Merge branch 'GREG-340-hide-id-from-alien-sponsor' into 'master'

GREG-340: Hide id info if sponsor should not have access See merge request !393

Merge branch 'GREG-340-hide-id-from-alien-sponsor' into 'master'
GREG-340: Hide id info if sponsor should not have access See merge request !393
0c46f4e0 · Marte Fossum · a35dde54 · 9fabbadc · 0c46f4e0 · 0c46f4e0
Commit 0c46f4e0 authored 2 years ago by Marte Fossum
--- a/frontend/src/components/identityLine/index.tsx
+++ b/frontend/src/components/identityLine/index.tsx
@@ -111,7 +111,7 @@ const IdentityLine = ({
        >
          <Box>
            {identity ? identity.value : ''}
-            {!identity.verified ? (
+            {!identity.verified && !identity.value.includes('*') && (
              <>
                <Button
                  aria-label={t('button.verify')}
@@ -139,7 +139,8 @@ const IdentityLine = ({
                  {getDialogText()}
                </ConfirmDialog>
              </>
-            ) : (
+            )}
+            {identity.verified && (
              <>
                <CheckIcon
                  sx={{

--- a/gregui/api/serializers/identity.py
+++ b/gregui/api/serializers/identity.py
@@ -4,7 +4,7 @@ from rest_framework import serializers
 from rest_framework import status
 from rest_framework.exceptions import APIException, ValidationError

-from greg.models import Identity
+from greg.models import Identity, Role
 from gregui.models import GregUserProfile


@@ -83,6 +83,7 @@ class IdentitySerializer(serializers.ModelSerializer):

 class PartialIdentitySerializer(serializers.ModelSerializer):
    verified_by = serializers.SerializerMethodField()
+    value = serializers.SerializerMethodField()

    class Meta:
        model = Identity
@@ -96,6 +97,42 @@ class PartialIdentitySerializer(serializers.ModelSerializer):
            "verified_at",
        ]

+    def _get_sponsor(self):
+        """
+        Fetch the sponsor doing the request
+        """
+        user = None
+        request = self.context.get("request")
+        if request and hasattr(request, "user"):
+            user = request.user
+        return GregUserProfile.objects.get(user=user).sponsor
+
+    def _can_see_identity(self, obj):
+        """
+        Check if the sponsor have access to the unit where the person has a role
+        """
+        sponsor = self._get_sponsor()
+        person_id = obj.person.id
+        value = Role.objects.filter(person=person_id).filter(
+            orgunit__in=sponsor.get_allowed_units()
+        )
+        if value:
+            return True
+        return False
+
+    def get_value(self, dictionary):
+        if self._can_see_identity(dictionary):
+            return dictionary.value
+
+        if dictionary.type == "norwegian_national_id_number":
+            dob = dictionary.value[:6]  # Date of birth
+            return dob + "*****"
+        if dictionary.type == "passport_number":
+            return "*" * len(dictionary.value)
+        raise ValueError(
+            "%s is not a supported identity type for serializer" % dictionary.type
+        )
+
    def get_verified_by(self, obj):
        sponsor = obj.verified_by
        return " ".join((sponsor.first_name, sponsor.last_name)) if sponsor else None