From e9de752878114eaa8b656ea0dd8a64f5565b38e5 Mon Sep 17 00:00:00 2001
From: jonathan langlois <jonathan.langlois@gov.bc.ca>
Date: Wed, 5 Feb 2025 15:50:59 -0800
Subject: [PATCH] feat: admin idir access

allow admins to still use on-prem idir
---
 app/jest/form.test.tsx                        | 18 +++++++++++--
 app/schemas/providers-gold.ts                 |  2 ++
 .../__tests__/21.requests-validations.test.ts | 26 ++++++++++++++++++-
 lambda/app/src/controllers/requests.ts        | 15 ++++++-----
 4 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/app/jest/form.test.tsx b/app/jest/form.test.tsx
index 5d39b2a1..6ec1ee84 100644
--- a/app/jest/form.test.tsx
+++ b/app/jest/form.test.tsx
@@ -762,7 +762,7 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(productionCheckbox).toBeInTheDocument();
   });
 
-  it('should show idir idp for existing integrations', async () => {
+  it('should show idir idp for existing integrations for regular users that already use it', async () => {
     const { getByText } = setUpRender({
       id: 0,
       environments: ['dev'],
@@ -777,7 +777,7 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(azureIdirCheckbox).toBeChecked();
   });
 
-  it('should not show idir idp for existing integrations', async () => {
+  it('should not show idir idp for regular users updating existing integrations without it', async () => {
     const { getByText, queryByText } = setUpRender({
       id: 0,
       environments: ['dev'],
@@ -789,4 +789,18 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(queryByText('IDIR')).toBeNull();
     expect(azureIdirCheckbox).toBeChecked();
   });
+
+  it('should show idir idp for existing integrations without it for admin users', async () => {
+    const { queryByText } = setUpRender(
+      {
+        id: 0,
+        environments: ['dev'],
+        devIdps: [],
+        projectName: 'test project4',
+      },
+      { client_roles: ['sso-admin'], isAdmin: true },
+    );
+    fireEvent.click(sandbox.basicInfoBox);
+    expect(queryByText('IDIR')).not.toBeNull();
+  });
 });
diff --git a/app/schemas/providers-gold.ts b/app/schemas/providers-gold.ts
index f23c9b4b..c0a23945 100644
--- a/app/schemas/providers-gold.ts
+++ b/app/schemas/providers-gold.ts
@@ -116,6 +116,8 @@ export default function getSchema(
       }
     });
 
+    if (context.isAdmin && !idpEnum?.includes('idir')) idpEnum?.unshift('idir');
+
     properties.devIdps = {
       type: 'array',
       minItems: 1,
diff --git a/lambda/__tests__/21.requests-validations.test.ts b/lambda/__tests__/21.requests-validations.test.ts
index a3cf5071..94688d39 100644
--- a/lambda/__tests__/21.requests-validations.test.ts
+++ b/lambda/__tests__/21.requests-validations.test.ts
@@ -278,7 +278,7 @@ describe('integration validations', () => {
     console.error('EXCEPTION: ', err);
   }
 
-  it('should not allow adding discontinued idp', async () => {
+  it('should not allow regular users to add a discontinued idp', async () => {
     createMockAuth(TEAM_ADMIN_IDIR_USERID_01, TEAM_ADMIN_IDIR_EMAIL_01);
     let integrationRes = await createIntegration(
       getCreateIntegrationData({
@@ -302,6 +302,30 @@ describe('integration validations', () => {
     expect(updateIntegrationRes.body.devIdps).toEqual(['azureidir', 'bceidbasic']);
   });
 
+  it('should allow admin users to add a discontinued idp', async () => {
+    createMockAuth(TEAM_ADMIN_IDIR_USERID_01, TEAM_ADMIN_IDIR_EMAIL_01, ['sso-admin']);
+    let integrationRes = await createIntegration(
+      getCreateIntegrationData({
+        projectName: 'IDIR allowed',
+      }),
+    );
+
+    expect(integrationRes.status).toEqual(200);
+    const integration = integrationRes.body;
+
+    let updateIntegrationRes = await updateIntegration(
+      getUpdateIntegrationData({
+        integration,
+        identityProviders: ['idir', 'azureidir', 'bceidbasic'],
+        envs: ['dev', 'test', 'prod'],
+      }),
+      true,
+    );
+
+    expect(updateIntegrationRes.status).toEqual(200);
+    expect(updateIntegrationRes.body.devIdps).toEqual(['idir', 'azureidir', 'bceidbasic']);
+  });
+
   it('should preserve discontinued idp for existing integrations', async () => {
     const MOCK_USER_ID = -1;
     const MOCK_USER_EMAIL = 'test@user.com';
diff --git a/lambda/app/src/controllers/requests.ts b/lambda/app/src/controllers/requests.ts
index 0ebfefe6..d75496d0 100644
--- a/lambda/app/src/controllers/requests.ts
+++ b/lambda/app/src/controllers/requests.ts
@@ -508,12 +508,15 @@ export const updateRequest = async (
         }),
       );
     }
-    // filter out discontinued idps only for new integrations, i.e. only when adding new idps
-    const newIdps = rest.devIdps.filter((idp) => !originalData.devIdps.includes(idp));
-    const invalidIdps = getDiscontinuedIdps();
-    rest.devIdps = rest.devIdps.filter(
-      (idp) => !newIdps.includes(idp) || (newIdps.includes(idp) && !invalidIdps.includes(idp)),
-    );
+    // filter out discontinued idps only for non-admins creating new integrations, i.e. only when adding new idps
+
+    if (!userIsAdmin) {
+      const newIdps = rest.devIdps.filter((idp) => !originalData.devIdps.includes(idp));
+      const invalidIdps = getDiscontinuedIdps();
+      rest.devIdps = rest.devIdps.filter(
+        (idp) => !newIdps.includes(idp) || (newIdps.includes(idp) && !invalidIdps.includes(idp)),
+      );
+    }
 
     const allowedData = processRequest(session, rest, isMerged);
     assign(current, allowedData);