diff --git a/src/components/layout/SideNav/hooks/useGetSideNavItems.ts b/src/components/layout/SideNav/hooks/useGetSideNavItems.ts index 38c464cde..c81e498f0 100644 --- a/src/components/layout/SideNav/hooks/useGetSideNavItems.ts +++ b/src/components/layout/SideNav/hooks/useGetSideNavItems.ts @@ -37,13 +37,13 @@ const views = [ ] as const export function useGetSideNavItems() { - const { currentRoles, isSupport, isOrganizationAllowedToProduce } = AuthHooks.useJwt() + const { currentRoles, isSupport, isOrganizationAllowedToProduce, jwt } = AuthHooks.useJwt() const { data: tenant } = TenantHooks.useGetActiveUserParty() const isCertifier = isTenantCertifier(tenant) - const isPA = AuthHooks.useJwt().jwt?.externalId?.origin === 'IPA' + const isPA = jwt?.externalId?.origin === 'IPA' return React.useMemo(() => { /** diff --git a/src/router/components/RoutesWrapper/AuthGuard.tsx b/src/router/components/RoutesWrapper/AuthGuard.tsx index 0c84cfa16..827633631 100644 --- a/src/router/components/RoutesWrapper/AuthGuard.tsx +++ b/src/router/components/RoutesWrapper/AuthGuard.tsx @@ -59,8 +59,25 @@ export const AuthGuard: React.FC = ({ return isAuthorized && !isInBlacklist && !(isInProvidersRoutes && !canAccessProviderRoutes) } + + function isUserAllowedToAccessDelegationsRoutes() { + // The IsUserAllowedToAccessDelegationsRoutes method checks if the organization is a PA. Only a PA can access the delegations routes + const isPA = jwt?.externalId?.origin === 'IPA' + const delegationsRoutes: Array = [ + 'DELEGATIONS', + 'DELEGATION_DETAILS', + 'CREATE_DELEGATION', + ] + return isPA || !delegationsRoutes.includes(routeKey) + } + // JWT will be undefined just in case route is public. - if (jwt && (!isUserAllowedToAccessRoute() || !isUserAllowedToAccessCertifierRoutes())) { + if ( + jwt && + (!isUserAllowedToAccessRoute() || + !isUserAllowedToAccessCertifierRoutes() || + !isUserAllowedToAccessDelegationsRoutes()) + ) { throw new ForbiddenError() }