From c2311d9eeae4d05349f36b53428a0eda5d252c21 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Tue, 29 Apr 2025 17:44:51 +0200 Subject: [PATCH 1/3] fix: challenge task access issue for project manager --- .circleci/config.yml | 1 + app-constants.js | 1 + src/common/helper.js | 4 ++-- src/common/role-helper.js | 16 ++++++++++++++++ src/services/ChallengeService.js | 5 +++-- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 80b0f55a..e132efce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -88,6 +88,7 @@ workflows: - dev - feature/top-262-projectid-non-mandatory - TOP-2364 + - pm-1139 - "build-qa": context: org-global diff --git a/app-constants.js b/app-constants.js index 718e2e9c..ae541bc8 100644 --- a/app-constants.js +++ b/app-constants.js @@ -9,6 +9,7 @@ const UserRoles = { Manager: "Connect Manager", User: "Topcoder User", SelfServiceCustomer: "Self-Service Customer", + ProjectManager: "Project Manager", }; const prizeSetTypes = { diff --git a/src/common/helper.js b/src/common/helper.js index eaaa0579..b376390e 100644 --- a/src/common/helper.js +++ b/src/common/helper.js @@ -22,7 +22,7 @@ const elasticsearch = require("elasticsearch"); const projectHelper = require("./project-helper"); const m2mHelper = require("./m2m-helper"); -const { hasAdminRole } = require("./role-helper"); +const { hasAdminRole, hasProjectManagerRole } = require("./role-helper"); // Bus API Client let busApiClient; @@ -960,7 +960,7 @@ async function _ensureAccessibleForTaskChallenge(currentUser, challenge) { } const canAccesChallenge = _.isUndefined(currentUser) ? false - : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources); + : currentUser.isMachine || hasAdminRole(currentUser) || hasProjectManagerRole(currentUser) || !_.isEmpty(memberResources); if (!canAccesChallenge) { throw new errors.ForbiddenError(`You don't have access to view this challenge`); } diff --git a/src/common/role-helper.js b/src/common/role-helper.js index f30720f9..a47817fe 100644 --- a/src/common/role-helper.js +++ b/src/common/role-helper.js @@ -15,6 +15,22 @@ function hasAdminRole(authUser) { return false; } +/** + * Check if the user has admin role + * @param {Object} authUser the user + */ +function hasProjectManagerRole(authUser) { + if (authUser && authUser.roles) { + for (const role of authUser.roles) { + if (role.toLowerCase() === constants.UserRoles.ProjectManager.toLowerCase()) { + return true; + } + } + } + return false; +} + module.exports = { hasAdminRole, + hasProjectManagerRole, }; diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js index 8bd5e33e..79d9ea22 100644 --- a/src/services/ChallengeService.js +++ b/src/services/ChallengeService.js @@ -35,7 +35,7 @@ const PhaseAdvancer = require("../phase-management/PhaseAdvancer"); const { ChallengeDomain } = require("@topcoder-framework/domain-challenge"); const { QueryDomain } = require("@topcoder-framework/domain-acl"); -const { hasAdminRole } = require("../common/role-helper"); +const { hasAdminRole, hasProjectManagerRole } = require("../common/role-helper"); const { enrichChallengeForResponse, sanitizeRepeatedFieldsInUpdateRequest, @@ -152,6 +152,7 @@ async function searchChallenges(currentUser, criteria) { ]; const _hasAdminRole = hasAdminRole(currentUser); + const _hasProjectManagerRole = hasProjectManagerRole(currentUser); const includedTrackIds = _.isArray(criteria.trackIds) ? criteria.trackIds : []; const includedTypeIds = _.isArray(criteria.typeIds) ? criteria.typeIds : []; @@ -588,7 +589,7 @@ async function searchChallenges(currentUser, criteria) { // FIXME: Tech Debt let excludeTasks = true; // if you're an admin or m2m, security rules wont be applied - if (currentUser && (_hasAdminRole || _.get(currentUser, "isMachine", false))) { + if (currentUser && (_hasAdminRole || _hasProjectManagerRole || _.get(currentUser, "isMachine", false))) { excludeTasks = false; } From b1202f4e42c5427aebcbc7ba424047893e7f9464 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Wed, 30 Apr 2025 07:52:36 +0200 Subject: [PATCH 2/3] removed circle config changes --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e132efce..80b0f55a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -88,7 +88,6 @@ workflows: - dev - feature/top-262-projectid-non-mandatory - TOP-2364 - - pm-1139 - "build-qa": context: org-global From 26c4ad29e09ad4003fe088806054821d2c3337c3 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Wed, 30 Apr 2025 07:53:48 +0200 Subject: [PATCH 3/3] comment --- src/common/role-helper.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/role-helper.js b/src/common/role-helper.js index a47817fe..dd98efbb 100644 --- a/src/common/role-helper.js +++ b/src/common/role-helper.js @@ -16,7 +16,7 @@ function hasAdminRole(authUser) { } /** - * Check if the user has admin role + * Check if the user has project manager role * @param {Object} authUser the user */ function hasProjectManagerRole(authUser) {