From cd6855dd052fbdb966ae526fac2fa56b40e2185d Mon Sep 17 00:00:00 2001 From: elisa lee Date: Wed, 31 Jul 2024 10:00:52 -0500 Subject: [PATCH] Prevent saving roles and facilities for site admins ghosting into orgs (#7969) * Clear roles and facilities in DB for site admins * Only save role and facility info for non site admin users * Address code smell --- .../gov/cdc/usds/simplereport/service/ApiUserService.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java index 5e3753f771..84a7e80407 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java @@ -583,7 +583,7 @@ public UserInfo getCurrentUserInfoForWhoAmI() { ApiUser currentUser = getCurrentApiUser(); Optional currentOrgRoles = _orgService.getCurrentOrganizationRoles(); boolean isAdmin = _authService.isSiteAdmin(); - if (!_featureFlagsConfig.isOktaMigrationEnabled() && currentOrgRoles.isPresent()) { + if (!_featureFlagsConfig.isOktaMigrationEnabled() && currentOrgRoles.isPresent() && !isAdmin) { setRolesAndFacilities(currentOrgRoles.get(), currentUser); } return new UserInfo(currentUser, currentOrgRoles, isAdmin); @@ -703,7 +703,7 @@ private UserInfo consolidateUser( ApiUser apiUser, Optional optClaims, UserStatus userStatus, - Boolean isSiteAdmin) { + boolean isSiteAdmin) { OrganizationRoleClaims claims = optClaims.orElseThrow(UnidentifiedUserException::new); @@ -723,7 +723,7 @@ private UserInfo consolidateUser( OrganizationRoles orgRoles = new OrganizationRoles(org, accessibleFacilities, claims.getGrantedRoles()); - if (!_featureFlagsConfig.isOktaMigrationEnabled()) { + if (!_featureFlagsConfig.isOktaMigrationEnabled() && !isSiteAdmin) { setRolesAndFacilities(orgRoles, apiUser); } return new UserInfo(apiUser, Optional.of(orgRoles), isSiteAdmin, userStatus);