Anthony/added permission changes for default permissions of user

src/models/userPermissionChangeLog.js

@@ -4,7 +4,6 @@ const { Schema } = mongoose;
 
 const User = require('./userProfile');
 
-
 const UserPermissionChangeLog = new Schema({
   logDateTime: { type: String, required: true },
   userId: {
@@ -14,10 +13,16 @@ const UserPermissionChangeLog = new Schema({
   },
   individualName: { type: String },
   permissions: { type: [String], required: true },
+  removedRolePermissions: { type: [String], default: [] },
   permissionsAdded: { type: [String], default: [] },
   permissionsRemoved: { type: [String], default: [] },
   requestorRole: { type: String },
   requestorEmail: { type: String, required: true },
+  reason: { type: String, default: '' },
 });
 
-module.exports = mongoose.model('UserPermissionChangeLog', UserPermissionChangeLog, 'UserPermissionChangeLogs');
+module.exports = mongoose.model(
+  'UserPermissionChangeLog',
+  UserPermissionChangeLog,
+  'UserPermissionChangeLogs',
+);

src/utilities/logUserPermissionChangeByAccount.js

@@ -18,49 +18,73 @@
 
 //
 
+const checkPermissionArray = (permArray) => (Array.isArray(permArray) ? permArray : []);
+
 const logUserPermissionChangeByAccount = async (req, user) => {
-  const { permissions, requestor } = req.body;
+  const { permissions, requestor, reason } = req.body;
   const dateTime = moment().tz('America/Los_Angeles').format();
 
   try {
     if (!permissions || !requestor?.requestorId) {
       return;
     }
 
-    const Permissions = Array.isArray(permissions.frontPermissions)
-      ? permissions.frontPermissions
-      : [];
-    const { userId } = req.params;
-
     // Fetch requestor email (may be null if requestor deleted)
     const requestorDoc = await UserProfile.findById(requestor.requestorId)
       .select('email')
       .lean()
       .exec();
     const requestorEmail = requestorDoc?.email ?? 'unknown';
 
-    const { firstName, lastName } = user;
+    // const { firstName, lastName } = user;
     let permissionsAdded = [];
     let permissionsRemoved = [];
+    let roleChanged = false;
+    const { userId } = req.params;
+    const Permissions = checkPermissionArray(permissions.frontPermissions);
+    const removedPermissions = checkPermissionArray(permissions.removedDefaultPermissions); // removed default permissions
+    const rolePermissions = checkPermissionArray(permissions.defaultPermissions); // default permissions for user provided by their role
+    const changedPermissions = [...Permissions, ...removedPermissions];
+
+    // Use the user object passed from controller (already fetched)
+    const { firstName, lastName } = user;
 
     const document = await findLatestRelatedLog(userId);
 
     if (document) {
-      const docPermissions = Array.isArray(document.permissions) ? document.permissions : [];
-      // const sortedDoc = [...docPermissions].sort();
-      const sortedDoc = [...docPermissions].sort((a, b) => a.localeCompare(b));
-      // const sortedCurrent = [...Permissions].sort();
-      const sortedCurrent = [...Permissions].sort((a, b) => a.localeCompare(b));
-      if (JSON.stringify(sortedDoc) === JSON.stringify(sortedCurrent)) {
+      const docPermissions = checkPermissionArray(document.permissions);
+      const docRemovedRolePermissions = checkPermissionArray(document.removedRolePermissions);
+      roleChanged = reason.includes('Role Changed');
+      const docSavedChanges = [...docPermissions, ...docRemovedRolePermissions];
+      const sortedSaved = [...docSavedChanges].sort((a, b) => a.localeCompare(b));
+      const sortedChanged = [...changedPermissions].sort((a, b) => a.localeCompare(b));
+      // no new changes in permissions list from last update and no role change
+      if (
+        sortedSaved.length === sortedChanged.length &&
+        sortedSaved.every((value, index) => value === sortedChanged[index]) &&
+        !roleChanged
+      ) {
         return;
       }
-      permissionsRemoved = docPermissions.filter((item) => !Permissions.includes(item));
-      permissionsAdded = Permissions.filter((item) => !docPermissions.includes(item));
+      permissionsRemoved = [
+        ...removedPermissions.filter((item) => !docRemovedRolePermissions.includes(item)), // saves new removed role defaults
+        ...docPermissions.filter(
+          (item) => !Permissions.includes(item) && !rolePermissions.includes(item),
+        ), // removed user added permissions
+      ];
+      permissionsAdded = [
+        ...Permissions.filter((item) => !docPermissions.includes(item)), // saves new added permissions
+        ...docRemovedRolePermissions.filter(
+          (item) => !removedPermissions.includes(item) && rolePermissions.includes(item),
+        ), // removed role permissions added back
+      ];
     } else {
       permissionsAdded = Permissions;
+      permissionsRemoved = removedPermissions; // adds removed default permissions to permissionsRemoved for inital log
     }
 
-    if (permissionsRemoved.length === 0 && permissionsAdded.length === 0) {
+    // no permission added nor removed nor role change
+    if (permissionsRemoved.length === 0 && permissionsAdded.length === 0 && !roleChanged) {
       return;
     }
 
@@ -69,9 +93,11 @@
       userId,
       individualName: `INDIVIDUAL: ${firstName} ${lastName}`,
       permissions: Permissions,
+      removedRolePermissions: removedPermissions,
       permissionsAdded,
       permissionsRemoved,
       requestorRole: requestor.role,
+      reason,
       requestorEmail,
     });