mehansen commented 2 weeks ago

BACKEND PULL REQUEST

Related Issue

resolves #7597

Changes Proposed

update api_user_role table to use the org role enum directly and drop the role table
add audited entity columns to both the ApiUserRole and ApiUserFacility classes/tables. note that created by/at and updated by/at are always going to be the same because we update these connections by creating new entries in the tables
anywhere we update a user's permissions, we now update the api_user_role table!
updated a test per a note from Elisa on my last PR

Additional Information

if there's a cleaner way to do this in JPA, really interested to pair on it! it seems like you have to explicitly instantiate the ApiUserRole and ApiUserFacility instances in order to populate the additional audit columns

I decided to use the OrganizationRole enum for the role on ApiUserRole, even though it's not a perfect match with the DB constraints on that column (DB enum doesn't include NO_ACCESS). I'm hopeful they will be a match in the future when we finish the migration because we can delete the concept of NO_ACCESS as a role once we move off of Okta

Testing

deployed to dev4 options for testing:

create a user with certain roles and facility access
update a user with certain roles and facility access using the org admin view and the super admin view