Open maheese opened 3 months ago
This issue is caused by logic in easey-auth-api/src/permissions/Permissions.service.ts (line 120) that is currently not calling the responsibility API for users that only have the IA role.
This code needs to be updated to include the IA role in the list of roles for which the responsibility API is called:
if ( bypassEnabled || this.configService.get<boolean>('app.mockPermissionsEnabled') || roles.includes(this.configService.get<string>('app.sponsorRole')) || roles.includes(this.configService.get<string>('app.preparerRole')) || roles.includes(this.configService.get<string>('app.submitterRole')) )
Confirmed in tst environment (dev is bypassing CBS Responsibilities API) that an initial authorizer only account can view facilities that they are a primary or alternate representative for.
Note: Opened #6312 to handle import/revert issues for this type of account.
I have an account in CDX Test with the initial authorizer role (mheese-ia). I made this account the DR for Barry in CBSSTAGEI. When I log into ECMPS test I do not see any facilities. Here is what is returned when I validate the token in the auth-api:
Here's a screenshot from CBS that illustrates this account is the DR for Barry: