bcgov · jlangy · Feb 6, 2025 · Feb 5, 2025
@@ -762,7 +762,7 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(productionCheckbox).toBeInTheDocument();
   });
 
-  it('should show idir idp for existing integrations', async () => {
+  it('should show idir idp for existing integrations for regular users that already use it', async () => {
     const { getByText } = setUpRender({
       id: 0,
       environments: ['dev'],
@@ -777,7 +777,7 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(azureIdirCheckbox).toBeChecked();
   });
 
-  it('should not show idir idp for existing integrations', async () => {
+  it('should not show idir idp for regular users updating existing integrations without it', async () => {
     const { getByText, queryByText } = setUpRender({
       id: 0,
       environments: ['dev'],
@@ -789,4 +789,18 @@ describe('BC Services Card IDP and dependencies', () => {
     expect(queryByText('IDIR')).toBeNull();
     expect(azureIdirCheckbox).toBeChecked();
   });
+
+  it('should show idir idp for existing integrations without it for admin users', async () => {
+    const { queryByText } = setUpRender(
+      {
+        id: 0,
+        environments: ['dev'],
+        devIdps: [],
+        projectName: 'test project4',
+      },
+      { client_roles: ['sso-admin'], isAdmin: true },
+    );
+    fireEvent.click(sandbox.basicInfoBox);
+    expect(queryByText('IDIR')).not.toBeNull();
+  });
 });
@@ -116,6 +116,8 @@ export default function getSchema(
       }
     });
 
+    if (context.isAdmin && !idpEnum?.includes('idir')) idpEnum?.unshift('idir');
+
     properties.devIdps = {
       type: 'array',
       minItems: 1,

@@ -278,7 +278,7 @@ describe('integration validations', () => {
     console.error('EXCEPTION: ', err);
   }
 
-  it('should not allow adding discontinued idp', async () => {
+  it('should not allow regular users to add a discontinued idp', async () => {
     createMockAuth(TEAM_ADMIN_IDIR_USERID_01, TEAM_ADMIN_IDIR_EMAIL_01);
     let integrationRes = await createIntegration(
       getCreateIntegrationData({
@@ -302,6 +302,30 @@ describe('integration validations', () => {
     expect(updateIntegrationRes.body.devIdps).toEqual(['azureidir', 'bceidbasic']);
   });
 
+  it('should allow admin users to add a discontinued idp', async () => {
+    createMockAuth(TEAM_ADMIN_IDIR_USERID_01, TEAM_ADMIN_IDIR_EMAIL_01, ['sso-admin']);
+    let integrationRes = await createIntegration(
+      getCreateIntegrationData({
+        projectName: 'IDIR allowed',
+      }),
+    );
+
+    expect(integrationRes.status).toEqual(200);
+    const integration = integrationRes.body;
+
+    let updateIntegrationRes = await updateIntegration(
+      getUpdateIntegrationData({
+        integration,
+        identityProviders: ['idir', 'azureidir', 'bceidbasic'],
+        envs: ['dev', 'test', 'prod'],
+      }),
+      true,
+    );
+
+    expect(updateIntegrationRes.status).toEqual(200);
+    expect(updateIntegrationRes.body.devIdps).toEqual(['idir', 'azureidir', 'bceidbasic']);
+  });
+
   it('should preserve discontinued idp for existing integrations', async () => {
     const MOCK_USER_ID = -1;
     const MOCK_USER_EMAIL = '[email protected]';

@@ -508,12 +508,15 @@ export const updateRequest = async (
         }),
       );
     }
-    // filter out discontinued idps only for new integrations, i.e. only when adding new idps
-    const newIdps = rest.devIdps.filter((idp) => !originalData.devIdps.includes(idp));
-    const invalidIdps = getDiscontinuedIdps();
-    rest.devIdps = rest.devIdps.filter(
-      (idp) => !newIdps.includes(idp) || (newIdps.includes(idp) && !invalidIdps.includes(idp)),
-    );
+    // filter out discontinued idps only for non-admins creating new integrations, i.e. only when adding new idps
+
+    if (!userIsAdmin) {
+      const newIdps = rest.devIdps.filter((idp) => !originalData.devIdps.includes(idp));
+      const invalidIdps = getDiscontinuedIdps();
+      rest.devIdps = rest.devIdps.filter(
+        (idp) => !newIdps.includes(idp) || (newIdps.includes(idp) && !invalidIdps.includes(idp)),
+      );
+    }
 
     const allowedData = processRequest(session, rest, isMerged);
     assign(current, allowedData);