Merge branch 'main' into j-s/select-indictment-reviewer

.envrc

@@ -19,4 +19,6 @@ fi
 
 # Podman compatibility
 # NOTE: Exits direnv if user is using docker.
-source_env_if_exists .env.podman
+source_env_if_exists .envrc.podman
+
+source_env_if_exists .envrc.kube

.envrc.kube

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -euo pipefail
+
+for c in kubectx kubectl aws; do
+  if ! command -v "$c" >/dev/null; then
+    echo "$c not installed"
+    return
+  fi
+done
+
+set-kubectx() {
+  : "${AWS_PROFILE:=}"
+  if kubectx | grep -q "${AWS_PROFILE##islandis-}"; then
+    return
+  fi
+  echo "Setting kube context..." >&2
+  AWS_ACCOUNT_ID="$(aws sts get-caller-identity | jq -r '.Account')"
+  kubectx "$(kubectx | grep "${AWS_ACCOUNT_ID}")"
+  CLUSTER="$(kubectl config current-context | sed 's/.*\///')"
+  export CLUSTER
+}
+
+set-kubectx

.env.podman → .envrc.podman

@@ -6,15 +6,15 @@ set -euo pipefail
 if [[ -n "${DOCKER_HOST:-}" ]] ||
   command -v docker >/dev/null &&
   ! (docker --version | grep -i podman); then
-  exit 0
+  return 0
 fi
 
 echo "🐳 Using podman"
 
 SOCKET_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
 if [[ -S /run/podman/podman.sock ]]; then
   SOCKET_DIR="/run/podman"
-  exit 0
+  return 0
 fi
 
 export DOCKER_HOST=unix://$SOCKET_DIR/podman/podman.sock

.gitignore

@@ -29,8 +29,7 @@ TODO
 *.todo
 .env
 .env.*
-!.env.podman
-.envrc.*
+.envrc.private
 .nvmrc
 .node-version
 # IDE - VSCode

apps/judicial-system/api/src/app/modules/auth/auth.controller.ts

@@ -256,16 +256,16 @@ export class AuthController {
             ? PRISON_CASES_ROUTE
             : CASES_ROUTE,
       }
-    } else {
-      const defender = await this.authService.findDefender(authUser.nationalId)
-
-      if (defender) {
-        return {
-          userId: defender.id,
-          userNationalId: defender.nationalId,
-          jwtToken: this.sharedAuthService.signJwt(defender, csrfToken),
-          redirectRoute: requestedRedirectRoute ?? DEFENDER_CASES_ROUTE,
-        }
+    }
+
+    const defender = await this.authService.findDefender(authUser.nationalId)
+
+    if (defender) {
+      return {
+        userId: defender.id,
+        userNationalId: defender.nationalId,
+        jwtToken: this.sharedAuthService.signJwt(defender, csrfToken),
+        redirectRoute: requestedRedirectRoute ?? DEFENDER_CASES_ROUTE,
       }
     }
 

apps/judicial-system/backend/migrations/20241015105921-update-notification.js

@@ -0,0 +1,70 @@
+'use strict'
+const replaceEnum = require('sequelize-replace-enum-postgres').default
+
+module.exports = {
+  up: (queryInterface) => {
+    // replaceEnum does not support transactions
+    return replaceEnum({
+      queryInterface,
+      tableName: 'notification',
+      columnName: 'type',
+      newValues: [
+        'HEADS_UP',
+        'READY_FOR_COURT',
+        'RECEIVED_BY_COURT',
+        'COURT_DATE',
+        'RULING',
+        'MODIFIED',
+        'REVOKED',
+        'DEFENDER_ASSIGNED',
+        'ADVOCATE_ASSIGNED',
+        'DEFENDANTS_NOT_UPDATED_AT_COURT',
+        'APPEAL_TO_COURT_OF_APPEALS',
+        'APPEAL_RECEIVED_BY_COURT',
+        'APPEAL_STATEMENT',
+        'APPEAL_COMPLETED',
+        'APPEAL_JUDGES_ASSIGNED',
+        'APPEAL_CASE_FILES_UPDATED',
+        'APPEAL_WITHDRAWN',
+        'INDICTMENT_DENIED',
+        'INDICTMENT_RETURNED',
+        'INDICTMENTS_WAITING_FOR_CONFIRMATION',
+        'SERVICE_SUCCESSFUL', // New value
+        'SERVICE_FAILED', // New value
+        'DEFENDANT_SELECTED_DEFENDER', // New value
+      ],
+      enumName: 'enum_notification_type',
+    })
+  },
+
+  down: (queryInterface) => {
+    // replaceEnum does not support transactions
+    return replaceEnum({
+      queryInterface,
+      tableName: 'notification',
+      columnName: 'type',
+      newValues: [
+        'HEADS_UP',
+        'READY_FOR_COURT',
+        'RECEIVED_BY_COURT',
+        'COURT_DATE',
+        'RULING',
+        'MODIFIED',
+        'REVOKED',
+        'DEFENDER_ASSIGNED',
+        'DEFENDANTS_NOT_UPDATED_AT_COURT',
+        'APPEAL_TO_COURT_OF_APPEALS',
+        'APPEAL_RECEIVED_BY_COURT',
+        'APPEAL_STATEMENT',
+        'APPEAL_COMPLETED',
+        'APPEAL_JUDGES_ASSIGNED',
+        'APPEAL_CASE_FILES_UPDATED',
+        'APPEAL_WITHDRAWN',
+        'INDICTMENT_DENIED',
+        'INDICTMENT_RETURNED',
+        'INDICTMENTS_WAITING_FOR_CONFIRMATION',
+      ],
+      enumName: 'enum_notification_type',
+    })
+  },
+}

apps/judicial-system/backend/src/app/modules/case/filters/case.filter.ts

@@ -1,5 +1,4 @@
 import { normalizeAndFormatNationalId } from '@island.is/judicial-system/formatters'
-import type { User } from '@island.is/judicial-system/types'
 import {
   CaseAppealState,
   CaseDecision,
@@ -20,16 +19,18 @@ import {
   isRequestCase,
   isRestrictionCase,
   RequestSharedWithDefender,
+  type User,
   UserRole,
 } from '@island.is/judicial-system/types'
 
+import { CivilClaimant, Defendant } from '../../defendant'
 import { Case } from '../models/case.model'
 import { DateLog } from '../models/dateLog.model'
 
 const canProsecutionUserAccessCase = (
   theCase: Case,
   user: User,
-  forUpdate = true,
+  forUpdate: boolean,
 ): boolean => {
   // Check case type access
   if (user.role !== UserRole.PROSECUTOR && !isIndictmentCase(theCase.type)) {
@@ -196,7 +197,7 @@ const canAppealsCourtUserAccessCase = (theCase: Case): boolean => {
 
 const canPrisonStaffUserAccessCase = (
   theCase: Case,
-  forUpdate = true,
+  forUpdate: boolean,
 ): boolean => {
   // Prison staff users cannot update cases
   if (forUpdate) {
@@ -234,7 +235,7 @@ const canPrisonStaffUserAccessCase = (
 
 const canPrisonAdminUserAccessCase = (
   theCase: Case,
-  forUpdate = true,
+  forUpdate: boolean,
 ): boolean => {
   // Prison admin users cannot update cases
   if (forUpdate) {
@@ -306,29 +307,27 @@ const canPrisonAdminUserAccessCase = (
   return true
 }
 
-const canDefenceUserAccessCase = (theCase: Case, user: User): boolean => {
+const canDefenceUserAccessRequestCase = (
+  theCase: Case,
+  user: User,
+): boolean => {
   // Check case state access
   if (
     ![
       CaseState.SUBMITTED,
-      CaseState.WAITING_FOR_CANCELLATION,
       CaseState.RECEIVED,
       CaseState.ACCEPTED,
       CaseState.REJECTED,
       CaseState.DISMISSED,
-      CaseState.COMPLETED,
     ].includes(theCase.state)
   ) {
     return false
   }
 
-  const arraignmentDate = DateLog.arraignmentDate(theCase.dateLogs)
-
   // Check submitted case access
   const canDefenderAccessSubmittedCase =
-    isRequestCase(theCase.type) &&
     theCase.requestSharedWithDefender ===
-      RequestSharedWithDefender.READY_FOR_COURT
+    RequestSharedWithDefender.READY_FOR_COURT
 
   if (
     theCase.state === CaseState.SUBMITTED &&
@@ -338,50 +337,94 @@ const canDefenceUserAccessCase = (theCase: Case, user: User): boolean => {
   }
 
   // Check received case access
-  if (theCase.state === CaseState.RECEIVED) {
-    const canDefenderAccessReceivedCase =
-      isIndictmentCase(theCase.type) ||
-      canDefenderAccessSubmittedCase ||
-      Boolean(arraignmentDate)
+  const canDefenderAccessReceivedCase =
+    canDefenderAccessSubmittedCase ||
+    Boolean(DateLog.arraignmentDate(theCase.dateLogs))
 
-    if (!canDefenderAccessReceivedCase) {
-      return false
-    }
+  if (theCase.state === CaseState.RECEIVED && !canDefenderAccessReceivedCase) {
+    return false
   }
 
   const normalizedAndFormattedNationalId = normalizeAndFormatNationalId(
     user.nationalId,
   )
 
-  // Check case defender access
+  // Check case defender assignment
+  if (
+    theCase.defenderNationalId &&
+    normalizedAndFormattedNationalId.includes(theCase.defenderNationalId)
+  ) {
+    return true
+  }
+
+  return false
+}
+
+const canDefenceUserAccessIndictmentCase = (
+  theCase: Case,
+  user: User,
+  forUpdate: boolean,
+): boolean => {
+  // Check case state access
+  if (
+    ![
+      CaseState.WAITING_FOR_CANCELLATION,
+      CaseState.RECEIVED,
+      CaseState.COMPLETED,
+    ].includes(theCase.state)
+  ) {
+    return false
+  }
+
+  // Check received case access
+  const canDefenderAccessReceivedCase = Boolean(
+    DateLog.arraignmentDate(theCase.dateLogs),
+  )
+
+  if (theCase.state === CaseState.RECEIVED && !canDefenderAccessReceivedCase) {
+    return false
+  }
+
+  // Check case defender assignment
+  if (Defendant.isDefenderOfDefendant(user.nationalId, theCase.defendants)) {
+    return true
+  }
+
+  // Check case spokesperson assignment
+  if (
+    CivilClaimant.isSpokespersonOfCivilClaimant(
+      user.nationalId,
+      theCase.civilClaimants,
+    ) &&
+    !forUpdate
+  ) {
+    return true
+  }
+
+  return false
+}
+
+const canDefenceUserAccessCase = (
+  theCase: Case,
+  user: User,
+  forUpdate: boolean,
+): boolean => {
+  if (isRequestCase(theCase.type)) {
+    return canDefenceUserAccessRequestCase(theCase, user)
+  }
+
   if (isIndictmentCase(theCase.type)) {
-    if (
-      !theCase.defendants?.some(
-        (defendant) =>
-          defendant.defenderNationalId &&
-          normalizedAndFormattedNationalId.includes(
-            defendant.defenderNationalId,
-          ),
-      )
-    ) {
-      return false
-    }
-  } else {
-    if (
-      !theCase.defenderNationalId ||
-      !normalizedAndFormattedNationalId.includes(theCase.defenderNationalId)
-    ) {
-      return false
-    }
+    return canDefenceUserAccessIndictmentCase(theCase, user, forUpdate)
   }
 
-  return true
+  // Other cases are not accessible to defence users
+  return false
 }
 
 export const canUserAccessCase = (
   theCase: Case,
   user: User,
-  forUpdate = true,
+  forUpdate: boolean,
 ): boolean => {
   if (isProsecutionUser(user)) {
     return canProsecutionUserAccessCase(theCase, user, forUpdate)
@@ -404,7 +447,7 @@ export const canUserAccessCase = (
   }
 
   if (isDefenceUser(user)) {
-    return canDefenceUserAccessCase(theCase, user)
+    return canDefenceUserAccessCase(theCase, user, forUpdate)
   }
 
   if (isPublicProsecutorUser(user)) {