Added isUserAllowedToAccessDelegationsRoutes in AuthGuard.tsx

pagopa · Dec 11, 2024 · d366a30 · d366a30
1 parent 61a1b98
commit d366a30
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/src/components/layout/SideNav/hooks/useGetSideNavItems.ts b/src/components/layout/SideNav/hooks/useGetSideNavItems.ts
@@ -37,13 +37,13 @@ const views = [
 ] as const
 
 export function useGetSideNavItems() {
-  const { currentRoles, isSupport, isOrganizationAllowedToProduce } = AuthHooks.useJwt()
+  const { currentRoles, isSupport, isOrganizationAllowedToProduce, jwt } = AuthHooks.useJwt()
 
   const { data: tenant } = TenantHooks.useGetActiveUserParty()
 
   const isCertifier = isTenantCertifier(tenant)
 
-  const isPA = AuthHooks.useJwt().jwt?.externalId?.origin === 'IPA'
+  const isPA = jwt?.externalId?.origin === 'IPA'
 
   return React.useMemo(() => {
     /**

diff --git a/src/router/components/RoutesWrapper/AuthGuard.tsx b/src/router/components/RoutesWrapper/AuthGuard.tsx
@@ -59,8 +59,25 @@ export const AuthGuard: React.FC<AuthGuardProps> = ({
 
     return isAuthorized && !isInBlacklist && !(isInProvidersRoutes && !canAccessProviderRoutes)
   }
+
+  function isUserAllowedToAccessDelegationsRoutes() {
+    // The IsUserAllowedToAccessDelegationsRoutes method checks if the organization is a PA. Only a PA can access the delegations routes
+    const isPA = jwt?.externalId?.origin === 'IPA'
+    const delegationsRoutes: Array<RouteKey> = [
+      'DELEGATIONS',
+      'DELEGATION_DETAILS',
+      'CREATE_DELEGATION',
+    ]
+    return isPA || !delegationsRoutes.includes(routeKey)
+  }
+
   // JWT will be undefined just in case route is public.
-  if (jwt && (!isUserAllowedToAccessRoute() || !isUserAllowedToAccessCertifierRoutes())) {
+  if (
+    jwt &&
+    (!isUserAllowedToAccessRoute() ||
+      !isUserAllowedToAccessCertifierRoutes() ||
+      !isUserAllowedToAccessDelegationsRoutes())
+  ) {
     throw new ForbiddenError()
   }