@ministryofjustice/hmpps-prison-permissions-lib
Version:
A library to centralise the process of determining whether a user should have access to create/read/update/delete a prison resource, for example, accessing a prisoner's Prisoner Profile.
1 lines • 185 kB
Source Map (JSON)
{"version":3,"file":"index.cjs","sources":["../src/types/internal/permissions/PermissionCheckStatus.ts","../src/services/permissions/PermissionsLogger.ts","../src/data/hmppsPrisonerSearch/PrisonerSearchClient.ts","../src/types/public/permissions/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationPermissions.ts","../src/types/internal/user/Role.ts","../src/services/permissions/utils/PermissionUtils.ts","../src/services/permissions/checks/sharedChecks/baseCheckAndUserHasAllRoles/BaseCheckAndUserHasAllRoles.ts","../src/services/permissions/checks/sharedChecks/baseCheckAndUserHasRole/BaseCheckAndUserHasRole.ts","../src/services/permissions/checks/domains/sentenceAndOffence/personSentenceCalculation/sentenceCalculationRead/SentenceCalculationReadCheck.ts","../src/services/permissions/checks/domains/sentenceAndOffence/personSentenceCalculation/sentenceCalculationAdjustmentEdit/SentenceCalculationEditAdjustmentCheck.ts","../src/services/permissions/checks/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationCheck.ts","../src/services/permissions/checks/domains/sentenceAndOffence/SentenceAndOffenceCheck.ts","../src/services/permissions/checks/baseCheck/BaseCheck.ts","../src/services/permissions/checks/baseCheck/status/RestrictedPatientStatus.ts","../src/services/permissions/checks/baseCheck/status/ReleasedPrisonerStatus.ts","../src/services/permissions/checks/baseCheck/status/TransferringPrisonerStatus.ts","../src/services/permissions/checks/baseCheck/status/BaseCheckStatus.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerMoney/PrisonerMoneyPermissions.ts","../src/services/permissions/checks/sharedChecks/inUsersCaseLoad/InUsersCaseLoad.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerMoney/prisonerMoneyRead/PrisonerMoneyReadCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerMoney/PrisonerMoneyCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerAdjudications/PrisonerAdjudicationsPermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerAdjudications/prisonerAdjudicationsRead/PrisonerAdjudicationsReadCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerAdjudications/PrisonerAdjudicationsCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerIncentives/PrisonerIncentivesPermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerIncentives/prisonerIncentivesRead/PrisonerIncentivesReadCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerIncentives/PrisonerIncentivesCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/personPrisonCategory/PersonPrisonCategoryPermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/personPrisonCategory/personPrisonCategoryEdit/PersonPrisonCategoryEditCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/personPrisonCategory/PersonPrisonCategoryCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerSchedule/PrisonerSchedulePermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerSchedule/prisonerAppointmentEdit/PrisonerAppointmentEditCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerSchedule/prisonerActivityEdit/PrisonerActivityEditCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/prisonerSchedule/PrisonerScheduleCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/useOfForce/UseOfForcePermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/useOfForce/useOfForceEdit/UseOfForceEditCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/useOfForce/UseOfForceCheck.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerAlerts/PrisonerAlertsPermissions.ts","../src/services/permissions/checks/domains/prisonerSpecific/personAlerts/prisonerAlertsEdit/PrisonerAlertsEditCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/personAlerts/PrisonerAlertsCheck.ts","../src/services/permissions/checks/domains/prisonerSpecific/PrisonerSpecificCheck.ts","../src/types/public/permissions/domains/runningAPrison/prisonerVisitsAndVisitors/PrisonerVisitsAndVisitorsPermissions.ts","../src/services/permissions/checks/domains/runningAPrison/prisonerVisitsAndVisitors/prisonerVisitsAndVisitorsRead/PrisonerVisitsAndVisitorsReadCheck.ts","../src/services/permissions/checks/domains/runningAPrison/prisonerVisitsAndVisitors/PrisonerVisitsAndVisitorsCheck.ts","../src/services/permissions/checks/domains/runningAPrison/prisonerBaseLocation/locationDetailsAndHistoryRead/LocationDetailsAndHistoryReadCheck.ts","../src/types/public/permissions/domains/runningAPrison/prisonerBaseLocation/PrisonerBaseLocationPermissions.ts","../src/services/permissions/checks/domains/runningAPrison/prisonerBaseLocation/moveCell/MoveCellCheck.ts","../src/services/permissions/checks/domains/runningAPrison/prisonerBaseLocation/PrisonerBaseLocationCheck.ts","../src/services/permissions/checks/domains/runningAPrison/RunningAPrisonCheck.ts","../src/types/public/permissions/domains/person/caseNotes/CaseNotesPermissions.ts","../src/services/permissions/checks/domains/person/caseNotes/CaseNotesReadAndEditCheck.ts","../src/services/permissions/checks/domains/person/caseNotes/caseNotesRead/CaseNotesReadCheck.ts","../src/services/permissions/checks/sharedChecks/baseCheckAndUserHasSomeRolesFrom/BaseCheckAndUserHasSomeRolesFrom.ts","../src/services/permissions/checks/domains/person/caseNotes/sensitiveCaseNotesRead/SensitiveCaseNotesReadCheck.ts","../src/services/permissions/checks/domains/person/caseNotes/sensitiveCaseNotesDelete/SensitiveCaseNotesDeleteCheck.ts","../src/services/permissions/checks/domains/person/caseNotes/sensitiveCaseNotesEdit/SensitiveCaseNotesEditCheck.ts","../src/services/permissions/checks/domains/person/caseNotes/caseNotesEdit/CaseNotesEditCheck.ts","../src/services/permissions/checks/domains/person/caseNotes/CaseNotesCheck.ts","../src/types/public/permissions/domains/person/corePersonRecord/CorePersonRecordPermissions.ts","../src/services/permissions/checks/sharedChecks/inActiveCaseLoadAndUserHasSomeRolesFrom/InActiveCaseLoadAndUserHasSomeRolesFrom.ts","../src/services/permissions/checks/sharedChecks/inActiveCaseLoad/InActiveCaseLoad.ts","../src/services/permissions/checks/sharedChecks/prisonerProfileEditCheck/PrisonerProfileEditCheck.ts","../src/services/permissions/checks/sharedChecks/inActiveCaseLoadAndUserHasRole/InActiveCaseLoadAndUserHasRole.ts","../src/services/permissions/checks/sharedChecks/prisonerProfileSensitiveEditCheck/PrisonerProfileSensitiveEditCheck.ts","../src/services/permissions/checks/domains/person/corePersonRecord/photo/PhotoReadCheck.ts","../src/services/permissions/checks/domains/person/corePersonRecord/CorePersonRecordCheck.ts","../src/types/public/permissions/domains/person/personProtectedCharacteristics/PersonProtectedCharacteristicsPermissions.ts","../src/services/permissions/checks/domains/person/personProtectedCharacteristics/PersonProtectedCharacteristicsCheck.ts","../src/types/public/permissions/domains/person/personHealthAndMedication/PersonHealthAndMedicationPermissions.ts","../src/services/permissions/checks/domains/person/personHealthAndMedication/dietEdit/DietEditCheck.ts","../src/services/permissions/checks/domains/person/personHealthAndMedication/PersonHealthAndMedicationCheck.ts","../src/types/public/permissions/domains/person/personalRelationships/PersonalRelationshipsPermissions.ts","../src/services/permissions/checks/sharedChecks/inUsersCaseLoadAndUserHasSomeRolesFrom/InUsersCaseLoadAndUserHasSomeRolesFrom.ts","../src/services/permissions/checks/sharedChecks/inUsersCaseLoadAndUserHasRole/InUsersCaseLoadAndUserHasRole.ts","../src/services/permissions/checks/domains/person/personalRelationships/PersonalRelationshipsCheck.ts","../src/services/permissions/checks/domains/person/PersonCheck.ts","../src/types/public/permissions/domains/security/pathfinder/PathfinderPermissions.ts","../src/services/permissions/checks/domains/security/pathfinder/pathfinderRead/PathfinderReadCheck.ts","../src/services/permissions/checks/domains/security/pathfinder/pathfinderEdit/PathfinderEditCheck.ts","../src/services/permissions/checks/domains/security/pathfinder/PathfinderCheck.ts","../src/types/public/permissions/domains/security/soc/SOCPermissions.ts","../src/services/permissions/checks/domains/security/soc/socRead/SOCReadCheck.ts","../src/services/permissions/checks/domains/security/soc/socEdit/SOCEditCheck.ts","../src/services/permissions/checks/domains/security/soc/SOCCheck.ts","../src/services/permissions/checks/domains/security/SecurityCheck.ts","../src/types/public/permissions/domains/probation/probationDocuments/ProbationDocumentsPermissions.ts","../src/services/permissions/checks/domains/probation/probationDocuments/probationDocumentsRead/ProbationDocumentsReadCheck.ts","../src/services/permissions/checks/domains/probation/probationDocuments/ProbationDocumentsCheck.ts","../src/services/permissions/checks/domains/probation/ProbationCheck.ts","../src/types/public/permissions/domains/interventions/personInterventions/PersonInterventionsPermissions.ts","../src/services/permissions/checks/domains/interventions/personInterventions/csipRead/CSIPReadCheck.ts","../src/services/permissions/checks/domains/interventions/personInterventions/PersonInterventionsCheck.ts","../src/services/permissions/checks/domains/interventions/InterventionsCheck.ts","../src/types/public/permissions/prisoner/PrisonerPermissions.ts","../src/types/public/permissions/domains/personPlanAndNeeds/personCommunicationNeeds/PersonCommunicationNeedsPermissions.ts","../src/services/permissions/checks/domains/personPlanAndNeeds/personCommunicationNeeds/PersonCommunicationNeedsCheck.ts","../src/services/permissions/checks/domains/personPlanAndNeeds/PersonPlanAndNeedsCheck.ts","../src/services/permissions/PermissionsService.ts","../src/types/public/errors/PrisonerPermissionError.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerAdjudications/PrisonerAdjudicationsPermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerMoney/PrisonerMoneyPermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerIncentives/PrisonerIncentivesPermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/personPrisonCategory/PersonPrisonCategoryPermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerSchedule/PrisonerSchedulePermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/useOfForce/UseOfForcePermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/prisonerAlerts/PrisonerAlertsPermissionPaths.ts","../src/types/public/permissions/domains/prisonerSpecific/PrisonerSpecificDomainPermissionPaths.ts","../src/types/public/permissions/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationPermissionPaths.ts","../src/types/public/permissions/domains/sentenceAndOffence/SentenceAndOffenceDomainPermissionPaths.ts","../src/types/public/permissions/domains/runningAPrison/prisonerVisitsAndVisitors/PrisonerVisitsAndVisitorsPermissionPaths.ts","../src/types/public/permissions/domains/runningAPrison/prisonerBaseLocation/PrisonerBaseLocationPermissionPaths.ts","../src/types/public/permissions/domains/runningAPrison/RunningAPrisonDomainPermissionPaths.ts","../src/types/public/permissions/domains/person/caseNotes/CaseNotesPermissionPaths.ts","../src/types/public/permissions/domains/person/corePersonRecord/CorePersonRecordPermissionPaths.ts","../src/types/public/permissions/domains/person/personProtectedCharacteristics/PersonProtectedCharacteristicsPermissionPaths.ts","../src/types/public/permissions/domains/person/personHealthAndMedication/PersonHealthAndMedicationPermissionPaths.ts","../src/types/public/permissions/domains/person/personalRelationships/PersonalRelationshipsPermissionPaths.ts","../src/types/public/permissions/domains/person/PersonDomainPermissionPaths.ts","../src/types/public/permissions/domains/security/pathfinder/PathfinderPermissionPaths.ts","../src/types/public/permissions/domains/security/soc/SOCPermissionPaths.ts","../src/types/public/permissions/domains/security/SecurityDomainPermissionPaths.ts","../src/types/public/permissions/domains/probation/probationDocuments/ProbationDocumentsPermissionPaths.ts","../src/types/public/permissions/domains/probation/ProbationDomainPermissionPaths.ts","../src/types/public/permissions/domains/interventions/personInterventions/PersonInterventionsPermissionPaths.ts","../src/types/public/permissions/domains/interventions/InterventionsDomainPermissionPaths.ts","../src/types/public/permissions/domains/personPlanAndNeeds/personCommunicationNeeds/PersonCommunicationNeedsPermissionPaths.ts","../src/types/public/permissions/domains/personPlanAndNeeds/PersonPlanAndNeedsDomainPermissionPaths.ts","../src/types/public/permissions/prisoner/PrisonerPermissionPaths.ts","../src/types/public/permissions/prisoner/PrisonerPermissionsUtils.ts","../src/middleware/PrisonerPermissionsGuard.ts","../src/view/SetupNunjucksPermissions.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\nexport enum PermissionCheckStatus {\n NOT_PERMITTED = 'NOT_PERMITTED', // Generic not permitted status - default\n NOT_IN_CASELOAD = 'NOT_IN_CASELOAD',\n NOT_ACTIVE_CASELOAD = 'NOT_ACTIVE_CASELOAD',\n RESTRICTED_PATIENT = 'RESTRICTED_PATIENT',\n PRISONER_IS_RELEASED = 'PRISONER_IS_RELEASED',\n PRISONER_IS_TRANSFERRING = 'PRISONER_IS_TRANSFERRING',\n ROLE_NOT_PRESENT = 'ROLE_NOT_PRESENT',\n NOT_PRISON_USER = 'NOT_PRISON_USER',\n OK = 'OK',\n}\n","import { TelemetryClient } from 'applicationinsights'\nimport type Logger from 'bunyan'\nimport { PermissionCheckStatus } from '../../types/internal/permissions/PermissionCheckStatus'\nimport { HmppsUser } from '../../types/internal/user/HmppsUser'\nimport Prisoner from '../../data/hmppsPrisonerSearch/interfaces/Prisoner'\nimport { PrisonerPermission } from '../../types/public/permissions/prisoner/PrisonerPermissions'\n\nexport default class PermissionsLogger {\n constructor(\n private readonly logger: Logger | Console,\n private readonly telemetryClient?: TelemetryClient,\n ) {}\n\n logPermissionCheckStatus(\n user: HmppsUser,\n prisoner: Prisoner,\n permission: PrisonerPermission,\n permissionCheckStatus: PermissionCheckStatus,\n ) {\n if (permissionCheckStatus === PermissionCheckStatus.OK) return\n\n if (this.telemetryClient) {\n this.telemetryClient.trackEvent({\n name: 'prisoner-permission-denied',\n properties: {\n username: user.username,\n prisonerNumber: prisoner.prisonerNumber,\n activeCaseLoad: user.authSource === 'nomis' && user.activeCaseLoadId,\n permissionChecked: permission,\n status: permissionCheckStatus,\n },\n })\n } else {\n this.logger.info(`Prisoner permission denied: ${permission} (${permissionCheckStatus}) for user ${user.username}`)\n }\n }\n}\n","import { RestClient, ApiConfig, AuthenticationClient, asSystem } from '@ministryofjustice/hmpps-rest-client'\nimport type Logger from 'bunyan'\nimport Prisoner from './interfaces/Prisoner'\n\nexport default class PrisonerSearchClient extends RestClient {\n constructor(logger: Logger | Console, config: ApiConfig, authenticationClient: AuthenticationClient) {\n super('Prisoner Search', config, logger, authenticationClient)\n }\n\n getPrisonerDetails(prisonerNumber: string): Promise<Prisoner> {\n return this.get<Prisoner>({ path: `/prisoner/${prisonerNumber}` }, asSystem())\n }\n}\n","export enum PersonSentenceCalculationPermission {\n read = 'prisoner:person-sentence-calculation:read',\n edit_adjustments = 'prisoner:person-sentence-calculation:adjustments:edit',\n}\n\nexport type PersonSentenceCalculationPermissions = Record<PersonSentenceCalculationPermission, boolean>\n","// eslint-disable-next-line import/prefer-default-export\nexport enum Role {\n ActivityHub = 'ROLE_ACTIVITY_HUB',\n AddSensitiveCaseNotes = 'ROLE_ADD_SENSITIVE_CASE_NOTES',\n AdjustmentsMaintainer = 'ROLE_ADJUSTMENTS_MAINTAINER',\n ApproveCategorisation = 'ROLE_APPROVE_CATEGORISATION',\n CategorisationSecurity = 'ROLE_CATEGORISATION_SECURITY',\n CellMove = 'ROLE_CELL_MOVE',\n ContactsAdministrator = 'ROLE_CONTACTS_ADMINISTRATOR',\n ContactsAuthoriser = 'ROLE_CONTACTS_AUTHORISER',\n CreateCategorisation = 'ROLE_CREATE_CATEGORISATION',\n CreateRecategorisation = 'ROLE_CREATE_RECATEGORISATION',\n DeleteSensitiveCaseNotes = 'ROLE_DELETE_SENSITIVE_CASE_NOTES',\n DietAndAllergiesEdit = 'ROLE_DIET_AND_FOOD_ALLERGIES_EDIT',\n GlobalSearch = 'ROLE_GLOBAL_SEARCH',\n InactiveBookings = 'ROLE_INACTIVE_BOOKINGS',\n PathfinderApproval = 'ROLE_PF_APPROVAL',\n PathfinderHQ = 'ROLE_PF_HQ',\n PathfinderLocalReader = 'ROLE_PF_LOCAL_READER',\n PathfinderNationalReader = 'ROLE_PF_NATIONAL_READER',\n PathfinderPolice = 'ROLE_PF_POLICE',\n PathfinderPsychologist = 'ROLE_PF_PSYCHOLOGIST',\n PathfinderStdPrison = 'ROLE_PF_STD_PRISON',\n PathfinderStdProbation = 'ROLE_PF_STD_PROBATION',\n PathfinderUser = 'ROLE_PF_USER',\n PomUser = 'ROLE_POM',\n PrisonerProfilePhotoUpload = 'ROLE_PRISONER_PROFILE_PHOTO_UPLOAD',\n PrisonerProfileSensitiveEdit = 'ROLE_PRISONER_PROFILE_SENSITIVE_RW',\n ReceptionUser = 'ROLE_PRISON_RECEPTION',\n ReleaseDatesCalculator = 'ROLE_RELEASE_DATES_CALCULATOR',\n SocCommunity = 'ROLE_SOC_COMMUNITY',\n SocCustody = 'ROLE_SOC_CUSTODY',\n SocDataAnalyst = 'ROLE_SOC_DATA_ANALYST',\n SocDataManager = 'ROLE_SOC_DATA_MANAGER',\n UpdateAlert = 'ROLE_UPDATE_ALERT',\n ViewProbationDocuments = 'ROLE_VIEW_PROBATION_DOCUMENTS',\n ViewSensitiveCaseNotes = 'ROLE_VIEW_SENSITIVE_CASE_NOTES',\n}\n","import { HmppsUser } from '../../../types/internal/user/HmppsUser'\nimport { PrisonerPermission } from '../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport { Role } from '../../../types/internal/user/Role'\nimport { PermissionCheckStatus } from '../../../types/internal/permissions/PermissionCheckStatus'\nimport PermissionsCheckRequest from '../checks/PermissionsCheckRequest'\n\nexport function isRequiredPermission(\n permission: PrisonerPermission,\n requiredPermissions: PrisonerPermission[],\n): boolean {\n return requiredPermissions.includes(permission)\n}\n\nexport function logDeniedPermissionCheck(\n permission: PrisonerPermission,\n request: PermissionsCheckRequest,\n status: PermissionCheckStatus,\n) {\n const { user, prisoner, baseCheckStatus, requestDependentOn, permissionsLogger } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n\n if (isRequiredPermission(permission, requestDependentOn)) {\n permissionsLogger.logPermissionCheckStatus(user, prisoner, permission, baseCheckPassed ? status : baseCheckStatus)\n }\n}\n\nexport const isActiveCaseLoad = (prisonId: string | undefined, user: HmppsUser) =>\n user.authSource === 'nomis' && user.activeCaseLoadId === prisonId\n\nexport function isInUsersCaseLoad(prisonId: string | undefined, user: HmppsUser): boolean {\n return user.authSource === 'nomis' && user.caseLoads?.some(caseLoad => caseLoad.caseLoadId === prisonId)\n}\n\nexport function isReleasedOrTransferring(prisonId: string | undefined): boolean {\n return ['OUT', 'TRN'].includes(prisonId as string)\n}\n\nexport function userHasSomeRolesFrom(rolesToCheck: Role[], user: HmppsUser): boolean {\n return (\n rolesToCheck.length === 0 ||\n rolesToCheck.map(normaliseRoleText).some(role => user.userRoles.map(normaliseRoleText).includes(role))\n )\n}\n\nexport function userHasAllRoles(rolesToCheck: Role[], user: HmppsUser): boolean {\n return rolesToCheck.map(normaliseRoleText).every(role => user.userRoles.map(normaliseRoleText).includes(role))\n}\n\nexport const userHasRole = (roleToCheck: Role, user: HmppsUser): boolean => {\n return userHasAllRoles([roleToCheck], user)\n}\n\nconst normaliseRoleText = (role: string): string => role.replace(/ROLE_/, '')\n","import { PrisonerPermission } from '../../../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport PermissionsCheckRequest from '../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { logDeniedPermissionCheck, userHasAllRoles } from '../../../utils/PermissionUtils'\nimport { Role } from '../../../../../types/internal/user/Role'\n\nexport default function baseCheckAndUserHasAllRoles(\n roles: Role[],\n permission: PrisonerPermission,\n request: PermissionsCheckRequest,\n) {\n const { user, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check = baseCheckPassed && userHasAllRoles(roles, user)\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.ROLE_NOT_PRESENT)\n\n return check\n}\n","import { PrisonerPermission } from '../../../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport PermissionsCheckRequest from '../../PermissionsCheckRequest'\nimport { Role } from '../../../../../types/internal/user/Role'\nimport baseCheckAndUserHasAllRoles from '../baseCheckAndUserHasAllRoles/BaseCheckAndUserHasAllRoles'\n\nexport default function baseCheckAndUserHasRole(\n role: Role,\n permission: PrisonerPermission,\n request: PermissionsCheckRequest,\n) {\n return baseCheckAndUserHasAllRoles([role], permission, request)\n}\n","import { PersonSentenceCalculationPermission } from '../../../../../../../types/public/permissions/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationPermissions'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport baseCheckAndUserHasRole from '../../../../sharedChecks/baseCheckAndUserHasRole/BaseCheckAndUserHasRole'\n\nexport default function sentenceCalculationReadCheck(request: PermissionsCheckRequest) {\n return baseCheckAndUserHasRole(Role.ReleaseDatesCalculator, PersonSentenceCalculationPermission.read, request)\n}\n","import { PersonSentenceCalculationPermission } from '../../../../../../../types/public/permissions/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationPermissions'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport baseCheckAndUserHasRole from '../../../../sharedChecks/baseCheckAndUserHasRole/BaseCheckAndUserHasRole'\n\nexport default function sentenceCalculationEditAdjustmentCheck(request: PermissionsCheckRequest) {\n return baseCheckAndUserHasRole(\n Role.AdjustmentsMaintainer,\n PersonSentenceCalculationPermission.edit_adjustments,\n request,\n )\n}\n","import {\n PersonSentenceCalculationPermission,\n PersonSentenceCalculationPermissions,\n} from '../../../../../../types/public/permissions/domains/sentenceAndOffence/personSentenceCalculation/PersonSentenceCalculationPermissions'\nimport sentenceCalculationReadCheck from './sentenceCalculationRead/SentenceCalculationReadCheck'\nimport PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport sentenceCalculationEditAdjustmentCheck from './sentenceCalculationAdjustmentEdit/SentenceCalculationEditAdjustmentCheck'\n\nexport default function personSentenceCalculationCheck(\n request: PermissionsCheckRequest,\n): PersonSentenceCalculationPermissions {\n return {\n [PersonSentenceCalculationPermission.read]: sentenceCalculationReadCheck(request),\n [PersonSentenceCalculationPermission.edit_adjustments]: sentenceCalculationEditAdjustmentCheck(request),\n }\n}\n","import { SentenceAndOffenceDomainPermissions } from '../../../../../types/public/permissions/domains/sentenceAndOffence/SentenceAndOffenceDomainPermissions'\nimport PermissionsCheckRequest from '../../PermissionsCheckRequest'\nimport personSentenceCalculationCheck from './personSentenceCalculation/PersonSentenceCalculationCheck'\n\nexport default function sentenceAndOffenceCheck(request: PermissionsCheckRequest): SentenceAndOffenceDomainPermissions {\n return {\n personSentenceCalculation: personSentenceCalculationCheck(request),\n }\n}\n","import { PermissionCheckStatus } from '../../../../types/internal/permissions/PermissionCheckStatus'\nimport { PrisonerPermission } from '../../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport { isRequiredPermission } from '../../utils/PermissionUtils'\nimport PermissionsCheckRequest from '../PermissionsCheckRequest'\n\nexport default function baseCheck(permission: PrisonerPermission, request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus, requestDependentOn, permissionsLogger } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n\n if (!baseCheckPassed && isRequiredPermission(permission, requestDependentOn)) {\n permissionsLogger.logPermissionCheckStatus(user, prisoner, permission, baseCheckStatus)\n }\n\n return baseCheckPassed\n}\n","import { HmppsUser } from '../../../../../types/internal/user/HmppsUser'\nimport Prisoner from '../../../../../data/hmppsPrisonerSearch/interfaces/Prisoner'\nimport { isInUsersCaseLoad, userHasRole } from '../../../utils/PermissionUtils'\nimport { Role } from '../../../../../types/internal/user/Role'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\n\n/*\n * Restricted patients can be accessed in the following circumstances:\n * - The user has the \"Inactive Bookings\" role\n * - The user is a POM user and has the supporting prison ID in their caseloads\n */\nexport default function restrictedPatientStatus(user: HmppsUser, prisoner: Prisoner): PermissionCheckStatus {\n const pomUser = userHasRole(Role.PomUser, user)\n const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user)\n\n const userHasPrisonersSupportingPrisonInTheirCaseLoad = isInUsersCaseLoad(prisoner.supportingPrisonId, user)\n const userIsPomUserWithSupportingPrisonInTheirCaseLoad = pomUser && userHasPrisonersSupportingPrisonInTheirCaseLoad\n\n if (userIsPomUserWithSupportingPrisonInTheirCaseLoad) return PermissionCheckStatus.OK\n if (inactiveBookingsUser) return PermissionCheckStatus.OK\n\n return PermissionCheckStatus.RESTRICTED_PATIENT\n}\n","import { HmppsUser } from '../../../../../types/internal/user/HmppsUser'\nimport { userHasRole } from '../../../utils/PermissionUtils'\nimport { Role } from '../../../../../types/internal/user/Role'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\n\n/*\n * Released prisoners can be accessed in the following circumstances:\n * - The user has the \"Inactive Bookings\" role\n */\nexport default function releasedPrisonerStatus(user: HmppsUser): PermissionCheckStatus {\n const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user)\n\n if (inactiveBookingsUser) return PermissionCheckStatus.OK\n\n return PermissionCheckStatus.PRISONER_IS_RELEASED\n}\n","import { HmppsUser } from '../../../../../types/internal/user/HmppsUser'\nimport { userHasRole, userHasSomeRolesFrom } from '../../../utils/PermissionUtils'\nimport { Role } from '../../../../../types/internal/user/Role'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\n\n/*\n * Transferring prisoners can be accessed in the following circumstances:\n * - The user has the \"Global search\" role\n * - The user has the \"Inactive Bookings\" role\n */\nexport default function transferringPrisonerStatus(user: HmppsUser): PermissionCheckStatus {\n const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user)\n const globalSearchUser = userHasSomeRolesFrom([Role.GlobalSearch], user)\n\n if (globalSearchUser) return PermissionCheckStatus.OK\n if (inactiveBookingsUser) return PermissionCheckStatus.OK\n\n return PermissionCheckStatus.PRISONER_IS_TRANSFERRING\n}\n","/*\n * The \"default\" access checks for accessing information about a prisoner.\n *\n * This function can be used for checking what we consider the \"base checks\" for accessing a page on the prisoner profile\n * when no other special cases are given.\n */\nimport { HmppsUser } from '../../../../../types/internal/user/HmppsUser'\nimport Prisoner from '../../../../../data/hmppsPrisonerSearch/interfaces/Prisoner'\nimport { isInUsersCaseLoad, userHasSomeRolesFrom } from '../../../utils/PermissionUtils'\nimport { Role } from '../../../../../types/internal/user/Role'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\nimport restrictedPatientStatus from './RestrictedPatientStatus'\nimport releasedPrisonerStatus from './ReleasedPrisonerStatus'\nimport transferringPrisonerStatus from './TransferringPrisonerStatus'\n\nexport default function baseCheckStatus(user: HmppsUser, prisoner: Prisoner): PermissionCheckStatus {\n const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user)\n const globalSearchUser = userHasSomeRolesFrom([Role.GlobalSearch], user)\n\n if (user.authSource !== 'nomis') return PermissionCheckStatus.NOT_PRISON_USER\n if (prisoner.restrictedPatient) return restrictedPatientStatus(user, prisoner)\n if (prisoner.prisonId === 'OUT') return releasedPrisonerStatus(user)\n if (prisoner.prisonId === 'TRN') return transferringPrisonerStatus(user)\n if (inUsersCaseLoad || globalSearchUser) return PermissionCheckStatus.OK\n\n return PermissionCheckStatus.NOT_IN_CASELOAD\n}\n","export enum PrisonerMoneyPermission {\n read = 'prisoner:prisoner-money:read',\n}\n\nexport type PrisonerMoneyPermissions = Record<PrisonerMoneyPermission, boolean>\n","import { PrisonerPermission } from '../../../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport PermissionsCheckRequest from '../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isInUsersCaseLoad, logDeniedPermissionCheck } from '../../../utils/PermissionUtils'\n\nexport default function inUsersCaseLoad(permission: PrisonerPermission, request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check = baseCheckPassed && isInUsersCaseLoad(prisoner.prisonId, user)\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_IN_CASELOAD)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PrisonerMoneyPermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerMoney/PrisonerMoneyPermissions'\nimport inUsersCaseLoad from '../../../../sharedChecks/inUsersCaseLoad/InUsersCaseLoad'\n\nexport default function prisonerMoneyReadCheck(request: PermissionsCheckRequest) {\n return inUsersCaseLoad(PrisonerMoneyPermission.read, request)\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport {\n PrisonerMoneyPermission,\n PrisonerMoneyPermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerMoney/PrisonerMoneyPermissions'\nimport prisonerMoneyReadCheck from './prisonerMoneyRead/PrisonerMoneyReadCheck'\n\nexport default function prisonerMoneyCheck(request: PermissionsCheckRequest): PrisonerMoneyPermissions {\n return {\n [PrisonerMoneyPermission.read]: prisonerMoneyReadCheck(request),\n }\n}\n","export enum PrisonerAdjudicationsPermission {\n read = 'prisoner:prisoner-adjudications:read',\n}\n\nexport type PrisonerAdjudicationsPermissions = Record<PrisonerAdjudicationsPermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isInUsersCaseLoad, logDeniedPermissionCheck, userHasSomeRolesFrom } from '../../../../../utils/PermissionUtils'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport { PrisonerAdjudicationsPermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerAdjudications/PrisonerAdjudicationsPermissions'\n\nconst permission = PrisonerAdjudicationsPermission.read\n\nexport default function prisonerAdjudicationsReadCheck(request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check =\n baseCheckPassed &&\n (isInUsersCaseLoad(prisoner.prisonId, user) || userHasSomeRolesFrom([Role.PomUser, Role.ReceptionUser], user))\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_IN_CASELOAD)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport prisonerAdjudicationsReadCheck from './prisonerAdjudicationsRead/PrisonerAdjudicationsReadCheck'\nimport {\n PrisonerAdjudicationsPermission,\n PrisonerAdjudicationsPermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerAdjudications/PrisonerAdjudicationsPermissions'\n\nexport default function prisonerAdjudicationsCheck(request: PermissionsCheckRequest): PrisonerAdjudicationsPermissions {\n return {\n [PrisonerAdjudicationsPermission.read]: prisonerAdjudicationsReadCheck(request),\n }\n}\n","export enum PrisonerIncentivesPermission {\n read = 'prisoner:prisoner-incentives:read',\n}\n\nexport type PrisonerIncentivesPermissions = Record<PrisonerIncentivesPermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isInUsersCaseLoad, logDeniedPermissionCheck, userHasRole } from '../../../../../utils/PermissionUtils'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport { PrisonerIncentivesPermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerIncentives/PrisonerIncentivesPermissions'\n\nconst permission = PrisonerIncentivesPermission.read\n\nexport default function prisonerIncentivesReadCheck(request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check = baseCheckPassed && (isInUsersCaseLoad(prisoner.prisonId, user) || userHasRole(Role.GlobalSearch, user))\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_IN_CASELOAD)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport prisonerIncentivesReadCheck from './prisonerIncentivesRead/PrisonerIncentivesReadCheck'\nimport {\n PrisonerIncentivesPermission,\n PrisonerIncentivesPermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerIncentives/PrisonerIncentivesPermissions'\n\nexport default function prisonerIncentivesCheck(request: PermissionsCheckRequest): PrisonerIncentivesPermissions {\n return {\n [PrisonerIncentivesPermission.read]: prisonerIncentivesReadCheck(request),\n }\n}\n","export enum PersonPrisonCategoryPermission {\n edit = 'prisoner:person-prison-category:edit',\n}\n\nexport type PersonPrisonCategoryPermissions = Record<PersonPrisonCategoryPermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { logDeniedPermissionCheck, userHasSomeRolesFrom } from '../../../../../utils/PermissionUtils'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport { PersonPrisonCategoryPermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/personPrisonCategory/PersonPrisonCategoryPermissions'\n\nconst permission = PersonPrisonCategoryPermission.edit\n\nexport default function personPrisonCategoryEditCheck(request: PermissionsCheckRequest) {\n const { user, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check =\n baseCheckPassed &&\n userHasSomeRolesFrom(\n [Role.CreateCategorisation, Role.CreateRecategorisation, Role.ApproveCategorisation, Role.CategorisationSecurity],\n user,\n )\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.ROLE_NOT_PRESENT)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport personPrisonCategoryEditCheck from './personPrisonCategoryEdit/PersonPrisonCategoryEditCheck'\nimport {\n PersonPrisonCategoryPermission,\n PersonPrisonCategoryPermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/personPrisonCategory/PersonPrisonCategoryPermissions'\n\nexport default function personPrisonCategoryCheck(request: PermissionsCheckRequest): PersonPrisonCategoryPermissions {\n return {\n [PersonPrisonCategoryPermission.edit]: personPrisonCategoryEditCheck(request),\n }\n}\n","export enum PrisonerSchedulePermission {\n edit_appointment = 'prisoner:appointment:edit',\n edit_activity = 'prisoner:activity:edit',\n}\n\nexport type PrisonerSchedulePermissions = Record<PrisonerSchedulePermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isActiveCaseLoad, logDeniedPermissionCheck } from '../../../../../utils/PermissionUtils'\nimport { PrisonerSchedulePermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerSchedule/PrisonerSchedulePermissions'\n\nconst permission = PrisonerSchedulePermission.edit_appointment\n\nexport default function prisonerAppointmentEditCheck(request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check = baseCheckPassed && isActiveCaseLoad(prisoner.prisonId, user) && !prisoner.restrictedPatient\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_ACTIVE_CASELOAD)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isActiveCaseLoad, logDeniedPermissionCheck, userHasRole } from '../../../../../utils/PermissionUtils'\nimport { PrisonerSchedulePermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerSchedule/PrisonerSchedulePermissions'\nimport { Role } from '../../../../../../../types/internal/user/Role'\n\nconst permission = PrisonerSchedulePermission.edit_activity\n\nexport default function prisonerActivityEditCheck(request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const userHasActivityHubRole = userHasRole(Role.ActivityHub, user)\n\n const check =\n baseCheckPassed &&\n userHasActivityHubRole &&\n isActiveCaseLoad(prisoner.prisonId, user) &&\n !prisoner.restrictedPatient\n\n if (!check)\n logDeniedPermissionCheck(\n permission,\n request,\n userHasActivityHubRole ? PermissionCheckStatus.NOT_ACTIVE_CASELOAD : PermissionCheckStatus.ROLE_NOT_PRESENT,\n )\n\n return check\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport prisonerAppointmentEditCheck from './prisonerAppointmentEdit/PrisonerAppointmentEditCheck'\nimport {\n PrisonerSchedulePermission,\n PrisonerSchedulePermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerSchedule/PrisonerSchedulePermissions'\nimport prisonerActivityEditCheck from './prisonerActivityEdit/PrisonerActivityEditCheck'\n\nexport default function prisonerScheduleCheck(request: PermissionsCheckRequest): PrisonerSchedulePermissions {\n return {\n [PrisonerSchedulePermission.edit_appointment]: prisonerAppointmentEditCheck(request),\n [PrisonerSchedulePermission.edit_activity]: prisonerActivityEditCheck(request),\n }\n}\n","export enum UseOfForcePermission {\n edit = 'prisoner:use-of-force:edit',\n}\n\nexport type UseOfForcePermissions = Record<UseOfForcePermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport {\n isInUsersCaseLoad,\n isReleasedOrTransferring,\n logDeniedPermissionCheck,\n userHasRole,\n} from '../../../../../utils/PermissionUtils'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport { UseOfForcePermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/useOfForce/UseOfForcePermissions'\n\nconst permission = UseOfForcePermission.edit\n\nexport default function useOfForceEditCheck(request: PermissionsCheckRequest) {\n const { user, prisoner, baseCheckStatus } = request\n\n const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK\n const check =\n baseCheckPassed &&\n !prisoner.restrictedPatient &&\n (isInUsersCaseLoad(prisoner.prisonId, user) ||\n (isReleasedOrTransferring(prisoner.prisonId) && userHasRole(Role.InactiveBookings, user)))\n\n if (!check) logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_IN_CASELOAD)\n\n return check\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport useOfForceEditCheck from './useOfForceEdit/UseOfForceEditCheck'\nimport {\n UseOfForcePermission,\n UseOfForcePermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/useOfForce/UseOfForcePermissions'\n\nexport default function useOfForceCheck(request: PermissionsCheckRequest): UseOfForcePermissions {\n return {\n [UseOfForcePermission.edit]: useOfForceEditCheck(request),\n }\n}\n","export enum PrisonerAlertsPermission {\n edit = 'prisoner:prisoner-alerts:edit',\n}\n\nexport type PrisonerAlertsPermissions = Record<PrisonerAlertsPermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PrisonerAlertsPermission } from '../../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerAlerts/PrisonerAlertsPermissions'\nimport { Role } from '../../../../../../../types/internal/user/Role'\nimport { isInUsersCaseLoad, logDeniedPermissionCheck, userHasRole } from '../../../../../utils/PermissionUtils'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport releasedPrisonerStatus from '../../../../baseCheck/status/ReleasedPrisonerStatus'\nimport restrictedPatientStatus from '../../../../baseCheck/status/RestrictedPatientStatus'\n\nconst permission = PrisonerAlertsPermission.edit\n\nexport default function prisonerAlertsEditCheck(request: PermissionsCheckRequest) {\n const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK\n\n const alertsEditCheck = checkAlertsEditAccess(request)\n const alertsEditCheckPassed = alertsEditCheck === PermissionCheckStatus.OK\n\n const check = baseCheckPassed && alertsEditCheckPassed\n\n if (!check) logDeniedPermissionCheck(permission, request, alertsEditCheck)\n\n return check\n}\n\nfunction checkAlertsEditAccess(request: PermissionsCheckRequest): PermissionCheckStatus {\n const { user, prisoner } = request\n const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user)\n\n // User must have Update Alert role:\n if (!userHasRole(Role.UpdateAlert, user)) return PermissionCheckStatus.ROLE_NOT_PRESENT\n\n // Restricted patients follow the base check:\n if (prisoner.restrictedPatient) return restrictedPatientStatus(user, prisoner)\n\n // Released prisoners follow base check:\n if (prisoner.prisonId === 'OUT') return releasedPrisonerStatus(user)\n\n // For transferring prisoners, only the Inactive Bookings role is acceptable,\n // Global Search role is not sufficient:\n if (prisoner.prisonId === 'TRN') {\n return userHasRole(Role.InactiveBookings, user)\n ? PermissionCheckStatus.OK\n : PermissionCheckStatus.PRISONER_IS_TRANSFERRING\n }\n\n if (inUsersCaseLoad) return PermissionCheckStatus.OK\n\n // Global Search role is not sufficient for prisoners outside of user's caseload:\n return PermissionCheckStatus.NOT_IN_CASELOAD\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport prisonerAlertsEditCheck from './prisonerAlertsEdit/PrisonerAlertsEditCheck'\nimport {\n PrisonerAlertsPermission,\n PrisonerAlertsPermissions,\n} from '../../../../../../types/public/permissions/domains/prisonerSpecific/prisonerAlerts/PrisonerAlertsPermissions'\n\nexport default function prisonerAlertsCheck(request: PermissionsCheckRequest): PrisonerAlertsPermissions {\n return {\n [PrisonerAlertsPermission.edit]: prisonerAlertsEditCheck(request),\n }\n}\n","import PermissionsCheckRequest from '../../PermissionsCheckRequest'\nimport { PrisonerSpecificDomainPermissions } from '../../../../../types/public/permissions/domains/prisonerSpecific/PrisonerSpecificDomainPermissions'\nimport prisonerMoneyCheck from './prisonerMoney/PrisonerMoneyCheck'\nimport prisonerAdjudicationsCheck from './prisonerAdjudications/PrisonerAdjudicationsCheck'\nimport prisonerIncentivesCheck from './prisonerIncentives/PrisonerIncentivesCheck'\nimport personPrisonCategoryCheck from './personPrisonCategory/PersonPrisonCategoryCheck'\nimport prisonerScheduleCheck from './prisonerSchedule/PrisonerScheduleCheck'\nimport useOfForceCheck from './useOfForce/UseOfForceCheck'\nimport prisonerAlertsCheck from './personAlerts/PrisonerAlertsCheck'\n\nexport default function prisonerSpecificCheck(request: PermissionsCheckRequest): PrisonerSpecificDomainPermissions {\n return {\n prisonerMoney: prisonerMoneyCheck(request),\n prisonerAdjudications: prisonerAdjudicationsCheck(request),\n prisonerIncentives: prisonerIncentivesCheck(request),\n personPrisonCategory: personPrisonCategoryCheck(request),\n prisonerSchedule: prisonerScheduleCheck(request),\n useOfForce: useOfForceCheck(request),\n prisonerAlerts: prisonerAlertsCheck(request),\n }\n}\n","export enum PrisonerVisitsAndVisitorsPermission {\n read = 'prisoner:prisoner-visits-and-visitors:read',\n}\n\nexport type PrisonerVisitsAndVisitorsPermissions = Record<PrisonerVisitsAndVisitorsPermission, boolean>\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport inUsersCaseLoad from '../../../../sharedChecks/inUsersCaseLoad/InUsersCaseLoad'\nimport { PrisonerVisitsAndVisitorsPermission } from '../../../../../../../types/public/permissions/domains/runningAPrison/prisonerVisitsAndVisitors/PrisonerVisitsAndVisitorsPermissions'\n\nexport default function prisonerVisitsAndVisitorsReadCheck(request: PermissionsCheckRequest) {\n return inUsersCaseLoad(PrisonerVisitsAndVisitorsPermission.read, request)\n}\n","import PermissionsCheckRequest from '../../../PermissionsCheckRequest'\nimport prisonerVisitsAndVisitorsReadCheck from './prisonerVisitsAndVisitorsRead/PrisonerVisitsAndVisitorsReadCheck'\nimport {\n PrisonerVisitsAndVisitorsPermission,\n PrisonerVisitsAndVisitorsPermissions,\n} from '../../../../../../types/public/permissions/domains/runningAPrison/prisonerVisitsAndVisitors/PrisonerVisitsAndVisitorsPermissions'\n\nexport default function prisonerVisitsAndVisitorsCheck(\n request: PermissionsCheckRequest,\n): PrisonerVisitsAndVisitorsPermissions {\n return {\n [PrisonerVisitsAndVisitorsPermission.read]: prisonerVisitsAndVisitorsReadCheck(request),\n }\n}\n","import PermissionsCheckRequest from '../../../../PermissionsCheckRequest'\nimport { PermissionCheckStatus } from '../../../../../../../types/internal/permissions/PermissionCheckStatus'\nimport { isInUsersCaseLoad, logDeniedPermissionCheck } from '../../../../../utils/PermissionUtils'\nimport { PrisonerPermission } from '../../../../../../../types/public/permissions/prisoner/PrisonerPermissions'\nimport restrictedPatientStatus from '../../../../baseCheck/status/RestrictedPatientStatus'\nimport releasedPrisonerStatus from '../../../../baseCheck/status/ReleasedPrisonerStatus'\nimport transferringPrisonerStatus from '../../../../baseCheck/status/TransferringPrisonerStatus'\n\nexport default function locationDetailsAndHistoryReadCheck(\n permission: PrisonerPermission,\n request: PermissionsCheckRequest,\n) {\n const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK\n\n const locationDetailsAndHistoryCheckStatus = checkLocationDetailsAndHistoryAccess(request)\n const locationDetailsAndHistoryCheckPassed = locationDetailsAndHistoryCheckStatus === PermissionCheckStatus.OK\n\n const check = baseCheckPassed && locationDetailsAndHistoryCheckPassed\n\n if (!check) logDeniedPermissionCheck(permission, request, locationDetailsAndHistoryCheckStatus)\n\n return check\n}\n\nexport function checkLocationDetailsAndHistoryAccess(request: PermissionsCheckRequest) {\n const { user, prisoner } = request\n const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prison