Merge pull request #2243 from HHS/mb/TTAHUB-3134/adjust-goal-permissions

[TTAHUB-3134] Allow admins to delete goals
HHS · Jul 2, 2024 · d1a6027 · d1a6027
2 parents ff92640 + 6b3bc92
commit d1a6027
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/src/policies/goals.js b/src/policies/goals.js
@@ -52,7 +52,11 @@ export default class Goal {
         )
         && permission.regionId === region),
     );
-    return !isUndefined(permissions);
+
+    // eslint-disable-next-line max-len
+    const isAdmin = find(this.user.permissions, (permission) => permission.scopeId === SCOPES.ADMIN);
+
+    return !isUndefined(isAdmin) || !isUndefined(permissions);
   }
 
   // refactored to take a region id rather than directly check

diff --git a/src/policies/goals.test.js b/src/policies/goals.test.js
@@ -76,7 +76,6 @@ describe('Goals policies', () => {
       const goal = {
         objectives: [],
         grant: { regionId: 2 },
-
       };
       const user = {
         permissions: [
@@ -90,6 +89,24 @@ describe('Goals policies', () => {
       const policy = new Goal(user, goal);
       expect(policy.canDelete()).toBe(true);
     });
+
+    it('returns true if user is admin', async () => {
+      const goal = {
+        objectives: [],
+        grant: { regionId: 2 },
+      };
+      const user = {
+        permissions: [
+          {
+            regionId: 14,
+            scopeId: SCOPES.ADMIN,
+          },
+        ],
+      };
+
+      const policy = new Goal(user, goal);
+      expect(policy.canDelete()).toBe(true);
+    });
   });
 
   describe('canCreate', () => {

diff --git a/src/routes/goals/handlers.js b/src/routes/goals/handlers.js
@@ -200,14 +200,14 @@ export async function deleteGoal(req, res) {
     }));
 
     if (!permissions.every((permission) => permission)) {
-      res.sendStatus(401);
+      res.sendStatus(httpCodes.UNAUTHORIZED);
       return;
     }
 
     const deletedGoal = await destroyGoal(ids);
 
     if (!deletedGoal) {
-      res.sendStatus(404);
+      res.sendStatus(httpCodes.NOT_FOUND);
       return;
     }