Prevent saving roles and facilities for site admins ghosting into orgs (

#7969) * Clear roles and facilities in DB for site admins * Only save role and facility info for non site admin users * Address code smell
CDCgov · Jul 31, 2024 · cd6855d · cd6855d
1 parent 274169b
commit cd6855d
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java
@@ -583,7 +583,7 @@ public UserInfo getCurrentUserInfoForWhoAmI() {
     ApiUser currentUser = getCurrentApiUser();
     Optional<OrganizationRoles> currentOrgRoles = _orgService.getCurrentOrganizationRoles();
     boolean isAdmin = _authService.isSiteAdmin();
-    if (!_featureFlagsConfig.isOktaMigrationEnabled() && currentOrgRoles.isPresent()) {
+    if (!_featureFlagsConfig.isOktaMigrationEnabled() && currentOrgRoles.isPresent() && !isAdmin) {
       setRolesAndFacilities(currentOrgRoles.get(), currentUser);
     }
     return new UserInfo(currentUser, currentOrgRoles, isAdmin);
@@ -703,7 +703,7 @@ private UserInfo consolidateUser(
       ApiUser apiUser,
       Optional<OrganizationRoleClaims> optClaims,
       UserStatus userStatus,
-      Boolean isSiteAdmin) {
+      boolean isSiteAdmin) {
 
     OrganizationRoleClaims claims = optClaims.orElseThrow(UnidentifiedUserException::new);
 
@@ -723,7 +723,7 @@ private UserInfo consolidateUser(
 
     OrganizationRoles orgRoles =
         new OrganizationRoles(org, accessibleFacilities, claims.getGrantedRoles());
-    if (!_featureFlagsConfig.isOktaMigrationEnabled()) {
+    if (!_featureFlagsConfig.isOktaMigrationEnabled() && !isSiteAdmin) {
       setRolesAndFacilities(orgRoles, apiUser);
     }
     return new UserInfo(apiUser, Optional.of(orgRoles), isSiteAdmin, userStatus);