PBAC Update user roles and permissions

src/components/APITokenDialog/index.test.tsx

@@ -26,7 +26,7 @@ const baseAuthCtx: AuthContextState = {
   user: null,
 };
 
-const baseUser: User = {
+const baseUser: Omit<User, "permissions"> = {
   _id: "",
   firstName: "",
   lastName: "",
@@ -38,20 +38,27 @@ const baseUser: User = {
   dataCommons: [],
   createdAt: "",
   updateAt: "",
+  notifications: [],
 };
 
 type ParentProps = {
   children: React.ReactNode;
   mocks?: MockedResponse[];
   role?: UserRole;
+  permissions?: AuthPermissions[];
 };
 
-const TestParent: FC<ParentProps> = ({ role = "Submitter", mocks = [], children }) => {
+const TestParent: FC<ParentProps> = ({
+  role = "Submitter",
+  permissions = ["data_submission:create"],
+  mocks = [],
+  children,
+}) => {
   const authState = useMemo<AuthContextState>(
     () => ({
       ...baseAuthCtx,
       isLoggedIn: true,
-      user: { ...baseUser, role },
+      user: { ...baseUser, role, permissions },
     }),
     [role]
   );
@@ -264,18 +271,15 @@ describe("Implementation Requirements", () => {
     expect(mockWriteText).not.toHaveBeenCalled();
   });
 
-  it.each<UserRole>(["Admin", "Federal Lead", "Data Curator", "User", "fake user" as UserRole])(
-    "should show an error when the user role %s tries to generate a token",
-    async (role) => {
-      const { getByText } = render(<ApiTokenDialog open />, {
-        wrapper: (p) => <TestParent {...p} role={role} />,
-      });
+  it("should show an error when the user without the required permission tries to generate a token", async () => {
+    const { getByText } = render(<ApiTokenDialog open />, {
+      wrapper: (p) => <TestParent {...p} permissions={[]} />,
+    });
 
-      userEvent.click(getByText(/Create Token/, { selector: "button" }));
+    userEvent.click(getByText(/Create Token/, { selector: "button" }));
 
-      await waitFor(() => {
-        expect(getByText(/Token was unable to be created./)).toBeInTheDocument();
-      });
-    }
-  );
+    await waitFor(() => {
+      expect(getByText(/Token was unable to be created./)).toBeInTheDocument();
+    });
+  });
 });

src/components/APITokenDialog/index.tsx

@@ -15,7 +15,7 @@ import GenericAlert, { AlertState } from "../GenericAlert";
 import { ReactComponent as CopyIconSvg } from "../../assets/icons/copy_icon.svg";
 import { ReactComponent as CloseIconSvg } from "../../assets/icons/close_icon.svg";
 import { useAuthContext } from "../Contexts/AuthContext";
-import { GenerateApiTokenRoles } from "../../config/AuthRoles";
+import { hasPermission } from "../../config/AuthPermissions";
 
 const StyledDialog = styled(Dialog)({
   "& .MuiDialog-paper": {
@@ -166,7 +166,7 @@ const APITokenDialog: FC<Props> = ({ onClose, open, ...rest }) => {
   };
 
   const generateToken = async () => {
-    if (!GenerateApiTokenRoles.includes(user?.role)) {
+    if (!hasPermission(user, "data_submission", "create")) {
       onGenerateTokenError();
       return;
     }

src/components/AccessRequest/FormDialog.test.tsx

@@ -87,6 +87,8 @@ const mockUser: User = {
   userStatus: "Active",
   updateAt: "",
   createdAt: "",
+  permissions: ["access:request"],
+  notifications: [],
 };
 
 type MockParentProps = {

src/components/AccessRequest/FormDialog.tsx

@@ -71,7 +71,7 @@ type Props = {
   onClose: () => void;
 } & Omit<DialogProps, "onClose">;
 
-const RoleOptions: UserRole[] = ["Submitter", "Organization Owner"];
+const RoleOptions: UserRole[] = ["Submitter"];
 
 /**
  * Provides a dialog for users to request access to a specific role.

src/components/AccessRequest/index.test.tsx

@@ -15,7 +15,7 @@ import {
   ListApprovedStudiesResp,
 } from "../../graphql";
 
-const mockUser: Omit<User, "role"> = {
+const mockUser: Omit<User, "role" | "permissions"> = {
   _id: "",
   firstName: "",
   lastName: "",
@@ -27,6 +27,7 @@ const mockUser: Omit<User, "role"> = {
   userStatus: "Active",
   updateAt: "",
   createdAt: "",
+  notifications: [],
 };
 
 const mockListApprovedStudies: MockedResponse<ListApprovedStudiesResp, ListApprovedStudiesInput> = {
@@ -47,15 +48,16 @@ const mockListApprovedStudies: MockedResponse<ListApprovedStudiesResp, ListAppro
 type MockParentProps = {
   mocks: MockedResponse[];
   role: UserRole;
+  permissions: AuthPermissions[];
   children: React.ReactNode;
 };
 
-const MockParent: FC<MockParentProps> = ({ mocks, role, children }) => {
+const MockParent: FC<MockParentProps> = ({ mocks, role, permissions, children }) => {
   const authValue: AuthContextState = useMemo<AuthContextState>(
     () => ({
       isLoggedIn: true,
       status: AuthContextStatus.LOADED,
-      user: { ...mockUser, role },
+      user: { ...mockUser, role, permissions },
     }),
     [role]
   );
@@ -70,7 +72,7 @@ const MockParent: FC<MockParentProps> = ({ mocks, role, children }) => {
 describe("Accessibility", () => {
   it("should not have any violations", async () => {
     const { container } = render(<AccessRequest />, {
-      wrapper: (p) => <MockParent {...p} mocks={[]} role="User" />,
+      wrapper: (p) => <MockParent {...p} mocks={[]} role="User" permissions={["access:request"]} />,
     });
 
     expect(await axe(container)).toHaveNoViolations();
@@ -80,7 +82,14 @@ describe("Accessibility", () => {
 describe("Basic Functionality", () => {
   it("should open the dialog when the 'Request Access' button is clicked", async () => {
     const { getByTestId, getByRole, queryByRole } = render(<AccessRequest />, {
-      wrapper: (p) => <MockParent {...p} mocks={[mockListApprovedStudies]} role="User" />,
+      wrapper: (p) => (
+        <MockParent
+          {...p}
+          mocks={[mockListApprovedStudies]}
+          role="User"
+          permissions={["access:request"]}
+        />
+      ),
     });
 
     expect(queryByRole("dialog")).not.toBeInTheDocument();
@@ -94,34 +103,16 @@ describe("Basic Functionality", () => {
 describe("Implementation Requirements", () => {
   it("should have a button with the text content 'Request Access'", async () => {
     const { getByText } = render(<AccessRequest />, {
-      wrapper: (p) => <MockParent {...p} mocks={[]} role="User" />,
+      wrapper: (p) => <MockParent {...p} mocks={[]} role="User" permissions={["access:request"]} />,
     });
 
     expect(getByText("Request Access")).toBeInTheDocument();
     expect(getByText("Request Access")).toBeEnabled();
   });
 
-  it.each<UserRole>(["User", "Submitter", "Organization Owner"])(
-    "should render the 'Request Access' button for the '%s' role",
-    (role) => {
-      const { getByTestId } = render(<AccessRequest />, {
-        wrapper: (p) => <MockParent {...p} mocks={[]} role={role} />,
-      });
-
-      expect(getByTestId("request-access-button")).toBeInTheDocument();
-    }
-  );
-
-  it.each<UserRole>([
-    "Admin",
-    "Data Commons POC",
-    "Federal Lead",
-    "Federal Monitor",
-    "Data Curator",
-    "fake role" as UserRole,
-  ])("should not render the 'Request Access' button for the '%s' role", (role) => {
+  it("should not render the 'Request Access' button without the required permission", async () => {
     const { queryByTestId } = render(<AccessRequest />, {
-      wrapper: (p) => <MockParent {...p} mocks={[]} role={role} />,
+      wrapper: (p) => <MockParent {...p} mocks={[]} role="User" permissions={[]} />,
     });
 
     expect(queryByTestId("request-access-button")).not.toBeInTheDocument();

src/components/AccessRequest/index.tsx

@@ -2,7 +2,7 @@ import { FC, memo, useState } from "react";
 import { Button, styled } from "@mui/material";
 import FormDialog from "./FormDialog";
 import { useAuthContext } from "../Contexts/AuthContext";
-import { CanRequestRoleChange } from "../../config/AuthRoles";
+import { hasPermission } from "../../config/AuthPermissions";
 
 const StyledButton = styled(Button)({
   marginLeft: "42px",
@@ -38,7 +38,7 @@ const AccessRequest: FC = (): React.ReactNode => {
     setDialogOpen(false);
   };
 
-  if (!user?.role || !CanRequestRoleChange.includes(user.role)) {
+  if (!hasPermission(user, "access", "request")) {
     return null;
   }
 

src/components/Collaborators/CollaboratorsDialog.test.tsx

@@ -45,6 +45,8 @@ const mockUser: User = {
   userStatus: "Active",
   updateAt: "",
   createdAt: "",
+  permissions: ["data_submission:view", "data_submission:create"],
+  notifications: [],
 };
 
 const mockSubmission = {
@@ -182,10 +184,7 @@ describe("CollaboratorsDialog Component", () => {
 
   it("calls onClose when Close button is clicked", () => {
     mockUseAuthContext.mockReturnValue({
-      user: {
-        ...mockUser,
-        role: "Admin",
-      },
+      user: { ...mockUser, _id: "some-other-user" } as User,
       status: AuthStatus.LOADED,
     });
 
@@ -367,20 +366,12 @@ describe("CollaboratorsDialog Component", () => {
     });
   });
 
-  it.each<UserRole>([
-    "User",
-    "Admin",
-    "Data Curator",
-    "Data Commons POC",
-    "Federal Lead",
-    "Federal Monitor",
-    "invalid-role" as UserRole,
-  ])("should disable inputs when user is role %s", (role) => {
+  it("should disable inputs when user does not have required permissions", async () => {
     mockUseAuthContext.mockReturnValue({
       user: {
         ...mockUser,
-        role,
-      },
+        permissions: ["data_submission:view"],
+      } as User,
       status: AuthStatus.LOADED,
     });
 
@@ -396,76 +387,24 @@ describe("CollaboratorsDialog Component", () => {
     expect(getByTestId("collaborators-dialog-close-button")).toBeInTheDocument();
   });
 
-  it.each<UserRole>(["Submitter", "Organization Owner"])(
-    "should enable inputs when user is role %s",
-    (role) => {
-      mockUseAuthContext.mockReturnValue({
-        user: {
-          ...mockUser,
-          role,
-        },
-        status: AuthStatus.LOADED,
-      });
-
-      const mockOnClose = jest.fn();
-      const { getByTestId, queryByTestId } = render(
-        <TestParent>
-          <CollaboratorsDialog open onClose={mockOnClose} onSave={jest.fn()} />
-        </TestParent>
-      );
-
-      expect(getByTestId("collaborators-dialog-save-button")).toBeInTheDocument();
-      expect(getByTestId("collaborators-dialog-cancel-button")).toBeInTheDocument();
-      expect(queryByTestId("collaborators-dialog-close-button")).not.toBeInTheDocument();
-    }
-  );
-
-  it("allows modification when user is Organization Owner regardless of submitterID", () => {
-    mockUseAuthContext.mockReturnValue({
-      user: { ...mockUser, role: "Organization Owner", _id: "user-99" },
-      status: AuthStatus.LOADED,
-    });
-
-    mockUseSubmissionContext.mockReturnValue({
-      data: { getSubmission: { ...mockSubmission, submitterID: "user-1" } },
-    });
-
-    const mockOnClose = jest.fn();
-    const { getByTestId, queryByTestId } = render(
-      <TestParent>
-        <CollaboratorsDialog open onClose={mockOnClose} onSave={jest.fn()} />
-      </TestParent>
-    );
-
-    expect(getByTestId("collaborators-dialog-save-button")).toBeInTheDocument();
-    expect(getByTestId("collaborators-dialog-cancel-button")).toBeInTheDocument();
-    expect(queryByTestId("collaborators-dialog-close-button")).not.toBeInTheDocument();
-  });
-
-  it("should not allow modification when user is Organization Owner of a different organization", () => {
+  it("should enable inputs when user has the required permissions", async () => {
     mockUseAuthContext.mockReturnValue({
       user: {
         ...mockUser,
-        role: "Organization Owner",
-        _id: "user-99",
-        organization: { orgID: "some-other-org" },
+        permissions: ["data_submission:view", "data_submission:create"],
       } as User,
       status: AuthStatus.LOADED,
     });
 
-    mockUseSubmissionContext.mockReturnValue({
-      data: { getSubmission: { ...mockSubmission, submitterID: "user-1" } },
-    });
-
     const mockOnClose = jest.fn();
     const { getByTestId, queryByTestId } = render(
       <TestParent>
         <CollaboratorsDialog open onClose={mockOnClose} onSave={jest.fn()} />
       </TestParent>
     );
 
-    expect(queryByTestId("collaborators-dialog-save-button")).not.toBeInTheDocument();
-    expect(queryByTestId("collaborators-dialog-cancel-button")).not.toBeInTheDocument();
-    expect(getByTestId("collaborators-dialog-close-button")).toBeInTheDocument();
+    expect(getByTestId("collaborators-dialog-save-button")).toBeInTheDocument();
+    expect(getByTestId("collaborators-dialog-cancel-button")).toBeInTheDocument();
+    expect(queryByTestId("collaborators-dialog-close-button")).not.toBeInTheDocument();
   });
 });

src/components/Collaborators/CollaboratorsDialog.tsx

@@ -5,8 +5,8 @@ import { ReactComponent as CloseIconSvg } from "../../assets/icons/close_icon.sv
 import CollaboratorsTable from "./CollaboratorsTable";
 import { useCollaboratorsContext } from "../Contexts/CollaboratorsContext";
 import { useSubmissionContext } from "../Contexts/SubmissionContext";
-import { canModifyCollaboratorsRoles } from "../../config/AuthRoles";
 import { Status as AuthStatus, useAuthContext } from "../Contexts/AuthContext";
+import { hasPermission } from "../../config/AuthPermissions";
 
 const StyledDialog = styled(Dialog)({
   "& .MuiDialog-paper": {
@@ -111,11 +111,9 @@ const CollaboratorsDialog = ({ onClose, onSave, open, ...rest }: Props) => {
   const isLoading = collaboratorLoading || status === AuthStatus.LOADING;
   const canModifyCollaborators = useMemo(
     () =>
-      canModifyCollaboratorsRoles.includes(user?.role) &&
-      (submission?.getSubmission?.submitterID === user?._id ||
-        (user?.role === "Organization Owner" &&
-          user?.organization?.orgID === submission?.getSubmission?.organization?._id)),
-    [canModifyCollaboratorsRoles, user, submission?.getSubmission]
+      hasPermission(user, "data_submission", "create") &&
+      submission?.getSubmission?.submitterID === user?._id,
+    [user, submission?.getSubmission]
   );
 
   useEffect(() => {

src/components/Collaborators/CollaboratorsTable.test.tsx

@@ -51,6 +51,8 @@ const mockUser: User = {
   userStatus: "Active",
   updateAt: "",
   createdAt: "",
+  permissions: ["data_submission:create"],
+  notifications: [],
 };
 
 const mockSubmission: Submission = {