From f640055fc23233bcbee9f2e80fc8c4751954e74a Mon Sep 17 00:00:00 2001
From: "Md. Ashikul Alam" <ashikul.alam@dsinnovators.com>
Date: Wed, 6 Nov 2024 19:41:57 +0600
Subject: [PATCH] chore: amend users query with user scopes

---
 .../gateway/src/features/search/root-resolvers.test.ts    | 6 +++---
 packages/gateway/src/features/user/root-resolvers.ts      | 8 +++-----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/packages/gateway/src/features/search/root-resolvers.test.ts b/packages/gateway/src/features/search/root-resolvers.test.ts
index 4c764797376..a0e43f27969 100644
--- a/packages/gateway/src/features/search/root-resolvers.test.ts
+++ b/packages/gateway/src/features/search/root-resolvers.test.ts
@@ -13,7 +13,7 @@ import * as fetchAny from 'jest-fetch-mock'
 import * as jwt from 'jsonwebtoken'
 import { readFileSync } from 'fs'
 import { TestResolvers } from '@gateway/utils/testUtils'
-import { SCOPES } from '@gateway/../../commons/build/dist/scopes'
+import { SCOPES } from '@opencrvs/commons/authentication'
 const resolvers = typeResolvers as unknown as TestResolvers
 const fetch = fetchAny as any
 
@@ -321,7 +321,7 @@ describe('Search root resolvers', () => {
 
     beforeEach(() => {
       fetch.resetMocks()
-      const performanceToken = jwt.sign(
+      const unauthorizedToken = jwt.sign(
         { scope: [SCOPES.RECORD_DECLARE_BIRTH] },
         readFileSync('./test/cert.key'),
         {
@@ -332,7 +332,7 @@ describe('Search root resolvers', () => {
         }
       )
       unauthorizedUser = {
-        Authorization: `Bearer ${performanceToken}`
+        Authorization: `Bearer ${unauthorizedToken}`
       }
       const sysadminUserToken = jwt.sign(
         { scope: [SCOPES.PERFORMANCE_READ] },
diff --git a/packages/gateway/src/features/user/root-resolvers.ts b/packages/gateway/src/features/user/root-resolvers.ts
index baf6742b2c5..4f3451a1607 100644
--- a/packages/gateway/src/features/user/root-resolvers.ts
+++ b/packages/gateway/src/features/user/root-resolvers.ts
@@ -87,8 +87,7 @@ export const resolvers: GQLResolver = {
         if (
           !inScope(authHeader, [
             SCOPES.USER_READ,
-            SCOPES.RECORD_REGISTER,
-            SCOPES.RECORD_SUBMIT_FOR_APPROVAL
+            SCOPES.USER_READ_MY_JURISDICTION
           ])
         ) {
           return await Promise.reject(
@@ -150,8 +149,7 @@ export const resolvers: GQLResolver = {
         if (
           !inScope(authHeader, [
             SCOPES.USER_READ,
-            SCOPES.RECORD_REGISTER,
-            SCOPES.RECORD_SUBMIT_FOR_APPROVAL
+            SCOPES.USER_READ_MY_JURISDICTION
           ])
         ) {
           return await Promise.reject(
@@ -369,7 +367,7 @@ export const resolvers: GQLResolver = {
     ) {
       // Only token owner of CONFIG_UPDATE_ALL should be able to change their password
       if (
-        !hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL) &&
+        !hasScope(authHeader, SCOPES.USER_READ) &&
         !isTokenOwner(authHeader, userId)
       ) {
         return await Promise.reject(