From 8b60f899142df96dc8d6768a1ac1a4ee2b6334be Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 07:55:26 -0700
Subject: [PATCH 1/8] Fixes

Allow Supervisor to enter/update work notes for a ticket
---
 Harvest.Web/Controllers/Api/TicketController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Harvest.Web/Controllers/Api/TicketController.cs b/Harvest.Web/Controllers/Api/TicketController.cs
index d3aa7cb2..0c3d3cf2 100644
--- a/Harvest.Web/Controllers/Api/TicketController.cs
+++ b/Harvest.Web/Controllers/Api/TicketController.cs
@@ -89,7 +89,7 @@ public async Task<ActionResult> RequiringManagerAttention(int? limit)
         }
 
         [HttpPost]
-        [Authorize(Policy = AccessCodes.FieldManagerAccess)]
+        [Authorize(Policy = AccessCodes.SupervisorAccess)]
         public async Task<ActionResult> UpdateWorkNotes(int projectId, int ticketId, [FromBody] string workNotes)
         {
             var ticketToUpdate = await _dbContext.Tickets.SingleAsync(a => a.Id == ticketId && a.ProjectId == projectId);

From df8008fc08487e7ae7b079f6933641d0f14ba57e Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 07:56:34 -0700
Subject: [PATCH 2/8] test

---
 .../TestsApiControllers/TicketControllerTests.cs                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Test/TestsControllers/TestsApiControllers/TicketControllerTests.cs b/Test/TestsControllers/TestsApiControllers/TicketControllerTests.cs
index 2f46b23a..897f2c2c 100644
--- a/Test/TestsControllers/TestsApiControllers/TicketControllerTests.cs
+++ b/Test/TestsControllers/TestsApiControllers/TicketControllerTests.cs
@@ -68,7 +68,7 @@ public void TestControllerMethodAttributes()
             ControllerReflection.MethodExpectedAttribute<HttpPostAttribute>(methodName, countAdjustment + 3);
             authAttribute = ControllerReflection.MethodExpectedAttribute<AuthorizeAttribute>(methodName, countAdjustment + 3);
             authAttribute.ShouldNotBeNull();
-            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.FieldManagerAccess);
+            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.SupervisorAccess);
             ControllerReflection.MethodExpectedAttribute<AsyncStateMachineAttribute>(methodName, countAdjustment + 3);
 
             //3 (Create Post)

From 16b24f164f5acbaae1edf1ae7017633d7b84fa17 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 08:36:25 -0700
Subject: [PATCH 3/8] Worker redirect to team

---
 Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx b/Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx
index 6aa2e6bd..f970368d 100644
--- a/Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx
+++ b/Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx
@@ -69,7 +69,7 @@ export const ExpenseEntryContainer = () => {
   const leavePage = useCallback(() => {
     // go to the project page unless you are a worker -- worker can't see the project page
     if (roles.includes("Worker")) {
-      history.push("/");
+      history.push(`/${team}/team`);
     } else {
       if (query.get(ExpenseQueryParams.ReturnOnSubmit) === "true") {
         history.goBack();

From dd9c3c7054d40a2004a52012dc17a11055d9f686 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 10:37:00 -0700
Subject: [PATCH 4/8] ul can't be a descendant of p

---
 Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx b/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
index 44fda81e..52dbf31e 100644
--- a/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
+++ b/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
@@ -74,7 +74,7 @@ export const CloseoutContainer = () => {
   const [getConfirmation] = useConfirmationDialog({
     title: "Initiate Closeout",
     message: (
-      <p>
+      <div>
         Upon PI approval, closeout will result in...
         <ul>
           <li>Generating a final invoice if there are any unbilled expenses</li>
@@ -83,7 +83,7 @@ export const CloseoutContainer = () => {
             on whether there are any pending invoices
           </li>
         </ul>
-      </p>
+      </div>
     ),
   });
 

From 1e7774974ebb731bba528ab2028f34417b2dad54 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 10:47:13 -0700
Subject: [PATCH 5/8] Need leading /

---
 Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx b/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
index 52dbf31e..11d053ff 100644
--- a/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
+++ b/Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx
@@ -67,7 +67,7 @@ export const CloseoutContainer = () => {
 
   useEffect(() => {
     if (closeoutRequested) {
-      history.push(`${team}/project/details/${projectId}`);
+      history.push(`/${team}/project/details/${projectId}`);
     }
   }, [closeoutRequested, history, projectId, team]);
 

From 5b1ae0d01795520b4a1ceae8b2fc80556f0e6e83 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 13:12:04 -0700
Subject: [PATCH 6/8] Allow Finance role to reject quote

---
 Harvest.Web/Controllers/Api/RequestController.cs    | 13 +++++++++++--
 .../TestsApiControllers/RequestControllerTests.cs   |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Harvest.Web/Controllers/Api/RequestController.cs b/Harvest.Web/Controllers/Api/RequestController.cs
index 09e71044..c3002ffd 100644
--- a/Harvest.Web/Controllers/Api/RequestController.cs
+++ b/Harvest.Web/Controllers/Api/RequestController.cs
@@ -235,7 +235,7 @@ public async Task<ActionResult> Approve(int projectId, [FromBody] RequestApprova
         }
 
         [HttpPost]
-        [Authorize(Policy = AccessCodes.PrincipalInvestigatorOnly)]
+        [Authorize(Policy = AccessCodes.PrincipalInvestigatorandFinance)]
         public async Task<ActionResult> RejectQuote(int projectId, [FromBody] QuoteRejectionModel model)
         {
             if (string.IsNullOrWhiteSpace(model.Reason))
@@ -245,7 +245,16 @@ public async Task<ActionResult> RejectQuote(int projectId, [FromBody] QuoteRejec
             var project = await _dbContext.Projects.Include(a => a.PrincipalInvestigator).Include(a => a.Team).SingleAsync(p => p.Id == projectId && p.Team.Slug == TeamSlug);
             var quote = await _dbContext.Quotes.SingleAsync(a => a.ProjectId == projectId);
 
-            var currentUser = await _userService.GetCurrentUser();
+            var currentUser = await _userService.GetCurrentUser();
+
+            if (project.PrincipalInvestigator.Iam != currentUser.Iam)
+            {
+                var staleDays = (int)((DateTime.UtcNow - project.LastStatusUpdatedOn).TotalDays);
+                if (staleDays <= MinimumStaleDays)
+                {
+                    return BadRequest("You are not the principal investigator for this project and it isn't stale enough.");
+                }
+            }
 
             var ticketToCreate = new Ticket();
             ticketToCreate.ProjectId = projectId;
diff --git a/Test/TestsControllers/TestsApiControllers/RequestControllerTests.cs b/Test/TestsControllers/TestsApiControllers/RequestControllerTests.cs
index d815b9d7..31349d68 100644
--- a/Test/TestsControllers/TestsApiControllers/RequestControllerTests.cs
+++ b/Test/TestsControllers/TestsApiControllers/RequestControllerTests.cs
@@ -76,7 +76,7 @@ public void TestControllerMethodAttributes()
             ControllerReflection.MethodExpectedAttribute<HttpPostAttribute>(methodName, countAdjustment + 3, testMessage: "RejectQuote");
             authAttribute = ControllerReflection.MethodExpectedAttribute<AuthorizeAttribute>(methodName, countAdjustment + 3);
             authAttribute.ShouldNotBeNull();
-            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.PrincipalInvestigatorOnly);
+            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.PrincipalInvestigatorandFinance);
             ControllerReflection.MethodExpectedAttribute<AsyncStateMachineAttribute>(methodName, countAdjustment + 3);
 
             //4 (Post of ChangeAccount)

From a8dc27d5424d6dd6d5b4c9554745eb3f1f044e76 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 13:13:03 -0700
Subject: [PATCH 7/8] Show when really PI

---
 .../src/Projects/ProjectDetailContainer.tsx   | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx b/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
index c66ad7a4..3fdd3e69 100644
--- a/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
+++ b/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
@@ -1,4 +1,4 @@
-import { useEffect, useState } from "react";
+import { useEffect, useState, useContext } from "react";
 import { Link, useParams } from "react-router-dom";
 
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@@ -26,6 +26,8 @@ import { ProjectAlerts } from "./ProjectAlerts";
 import { authenticatedFetch } from "../Util/Api";
 import { addDays } from "../Util/Calculations";
 import { getDaysDiff } from "../Util/Calculations";
+import Condition from "yup/lib/Condition";
+import AppContext from "../Shared/AppContext";
 
 export const ProjectDetailContainer = () => {
   const { projectId, team } = useParams<CommonRouteParams>();
@@ -33,6 +35,7 @@ export const ProjectDetailContainer = () => {
   const [isLoading, setIsLoading] = useState(true);
   const [newFiles, setNewFiles] = useState<BlobFile[]>([]);
   const history = useHistory();
+  const userInfo = useContext(AppContext);
 
   const [notification, setNotification] = usePromiseNotification();
 
@@ -371,9 +374,23 @@ export const ProjectDetailContainer = () => {
       <div>
         {project.status !== "ChangeRequested" && (
           <div className="card-content">
-            <ShowFor roles={["PI", "FieldManager", "Supervisor", "System"]}>
+            <ShowFor
+              roles={["FieldManager", "Supervisor", "System"]}
+              condition={
+                project.principalInvestigator.iam !== userInfo.user.detail.iam
+              }
+            >
               <RecentTicketsContainer compact={true} projectId={projectId} />
             </ShowFor>
+            <ShowFor
+              roles={["PI"]}
+              condition={
+                project.principalInvestigator.iam === userInfo.user.detail.iam
+              }
+            >
+              <RecentTicketsContainer compact={true} projectId={projectId} />
+            </ShowFor>
+
             <RecentInvoicesContainer compact={true} projectId={projectId} />
           </div>
         )}

From f982a595073a3165010ccbb4802717b42a72c213 Mon Sep 17 00:00:00 2001
From: Jason Sylvestre <jsylvestre@ucdavis.edu>
Date: Tue, 25 Apr 2023 13:18:55 -0700
Subject: [PATCH 8/8] Opps, got added by mistake

---
 Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx b/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
index 3fdd3e69..290a91de 100644
--- a/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
+++ b/Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx
@@ -26,7 +26,6 @@ import { ProjectAlerts } from "./ProjectAlerts";
 import { authenticatedFetch } from "../Util/Api";
 import { addDays } from "../Util/Calculations";
 import { getDaysDiff } from "../Util/Calculations";
-import Condition from "yup/lib/Condition";
 import AppContext from "../Shared/AppContext";
 
 export const ProjectDetailContainer = () => {