Consultants, FA, FPM can only execute their transitions if they're a member

The roles higher than them can execute without membership constraints

Author: CarsonF

src/components/authorization/policies/by-role/consultant-manager.policy.ts

@@ -1,4 +1,5 @@
 import { member, Policy, Role, sensMediumOrLower, sensOnlyLow } from '../util';
+import * as Consultant from './consultant.policy';
 
 // NOTE: There could be other permissions for this role from other policies
 @Policy(Role.ConsultantManager, (r) => [
@@ -40,6 +41,7 @@ import { member, Policy, Role, sensMediumOrLower, sensOnlyLow } from '../util';
       p.rootDirectory.whenAny(member, sensMediumOrLower).edit,
     ])
     .children((c) => [c.posts.edit]),
+  r.ProjectWorkflowEvent.transitions(...Consultant.projectTransitions).execute,
   [
     r.PeriodicReport,
     r.ProgressReportCommunityStory,

src/components/authorization/policies/by-role/consultant.policy.ts

@@ -1,5 +1,11 @@
+import { ProjectWorkflow } from '../../../project/workflow/project-workflow';
 import { member, Policy, Role } from '../util';
 
+export const projectTransitions = ProjectWorkflow.pickNames(
+  'Pending Consultant Endorsement -> Prep for Financial Endorsement With Consultant Endorsement',
+  'Pending Consultant Endorsement -> Prep for Financial Endorsement Without Consultant Endorsement',
+);
+
 // NOTE: There could be other permissions for this role from other policies
 @Policy([Role.Consultant, Role.ConsultantManager], (r) => [
   [
@@ -36,9 +42,9 @@ import { member, Policy, Role } from '../util';
   r.Project.when(member).specifically((p) => p.rootDirectory.edit),
   r.Unavailability.read,
   r.User.read.create,
-  r.ProjectWorkflowEvent.read.transitions(
-    'Pending Consultant Endorsement -> Prep for Financial Endorsement With Consultant Endorsement',
-    'Pending Consultant Endorsement -> Prep for Financial Endorsement Without Consultant Endorsement',
+  r.ProjectWorkflowEvent.read.whenAll(
+    member,
+    r.ProjectWorkflowEvent.isTransitions(...projectTransitions),
   ).execute,
 ])
 export class ConsultantPolicy {}

src/components/authorization/policies/by-role/financial-analyst-lead.policy.ts

@@ -1,4 +1,5 @@
 import { member, Policy, Role, sensMediumOrLower } from '../util';
+import * as FA from './financial-analyst.policy';
 
 // NOTE: There could be other permissions for this role from other policies
 @Policy([Role.LeadFinancialAnalyst, Role.Controller], (r) => [
@@ -35,6 +36,7 @@ import { member, Policy, Role, sensMediumOrLower } from '../util';
       'financialReportReceivedAt',
     ).edit,
   ]),
+  r.ProjectWorkflowEvent.transitions(...FA.projectTransitions).execute,
   r.ProjectMember.edit.create.delete,
 ])
 export class FinancialAnalystLeadPolicy {}

src/components/authorization/policies/by-role/financial-analyst.policy.ts

@@ -1,3 +1,4 @@
+import { ProjectWorkflow } from '../../../project/workflow/project-workflow';
 import {
   inherit,
   member,
@@ -7,6 +8,13 @@ import {
   sensOnlyLow,
 } from '../util';
 
+export const projectTransitions = ProjectWorkflow.pickNames(
+  'Pending Financial Endorsement -> Finalizing Proposal With Financial Endorsement',
+  'Pending Financial Endorsement -> Finalizing Proposal Without Financial Endorsement',
+  'Finalizing Completion -> Back To Active',
+  'Finalizing Completion -> Completed',
+);
+
 // NOTE: There could be other permissions for this role from other policies
 @Policy(
   [Role.FinancialAnalyst, Role.LeadFinancialAnalyst, Role.Controller],
@@ -61,11 +69,9 @@ import {
       ])
       .children((c) => c.posts.edit),
     r.ProjectMember.read.when(member).edit.create.delete,
-    r.ProjectWorkflowEvent.read.transitions(
-      'Pending Financial Endorsement -> Finalizing Proposal With Financial Endorsement',
-      'Pending Financial Endorsement -> Finalizing Proposal Without Financial Endorsement',
-      'Finalizing Completion -> Back To Active',
-      'Finalizing Completion -> Completed',
+    r.ProjectWorkflowEvent.read.whenAll(
+      member,
+      r.ProjectWorkflowEvent.isTransitions(...projectTransitions),
     ).execute,
     r.PeriodicReport.read.when(member).edit,
     r.StepProgress.read,

src/components/authorization/policies/by-role/project-manager.policy.ts

@@ -1,5 +1,6 @@
 import { takeWhile } from 'lodash';
 import { ProjectStep } from '../../../project/dto';
+import { ProjectWorkflow } from '../../../project/workflow/project-workflow';
 import {
   action,
   field,
@@ -18,6 +19,39 @@ const stepsUntilFinancialEndorsement = takeWhile(
   (s) => s !== ProjectStep.PendingFinancialEndorsement,
 );
 
+export const projectTransitions = ProjectWorkflow.pickNames([
+  'Early Conversations -> Pending Regional Director Approval',
+  'Early Conversations -> Pending Concept Approval',
+  'Early Conversations -> Did Not Develop',
+  'Prep for Consultant Endorsement -> Pending Consultant Endorsement',
+  'Prep for Consultant & Financial Endorsement & Finalizing Proposal -> Pending Concept Approval',
+  'Prep for Consultant & Financial Endorsement & Finalizing Proposal -> Did Not Develop',
+  'Pending Consultant Endorsement -> Prep for Financial Endorsement With Consultant Endorsement',
+  'Pending Consultant Endorsement -> Prep for Financial Endorsement Without Consultant Endorsement',
+  'Prep for Financial Endorsement -> Pending Financial Endorsement',
+  'Prep for Financial Endorsement & Finalizing Proposal -> Pending Consultant Endorsement',
+  'Finalizing Proposal -> Pending Regional Director Approval',
+  'Finalizing Proposal -> Pending Financial Endorsement',
+  'Active -> Discussing Change To Plan',
+  'Active -> Discussing Termination',
+  'Active -> Finalizing Completion',
+  'Discussing Change To Plan -> Pending Change To Plan Approval',
+  'Discussing Change To Plan -> Discussing Suspension',
+  'Discussing Change To Plan -> Back To Active',
+  'Pending Change To Plan Approval -> Discussing Change To Plan',
+  'Pending Change To Plan Approval -> Pending Change To Plan Confirmation',
+  'Pending Change To Plan Approval -> Back To Active',
+  'Discussing Suspension -> Pending Suspension Approval',
+  'Discussing Suspension -> Back To Active',
+  'Suspended -> Discussing Reactivation',
+  'Suspended & Discussing Reactivation -> Discussing Termination',
+  'Discussing Reactivation -> Pending Reactivation Approval',
+  'Discussing Termination -> Pending Termination Approval',
+  'Discussing Termination -> Back To Most Recent',
+  'Finalizing Completion -> Back To Active',
+  'Finalizing Completion -> Completed',
+]);
+
 // NOTE: There could be other permissions for this role from other policies
 @Policy(
   [Role.ProjectManager, Role.RegionalDirector, Role.FieldOperationsDirector],
@@ -93,37 +127,9 @@ const stepsUntilFinancialEndorsement = takeWhile(
       'Review Reject',
       'Review Approve',
     ).execute,
-    r.ProjectWorkflowEvent.read.transitions(
-      'Early Conversations -> Pending Regional Director Approval',
-      'Early Conversations -> Pending Concept Approval',
-      'Early Conversations -> Did Not Develop',
-      'Prep for Consultant Endorsement -> Pending Consultant Endorsement',
-      'Prep for Consultant & Financial Endorsement & Finalizing Proposal -> Pending Concept Approval',
-      'Prep for Consultant & Financial Endorsement & Finalizing Proposal -> Did Not Develop',
-      'Pending Consultant Endorsement -> Prep for Financial Endorsement With Consultant Endorsement',
-      'Pending Consultant Endorsement -> Prep for Financial Endorsement Without Consultant Endorsement',
-      'Prep for Financial Endorsement -> Pending Financial Endorsement',
-      'Prep for Financial Endorsement & Finalizing Proposal -> Pending Consultant Endorsement',
-      'Finalizing Proposal -> Pending Regional Director Approval',
-      'Finalizing Proposal -> Pending Financial Endorsement',
-      'Active -> Discussing Change To Plan',
-      'Active -> Discussing Termination',
-      'Active -> Finalizing Completion',
-      'Discussing Change To Plan -> Pending Change To Plan Approval',
-      'Discussing Change To Plan -> Discussing Suspension',
-      'Discussing Change To Plan -> Back To Active',
-      'Pending Change To Plan Approval -> Discussing Change To Plan',
-      'Pending Change To Plan Approval -> Pending Change To Plan Confirmation',
-      'Pending Change To Plan Approval -> Back To Active',
-      'Discussing Suspension -> Pending Suspension Approval',
-      'Discussing Suspension -> Back To Active',
-      'Suspended -> Discussing Reactivation',
-      'Suspended & Discussing Reactivation -> Discussing Termination',
-      'Discussing Reactivation -> Pending Reactivation Approval',
-      'Discussing Termination -> Pending Termination Approval',
-      'Discussing Termination -> Back To Most Recent',
-      'Finalizing Completion -> Back To Active',
-      'Finalizing Completion -> Completed',
+    r.ProjectWorkflowEvent.read.whenAll(
+      member,
+      r.ProjectWorkflowEvent.isTransitions(...projectTransitions),
     ).execute,
     r.Project.read.create
       .when(member)

src/components/authorization/policies/by-role/regional-director.policy.ts

@@ -1,4 +1,5 @@
 import { member, Policy, Role, sensMediumOrLower } from '../util';
+import * as PM from './project-manager.policy';
 
 // NOTE: There could be other permissions for this role from other policies
 @Policy([Role.RegionalDirector, Role.FieldOperationsDirector], (r) => [
@@ -8,6 +9,7 @@ import { member, Policy, Role, sensMediumOrLower } from '../util';
   r.Project.when(member).edit.specifically(
     (p) => p.rootDirectory.edit.when(sensMediumOrLower).read,
   ),
+  r.ProjectWorkflowEvent.transitions(...PM.projectTransitions).execute,
   r.ProjectWorkflowEvent.read.transitions(
     'Early Conversations -> Pending Finance Confirmation',
     'Pending Concept Approval -> Prep for Consultant Endorsement',

src/components/authorization/policies/index.ts

@@ -1,19 +1,19 @@
 export * from './by-role/administrator.policy';
-export * from './by-role/consultant.policy';
+export { ConsultantPolicy } from './by-role/consultant.policy';
 export * from './by-role/consultant-manager.policy';
 export * from './by-role/controller.policy';
 export * from './by-role/experience-operations.policy';
 export * from './by-role/field-operations-director.policy';
 export * from './by-role/field-partner.policy';
-export * from './by-role/financial-analyst.policy';
+export { FinancialAnalystPolicy } from './by-role/financial-analyst.policy';
 export * from './by-role/financial-analyst-lead.policy';
 export * from './by-role/fundraising.policy';
 export * from './by-role/intern.policy';
 export * from './by-role/investor-common.policy';
 export * from './by-role/leadership.policy';
 export * from './by-role/marketing.policy';
 export * from './by-role/mentor.policy';
-export * from './by-role/project-manager.policy';
+export { ProjectManagerPolicy } from './by-role/project-manager.policy';
 export * from './by-role/regional-director.policy';
 export * from './by-role/staff-member.policy';
 export * from './by-role/translator.policy';

src/components/workflow/define-workflow.ts

@@ -4,6 +4,7 @@ import {
   EnumType,
   ID,
   MadeEnum,
+  Many,
   maybeMany,
   NotFoundException,
   ResourceShape,
@@ -79,6 +80,9 @@ export const defineWorkflow =
         }
         return transition;
       },
+      pickNames: <Names extends TransitionNames>(
+        ...transitions: Array<Many<Names>>
+      ) => setOf(transitions.flat() as Names[]),
       // type-only props
       event: undefined as any,
       state: undefined as any,
@@ -129,4 +133,7 @@ export interface Workflow<
   /** type only */
   readonly resolvedTransition: Omit<Transition, 'to'> & { to: State };
   readonly transitionByKey: (key: ID) => Transition;
+  readonly pickNames: <Names extends TransitionNames>(
+    ...keys: Array<Many<Names>>
+  ) => ReadonlySet<Names>;
 }