From 0c5d54e52cb8ef93d6bcaff4f562768975d03e8e Mon Sep 17 00:00:00 2001
From: Joonatan Kuosa <joonatan.kuosa@gmail.com>
Date: Fri, 6 Sep 2024 15:16:12 +0300
Subject: [PATCH] fix: permission checking units missing unit groups

---
 apps/admin-ui/gql/gql-types.ts                | 25 +++++++++----------
 apps/admin-ui/src/modules/permissionHelper.ts | 13 ++++++++++
 .../application-rounds/[id]/review/Review.tsx |  6 +++--
 apps/ui/gql/gql-types.ts                      | 14 +----------
 packages/common/gql/gql-types.ts              | 14 +----------
 tilavaraus.graphql                            | 22 +---------------
 6 files changed, 32 insertions(+), 62 deletions(-)

diff --git a/apps/admin-ui/gql/gql-types.ts b/apps/admin-ui/gql/gql-types.ts
index a7e2dbd0cc..a7e123fedc 100644
--- a/apps/admin-ui/gql/gql-types.ts
+++ b/apps/admin-ui/gql/gql-types.ts
@@ -362,10 +362,8 @@ export type ApplicationRoundNode = Node & {
   reservationUnitCount?: Maybe<Scalars["Int"]["output"]>;
   reservationUnits: Array<ReservationUnitNode>;
   sentDate?: Maybe<Scalars["DateTime"]["output"]>;
-  serviceSector?: Maybe<ServiceSectorNode>;
   status?: Maybe<ApplicationRoundStatusChoice>;
   statusTimestamp?: Maybe<Scalars["DateTime"]["output"]>;
-  targetGroup: TargetGroup;
   termsOfUse?: Maybe<TermsOfUseNode>;
 };
 
@@ -4801,16 +4799,6 @@ export type SuitableTimeRangeSerializerInput = {
   priority: Priority;
 };
 
-/** An enumeration. */
-export enum TargetGroup {
-  /** Kaikki */
-  All = "ALL",
-  /** Sisäinen */
-  Internal = "INTERNAL",
-  /** Julkinen */
-  Public = "PUBLIC",
-}
-
 export type TaxPercentageNode = Node & {
   /** The ID of the object */
   id: Scalars["ID"]["output"];
@@ -5310,7 +5298,7 @@ export enum UserRoleChoice {
   NotificationManager = "NOTIFICATION_MANAGER",
   /** Varaaja */
   Reserver = "RESERVER",
-  /** Katselika */
+  /** Katselija */
   Viewer = "VIEWER",
 }
 
@@ -7451,6 +7439,10 @@ export type CurrentUserQuery = {
       permissions?: Array<UserPermissionChoice | null> | null;
       role: UserRoleChoice;
       units: Array<{ id: string; pk?: number | null; nameFi?: string | null }>;
+      unitGroups: Array<{
+        id: string;
+        units: Array<{ id: string; pk?: number | null }>;
+      }>;
     }>;
     generalRoles: Array<{
       id: string;
@@ -13050,6 +13042,13 @@ export const CurrentUserDocument = gql`
           pk
           nameFi
         }
+        unitGroups {
+          id
+          units {
+            id
+            pk
+          }
+        }
         role
       }
       generalRoles {
diff --git a/apps/admin-ui/src/modules/permissionHelper.ts b/apps/admin-ui/src/modules/permissionHelper.ts
index 1b2ea0e05a..f504074f56 100644
--- a/apps/admin-ui/src/modules/permissionHelper.ts
+++ b/apps/admin-ui/src/modules/permissionHelper.ts
@@ -20,6 +20,13 @@ export const CURRENT_USER = gql`
           pk
           nameFi
         }
+        unitGroups {
+          id
+          units {
+            id
+            pk
+          }
+        }
         role
       }
       generalRoles {
@@ -45,6 +52,12 @@ function hasUnitPermission(
     if (perms.find((x) => x === permission) == null) {
       continue;
     }
+    const unitsInGroups = filterNonNullable(
+      role.unitGroups?.flatMap((x) => x.units.map((y) => y.pk))
+    );
+    if (unitsInGroups.find((x) => x === unitPk)) {
+      return true;
+    }
 
     // Check unit specific permissions
     if (role.units?.find((x) => x?.pk === unitPk)) {
diff --git a/apps/admin-ui/src/spa/recurring-reservations/application-rounds/[id]/review/Review.tsx b/apps/admin-ui/src/spa/recurring-reservations/application-rounds/[id]/review/Review.tsx
index 4282f158fb..d37a05b26d 100644
--- a/apps/admin-ui/src/spa/recurring-reservations/application-rounds/[id]/review/Review.tsx
+++ b/apps/admin-ui/src/spa/recurring-reservations/application-rounds/[id]/review/Review.tsx
@@ -252,8 +252,10 @@ export function Review({
   const { user } = useSession();
 
   // need filtered list of units that the user has permission to view
-  const ds = getUnitOptions(resUnits).filter((unit) =>
-    hasPermission(user, UserPermissionChoice.CanViewApplications, unit.pk)
+  const ds = getUnitOptions(resUnits).filter(
+    (unit) =>
+      hasPermission(user, UserPermissionChoice.CanViewApplications, unit.pk) ||
+      hasPermission(user, UserPermissionChoice.CanManageApplications, unit.pk)
   );
   const unitOptions = uniqBy(ds, (unit) => unit.pk).sort((a, b) =>
     a.nameFi.localeCompare(b.nameFi)
diff --git a/apps/ui/gql/gql-types.ts b/apps/ui/gql/gql-types.ts
index cba5a5d9b7..094a0c4da4 100644
--- a/apps/ui/gql/gql-types.ts
+++ b/apps/ui/gql/gql-types.ts
@@ -362,10 +362,8 @@ export type ApplicationRoundNode = Node & {
   reservationUnitCount?: Maybe<Scalars["Int"]["output"]>;
   reservationUnits: Array<ReservationUnitNode>;
   sentDate?: Maybe<Scalars["DateTime"]["output"]>;
-  serviceSector?: Maybe<ServiceSectorNode>;
   status?: Maybe<ApplicationRoundStatusChoice>;
   statusTimestamp?: Maybe<Scalars["DateTime"]["output"]>;
-  targetGroup: TargetGroup;
   termsOfUse?: Maybe<TermsOfUseNode>;
 };
 
@@ -4801,16 +4799,6 @@ export type SuitableTimeRangeSerializerInput = {
   priority: Priority;
 };
 
-/** An enumeration. */
-export enum TargetGroup {
-  /** Kaikki */
-  All = "ALL",
-  /** Sisäinen */
-  Internal = "INTERNAL",
-  /** Julkinen */
-  Public = "PUBLIC",
-}
-
 export type TaxPercentageNode = Node & {
   /** The ID of the object */
   id: Scalars["ID"]["output"];
@@ -5310,7 +5298,7 @@ export enum UserRoleChoice {
   NotificationManager = "NOTIFICATION_MANAGER",
   /** Varaaja */
   Reserver = "RESERVER",
-  /** Katselika */
+  /** Katselija */
   Viewer = "VIEWER",
 }
 
diff --git a/packages/common/gql/gql-types.ts b/packages/common/gql/gql-types.ts
index c25ba6b84c..8246e99750 100644
--- a/packages/common/gql/gql-types.ts
+++ b/packages/common/gql/gql-types.ts
@@ -362,10 +362,8 @@ export type ApplicationRoundNode = Node & {
   reservationUnitCount?: Maybe<Scalars["Int"]["output"]>;
   reservationUnits: Array<ReservationUnitNode>;
   sentDate?: Maybe<Scalars["DateTime"]["output"]>;
-  serviceSector?: Maybe<ServiceSectorNode>;
   status?: Maybe<ApplicationRoundStatusChoice>;
   statusTimestamp?: Maybe<Scalars["DateTime"]["output"]>;
-  targetGroup: TargetGroup;
   termsOfUse?: Maybe<TermsOfUseNode>;
 };
 
@@ -4801,16 +4799,6 @@ export type SuitableTimeRangeSerializerInput = {
   priority: Priority;
 };
 
-/** An enumeration. */
-export enum TargetGroup {
-  /** Kaikki */
-  All = "ALL",
-  /** Sisäinen */
-  Internal = "INTERNAL",
-  /** Julkinen */
-  Public = "PUBLIC",
-}
-
 export type TaxPercentageNode = Node & {
   /** The ID of the object */
   id: Scalars["ID"]["output"];
@@ -5310,7 +5298,7 @@ export enum UserRoleChoice {
   NotificationManager = "NOTIFICATION_MANAGER",
   /** Varaaja */
   Reserver = "RESERVER",
-  /** Katselika */
+  /** Katselija */
   Viewer = "VIEWER",
 }
 
diff --git a/tilavaraus.graphql b/tilavaraus.graphql
index c57c2cdaa5..c1ff7ec196 100644
--- a/tilavaraus.graphql
+++ b/tilavaraus.graphql
@@ -444,10 +444,8 @@ type ApplicationRoundNode implements Node {
     unit: [Int]
   ): [ReservationUnitNode!]!
   sentDate: DateTime
-  serviceSector: ServiceSectorNode
   status: ApplicationRoundStatusChoice
   statusTimestamp: DateTime
-  targetGroup: TargetGroup!
   termsOfUse: TermsOfUseNode
 }
 
@@ -5345,24 +5343,6 @@ input SuitableTimeRangeSerializerInput {
   priority: Priority!
 }
 
-"""
-An enumeration.
-"""
-enum TargetGroup {
-  """
-  Kaikki
-  """
-  ALL
-  """
-  Sisäinen
-  """
-  INTERNAL
-  """
-  Julkinen
-  """
-  PUBLIC
-}
-
 type TaxPercentageNode implements Node {
   """
   The ID of the object
@@ -5983,7 +5963,7 @@ enum UserRoleChoice {
   """
   RESERVER
   """
-  Katselika
+  Katselija
   """
   VIEWER
 }