouteName.HOUSING_PROJECTS_LIST
-              },
               {
                 path: ':submissionId',
                 component: () => import('@/views/housing/project/ProjectView.vue'),

@@ -62,7 +62,8 @@ const NavigationAuthorizationMap = [
       NavigationPermission.HOUSING_DROPDOWN,
       NavigationPermission.HOUSING_ENQUIRY_INTAKE,
       NavigationPermission.HOUSING_SUBMISSION_INTAKE,
-      NavigationPermission.HOUSING_SUBMISSIONS_SUB
+      NavigationPermission.HOUSING_SUBMISSIONS_SUB,
+      NavigationPermission.HOUSING_STATUS_TRACKER
     ]
   },
   {

@@ -29,13 +29,6 @@ const { t } = useI18n();
 const route = useRoute();
 const router = useRouter();
 
-function onProjectClick(project: Submission) {
-  router.push({
-    name: RouteName.HOUSING_SUBMISSION_INTAKE,
-    query: { activityId: project.activityId, submissionId: project.submissionId }
-  });
-}
-
 function onSubmissionDraftDelete(draftId: string) {
   drafts.value = drafts.value.filter((x) => x.draftId !== draftId);
 }
@@ -166,15 +159,14 @@ onMounted(async () => {
         :index="index"
         class="rounded-sm shadow-md hover:shadow-lg px-6 py-4 custom-card hover-hand"
         :class="{ 'mb-2': index != displayedProjects.length - 1 }"
-        @click="onProjectClick(project)"
       >
         <div class="grid grid-cols-12 gap-4">
           <div class="col-span-3 flex items-center">
             <router-link
               class="no-underline"
               :to="{
-                name: RouteName.HOUSING_SUBMISSION_INTAKE,
-                query: { activityId: project.activityId, submissionId: project.submissionId }
+                name: RouteName.HOUSING_PROJECT,
+                params: { submissionId: project.submissionId }
               }"
             >
               <h4 class="font-bold mb-0">{{ project.projectName }}</h4>

@@ -20,11 +20,11 @@ import { RouteName } from '@/utils/enums/application';
 import { PermitAuthorizationStatus, PermitNeeded, PermitStatus, SubmissionType } from '@/utils/enums/housing';
 import { formatDate } from '@/utils/formatters';
 
-import { enquiryService, permitService, submissionService, userService } from '@/services';
+import { contactService, enquiryService, permitService, submissionService } from '@/services';
 import { useSubmissionStore, useTypeStore } from '@/store';
 
 import type { ComputedRef, Ref } from 'vue';
-import type { Permit, PermitType, User } from '@/types';
+import type { Contact, Permit, PermitType } from '@/types';
 import type { MenuItem } from 'primevue/menuitem';
 import EnquiryListProponent from '@/components/housing/enquiry/EnquiryListProponent.vue';
 
@@ -57,11 +57,11 @@ const typeStore = useTypeStore();
 const { getPermitTypes } = storeToRefs(typeStore);
 
 // State
-const assignee: Ref<User | undefined> = ref(undefined);
+const assignee: Ref<Contact | undefined> = ref(undefined);
 const breadcrumbItems: ComputedRef<Array<MenuItem>> = computed(() => [
   { label: getSubmission?.value?.projectName ?? '', class: 'font-bold' }
 ]);
-const createdBy: Ref<User | undefined> = ref(undefined);
+const createdBy: Ref<Contact | undefined> = ref(undefined);
 const loading: Ref<boolean> = ref(true);
 
 const permitsNeeded = computed(() => {
@@ -134,15 +134,14 @@ function permitFilter(config: PermitFilterConfig) {
   return returnArray.filter((pt) => !!pt) as Array<CombinedPermit>;
 }
 
-function navigateToSubmissionView() {
+function navigateToSubmissionIntakeView() {
   router.push({
-    name: RouteName.HOUSING_SUBMISSION,
+    name: RouteName.HOUSING_SUBMISSION_INTAKE,
     query: { activityId: getSubmission.value?.activityId, submissionId: getSubmission.value?.submissionId }
   });
 }
-
 onMounted(async () => {
-  let enquiriesValue, permitTypesValue, submissionValue;
+  let enquiriesValue, permitTypesValue, submissionValue: any;
 
   try {
     [submissionValue, permitTypesValue] = (
@@ -165,13 +164,13 @@ onMounted(async () => {
   submissionStore.setRelatedEnquiries(enquiriesValue);
   typeStore.setPermitTypes(permitTypesValue);
 
-  if (submissionValue?.assignedUserId) {
-    assignee.value = (await userService.searchUsers({ userId: [submissionValue.assignedUserId] })).data[0];
-  }
+  // Fetch contacts for createdBy and assignedUserId
+  // Push only thruthy values into the array
+  const userIds = [submissionValue?.assignedUserId, submissionValue?.createdBy].filter(Boolean);
+  const contacts = (await contactService.searchContacts({ userId: userIds })).data;
+  assignee.value = contacts.find((contact: Contact) => contact.userId === submissionValue?.assignedUserId);
+  createdBy.value = contacts.find((contact: Contact) => contact.userId === submissionValue?.createdBy);
 
-  if (submissionValue?.createdBy) {
-    createdBy.value = (await userService.searchUsers({ userId: [submissionValue.createdBy] })).data[0];
-  }
   loading.value = false;
 });
 </script>
@@ -192,9 +191,9 @@ onMounted(async () => {
       <h1
         class="m-0 cursor-pointer hover:underline"
         tabindex="0"
-        @click="navigateToSubmissionView()"
-        @keydown.enter.prevent="navigateToSubmissionView()"
-        @keydown.space.prevent="navigateToSubmissionView()"
+        @click="navigateToSubmissionIntakeView()"
+        @keydown.enter.prevent="navigateToSubmissionIntakeView()"
+        @keydown.space.prevent="navigateToSubmissionIntakeView()"
       >
         {{ getSubmission.projectName }}
         <font-awesome-icon

@@ -10,7 +10,7 @@ import { RouteName } from '@/utils/enums/application';
 import { PermitAuthorizationStatus, PermitAuthorizationStatusDescriptions, PermitStatus } from '@/utils/enums/housing';
 import { formatDate, formatDateLong } from '@/utils/formatters';
 
-import { permitService, submissionService, userService } from '@/services';
+import { contactService, permitService, submissionService } from '@/services';
 
 import type { Ref } from 'vue';
 import type { Permit, PermitType, Submission, User } from '@/types';
@@ -181,11 +181,13 @@ onBeforeMount(async () => {
       { label: permit?.value?.name, class: 'font-bold' }
     ];
     if (submission.value?.assignedUserId) {
-      assignedNavigator.value = (await userService.searchUsers({ userId: [submission.value.assignedUserId] })).data[0];
+      assignedNavigator.value = (
+        await contactService.searchContacts({ userId: [submission.value.assignedUserId] })
+      ).data[0];
     }
 
     if (permit.value?.updatedBy) {
-      const updatedByUser = (await userService.searchUsers({ userId: [permitResponse.data.updatedBy] })).data[0];
+      const updatedByUser = (await contactService.searchContacts({ userId: [permitResponse.data.updatedBy] })).data[0];
       updatedBy.value = updatedByUser.firstName + ' ' + updatedByUser.lastName;
     }
   } catch {