@ministryofjustice/hmpps-prison-permissions-lib
Version:
A library to centralise the process of determining whether a user should have access to create/read/update/delete a prison resource, for example, accessing a prisoner's Prisoner Profile.
1,074 lines (972 loc) • 68.5 kB
JavaScript
import { RestClient, asSystem } from '@ministryofjustice/hmpps-rest-client';
// eslint-disable-next-line import/prefer-default-export
var PermissionCheckStatus;
(function (PermissionCheckStatus) {
PermissionCheckStatus["NOT_PERMITTED"] = "NOT_PERMITTED";
PermissionCheckStatus["NOT_IN_CASELOAD"] = "NOT_IN_CASELOAD";
PermissionCheckStatus["NOT_ACTIVE_CASELOAD"] = "NOT_ACTIVE_CASELOAD";
PermissionCheckStatus["RESTRICTED_PATIENT"] = "RESTRICTED_PATIENT";
PermissionCheckStatus["PRISONER_IS_RELEASED"] = "PRISONER_IS_RELEASED";
PermissionCheckStatus["PRISONER_IS_TRANSFERRING"] = "PRISONER_IS_TRANSFERRING";
PermissionCheckStatus["ROLE_NOT_PRESENT"] = "ROLE_NOT_PRESENT";
PermissionCheckStatus["NOT_PRISON_USER"] = "NOT_PRISON_USER";
PermissionCheckStatus["OK"] = "OK";
})(PermissionCheckStatus || (PermissionCheckStatus = {}));
class PermissionsLogger {
logger;
telemetryClient;
constructor(logger, telemetryClient) {
this.logger = logger;
this.telemetryClient = telemetryClient;
}
logPermissionCheckStatus(user, prisoner, permission, permissionCheckStatus) {
if (permissionCheckStatus === PermissionCheckStatus.OK)
return;
if (this.telemetryClient) {
this.telemetryClient.trackEvent({
name: 'prisoner-permission-denied',
properties: {
username: user.username,
prisonerNumber: prisoner.prisonerNumber,
activeCaseLoad: user.authSource === 'nomis' && user.activeCaseLoadId,
permissionChecked: permission,
status: permissionCheckStatus,
},
});
}
else {
this.logger.info(`Prisoner permission denied: ${permission} (${permissionCheckStatus}) for user ${user.username}`);
}
}
}
class PrisonerSearchClient extends RestClient {
constructor(logger, config, authenticationClient) {
super('Prisoner Search', config, logger, authenticationClient);
}
getPrisonerDetails(prisonerNumber) {
return this.get({ path: `/prisoner/${prisonerNumber}` }, asSystem());
}
}
var PersonSentenceCalculationPermission;
(function (PersonSentenceCalculationPermission) {
PersonSentenceCalculationPermission["read"] = "prisoner:person-sentence-calculation:read";
PersonSentenceCalculationPermission["edit_adjustments"] = "prisoner:person-sentence-calculation:adjustments:edit";
})(PersonSentenceCalculationPermission || (PersonSentenceCalculationPermission = {}));
// eslint-disable-next-line import/prefer-default-export
var Role;
(function (Role) {
Role["ActivityHub"] = "ROLE_ACTIVITY_HUB";
Role["AddSensitiveCaseNotes"] = "ROLE_ADD_SENSITIVE_CASE_NOTES";
Role["AdjustmentsMaintainer"] = "ROLE_ADJUSTMENTS_MAINTAINER";
Role["ApproveCategorisation"] = "ROLE_APPROVE_CATEGORISATION";
Role["CategorisationSecurity"] = "ROLE_CATEGORISATION_SECURITY";
Role["CellMove"] = "ROLE_CELL_MOVE";
Role["ContactsAdministrator"] = "ROLE_CONTACTS_ADMINISTRATOR";
Role["ContactsAuthoriser"] = "ROLE_CONTACTS_AUTHORISER";
Role["CreateCategorisation"] = "ROLE_CREATE_CATEGORISATION";
Role["CreateRecategorisation"] = "ROLE_CREATE_RECATEGORISATION";
Role["DeleteSensitiveCaseNotes"] = "ROLE_DELETE_SENSITIVE_CASE_NOTES";
Role["DietAndAllergiesEdit"] = "ROLE_DIET_AND_FOOD_ALLERGIES_EDIT";
Role["GlobalSearch"] = "ROLE_GLOBAL_SEARCH";
Role["InactiveBookings"] = "ROLE_INACTIVE_BOOKINGS";
Role["PathfinderApproval"] = "ROLE_PF_APPROVAL";
Role["PathfinderHQ"] = "ROLE_PF_HQ";
Role["PathfinderLocalReader"] = "ROLE_PF_LOCAL_READER";
Role["PathfinderNationalReader"] = "ROLE_PF_NATIONAL_READER";
Role["PathfinderPolice"] = "ROLE_PF_POLICE";
Role["PathfinderPsychologist"] = "ROLE_PF_PSYCHOLOGIST";
Role["PathfinderStdPrison"] = "ROLE_PF_STD_PRISON";
Role["PathfinderStdProbation"] = "ROLE_PF_STD_PROBATION";
Role["PathfinderUser"] = "ROLE_PF_USER";
Role["PomUser"] = "ROLE_POM";
Role["PrisonerProfilePhotoUpload"] = "ROLE_PRISONER_PROFILE_PHOTO_UPLOAD";
Role["PrisonerProfileSensitiveEdit"] = "ROLE_PRISONER_PROFILE_SENSITIVE_RW";
Role["ReceptionUser"] = "ROLE_PRISON_RECEPTION";
Role["ReleaseDatesCalculator"] = "ROLE_RELEASE_DATES_CALCULATOR";
Role["SocCommunity"] = "ROLE_SOC_COMMUNITY";
Role["SocCustody"] = "ROLE_SOC_CUSTODY";
Role["SocDataAnalyst"] = "ROLE_SOC_DATA_ANALYST";
Role["SocDataManager"] = "ROLE_SOC_DATA_MANAGER";
Role["UpdateAlert"] = "ROLE_UPDATE_ALERT";
Role["ViewProbationDocuments"] = "ROLE_VIEW_PROBATION_DOCUMENTS";
Role["ViewSensitiveCaseNotes"] = "ROLE_VIEW_SENSITIVE_CASE_NOTES";
})(Role || (Role = {}));
function isRequiredPermission(permission, requiredPermissions) {
return requiredPermissions.includes(permission);
}
function logDeniedPermissionCheck(permission, request, status) {
const { user, prisoner, baseCheckStatus, requestDependentOn, permissionsLogger } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
if (isRequiredPermission(permission, requestDependentOn)) {
permissionsLogger.logPermissionCheckStatus(user, prisoner, permission, baseCheckPassed ? status : baseCheckStatus);
}
}
const isActiveCaseLoad = (prisonId, user) => user.authSource === 'nomis' && user.activeCaseLoadId === prisonId;
function isInUsersCaseLoad(prisonId, user) {
return user.authSource === 'nomis' && user.caseLoads?.some(caseLoad => caseLoad.caseLoadId === prisonId);
}
function isReleasedOrTransferring(prisonId) {
return ['OUT', 'TRN'].includes(prisonId);
}
function userHasSomeRolesFrom(rolesToCheck, user) {
return (rolesToCheck.length === 0 ||
rolesToCheck.map(normaliseRoleText).some(role => user.userRoles.map(normaliseRoleText).includes(role)));
}
function userHasAllRoles(rolesToCheck, user) {
return rolesToCheck.map(normaliseRoleText).every(role => user.userRoles.map(normaliseRoleText).includes(role));
}
const userHasRole = (roleToCheck, user) => {
return userHasAllRoles([roleToCheck], user);
};
const normaliseRoleText = (role) => role.replace(/ROLE_/, '');
function baseCheckAndUserHasAllRoles(roles, permission, request) {
const { user, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && userHasAllRoles(roles, user);
if (!check)
logDeniedPermissionCheck(permission, request, PermissionCheckStatus.ROLE_NOT_PRESENT);
return check;
}
function baseCheckAndUserHasRole(role, permission, request) {
return baseCheckAndUserHasAllRoles([role], permission, request);
}
function sentenceCalculationReadCheck(request) {
return baseCheckAndUserHasRole(Role.ReleaseDatesCalculator, PersonSentenceCalculationPermission.read, request);
}
function sentenceCalculationEditAdjustmentCheck(request) {
return baseCheckAndUserHasRole(Role.AdjustmentsMaintainer, PersonSentenceCalculationPermission.edit_adjustments, request);
}
function personSentenceCalculationCheck(request) {
return {
[PersonSentenceCalculationPermission.read]: sentenceCalculationReadCheck(request),
[PersonSentenceCalculationPermission.edit_adjustments]: sentenceCalculationEditAdjustmentCheck(request),
};
}
function sentenceAndOffenceCheck(request) {
return {
personSentenceCalculation: personSentenceCalculationCheck(request),
};
}
function baseCheck(permission, request) {
const { user, prisoner, baseCheckStatus, requestDependentOn, permissionsLogger } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
if (!baseCheckPassed && isRequiredPermission(permission, requestDependentOn)) {
permissionsLogger.logPermissionCheckStatus(user, prisoner, permission, baseCheckStatus);
}
return baseCheckPassed;
}
/*
* Restricted patients can be accessed in the following circumstances:
* - The user has the "Inactive Bookings" role
* - The user is a POM user and has the supporting prison ID in their caseloads
*/
function restrictedPatientStatus(user, prisoner) {
const pomUser = userHasRole(Role.PomUser, user);
const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user);
const userHasPrisonersSupportingPrisonInTheirCaseLoad = isInUsersCaseLoad(prisoner.supportingPrisonId, user);
const userIsPomUserWithSupportingPrisonInTheirCaseLoad = pomUser && userHasPrisonersSupportingPrisonInTheirCaseLoad;
if (userIsPomUserWithSupportingPrisonInTheirCaseLoad)
return PermissionCheckStatus.OK;
if (inactiveBookingsUser)
return PermissionCheckStatus.OK;
return PermissionCheckStatus.RESTRICTED_PATIENT;
}
/*
* Released prisoners can be accessed in the following circumstances:
* - The user has the "Inactive Bookings" role
*/
function releasedPrisonerStatus(user) {
const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user);
if (inactiveBookingsUser)
return PermissionCheckStatus.OK;
return PermissionCheckStatus.PRISONER_IS_RELEASED;
}
/*
* Transferring prisoners can be accessed in the following circumstances:
* - The user has the "Global search" role
* - The user has the "Inactive Bookings" role
*/
function transferringPrisonerStatus(user) {
const inactiveBookingsUser = userHasRole(Role.InactiveBookings, user);
const globalSearchUser = userHasSomeRolesFrom([Role.GlobalSearch], user);
if (globalSearchUser)
return PermissionCheckStatus.OK;
if (inactiveBookingsUser)
return PermissionCheckStatus.OK;
return PermissionCheckStatus.PRISONER_IS_TRANSFERRING;
}
function baseCheckStatus(user, prisoner) {
const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user);
const globalSearchUser = userHasSomeRolesFrom([Role.GlobalSearch], user);
if (user.authSource !== 'nomis')
return PermissionCheckStatus.NOT_PRISON_USER;
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
if (prisoner.prisonId === 'TRN')
return transferringPrisonerStatus(user);
if (inUsersCaseLoad || globalSearchUser)
return PermissionCheckStatus.OK;
return PermissionCheckStatus.NOT_IN_CASELOAD;
}
var PrisonerMoneyPermission;
(function (PrisonerMoneyPermission) {
PrisonerMoneyPermission["read"] = "prisoner:prisoner-money:read";
})(PrisonerMoneyPermission || (PrisonerMoneyPermission = {}));
function inUsersCaseLoad(permission, request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && isInUsersCaseLoad(prisoner.prisonId, user);
if (!check)
logDeniedPermissionCheck(permission, request, PermissionCheckStatus.NOT_IN_CASELOAD);
return check;
}
function prisonerMoneyReadCheck(request) {
return inUsersCaseLoad(PrisonerMoneyPermission.read, request);
}
function prisonerMoneyCheck(request) {
return {
[PrisonerMoneyPermission.read]: prisonerMoneyReadCheck(request),
};
}
var PrisonerAdjudicationsPermission;
(function (PrisonerAdjudicationsPermission) {
PrisonerAdjudicationsPermission["read"] = "prisoner:prisoner-adjudications:read";
})(PrisonerAdjudicationsPermission || (PrisonerAdjudicationsPermission = {}));
const permission$f = PrisonerAdjudicationsPermission.read;
function prisonerAdjudicationsReadCheck(request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed &&
(isInUsersCaseLoad(prisoner.prisonId, user) || userHasSomeRolesFrom([Role.PomUser, Role.ReceptionUser], user));
if (!check)
logDeniedPermissionCheck(permission$f, request, PermissionCheckStatus.NOT_IN_CASELOAD);
return check;
}
function prisonerAdjudicationsCheck(request) {
return {
[PrisonerAdjudicationsPermission.read]: prisonerAdjudicationsReadCheck(request),
};
}
var PrisonerIncentivesPermission;
(function (PrisonerIncentivesPermission) {
PrisonerIncentivesPermission["read"] = "prisoner:prisoner-incentives:read";
})(PrisonerIncentivesPermission || (PrisonerIncentivesPermission = {}));
const permission$e = PrisonerIncentivesPermission.read;
function prisonerIncentivesReadCheck(request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && (isInUsersCaseLoad(prisoner.prisonId, user) || userHasRole(Role.GlobalSearch, user));
if (!check)
logDeniedPermissionCheck(permission$e, request, PermissionCheckStatus.NOT_IN_CASELOAD);
return check;
}
function prisonerIncentivesCheck(request) {
return {
[PrisonerIncentivesPermission.read]: prisonerIncentivesReadCheck(request),
};
}
var PersonPrisonCategoryPermission;
(function (PersonPrisonCategoryPermission) {
PersonPrisonCategoryPermission["edit"] = "prisoner:person-prison-category:edit";
})(PersonPrisonCategoryPermission || (PersonPrisonCategoryPermission = {}));
const permission$d = PersonPrisonCategoryPermission.edit;
function personPrisonCategoryEditCheck(request) {
const { user, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed &&
userHasSomeRolesFrom([Role.CreateCategorisation, Role.CreateRecategorisation, Role.ApproveCategorisation, Role.CategorisationSecurity], user);
if (!check)
logDeniedPermissionCheck(permission$d, request, PermissionCheckStatus.ROLE_NOT_PRESENT);
return check;
}
function personPrisonCategoryCheck(request) {
return {
[PersonPrisonCategoryPermission.edit]: personPrisonCategoryEditCheck(request),
};
}
var PrisonerSchedulePermission;
(function (PrisonerSchedulePermission) {
PrisonerSchedulePermission["edit_appointment"] = "prisoner:appointment:edit";
PrisonerSchedulePermission["edit_activity"] = "prisoner:activity:edit";
})(PrisonerSchedulePermission || (PrisonerSchedulePermission = {}));
const permission$c = PrisonerSchedulePermission.edit_appointment;
function prisonerAppointmentEditCheck(request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && isActiveCaseLoad(prisoner.prisonId, user) && !prisoner.restrictedPatient;
if (!check)
logDeniedPermissionCheck(permission$c, request, PermissionCheckStatus.NOT_ACTIVE_CASELOAD);
return check;
}
const permission$b = PrisonerSchedulePermission.edit_activity;
function prisonerActivityEditCheck(request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const userHasActivityHubRole = userHasRole(Role.ActivityHub, user);
const check = baseCheckPassed &&
userHasActivityHubRole &&
isActiveCaseLoad(prisoner.prisonId, user) &&
!prisoner.restrictedPatient;
if (!check)
logDeniedPermissionCheck(permission$b, request, userHasActivityHubRole ? PermissionCheckStatus.NOT_ACTIVE_CASELOAD : PermissionCheckStatus.ROLE_NOT_PRESENT);
return check;
}
function prisonerScheduleCheck(request) {
return {
[PrisonerSchedulePermission.edit_appointment]: prisonerAppointmentEditCheck(request),
[PrisonerSchedulePermission.edit_activity]: prisonerActivityEditCheck(request),
};
}
var UseOfForcePermission;
(function (UseOfForcePermission) {
UseOfForcePermission["edit"] = "prisoner:use-of-force:edit";
})(UseOfForcePermission || (UseOfForcePermission = {}));
const permission$a = UseOfForcePermission.edit;
function useOfForceEditCheck(request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed &&
!prisoner.restrictedPatient &&
(isInUsersCaseLoad(prisoner.prisonId, user) ||
(isReleasedOrTransferring(prisoner.prisonId) && userHasRole(Role.InactiveBookings, user)));
if (!check)
logDeniedPermissionCheck(permission$a, request, PermissionCheckStatus.NOT_IN_CASELOAD);
return check;
}
function useOfForceCheck(request) {
return {
[UseOfForcePermission.edit]: useOfForceEditCheck(request),
};
}
var PrisonerAlertsPermission;
(function (PrisonerAlertsPermission) {
PrisonerAlertsPermission["edit"] = "prisoner:prisoner-alerts:edit";
})(PrisonerAlertsPermission || (PrisonerAlertsPermission = {}));
const permission$9 = PrisonerAlertsPermission.edit;
function prisonerAlertsEditCheck(request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const alertsEditCheck = checkAlertsEditAccess(request);
const alertsEditCheckPassed = alertsEditCheck === PermissionCheckStatus.OK;
const check = baseCheckPassed && alertsEditCheckPassed;
if (!check)
logDeniedPermissionCheck(permission$9, request, alertsEditCheck);
return check;
}
function checkAlertsEditAccess(request) {
const { user, prisoner } = request;
const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user);
// User must have Update Alert role:
if (!userHasRole(Role.UpdateAlert, user))
return PermissionCheckStatus.ROLE_NOT_PRESENT;
// Restricted patients follow the base check:
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
// Released prisoners follow base check:
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
// For transferring prisoners, only the Inactive Bookings role is acceptable,
// Global Search role is not sufficient:
if (prisoner.prisonId === 'TRN') {
return userHasRole(Role.InactiveBookings, user)
? PermissionCheckStatus.OK
: PermissionCheckStatus.PRISONER_IS_TRANSFERRING;
}
if (inUsersCaseLoad)
return PermissionCheckStatus.OK;
// Global Search role is not sufficient for prisoners outside of user's caseload:
return PermissionCheckStatus.NOT_IN_CASELOAD;
}
function prisonerAlertsCheck(request) {
return {
[PrisonerAlertsPermission.edit]: prisonerAlertsEditCheck(request),
};
}
function prisonerSpecificCheck(request) {
return {
prisonerMoney: prisonerMoneyCheck(request),
prisonerAdjudications: prisonerAdjudicationsCheck(request),
prisonerIncentives: prisonerIncentivesCheck(request),
personPrisonCategory: personPrisonCategoryCheck(request),
prisonerSchedule: prisonerScheduleCheck(request),
useOfForce: useOfForceCheck(request),
prisonerAlerts: prisonerAlertsCheck(request),
};
}
var PrisonerVisitsAndVisitorsPermission;
(function (PrisonerVisitsAndVisitorsPermission) {
PrisonerVisitsAndVisitorsPermission["read"] = "prisoner:prisoner-visits-and-visitors:read";
})(PrisonerVisitsAndVisitorsPermission || (PrisonerVisitsAndVisitorsPermission = {}));
function prisonerVisitsAndVisitorsReadCheck(request) {
return inUsersCaseLoad(PrisonerVisitsAndVisitorsPermission.read, request);
}
function prisonerVisitsAndVisitorsCheck(request) {
return {
[PrisonerVisitsAndVisitorsPermission.read]: prisonerVisitsAndVisitorsReadCheck(request),
};
}
function locationDetailsAndHistoryReadCheck(permission, request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const locationDetailsAndHistoryCheckStatus = checkLocationDetailsAndHistoryAccess(request);
const locationDetailsAndHistoryCheckPassed = locationDetailsAndHistoryCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && locationDetailsAndHistoryCheckPassed;
if (!check)
logDeniedPermissionCheck(permission, request, locationDetailsAndHistoryCheckStatus);
return check;
}
function checkLocationDetailsAndHistoryAccess(request) {
const { user, prisoner } = request;
const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user);
// Follows the base check:
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
if (prisoner.prisonId === 'TRN')
return transferringPrisonerStatus(user);
if (inUsersCaseLoad)
return PermissionCheckStatus.OK;
// Global Search access not allowed:
return PermissionCheckStatus.NOT_IN_CASELOAD;
}
var PrisonerBaseLocationPermission;
(function (PrisonerBaseLocationPermission) {
PrisonerBaseLocationPermission["read_location_details"] = "prisoner:location-details:read";
PrisonerBaseLocationPermission["read_location_history"] = "prisoner:location-history:read";
PrisonerBaseLocationPermission["move_cell"] = "prisoner:location-cell:edit";
})(PrisonerBaseLocationPermission || (PrisonerBaseLocationPermission = {}));
const permission$8 = PrisonerBaseLocationPermission.move_cell;
function moveCellCheck(request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const hasCellMoveRole = userHasRole(Role.CellMove, request.user);
const locationDetailsAndHistoryCheckStatus = checkLocationDetailsAndHistoryAccess(request);
const locationDetailsAndHistoryCheckPassed = locationDetailsAndHistoryCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && hasCellMoveRole && locationDetailsAndHistoryCheckPassed;
if (!check)
logDeniedPermissionCheck(permission$8, request, hasCellMoveRole ? locationDetailsAndHistoryCheckStatus : PermissionCheckStatus.ROLE_NOT_PRESENT);
return check;
}
function prisonerBaseLocationCheck(request) {
return {
[PrisonerBaseLocationPermission.read_location_details]: locationDetailsAndHistoryReadCheck(PrisonerBaseLocationPermission.read_location_details, request),
[PrisonerBaseLocationPermission.read_location_history]: locationDetailsAndHistoryReadCheck(PrisonerBaseLocationPermission.read_location_history, request),
[PrisonerBaseLocationPermission.move_cell]: moveCellCheck(request),
};
}
function runningAPrisonCheck(request) {
return {
prisonerVisitsAndVisitors: prisonerVisitsAndVisitorsCheck(request),
prisonerBaseLocation: prisonerBaseLocationCheck(request),
};
}
var CaseNotesPermission;
(function (CaseNotesPermission) {
CaseNotesPermission["read"] = "prisoner:case-notes:read";
CaseNotesPermission["edit"] = "prisoner:case-notes:edit";
CaseNotesPermission["read_sensitive"] = "prisoner:case-notes:sensitive:read";
CaseNotesPermission["delete_sensitive"] = "prisoner:case-notes:sensitive:delete";
CaseNotesPermission["edit_sensitive"] = "prisoner:case-notes:sensitive:edit";
})(CaseNotesPermission || (CaseNotesPermission = {}));
function caseNotesReadAndEditCheck(permission, request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const caseNotesCheckStatus = checkCaseNotesAccess(request);
const caseNotesCheckPassed = caseNotesCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && caseNotesCheckPassed;
if (!check)
logDeniedPermissionCheck(permission, request, caseNotesCheckStatus);
return check;
}
function checkCaseNotesAccess(request) {
const { user, prisoner } = request;
// Restricted patients follows the base check rules:
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
// Released prisoners follows the base check rules:
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
// Case notes are only accessible for transferring prisoners if the user has the Inactive Bookings role:
if (prisoner.prisonId === 'TRN') {
return userHasRole(Role.InactiveBookings, user)
? PermissionCheckStatus.OK
: PermissionCheckStatus.PRISONER_IS_TRANSFERRING;
}
// Case notes are accessible if the prisoner's prison is in the user's caseload:
if (isInUsersCaseLoad(prisoner.prisonId, user))
return PermissionCheckStatus.OK;
// Case notes for prisoners outside the user's caseload are only accessible with both Global Search and POM roles:
return userHasAllRoles([Role.GlobalSearch, Role.PomUser], user)
? PermissionCheckStatus.OK
: PermissionCheckStatus.ROLE_NOT_PRESENT;
}
const permission$7 = CaseNotesPermission.read;
function caseNotesReadCheck(request) {
return caseNotesReadAndEditCheck(permission$7, request);
}
function baseCheckAndUserHasSomeRolesFrom(roles, permission, request) {
const { user, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && userHasSomeRolesFrom(roles, user);
if (!check)
logDeniedPermissionCheck(permission, request, PermissionCheckStatus.ROLE_NOT_PRESENT);
return check;
}
const permission$6 = CaseNotesPermission.read_sensitive;
function sensitiveCaseNotesReadCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([Role.PomUser, Role.ViewSensitiveCaseNotes, Role.AddSensitiveCaseNotes], permission$6, request);
}
const permission$5 = CaseNotesPermission.delete_sensitive;
function sensitiveCaseNotesDeleteCheck(request) {
return baseCheckAndUserHasRole(Role.DeleteSensitiveCaseNotes, permission$5, request);
}
const permission$4 = CaseNotesPermission.edit_sensitive;
function sensitiveCaseNotesEditCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([Role.PomUser, Role.AddSensitiveCaseNotes], permission$4, request);
}
const permission$3 = CaseNotesPermission.edit;
function caseNotesEditCheck(request) {
return caseNotesReadAndEditCheck(permission$3, request);
}
function caseNotesCheck(request) {
return {
[CaseNotesPermission.read]: caseNotesReadCheck(request),
[CaseNotesPermission.edit]: caseNotesEditCheck(request),
[CaseNotesPermission.read_sensitive]: sensitiveCaseNotesReadCheck(request),
[CaseNotesPermission.delete_sensitive]: sensitiveCaseNotesDeleteCheck(request),
[CaseNotesPermission.edit_sensitive]: sensitiveCaseNotesEditCheck(request),
};
}
var CorePersonRecordPermission;
(function (CorePersonRecordPermission) {
CorePersonRecordPermission["read_physical_characteristics"] = "prisoner:physical_characteristics:read";
CorePersonRecordPermission["edit_physical_characteristics"] = "prisoner:physical_characteristics:edit";
CorePersonRecordPermission["read_photo"] = "prisoner:photo:read";
CorePersonRecordPermission["edit_photo"] = "prisoner:photo:edit";
CorePersonRecordPermission["read_place_of_birth"] = "prisoner:place-of-birth:read";
CorePersonRecordPermission["edit_place_of_birth"] = "prisoner:place-of-birth:edit";
CorePersonRecordPermission["read_military_history"] = "prisoner:military-history:read";
CorePersonRecordPermission["edit_military_history"] = "prisoner:military-history:edit";
CorePersonRecordPermission["read_name_and_aliases"] = "prisoner:name-and-aliases:read";
CorePersonRecordPermission["edit_name_and_aliases"] = "prisoner:name-and-aliases:edit";
CorePersonRecordPermission["read_date_of_birth"] = "prisoner:date-of-birth:read";
CorePersonRecordPermission["edit_date_of_birth"] = "prisoner:date-of-birth:edit";
// (Prisoner's address)
CorePersonRecordPermission["read_address"] = "prisoner:address:read";
CorePersonRecordPermission["edit_address"] = "prisoner:address:edit";
CorePersonRecordPermission["read_nationality"] = "prisoner:nationality:read";
CorePersonRecordPermission["edit_nationality"] = "prisoner:nationality:edit";
// (Such as PNC / CRO / NI number...)
CorePersonRecordPermission["read_identifiers"] = "prisoner:identifiers:read";
CorePersonRecordPermission["edit_identifiers"] = "prisoner:identifiers:edit";
CorePersonRecordPermission["read_phone_numbers"] = "prisoner:phone-numbers:read";
CorePersonRecordPermission["edit_phone_numbers"] = "prisoner:phone-numbers:edit";
CorePersonRecordPermission["read_email_addresses"] = "prisoner:email-addresses:read";
CorePersonRecordPermission["edit_email_addresses"] = "prisoner:email-addresses:edit";
CorePersonRecordPermission["read_distinguishing_marks"] = "prisoner:distinguishing-marks:read";
CorePersonRecordPermission["edit_distinguishing_marks"] = "prisoner:distinguishing-marks:edit";
})(CorePersonRecordPermission || (CorePersonRecordPermission = {}));
function inActiveCaseLoadAndUserHasSomeRolesFrom(roles, permission, request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const inActiveCaseLoad = isActiveCaseLoad(prisoner.prisonId, user);
const hasRole = userHasSomeRolesFrom(roles, user);
const check = baseCheckPassed && inActiveCaseLoad && hasRole;
if (!check)
logDeniedPermissionCheck(permission, request, inActiveCaseLoad ? PermissionCheckStatus.ROLE_NOT_PRESENT : PermissionCheckStatus.NOT_ACTIVE_CASELOAD);
return check;
}
function inActiveCaseLoad(permission, request) {
return inActiveCaseLoadAndUserHasSomeRolesFrom([], permission, request);
}
function prisonerProfileEditCheck(permission, request) {
return inActiveCaseLoad(permission, request);
}
function inActiveCaseLoadAndUserHasRole(role, permission, request) {
return inActiveCaseLoadAndUserHasSomeRolesFrom([role], permission, request);
}
function prisonerProfileSensitiveEditCheck(permission, request) {
return inActiveCaseLoadAndUserHasRole(Role.PrisonerProfileSensitiveEdit, permission, request);
}
const permission$2 = CorePersonRecordPermission.read_photo;
function photoReadCheck(request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const photoCheckStatus = checkPhotoAccess(request);
const photoCheckPassed = photoCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && photoCheckPassed;
if (!check)
logDeniedPermissionCheck(permission$2, request, photoCheckStatus);
return check;
}
function checkPhotoAccess(request) {
const { user, prisoner } = request;
// Restricted patients follows the base check rules:
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
// Released prisoners follows the base check rules:
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
// Photos are only accessible for transferring prisoners if the user has the Inactive Bookings role
// (Global Search is NOT sufficient):
if (prisoner.prisonId === 'TRN') {
return userHasRole(Role.InactiveBookings, user)
? PermissionCheckStatus.OK
: PermissionCheckStatus.PRISONER_IS_TRANSFERRING;
}
// Global search does NOT permit access to photo:
return isInUsersCaseLoad(prisoner.prisonId, user) ? PermissionCheckStatus.OK : PermissionCheckStatus.NOT_IN_CASELOAD;
}
function corePersonRecordCheck(request) {
return {
[CorePersonRecordPermission.read_photo]: photoReadCheck(request),
[CorePersonRecordPermission.edit_photo]: inActiveCaseLoadAndUserHasSomeRolesFrom([Role.PrisonerProfileSensitiveEdit, Role.PrisonerProfilePhotoUpload], CorePersonRecordPermission.edit_photo, request),
...readCheck$4(CorePersonRecordPermission.read_physical_characteristics, request),
...editCheck$4(CorePersonRecordPermission.edit_physical_characteristics, request),
...readCheck$4(CorePersonRecordPermission.read_place_of_birth, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_place_of_birth, request),
...readCheck$4(CorePersonRecordPermission.read_military_history, request),
...editCheck$4(CorePersonRecordPermission.edit_military_history, request),
...readCheck$4(CorePersonRecordPermission.read_name_and_aliases, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_name_and_aliases, request),
...readCheck$4(CorePersonRecordPermission.read_date_of_birth, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_date_of_birth, request),
...readCheck$4(CorePersonRecordPermission.read_address, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_address, request),
...readCheck$4(CorePersonRecordPermission.read_nationality, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_nationality, request),
...readCheck$4(CorePersonRecordPermission.read_identifiers, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_identifiers, request),
...readCheck$4(CorePersonRecordPermission.read_phone_numbers, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_phone_numbers, request),
...readCheck$4(CorePersonRecordPermission.read_email_addresses, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_email_addresses, request),
...readCheck$4(CorePersonRecordPermission.read_distinguishing_marks, request),
...sensitiveEditCheck$2(CorePersonRecordPermission.edit_distinguishing_marks, request),
};
}
function readCheck$4(permission, request) {
return { [permission]: baseCheck(permission, request) };
}
function editCheck$4(permission, request) {
return { [permission]: prisonerProfileEditCheck(permission, request) };
}
function sensitiveEditCheck$2(permission, request) {
return { [permission]: prisonerProfileSensitiveEditCheck(permission, request) };
}
var PersonProtectedCharacteristicsPermission;
(function (PersonProtectedCharacteristicsPermission) {
PersonProtectedCharacteristicsPermission["read_sexual_orientation"] = "prisoner:sexual-orientation:read";
PersonProtectedCharacteristicsPermission["edit_sexual_orientation"] = "prisoner:sexual-orientation:edit";
PersonProtectedCharacteristicsPermission["read_religion_and_belief"] = "prisoner:religion-and-belief:read";
PersonProtectedCharacteristicsPermission["edit_religion_and_belief"] = "prisoner:religion-and-belief:edit";
PersonProtectedCharacteristicsPermission["read_ethnicity"] = "prisoner:ethnicity:read";
PersonProtectedCharacteristicsPermission["edit_ethnicity"] = "prisoner:ethnicity:edit";
})(PersonProtectedCharacteristicsPermission || (PersonProtectedCharacteristicsPermission = {}));
function personProtectedCharacteristicsCheck(request) {
return {
...readCheck$3(PersonProtectedCharacteristicsPermission.read_sexual_orientation, request),
...sensitiveEditCheck$1(PersonProtectedCharacteristicsPermission.edit_sexual_orientation, request),
...readCheck$3(PersonProtectedCharacteristicsPermission.read_religion_and_belief, request),
...editCheck$3(PersonProtectedCharacteristicsPermission.edit_religion_and_belief, request),
...readCheck$3(PersonProtectedCharacteristicsPermission.read_ethnicity, request),
...sensitiveEditCheck$1(PersonProtectedCharacteristicsPermission.edit_ethnicity, request),
};
}
function readCheck$3(permission, request) {
return { [permission]: baseCheck(permission, request) };
}
function editCheck$3(permission, request) {
return { [permission]: prisonerProfileEditCheck(permission, request) };
}
function sensitiveEditCheck$1(permission, request) {
return { [permission]: prisonerProfileSensitiveEditCheck(permission, request) };
}
var PersonHealthAndMedicationPermission;
(function (PersonHealthAndMedicationPermission) {
PersonHealthAndMedicationPermission["read_pregnancy"] = "prisoner:pregnancy:read";
PersonHealthAndMedicationPermission["edit_pregnancy"] = "prisoner:pregnancy:edit";
PersonHealthAndMedicationPermission["read_diet"] = "prisoner:diet:read";
PersonHealthAndMedicationPermission["edit_diet"] = "prisoner:diet:edit";
PersonHealthAndMedicationPermission["read_smoker"] = "prisoner:smoker:read";
PersonHealthAndMedicationPermission["edit_smoker"] = "prisoner:smoker:edit";
})(PersonHealthAndMedicationPermission || (PersonHealthAndMedicationPermission = {}));
const permission$1 = PersonHealthAndMedicationPermission.edit_diet;
function dietEditCheck(request) {
return inActiveCaseLoadAndUserHasRole(Role.DietAndAllergiesEdit, permission$1, request);
}
function personHealthAndMedicationCheck(request) {
return {
...readCheck$2(PersonHealthAndMedicationPermission.read_pregnancy, request),
...editCheck$2(PersonHealthAndMedicationPermission.edit_pregnancy, request),
...readCheck$2(PersonHealthAndMedicationPermission.read_smoker, request),
...editCheck$2(PersonHealthAndMedicationPermission.edit_smoker, request),
...readCheck$2(PersonHealthAndMedicationPermission.read_diet, request),
[PersonHealthAndMedicationPermission.edit_diet]: dietEditCheck(request),
};
}
function readCheck$2(permission, request) {
return { [permission]: baseCheck(permission, request) };
}
function editCheck$2(permission, request) {
return { [permission]: prisonerProfileEditCheck(permission, request) };
}
var PersonalRelationshipsPermission;
(function (PersonalRelationshipsPermission) {
PersonalRelationshipsPermission["read_number_of_children"] = "prisoner:number-of-children:read";
PersonalRelationshipsPermission["edit_number_of_children"] = "prisoner:number-of-children:edit";
PersonalRelationshipsPermission["read_domestic_status"] = "prisoner:domestic-status:read";
PersonalRelationshipsPermission["edit_domestic_status"] = "prisoner:domestic-status:edit";
// Next of kin & emergency contacts (via prisoner profile)
// This needs a review once both the contacts service and the
// profile edit have been rolled out wider:
PersonalRelationshipsPermission["read_emergency_contacts"] = "prisoner:emergency-contacts:read";
PersonalRelationshipsPermission["edit_emergency_contacts"] = "prisoner:emergency-contacts:edit";
// All social and official contacts:
PersonalRelationshipsPermission["read_contacts"] = "prisoner:contacts:read";
PersonalRelationshipsPermission["edit_contacts"] = "prisoner:contacts:edit";
PersonalRelationshipsPermission["edit_contact_restrictions"] = "prisoner:contact-restrictions:edit";
PersonalRelationshipsPermission["edit_contact_visit_approval"] = "prisoner:contact-visit-approval:edit";
})(PersonalRelationshipsPermission || (PersonalRelationshipsPermission = {}));
function inUsersCaseLoadAndUserHasSomeRolesFrom(roles, permission, request) {
const { user, prisoner, baseCheckStatus } = request;
const baseCheckPassed = baseCheckStatus === PermissionCheckStatus.OK;
const inUsersCaseLoad = isInUsersCaseLoad(prisoner.prisonId, user);
const hasRole = userHasSomeRolesFrom(roles, user);
const check = baseCheckPassed && inUsersCaseLoad && hasRole;
if (!check)
logDeniedPermissionCheck(permission, request, inUsersCaseLoad ? PermissionCheckStatus.ROLE_NOT_PRESENT : PermissionCheckStatus.NOT_IN_CASELOAD);
return check;
}
function inUsersCaseLoadAndUserHasRole(role, permission, request) {
return inUsersCaseLoadAndUserHasSomeRolesFrom([role], permission, request);
}
function personalRelationshipsCheck(request) {
return {
...readCheck$1(PersonalRelationshipsPermission.read_number_of_children, request),
...editCheck$1(PersonalRelationshipsPermission.edit_number_of_children, request),
...readCheck$1(PersonalRelationshipsPermission.read_domestic_status, request),
...editCheck$1(PersonalRelationshipsPermission.edit_domestic_status, request),
...readCheck$1(PersonalRelationshipsPermission.read_emergency_contacts, request),
...sensitiveEditCheck(PersonalRelationshipsPermission.edit_emergency_contacts, request),
[PersonalRelationshipsPermission.read_contacts]: inUsersCaseLoad(PersonalRelationshipsPermission.read_contacts, request),
[PersonalRelationshipsPermission.edit_contacts]: inUsersCaseLoadAndUserHasSomeRolesFrom([Role.ContactsAdministrator, Role.ContactsAuthoriser], PersonalRelationshipsPermission.edit_contacts, request),
[PersonalRelationshipsPermission.edit_contact_restrictions]: inUsersCaseLoadAndUserHasRole(Role.ContactsAuthoriser, PersonalRelationshipsPermission.edit_contact_restrictions, request),
[PersonalRelationshipsPermission.edit_contact_visit_approval]: inUsersCaseLoadAndUserHasRole(Role.ContactsAuthoriser, PersonalRelationshipsPermission.edit_contact_visit_approval, request),
};
}
function readCheck$1(permission, request) {
return { [permission]: baseCheck(permission, request) };
}
function editCheck$1(permission, request) {
return { [permission]: prisonerProfileEditCheck(permission, request) };
}
function sensitiveEditCheck(permission, request) {
return { [permission]: prisonerProfileSensitiveEditCheck(permission, request) };
}
function personCheck(request) {
return {
caseNotes: caseNotesCheck(request),
corePersonRecord: corePersonRecordCheck(request),
personProtectedCharacteristics: personProtectedCharacteristicsCheck(request),
personHealthAndMedication: personHealthAndMedicationCheck(request),
personalRelationships: personalRelationshipsCheck(request),
};
}
var PathfinderPermission;
(function (PathfinderPermission) {
PathfinderPermission["read"] = "prisoner:pathfinder:read";
PathfinderPermission["edit"] = "prisoner:pathfinder:edit";
})(PathfinderPermission || (PathfinderPermission = {}));
function pathfinderReadCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([
Role.PathfinderApproval,
Role.PathfinderStdPrison,
Role.PathfinderStdProbation,
Role.PathfinderHQ,
Role.PathfinderUser,
Role.PathfinderLocalReader,
Role.PathfinderNationalReader,
Role.PathfinderPolice,
Role.PathfinderPsychologist,
], PathfinderPermission.read, request);
}
function pathfinderEditCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([
Role.PathfinderApproval,
Role.PathfinderStdPrison,
Role.PathfinderStdProbation,
Role.PathfinderHQ,
Role.PathfinderUser,
], PathfinderPermission.edit, request);
}
function pathfinderCheck(request) {
return {
[PathfinderPermission.read]: pathfinderReadCheck(request),
[PathfinderPermission.edit]: pathfinderEditCheck(request),
};
}
var SOCPermission;
(function (SOCPermission) {
SOCPermission["read"] = "prisoner:soc:read";
SOCPermission["edit"] = "prisoner:soc:edit";
})(SOCPermission || (SOCPermission = {}));
function socReadCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([Role.SocCommunity, Role.SocCustody], SOCPermission.read, request);
}
function socEditCheck(request) {
return baseCheckAndUserHasSomeRolesFrom([Role.SocCustody, Role.SocCommunity, Role.SocDataAnalyst, Role.SocDataManager], SOCPermission.edit, request);
}
function socCheck(request) {
return {
[SOCPermission.read]: socReadCheck(request),
[SOCPermission.edit]: socEditCheck(request),
};
}
function securityCheck(request) {
return {
pathfinder: pathfinderCheck(request),
soc: socCheck(request),
};
}
var ProbationDocumentsPermission;
(function (ProbationDocumentsPermission) {
ProbationDocumentsPermission["read"] = "prisoner:probation-documents:read";
})(ProbationDocumentsPermission || (ProbationDocumentsPermission = {}));
const permission = ProbationDocumentsPermission.read;
function probationDocumentsReadCheck(request) {
const baseCheckPassed = request.baseCheckStatus === PermissionCheckStatus.OK;
const probationDocumentsCheckStatus = checkProbationDocumentsReadAccess(request);
const probationDocumentsCheckPassed = probationDocumentsCheckStatus === PermissionCheckStatus.OK;
const check = baseCheckPassed && probationDocumentsCheckPassed;
if (!check)
logDeniedPermissionCheck(permission, request, probationDocumentsCheckStatus);
return check;
}
function checkProbationDocumentsReadAccess(request) {
const { user, prisoner } = request;
// User must firstly have one of the following roles:
if (!userHasSomeRolesFrom([Role.PomUser, Role.ViewProbationDocuments], user)) {
return PermissionCheckStatus.ROLE_NOT_PRESENT;
}
// Restricted patients follow the base check rules:
if (prisoner.restrictedPatient)
return restrictedPatientStatus(user, prisoner);
// Released prisoners follow the base check rules:
if (prisoner.prisonId === 'OUT')
return releasedPrisonerStatus(user);
// Transferring prisoners follow the base check rules:
if (prisoner.prisonId === 'TRN')
return transferringPrisonerStatus(user);
if (isInUsersCaseLoad(prisoner.prisonId, user))
return PermissionCheckStatus.OK;
// Global search access is not allowed:
return PermissionCheckStatus.NOT_IN_CASELOAD;
}
function probationDocumentsCheck(request) {
return {
[ProbationDocumentsPermission.read]: probationDocumentsReadCheck(request),
};
}
function probationCheck(request) {
return {
probationDocuments: probationDocumentsCheck(request),
};
}
var PersonInterventionsPermission;
(function (PersonInterventionsPermission) {
PersonInterventionsPermission["read_csip"] = "prisoner:csip:read";
})(PersonInterventionsPermission || (PersonInterventionsPermission = {}));
function csipReadCheck(request) {
return inUsersCaseLoad(PersonInterventionsPermission.read_csip, request);
}
function personInterventionsCheck(request) {
return {
[PersonInterventionsPermission.read_csip]: csipReadCheck(request),
};
}
function interventionsCheck(request) {
return {
personInterventions: personInterventionsCheck(request),
};
}
var PrisonerBasePermission;
(function (PrisonerBasePermission) {
PrisonerBasePermission["read"] = "prisoner:base-record:read";
})(PrisonerBasePermission || (PrisonerBasePermission = {}));
var PersonCommunicationNeedsPermission;
(function (PersonCommunicationNeedsPermission) {
PersonCommunicationNeedsPermission["read_language"] = "prisoner:language:read";
PersonCommunicationNeedsPermission["edit_language"] = "prisoner:language:edit";
})(PersonCommunicationNeedsPermission || (PersonCommunicationNeedsPermission = {}));
function personCommunicationNeedsCheck(request) {
return {
...readCheck(PersonCommunicationNeedsPermission.read_language, request),
...editCheck(PersonCommunicationNeedsPermission.edit_language, request),
};
}
function readCheck(permission, request) {
return { [permission]: baseCheck(permission, request) };
}
function editCheck(permission, request) {
return { [permission]: prisonerProfileEditCheck(permission, request) };
}
function personPlanAndNeedsCheck(request) {
return {
personCommunicationNeeds: personCommunicationNeedsCheck(request),
};
}
class PermissionsService {
prisonerSearchClient;
permissionsLogger;
static create({ prisonerSearchConfig, authenticationClient, logger = console, telemetryClient, }) {
return new PermissionsService(new PrisonerSearchClient(logger, prisonerSearchConfig, authenticationClient), new PermissionsLogger(logger, telemetryClient));
}
constructor(prisonerSearchClient, permissionsLogger) {
this.prisonerSearchClient = prisonerSearchClient;
this.permissionsLogger = permissionsLogger;
}
getPrisonerPermissions({ user, prisoner, requestDependentOn, }) {
const request = {
user,
prisoner,
baseCheckStatus: baseCheckStatus(user, prisoner),
requestDependentOn,
permissionsLogger: this.permissionsLogger,
};
return {
[PrisonerBasePermission.read]: baseCheck(PrisonerBasePermission.read, request),
domainGroups: {
interventions: interventionsCheck(request),
person: personCheck(request),
personPlanAndNeeds: personPlanAndNeedsCheck(request),
prisonerSpecific: prisonerSpecificCheck(request),
probation: probationCheck(request),
runningAPrison: runningAPrisonCheck(request),
security: securityCheck(request),
sentenceAndOffence: sentenceAndOffenceCheck(request),
},
};
}
getPrisonerDetails(prisonerNumber) {
return this.prisonerSearchClient.getPrisonerDetails(prisonerNumber);
}
}
class PrisonerPermissionError extends Error {
status = 403;
deniedPermissionChecks;
constructor(message = 'Access not permitted', failedPermissionChecks = []) {
super(message);
this.name = 'NotFoundError';
this.deniedPermissionChecks = failedPermissionChecks;
}
}
// eslint-disable-next-line import/prefer-default-export
const prisonerAdjudicationsPermissionPaths = {
[PrisonerAdjudicationsPermission.read]: `domainGroups.prisonerSpecific.prisonerAdjudications.${PrisonerAdjudicationsPermission.read}`,
};
// eslint-disable-next-line import/prefer-default-export
const prisonerMoneyPermissionPaths = {
[PrisonerMoneyPermission.read]: `domainGroups.prisonerSpecific.prisonerMoney.${PrisonerMoneyPermission.read}`,
};
// eslint-disable-next-line import/prefer-default-export
const prisonerIncentivesPermissionPaths = {
[PrisonerIncentivesPermission.read]: `domainGroups.prisonerSpecific.prisonerIncentives.${PrisonerIncentivesPermission