From 28ff49995df35fbc9ad4f2c48fd289457b555c8c Mon Sep 17 00:00:00 2001 From: Courtney Myers Date: Thu, 9 Jan 2025 12:35:30 -0500 Subject: [PATCH 1/3] Redirect non-helpdesk users to their dashboard if they manually navigate to the /helpdesk route --- app/client/src/routes/helpdesk.tsx | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/app/client/src/routes/helpdesk.tsx b/app/client/src/routes/helpdesk.tsx index 457727b1..2e861f03 100644 --- a/app/client/src/routes/helpdesk.tsx +++ b/app/client/src/routes/helpdesk.tsx @@ -392,6 +392,12 @@ export function Helpdesk() { results: SubmissionAction[]; }>({ fetched: false, results: [] }); + useEffect(() => { + if (helpdeskAccess === "failure") { + navigate("/", { replace: true }); + } + }, [navigate, helpdeskAccess]); + useEffect(() => { queryClient.resetQueries({ queryKey: ["helpdesk/submission"] }); }, [queryClient]); @@ -456,7 +462,11 @@ export function Helpdesk() { } if (helpdeskAccess === "failure") { - navigate("/", { replace: true }); + /** + * NOTE: this is just included for completeness, as before this is rendered, + * the user will have been redirected to their dashboard via the useEffect() + */ + return null; } return ( From 115986dabbf122aaeed0f80ae006a5c6a73b1721 Mon Sep 17 00:00:00 2001 From: Courtney Myers Date: Thu, 9 Jan 2025 12:38:00 -0500 Subject: [PATCH 2/3] =?UTF-8?q?Update=20logging=20in=20ensureHelpdesk=20so?= =?UTF-8?q?=20if=20non-admin=20or=20non-helpdesk=20users=20attempt=20to=20?= =?UTF-8?q?make=20helpdesk=20API=20requests=20(e.g.=20via=20postman=20with?= =?UTF-8?q?=20a=20JWT=20cookie=20from=20their=20logged=20in=20session)=20t?= =?UTF-8?q?he=20message=20is=20logged=20=E2=80=93=20NOTE:=20their=20action?= =?UTF-8?q?=20was=20always=20blocked,=20this=20just=20ensures=20it's=20log?= =?UTF-8?q?ged=20properly=20after=20we=20removed=20the=20/helpdesk-access?= =?UTF-8?q?=20API=20call=20from=20the=20client=20app?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/server/app/middleware.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/app/server/app/middleware.js b/app/server/app/middleware.js index 6c90b647..1b9cee53 100644 --- a/app/server/app/middleware.js +++ b/app/server/app/middleware.js @@ -91,10 +91,8 @@ function ensureHelpdesk(req, res, next) { const userRoles = memberof?.split(",") || []; if (!userRoles.includes("csb_admin") && !userRoles.includes("csb_helpdesk")) { - if (!req.originalUrl.includes("/helpdesk-access")) { - const logMessage = `User with email ${mail} attempted to perform an admin/helpdesk action without correct privileges.`; - log({ level: "error", message: logMessage, req }); - } + const logMessage = `User with email ${mail} attempted to perform an admin/helpdesk action without correct privileges.`; + log({ level: "error", message: logMessage, req }); const errorStatus = 401; const errorMessage = `Unauthorized.`; From cf79ff74b20effa24c6cceeff6dba092f7aa4169 Mon Sep 17 00:00:00 2001 From: Courtney Myers Date: Thu, 9 Jan 2025 16:44:28 -0500 Subject: [PATCH 3/3] Update the BAP field used for the 2024 FRF's old bus average annual mileage --- app/server/app/utilities/bap.js | 6 +++--- app/server/app/utilities/formio.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/server/app/utilities/bap.js b/app/server/app/utilities/bap.js index d5a03bc1..b4721cc0 100644 --- a/app/server/app/utilities/bap.js +++ b/app/server/app/utilities/bap.js @@ -304,7 +304,7 @@ const { submissionPeriodOpen } = require("../config/formio"); * CSB_Manufacturer__c: string * CSB_Manufacturer_if_Other__c: string | null * CSB_Annual_Fuel_Consumption__c: number - * Annual_Mileage__c: number + * Old_Bus_Average_Annual_Mileage__c: number * Old_Bus_Estimated_Remaining_Life__c: number * Old_Bus_Annual_Idling_Hours__c: number * New_Bus_Infra_Rebate_Requested__c: number @@ -1465,7 +1465,7 @@ async function queryBapFor2024PRFData(req, frfReviewItemId) { // CSB_Manufacturer__c, // CSB_Manufacturer_if_Other__c, // CSB_Annual_Fuel_Consumption__c, - // Annual_Mileage__c, + // Old_Bus_Average_Annual_Mileage__c, // Old_Bus_Estimated_Remaining_Life__c, // Old_Bus_Annual_Idling_Hours__c, // New_Bus_Infra_Rebate_Requested__c, @@ -1501,7 +1501,7 @@ async function queryBapFor2024PRFData(req, frfReviewItemId) { CSB_Manufacturer__c: 1, CSB_Manufacturer_if_Other__c: 1, CSB_Annual_Fuel_Consumption__c: 1, - Annual_Mileage__c: 1, + Old_Bus_Average_Annual_Mileage__c: 1, Old_Bus_Estimated_Remaining_Life__c: 1, Old_Bus_Annual_Idling_Hours__c: 1, New_Bus_Infra_Rebate_Requested__c: 1, diff --git a/app/server/app/utilities/formio.js b/app/server/app/utilities/formio.js index 983f0ade..3878932b 100644 --- a/app/server/app/utilities/formio.js +++ b/app/server/app/utilities/formio.js @@ -621,7 +621,7 @@ function fetchDataForPRFSubmission({ rebateYear, req, res }) { CSB_Manufacturer__c, CSB_Manufacturer_if_Other__c, CSB_Annual_Fuel_Consumption__c, - Annual_Mileage__c, + Old_Bus_Average_Annual_Mileage__c, Old_Bus_Estimated_Remaining_Life__c, Old_Bus_Annual_Idling_Hours__c, New_Bus_Infra_Rebate_Requested__c, @@ -661,7 +661,7 @@ function fetchDataForPRFSubmission({ rebateYear, req, res }) { bus_existing_manufacturer: CSB_Manufacturer__c, bus_existing_manufacturer_other: CSB_Manufacturer_if_Other__c, bus_existing_annual_fuel_consumption: CSB_Annual_Fuel_Consumption__c, // prettier-ignore - bus_existing_annual_mileage: Annual_Mileage__c, + bus_existing_annual_mileage: Old_Bus_Average_Annual_Mileage__c, bus_existing_remaining_life: Old_Bus_Estimated_Remaining_Life__c, bus_existing_idling_hours: Old_Bus_Annual_Idling_Hours__c, bus_new_owner: {