Jcs/fixes20230425

Harvest.Web/ClientApp/src/Closeout/CloseoutContainer.tsx

@@ -67,14 +67,14 @@ export const CloseoutContainer = () => {
 
   useEffect(() => {
     if (closeoutRequested) {
-      history.push(`${team}/project/details/${projectId}`);
+      history.push(`/${team}/project/details/${projectId}`);
     }
   }, [closeoutRequested, history, projectId, team]);
 
   const [getConfirmation] = useConfirmationDialog({
     title: "Initiate Closeout",
     message: (
-      <p>
+      <div>
         Upon PI approval, closeout will result in...
         <ul>
           <li>Generating a final invoice if there are any unbilled expenses</li>
@@ -83,7 +83,7 @@ export const CloseoutContainer = () => {
             on whether there are any pending invoices
           </li>
         </ul>
-      </p>
+      </div>
     ),
   });
 

Harvest.Web/ClientApp/src/Expenses/ExpenseEntryContainer.tsx

@@ -69,7 +69,7 @@ export const ExpenseEntryContainer = () => {
   const leavePage = useCallback(() => {
     // go to the project page unless you are a worker -- worker can't see the project page
     if (roles.includes("Worker")) {
-      history.push("/");
+      history.push(`/${team}/team`);
     } else {
       if (query.get(ExpenseQueryParams.ReturnOnSubmit) === "true") {
         history.goBack();

Harvest.Web/ClientApp/src/Projects/ProjectDetailContainer.tsx

@@ -1,4 +1,4 @@
-import { useEffect, useState } from "react";
+import { useEffect, useState, useContext } from "react";
 import { Link, useParams } from "react-router-dom";
 
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@@ -26,13 +26,15 @@ import { ProjectAlerts } from "./ProjectAlerts";
 import { authenticatedFetch } from "../Util/Api";
 import { addDays } from "../Util/Calculations";
 import { getDaysDiff } from "../Util/Calculations";
+import AppContext from "../Shared/AppContext";
 
 export const ProjectDetailContainer = () => {
   const { projectId, team } = useParams<CommonRouteParams>();
   const [project, setProject] = useState<Project>({} as Project);
   const [isLoading, setIsLoading] = useState(true);
   const [newFiles, setNewFiles] = useState<BlobFile[]>([]);
   const history = useHistory();
+  const userInfo = useContext(AppContext);
 
   const [notification, setNotification] = usePromiseNotification();
 
@@ -371,9 +373,23 @@ export const ProjectDetailContainer = () => {
       <div>
         {project.status !== "ChangeRequested" && (
           <div className="card-content">
-            <ShowFor roles={["PI", "FieldManager", "Supervisor", "System"]}>
+            <ShowFor
+              roles={["FieldManager", "Supervisor", "System"]}
+              condition={
+                project.principalInvestigator.iam !== userInfo.user.detail.iam
+              }
+            >
               <RecentTicketsContainer compact={true} projectId={projectId} />
             </ShowFor>
+            <ShowFor
+              roles={["PI"]}
+              condition={
+                project.principalInvestigator.iam === userInfo.user.detail.iam
+              }
+            >
+              <RecentTicketsContainer compact={true} projectId={projectId} />
+            </ShowFor>
+
             <RecentInvoicesContainer compact={true} projectId={projectId} />
           </div>
         )}

Harvest.Web/Controllers/Api/RequestController.cs

@@ -235,7 +235,7 @@ public async Task<ActionResult> Approve(int projectId, [FromBody] RequestApprova
         }
 
         [HttpPost]
-        [Authorize(Policy = AccessCodes.PrincipalInvestigatorOnly)]
+        [Authorize(Policy = AccessCodes.PrincipalInvestigatorandFinance)]
         public async Task<ActionResult> RejectQuote(int projectId, [FromBody] QuoteRejectionModel model)
         {
             if (string.IsNullOrWhiteSpace(model.Reason))
@@ -245,7 +245,16 @@ public async Task<ActionResult> RejectQuote(int projectId, [FromBody] QuoteRejec
             var project = await _dbContext.Projects.Include(a => a.PrincipalInvestigator).Include(a => a.Team).SingleAsync(p => p.Id == projectId && p.Team.Slug == TeamSlug);
             var quote = await _dbContext.Quotes.SingleAsync(a => a.ProjectId == projectId);
 
-            var currentUser = await _userService.GetCurrentUser();
+            var currentUser = await _userService.GetCurrentUser();
+
+            if (project.PrincipalInvestigator.Iam != currentUser.Iam)
+            {
+                var staleDays = (int)((DateTime.UtcNow - project.LastStatusUpdatedOn).TotalDays);
+                if (staleDays <= MinimumStaleDays)
+                {
+                    return BadRequest("You are not the principal investigator for this project and it isn't stale enough.");
+                }
+            }
 
             var ticketToCreate = new Ticket();
             ticketToCreate.ProjectId = projectId;

Harvest.Web/Controllers/Api/TicketController.cs

@@ -89,7 +89,7 @@ public async Task<ActionResult> RequiringManagerAttention(int? limit)
         }
 
         [HttpPost]
-        [Authorize(Policy = AccessCodes.FieldManagerAccess)]
+        [Authorize(Policy = AccessCodes.SupervisorAccess)]
         public async Task<ActionResult> UpdateWorkNotes(int projectId, int ticketId, [FromBody] string workNotes)
         {
             var ticketToUpdate = await _dbContext.Tickets.SingleAsync(a => a.Id == ticketId && a.ProjectId == projectId);

Test/TestsControllers/TestsApiControllers/RequestControllerTests.cs

@@ -76,7 +76,7 @@ public void TestControllerMethodAttributes()
             ControllerReflection.MethodExpectedAttribute<HttpPostAttribute>(methodName, countAdjustment + 3, testMessage: "RejectQuote");
             authAttribute = ControllerReflection.MethodExpectedAttribute<AuthorizeAttribute>(methodName, countAdjustment + 3);
             authAttribute.ShouldNotBeNull();
-            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.PrincipalInvestigatorOnly);
+            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.PrincipalInvestigatorandFinance);
             ControllerReflection.MethodExpectedAttribute<AsyncStateMachineAttribute>(methodName, countAdjustment + 3);
 
             //4 (Post of ChangeAccount)

Test/TestsControllers/TestsApiControllers/TicketControllerTests.cs

@@ -68,7 +68,7 @@ public void TestControllerMethodAttributes()
             ControllerReflection.MethodExpectedAttribute<HttpPostAttribute>(methodName, countAdjustment + 3);
             authAttribute = ControllerReflection.MethodExpectedAttribute<AuthorizeAttribute>(methodName, countAdjustment + 3);
             authAttribute.ShouldNotBeNull();
-            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.FieldManagerAccess);
+            authAttribute.ElementAt(0).Policy.ShouldBe(AccessCodes.SupervisorAccess);
             ControllerReflection.MethodExpectedAttribute<AsyncStateMachineAttribute>(methodName, countAdjustment + 3);
 
             //3 (Create Post)