diff --git a/backend/src/main/java/ca/bc/gov/app/ApplicationConstant.java b/backend/src/main/java/ca/bc/gov/app/ApplicationConstant.java index 7ac40107fe..4fcbbbe393 100644 --- a/backend/src/main/java/ca/bc/gov/app/ApplicationConstant.java +++ b/backend/src/main/java/ca/bc/gov/app/ApplicationConstant.java @@ -106,6 +106,7 @@ left join nrfc.province_code pc on (pc.province_code = sl.province_code and pc.c public static final String ROLE_VIEWER = "CLIENT_VIEWER"; public static final String ROLE_EDITOR = "CLIENT_EDITOR"; public static final String ROLE_ADMIN = "CLIENT_ADMIN"; + public static final String ROLE_SUSPEND = "CLIENT_SUSPEND"; public static final String OPENDATA_FILTER = "%s*%s*%s*%s*%s*%s*%s*%s*"; diff --git a/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java index 397219f897..2a6d524b52 100644 --- a/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java +++ b/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java @@ -169,6 +169,15 @@ public void customize(AuthorizeExchangeSpec authorize) { ApplicationConstant.ROLE_VIEWER, ApplicationConstant.ROLE_EDITOR, ApplicationConstant.ROLE_ADMIN); + + // Viewer, editor, suspend and admin users can GET from the clients endpoint + authorize + .pathMatchers(HttpMethod.GET, "/api/clients/search/**") + .hasAnyRole( + ApplicationConstant.ROLE_VIEWER, + ApplicationConstant.ROLE_EDITOR, + ApplicationConstant.ROLE_ADMIN, + ApplicationConstant.ROLE_SUSPEND); // Deny all other requests authorize.anyExchange().denyAll(); diff --git a/frontend/cypress/support/commands.ts b/frontend/cypress/support/commands.ts index 286c1453eb..f6135c78f1 100644 --- a/frontend/cypress/support/commands.ts +++ b/frontend/cypress/support/commands.ts @@ -78,7 +78,7 @@ Cypress.Commands.add( const userId = generateRandomHex(32); - const roles = provider === "idir" ? ["CLIENT_VIEWER", "CLIENT_EDITOR", "CLIENT_ADMIN"] : ["USER"]; + const roles = provider === "idir" ? ["CLIENT_VIEWER", "CLIENT_EDITOR", "CLIENT_ADMIN", "CLIENT_SUSPEND"] : ["USER"]; const jwtBody = { "custom:idp_display_name": name, diff --git a/frontend/src/pages/SearchPage.vue b/frontend/src/pages/SearchPage.vue index 44f3f7da1d..86f73ee7e3 100644 --- a/frontend/src/pages/SearchPage.vue +++ b/frontend/src/pages/SearchPage.vue @@ -19,7 +19,7 @@ import { const summitSvg = useSvg(summit); -const userhasAuthority = ["CLIENT_VIEWER", "CLIENT_EDITOR", "CLIENT_ADMIN"].some(authority => ForestClientUserSession.authorities.includes(authority)); +const userhasAuthority = ["CLIENT_VIEWER", "CLIENT_EDITOR", "CLIENT_ADMIN", "CLIENT_SUSPEND"].some(authority => ForestClientUserSession.authorities.includes(authority)); let networkErrorMsg = ref("");