search

bcgov / hcap

Application supporting access to the Health Career Access Program (HCAP) for employers and participants.
Apache License 2.0
2 stars 1 forks source link

fix: use employer or same site when doing employer actions #807

Closed fw-noel closed 2 years ago

fw-noel commented 2 years ago

This is a fix for https://freshworks.atlassian.net/browse/HCAP-1308 but serves in two ways:

When posting an employer action, there's a touch less reliance on Employer Id of a status. 1308 was caused when the employer_id was different from the user trying to archive. In participant-status.js, we see the cause:

    const existingCurrentStatus = currentStatusId
      ? await tx[collections.PARTICIPANTS_STATUS].findOne({ id: currentStatusId })
      : await tx[collections.PARTICIPANTS_STATUS].findOne({
          participant_id: participantId,
          current: true,
          employer_id: employerId,
        });

That is when no currentStatusId is passed in. By getting the status id first, we not pass it in here properly, but we also check that the accessing user has the right permissions for the participant.

We're keeping it at no status passed in, but there's still less reliance on the hiring user being the same person.

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication