Configurable roles

CHANGELOG.md

@@ -2,14 +2,27 @@
 
 ## 1.7.0 Release candidate
 
+### Migration notes
+In order to make the upgrade easier, there are a couple of steps that need to be performed which will make the codebase ready for the upgrade:
+- Run this command from the root of the countryconfig repository ```curl https://raw.githubusercontent.com/opencrvs/opencrvs-countryconfig/configurable-roles/src/upgrade-to-1_7.ts | npx ts-node -T --cwd ./src```
+
+  It will remove `roles.csv` and generate a `roles.ts` file. It will also update the corresponding role column in `default-employees.csv` & `prod-employees.csv` while adding the corresponding translations in `client.csv`. The employee files are only used when seeding new environments, if you already have a v1.6.x of OpenCRVS deployed, the data in the environment will automatically get migrated after deploying the upgrade. The changes in these two files are made to keep the roles in sync with your previously deployed environments, if any.
+- After pulling in the v1.7.0 changes reject the changes incoming to `roles.ts`, `default-employees.csv` & `prod-employees.csv` files as we used the script above to auto-generate them.
+
+  The `roles.ts` file now defines all the roles available in the system. New roles can be added & existing roles can be customized by giving them different scopes.
+
+  *N.B. The default roles generated in the `roles.ts` file during migration should not be removed to maintain backwards compatibility*
+
 ### Breaking changes
 
 - `INFORMANT_SIGNATURE` & `INFORMANT_SIGNATURE_REQUIRED` are now deprecated
 - Existing implementations relying on database-stored SVGs need to be updated to use the new configuration-based approach. A migration needs to be run (defined in [migration](https://github.com/opencrvs/opencrvs-core/pull/7813/files#diff-e5472dec87399bb9f73f75ec379ceb6a32ca135bc01dd8d0eb8f7d7aaa0bc0b1)), and default certificate templates must be created for each event type, following the convention `${event}-certificate` as the certificate template ID.
+- **Roles** The previous `roles.csv` file has been deprecated. It will get removed once you run `yarn upgrade:code` command after pulling in the v1.7 changes. The command automatically generates a `roles.json` file which can be used as a baseline to configure the roles as per your requirements.
 
 ### New features
 
 - Update the translations for System user add/edit form, `Last name` to `User's surname` and `First name` to `User's first name` to make them less confusing for system users [#6830](https://github.com/opencrvs/opencrvs-core/issues/6830)
+- **User scopes** Introduce granular scopes to grant specific permissions to a particular role. The specifics about the introduced scopes can be found here: *Link to scopes description file*
 - **Refactored certificate handling:** SVGs are no longer stored in the database; streamlined configurations now include certificate details, and clients request SVGs directly via URLs.
 - Add constant.humanName to allow countries to have custom ordering on their full name e.g. start with `lastName` or `firstName` [#6830](https://github.com/opencrvs/opencrvs-core/issues/6830)
 

package.json

@@ -44,8 +44,8 @@
     "@typescript-eslint/parser": "^5.60.1",
     "cypress-xpath": "^2.0.1",
     "eslint": "^8.43.0",
-    "eslint-config-prettier": "^8.8.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-prettier": "^5.2.1",
     "husky": "1.0.0-rc.13",
     "inquirer": "^9.2.12",
     "js-yaml": "^4.1.0",
@@ -55,7 +55,7 @@
     "node-ssh": "^13.2.0",
     "nodemon": "^2.0.22",
     "pino-pretty": "^11.0.0",
-    "prettier": "^2.8.8",
+    "prettier": "^3.4.2",
     "react-intl": "^6.4.3",
     "vitest": "^2.1.2"
   },
@@ -64,7 +64,7 @@
     "@hapi/boom": "^9.1.1",
     "@hapi/hapi": "^20.0.1",
     "@hapi/inert": "^6.0.3",
-    "@opencrvs/toolkit": "0.0.19-events-ml",
+    "@opencrvs/toolkit": "0.0.22-scopes",
     "@types/chalk": "^2.2.0",
     "@types/csv2json": "^1.4.0",
     "@types/fhir": "^0.0.30",
@@ -73,7 +73,7 @@
     "@types/hapi__hapi": "^20.0.0",
     "@types/jwt-decode": "^2.2.1",
     "@types/lodash": "^4.14.117",
-    "@types/node": "^10.12.5",
+    "@types/node": "^18.19.1",
     "@types/node-fetch": "^2.6.2",
     "@types/nodemailer": "^6.4.14",
     "app-module-path": "^2.2.0",

src/api/certificates/handler.ts

@@ -9,6 +9,7 @@
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
 
+import { Event } from '@countryconfig/form/types/types'
 import { Request, ResponseToolkit } from '@hapi/hapi'
 
 type FontFamilyTypes = {
@@ -43,7 +44,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
   const certificateConfigs: ICertificateConfigData[] = [
     {
       id: 'birth-certificate',
-      event: 'birth',
+      event: Event.Birth,
       label: {
         id: 'certificates.birth.certificate',
         defaultMessage: 'Birth Certificate',
@@ -67,7 +68,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
     },
     {
       id: 'birth-certificate-certified-copy',
-      event: 'birth',
+      event: Event.Birth,
       label: {
         id: 'certificates.birth.certificate.copy',
         defaultMessage: 'Birth Certificate certified copy',
@@ -92,7 +93,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
     },
     {
       id: 'death-certificate',
-      event: 'death',
+      event: Event.Death,
       label: {
         id: 'certificates.death.certificate',
         defaultMessage: 'Death Certificate',
@@ -116,7 +117,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
     },
     {
       id: 'death-certificate-certified-copy',
-      event: 'death',
+      event: Event.Death,
       label: {
         id: 'certificates.death.certificate.copy',
         defaultMessage: 'Death Certificate certified copy',
@@ -141,7 +142,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
     },
     {
       id: 'marriage-certificate',
-      event: 'marriage',
+      event: Event.Marriage,
       label: {
         id: 'certificates.marriage.certificate',
         defaultMessage: 'Marriage Certificate',
@@ -165,7 +166,7 @@ export async function certificateHandler(request: Request, h: ResponseToolkit) {
     },
     {
       id: 'marriage-certificate-certified-copy',
-      event: 'marriage',
+      event: Event.Marriage,
       label: {
         id: 'certificates.marriage.certificate.copy',
         defaultMessage: 'Marriage Certificate certified copy',

src/data-seeding/employees/source/default-employees.csv

@@ -1,12 +1,12 @@
-primaryOfficeId,givenNames,familyName,systemRole,role,mobile,username,email,password
-CRVS_OFFICE_JWMRGwDBXK,Kalusha,Bwalya,FIELD_AGENT,Social Worker,+260911111111,k.bwalya,[email protected],test
-CRVS_OFFICE_JWMRGwDBXK,Felix,Katongo,REGISTRATION_AGENT,Registration Agent,+260922222222,f.katongo,[email protected],test
-CRVS_OFFICE_JWMRGwDBXK,Kennedy,Mweene,LOCAL_REGISTRAR,Local Registrar,+260933333333,k.mweene,[email protected],test
-CRVS_OFFICE_JWMRGwDBXK,Emmanuel,Mayuka,LOCAL_SYSTEM_ADMIN,Local System Admin,+260921681112,e.mayuka,[email protected],test
-CRVS_OFFICE_2OKicPQMNI,Jonathan,Campbell,NATIONAL_SYSTEM_ADMIN,National System Admin,+260921111111,j.campbell,[email protected],test
-CRVS_OFFICE_okQp4uKCz0,Patrick,Gondwe,FIELD_AGENT,Local Leader,+260912121212,p.gondwe,[email protected],test
-CRVS_OFFICE_okQp4uKCz0,Joshua,Mutale,REGISTRATION_AGENT,Registration Agent,+260923232323,j.mutale,[email protected],test
-CRVS_OFFICE_okQp4uKCz0,Derrick,Bulaya,LOCAL_REGISTRAR,Local Registrar,+260934343434,d.bulaya,[email protected],test
-CRVS_OFFICE_okQp4uKCz0,Alex,Ngonga,LOCAL_SYSTEM_ADMIN,Local System Admin,+260978787878,a.ngonga,[email protected],test
-CRVS_OFFICE_2OKicPQMNI,Edgar,Kazembe,PERFORMANCE_MANAGEMENT,Performance Manager,+260977777777,e.kazembe,[email protected],test
-CRVS_OFFICE_2OKicPQMNI,Joseph,Musonda,NATIONAL_REGISTRAR,National Registrar,+260915151515,j.musonda,[email protected],test
+primaryOfficeId,givenNames,familyName,role,mobile,username,email,password
+CRVS_OFFICE_JWMRGwDBXK,Kalusha,Bwalya,SOCIAL_WORKER,+260911111111,k.bwalya,[email protected],test
+CRVS_OFFICE_JWMRGwDBXK,Felix,Katongo,REGISTRATION_AGENT,+260922222222,f.katongo,[email protected],test
+CRVS_OFFICE_JWMRGwDBXK,Kennedy,Mweene,LOCAL_REGISTRAR,+260933333333,k.mweene,[email protected],test
+CRVS_OFFICE_JWMRGwDBXK,Emmanuel,Mayuka,LOCAL_SYSTEM_ADMIN,+260921681112,e.mayuka,[email protected],test
+CRVS_OFFICE_2OKicPQMNI,Jonathan,Campbell,NATIONAL_SYSTEM_ADMIN,+260921111111,j.campbell,[email protected],test
+CRVS_OFFICE_okQp4uKCz0,Patrick,Gondwe,LOCAL_LEADER,+260912121212,p.gondwe,[email protected],test
+CRVS_OFFICE_okQp4uKCz0,Joshua,Mutale,REGISTRATION_AGENT,+260923232323,j.mutale,[email protected],test
+CRVS_OFFICE_okQp4uKCz0,Derrick,Bulaya,LOCAL_REGISTRAR,+260934343434,d.bulaya,[email protected],test
+CRVS_OFFICE_okQp4uKCz0,Alex,Ngonga,LOCAL_SYSTEM_ADMIN,+260978787878,a.ngonga,[email protected],test
+CRVS_OFFICE_2OKicPQMNI,Edgar,Kazembe,PERFORMANCE_MANAGER,+260977777777,e.kazembe,[email protected],test
+CRVS_OFFICE_2OKicPQMNI,Joseph,Musonda,NATIONAL_REGISTRAR,+260915151515,j.musonda,[email protected],test

src/data-seeding/roles/handler.ts

@@ -8,34 +8,18 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
-import { readCSVToJSON } from '@countryconfig/utils'
+import { PRODUCTION, QA_ENV } from '@countryconfig/constants'
+import { roles } from './roles'
 import { Request, ResponseToolkit } from '@hapi/hapi'
-import { RoleSchema, Role } from './validator'
 
 export async function rolesHandler(_: Request, h: ResponseToolkit) {
-  const rawRoles: unknown[] = await readCSVToJSON(
-    './src/data-seeding/roles/source/roles.csv'
-  )
-  const roles = RoleSchema.parse(rawRoles)
-    .map(({ systemRole, ...rest }) => {
+  if (!PRODUCTION || QA_ENV) {
+    return roles.map((role) => {
       return {
-        systemRole,
-        labels: Object.entries(rest).map(
-          ([key, value]: [Exclude<keyof Role, 'systemRole'>, string]) => ({
-            lang: key.split('_')[1],
-            label: value
-          })
-        )
+        ...role,
+        scopes: [...role.scopes, 'demo']
       }
     })
-    .reduce<
-      Record<string, Array<{ labels: Array<{ lang: string; label: string }> }>>
-    >((acc, role) => {
-      if (!acc[role.systemRole]) {
-        acc[role.systemRole] = []
-      }
-      acc[role.systemRole].push({ labels: role.labels })
-      return acc
-    }, {})
+  }
   return h.response(roles)
 }