improved messaging, fix url issue

Author: ssundahlTTD

package-lock.json

@@ -255,6 +255,11 @@
       "minimatch": "3.1.2"
     },
     "qs": "6.14.1",
-    "@isaacs/brace-expansion": "^5.0.1"
+    "@isaacs/brace-expansion": "^5.0.1",
+    "workbox-webpack-plugin": {
+      "webpack-sources": "2.3.1"
+    },
+    "@jest/schemas": "29.6.3",
+    "eslint-visitor-keys": "4.2.0"
   }
 }

package.json

@@ -0,0 +1,7 @@
+export const isUid2Engineer = (email: string) =>
+  email.toLowerCase().endsWith('@unifiedid.com');
+
+export const isUid2Internal = (email: string) => {
+  const lower = email.toLowerCase();
+  return lower.endsWith('@unifiedid.com') || lower.endsWith('@thetradedesk.com');
+};

src/api/helpers/internalEmailHelpers.ts

@@ -8,8 +8,6 @@ export const uid2SupportRole = 'prod-uid2.0-support';
 export const developerRole = 'developer';
 export const developerElevatedRole = 'developer-elevated';
 
-export const isUid2InternalEmail = (email: string) => email.toLowerCase().includes('@unifiedid.com');
-
 // assign super user if user is developer-elevated in okta
 export const isSuperUser = (req: Request) => {
   const oktaGroups = (req.auth?.payload?.groups as string[] | undefined) ?? [];
@@ -30,7 +28,11 @@ export const isSuperUserCheck: Handler = async (req: ParticipantRequest, res, ne
 // assign uid2 support if user has prod-uid2.0-support in Microsoft Entra ID
 export const isUid2Support = async (req: Request) => {
   const authGroups = (req.auth?.payload?.groups as string[] | undefined) ?? [];
-  if (isSuperUser(req) || authGroups.includes(developerRole) || authGroups.includes(uid2SupportRole)) {
+  if (
+    isSuperUser(req) ||
+    authGroups.includes(developerRole) ||
+    authGroups.includes(uid2SupportRole)
+  ) {
     return true;
   }
 
@@ -57,8 +59,7 @@ export const isAdminOrUid2SupportCheck: Handler = async (req: ParticipantRequest
   const user = await findUserByEmail(userEmail);
   const userParticipant = user?.participants?.find((item) => item.id === participant?.id);
   const userIsAdminOrUid2Support =
-    userParticipant?.currentUserRoleIds?.includes(UserRoleId.Admin) ||
-    (await isUid2Support(req));
+    userParticipant?.currentUserRoleIds?.includes(UserRoleId.Admin) || (await isUid2Support(req));
   if (!userIsAdminOrUid2Support) {
     return res.status(403).json({
       message: 'Unauthorized. You do not have the necessary permissions.',

src/api/middleware/userRoleMiddleware.ts

@@ -2,14 +2,15 @@ import { NextFunction, Request, Response } from 'express';
 import { z } from 'zod';
 
 import { User, UserJobFunction } from '../entities/User';
+import { isUid2Engineer } from '../helpers/internalEmailHelpers';
 import { getLoggers, getTraceId, TraceId } from '../helpers/loggingHelpers';
 import { getAllParticipants, UserParticipantRequest } from '../services/participantsService';
 import { findUserByEmail, UserRequest } from '../services/usersService';
-import { isSuperUser, isUid2InternalEmail, isUid2Support } from './userRoleMiddleware';
+import { isSuperUser, isUid2Support } from './userRoleMiddleware';
 
 type UserWithSupportRoles = User & { isUid2Support: boolean; isSuperUser: boolean };
 
-const createUid2InternalUser = async (
+const createUid2EngineerUser = async (
   email: string,
   firstName: string,
   lastName: string
@@ -19,7 +20,7 @@ const createUid2InternalUser = async (
     firstName,
     lastName,
     jobFunction: UserJobFunction.Engineering,
-    acceptedTerms: true,
+    acceptedTerms: false,
   });
 };
 
@@ -61,10 +62,10 @@ export const enrichCurrentUser = async (req: UserRequest, res: Response, next: N
   const userEmail = req.auth?.payload?.email as string;
   let user = await findUserByEmail(userEmail);
 
-  if (!user && isUid2InternalEmail(userEmail)) {
+  if (!user && isUid2Engineer(userEmail)) {
     const firstName = req.auth?.payload?.given_name as string;
     const lastName = req.auth?.payload?.family_name as string;
-    await createUid2InternalUser(userEmail, firstName, lastName);
+    await createUid2EngineerUser(userEmail, firstName, lastName);
     user = await findUserByEmail(userEmail);
   }
 

src/api/middleware/usersMiddleware.ts

@@ -5,6 +5,7 @@ import { User, UserDTO } from '../entities/User';
 import { UserRole, UserRoleDTO } from '../entities/UserRole';
 import { UserToParticipantRole } from '../entities/UserToParticipantRole';
 import { SSP_WEB_BASE_URL } from '../envars';
+import { isUid2Internal } from '../helpers/internalEmailHelpers';
 import { TraceId } from '../helpers/loggingHelpers';
 import { getKcAdminClient } from '../keycloakAdminClient';
 import { createEmailService } from './emailService';
@@ -151,7 +152,9 @@ export const createAndInviteKeycloakUser = async (
   const newUser = await createNewUser(kcAdminClient, firstName, lastName, email);
   await assignApiParticipantMemberRole(kcAdminClient, email);
 
-  await sendInviteEmailToNewUser(kcAdminClient, newUser);
+  if (!isUid2Internal(email)) {
+    await sendInviteEmailToNewUser(kcAdminClient, newUser);
+  }
 };
 
 const addAndInviteUserToParticipant = async (
@@ -165,7 +168,9 @@ const addAndInviteUserToParticipant = async (
     participantId: participant.id,
     userRoleId,
   });
-  sendInviteEmailToExistingUser(participant.name, existingUser, traceId);
+  if (!isUid2Internal(existingUser.email)) {
+    sendInviteEmailToExistingUser(participant.name, existingUser, traceId);
+  }
 };
 
 const createUserInPortal = async (

src/api/services/usersService.ts

@@ -42,7 +42,7 @@ function SharingPermissionCard({
       ) : (
         <div className='no-sharing-permissions-banner'>
           <Banner
-            message='You do not have access to this feature. To get access, please contact Support.'
+            message='Use of sharing requires an API key or client-side key pair.  Please reach out to our support team for assistance.'
             type='Info'
             fitContent
           />

src/web/components/Home/SharingPermissionCard.tsx

@@ -2,6 +2,7 @@ import clsx from 'clsx';
 import log from 'loglevel';
 import { useCallback, useContext, useState } from 'react';
 
+import { isUid2Internal } from '../../../api/helpers/internalEmailHelpers';
 import { UserWithParticipantRoles } from '../../../api/services/usersService';
 import { ParticipantContext } from '../../contexts/ParticipantProvider';
 import { UpdateTeamMemberForm } from '../../services/userAccount';
@@ -134,7 +135,7 @@ function TeamMember({
         <td className='action'>
           <div className='action-cell' data-testid='action-cell'>
             {!!errorMessage && <InlineMessage message={errorMessage} type='Error' />}
-            {person.acceptedTerms || (
+            {!person.acceptedTerms && !isUid2Internal(person.email) && (
               <button
                 type='button'
                 className={clsx('invite-button', {

src/web/components/TeamMember/TeamMember.tsx

@@ -25,16 +25,7 @@ export const extractLocationFromPath = (path: string) => {
   return match ? match[1] : path.replace(/^\/?:?participantId\/?/, '');
 };
 
-const PARTICIPANT_PATH_REGEX = /^\/?participant\/[^/]+\/?(.*)$/;
-
 export function getPathWithParticipant(path: string, participantId: string | number | undefined) {
-  if (participantId === undefined || participantId === null) {
-    return path;
-  }
-  const match = PARTICIPANT_PATH_REGEX.exec(path);
-  if (!match) {
-    return path;
-  }
-  const location = (match[1] ?? '').replace(/^\//, '');
+  const location = extractLocationFromPath(path).replace(/^\//, '');
   return `/participant/${participantId}/${location}`;
 }