Further restrict agents and system administrators

Lock down operations like reviewing enrollments, setting categories of
service, seeing admin details of agreement documents, or editing help
items to only be allowed for service administrators (like the `admin`
user).

Issue #10 Limit sys admins', service agents' ability to view, edit
          enrollments

psm-app/cms-web/WebContent/WEB-INF/spring-security.xml

@@ -15,10 +15,10 @@
 
   <s:http entry-point-ref="authenticationProcessingFilterEntryPoint">
     <s:intercept-url pattern="/system/**" access="ROLE_SYSTEM_ADMINISTRATOR"/>
-    <s:intercept-url pattern="/admin/**" access="ROLE_SERVICE_ADMINISTRATOR,ROLE_SERVICE_AGENT,ROLE_SYSTEM_ADMINISTRATOR"/>
-    <s:intercept-url pattern="/agent/**" access="ROLE_SERVICE_ADMINISTRATOR,ROLE_SERVICE_AGENT,ROLE_SYSTEM_ADMINISTRATOR"/>
-    <s:intercept-url pattern="/provider/profile/edit" access="ROLE_PROVIDER,ROLE_SERVICE_AGENT,ROLE_SERVICE_ADMINISTRATOR"/>
-    <s:intercept-url pattern="/provider/profile/renew" access="ROLE_PROVIDER,ROLE_SERVICE_AGENT,ROLE_SERVICE_ADMINISTRATOR"/>
+    <s:intercept-url pattern="/admin/**" access="ROLE_SERVICE_ADMINISTRATOR"/>
+    <s:intercept-url pattern="/agent/**" access="ROLE_SERVICE_ADMINISTRATOR"/>
+    <s:intercept-url pattern="/provider/profile/edit" access="ROLE_PROVIDER,ROLE_SERVICE_ADMINISTRATOR"/>
+    <s:intercept-url pattern="/provider/profile/renew" access="ROLE_PROVIDER,ROLE_SERVICE_ADMINISTRATOR"/>
     <s:intercept-url pattern="/provider/profile/**" access="ROLE_PROVIDER"/>
     <s:intercept-url pattern="/provider/**" access="IS_AUTHENTICATED_REMEMBERED"/>
     <s:intercept-url pattern="/landing" access="IS_AUTHENTICATED_REMEMBERED"/>

psm-app/cms-web/src/main/java/gov/medicaid/controllers/LandingController.java

@@ -56,7 +56,7 @@ public String viewLandingPage() throws PortalServiceException {
         if (ViewStatics.ROLE_PROVIDER.equals(role)) {
             return "redirect:/provider/dashboard/";
         } else if (ViewStatics.ROLE_SERVICE_AGENT.equals(role)) {
-            return "redirect:/ops/viewDashboard";
+            return "redirect:/provider/dashboard/";
         } else if (ViewStatics.ROLE_SERVICE_ADMINISTRATOR.equals(role)) {
             return "redirect:/ops/viewDashboard";
         } else if (ViewStatics.ROLE_SYSTEM_ADMINISTRATOR.equals(role)) {

psm-app/cms-web/src/main/java/gov/medicaid/controllers/ProviderDashboardController.java

@@ -31,6 +31,7 @@
 
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.UUID;
 
 import javax.annotation.PostConstruct;
@@ -117,12 +118,17 @@ public ModelAndView viewDashboard() throws PortalServiceException {
 
     /**
      * Is operations user.
-     * @return true if the user is an agent or admin
+     *
+     * @return true if the user is an admin
      */
     private boolean isOperations() {
+        final Collection<String> operationsRoles = Arrays.asList(
+                ViewStatics.ROLE_SERVICE_ADMINISTRATOR,
+                ViewStatics.ROLE_SYSTEM_ADMINISTRATOR
+        );
         CMSUser user = ControllerHelper.getCurrentUser();
         String role = user.getRole().getDescription();
-        return !ViewStatics.ROLE_PROVIDER.equals(role);
+        return operationsRoles.contains(role);
     }
 
     /**