Fix guide access for observers (#868)

Author: idormenco

api/src/Feature.ObserverGuide/List/Endpoint.cs

@@ -238,45 +238,84 @@ private async Task<Results<Ok<Response>, NotFound>> ListObserverGuidesAsObserver
             	G."WebsiteUrl",
             	G."FilePath",
             	G."UploadedFileName",
-            	COALESCE(G."LastModifiedOn", G."CreatedOn") AS"CreatedOn",
-            	n."Name" AS "CreatedBy",
-            	EXISTS (
+            	G."CreatedOn",
+            	G."CreatedBy"
+            FROM
+            	(
             		SELECT
-            			1
+            			G."Id",
+            			G."Title",
+            			G."FileName",
+            			G."MimeType",
+            			G."GuideType",
+            			G."Text",
+            			G."WebsiteUrl",
+            		    G."FilePath",
+                        G."UploadedFileName",
+                        COALESCE(G."LastModifiedOn", G."CreatedOn") AS"CreatedOn",
+                        n."Name" AS "CreatedBy"
             		FROM
-            			"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            			"CoalitionGuideAccess" CGA
+            			INNER JOIN "Coalitions" C ON CGA."CoalitionId" = C."Id"
+            			INNER JOIN "ObserversGuides" G ON CGA."GuideId" = G."Id"
+            			INNER JOIN "MonitoringNgos" mn on g."MonitoringNgoId" = mn."Id"
+                        INNER JOIN "Ngos" n on n."Id" = mn."NgoId"
             		WHERE
-            			"MonitoringNgoId" = G."MonitoringNgoId"
-            	) AS "IsGuideOwner"
-            FROM
-            	"CoalitionGuideAccess" CGA
-            	INNER JOIN "Coalitions" C ON CGA."CoalitionId" = C."Id"
-            	INNER JOIN "ObserversGuides" G ON CGA."GuideId" = G."Id"
-                INNER JOIN "MonitoringNgos" mn on g."MonitoringNgoId" = mn."Id"
-                INNER JOIN "Ngos" n on n."Id" = mn."NgoId"
-            WHERE
-            	CGA."MonitoringNgoId" = (
+            			CGA."MonitoringNgoId" = (
+            				SELECT
+            					"MonitoringNgoId"
+            				FROM
+            					"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            			)
+                        AND g."IsDeleted" = false
+            			AND C."ElectionRoundId" = @electionRoundId
+            			AND (
+            				(
+            					SELECT
+            						"CoalitionId" IS NOT NULL
+            					FROM
+            						"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            				)
+            				OR (
+            					SELECT
+            						"IsCoalitionLeader"
+            					FROM
+            						"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            				)
+            			)
+            		UNION
             		SELECT
-            			"MonitoringNgoId"
+            			G."Id",
+            			G."Title",
+            			G."FileName",
+            			G."MimeType",
+            			G."GuideType",
+            			G."Text",
+            			G."WebsiteUrl",
+            			G."FilePath",
+                        G."UploadedFileName",
+                        COALESCE(G."LastModifiedOn", G."CreatedOn") AS"CreatedOn",
+                        n."Name" AS "CreatedBy"
             		FROM
-            			"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
-            	)
-            	AND C."ElectionRoundId" = @electionRoundId
-                AND g."IsDeleted" = false
-            	AND (
-            		(
-            			SELECT
-            				"CoalitionId" IS NOT NULL
-            			FROM
-            				"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
-            		)
-            		OR (
-            			SELECT
-            				"IsCoalitionLeader"
-            			FROM
-            				"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
-            		)
-            	)
+            			"ObserversGuides" G
+            			INNER JOIN "MonitoringNgos" MN ON G."MonitoringNgoId" = MN."Id"
+                        INNER JOIN "Ngos" n on n."Id" = mn."NgoId"
+            		WHERE
+            			MN."ElectionRoundId" = @electionRoundId
+            		    AND g."IsDeleted" = false
+            			AND G."MonitoringNgoId" = (
+            				SELECT
+            					"MonitoringNgoId"
+            				FROM
+            					"GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            			)
+            		 AND (
+            		    SELECT
+            			    "CoalitionId" IS  NULL
+            		    FROM
+            			    "GetMonitoringNgoDetails" (@electionRoundId, @ngoId)
+            	    )
+            	) G
             """;
 
         var queryArgs = new { electionRoundId, ngoId = ngo.NgoId };

api/tests/Vote.Monitor.Api.IntegrationTests/Features/Coalition/GuideAccessTests.cs

@@ -11,6 +11,30 @@ namespace Vote.Monitor.Api.IntegrationTests.Features.Coalition;
 
 public class GuideAccessTests : BaseApiTestFixture
 {
+    [Test]
+    public void ShouldGrantAccessToObservers_WhenNotInACoalition()
+    {
+        // Arrange
+        var scenarioData = ScenarioBuilder.New(CreateClient)
+            .WithNgo(ScenarioNgos.Alfa)
+            .WithNgo(ScenarioNgos.Beta)
+            .WithObserver(ScenarioObserver.Alice)
+            .WithObserver(ScenarioObserver.Bob)
+            .WithElectionRound(ScenarioElectionRound.A,
+                er => er
+                    .WithMonitoringNgo(ScenarioNgos.Alfa,
+                        alfa => alfa.WithMonitoringObserver(ScenarioObserver.Alice).WithGuide()))
+            .Please();
+
+        // Act
+        var aliceGuides = scenarioData
+            .ObserverByName(ScenarioObserver.Alice)
+            .GetResponse<ListGuidesResponse>($"/api/election-rounds/{scenarioData.ElectionRoundId}/observer-guide");
+
+        // Assert
+        aliceGuides.Guides.Should().NotBeEmpty();
+    }
+
     [Test]
     public void ShouldNotGrantGuideAccessForMonitoringObservers_WhenCreatingNewGuide()
     {