Merge pull request #61 from topcoder-platform/usergrouproles

Introduce member roles

Author: callmekatootie

README.md

@@ -94,5 +94,6 @@ The GroupContains relation contains these fields:
 
 - id: the relationship UUID
 - type: the relationship type, 'group' or 'user'
+- roles: the roles of the user in the group
 - createdAt: the created at date string
 - createdBy: the created by user id

app-constants.js

@@ -20,10 +20,13 @@ const GroupStatus = {
   InActive: 'inactive'
 }
 
+const GroupRoleName = ['groupManager', 'groupAdmin']
+
 module.exports = {
   UserRoles,
   MembershipTypes,
   EVENT_ORIGINATOR,
   EVENT_MIME_TYPE,
-  GroupStatus
+  GroupStatus,
+  GroupRoleName
 }

config/default.js

@@ -39,6 +39,10 @@ module.exports = {
   KAFKA_GROUP_MEMBER_DELETE_TOPIC: process.env.KAFKA_GROUP_MEMBER_DELETE_TOPIC || 'groups.notification.member.delete',
   KAFKA_GROUP_UNIVERSAL_MEMBER_ADD_TOPIC: process.env.KAFKA_GROUP_UNIVERSAL_MEMBER_ADD_TOPIC || 'groups.notification.universalmember.add',
   KAFKA_GROUP_UNIVERSAL_MEMBER_DELETE_TOPIC: process.env.KAFKA_GROUP_UNIVERSAL_MEMBER_DELETE_TOPIC || 'groups.notification.universalmember.delete',
+  KAFKA_GROUP_MEMBER_ROLE_ADD_TOPIC: process.env.KAFKA_GROUP_MEMBER_ROLE_ADD_TOPIC || 'groups.notification.create',
+  KAFKA_GROUP_MEMBER_ROLE_DELETE_TOPIC: process.env.KAFKA_GROUP_MEMBER_ROLE_DELETE_TOPIC || 'groups.notification.create',
+  KAFKA_SUBGROUP_CREATE_TOPIC: process.env.KAFKA_SUBGROUP_CREATE_TOPIC || 'groups.notification.create',
+  KAFKA_SUBGROUP_DELETE_TOPIC: process.env.KAFKA_SUBGROUP_DELETE_TOPIC || 'groups.notification.create',
 
   USER_ROLES: {
     Admin: 'Administrator',

docs/swagger.yml

@@ -44,7 +44,7 @@ paths:
       description: |
         Add a member to the specified group
 
-        If the group is private, the user needs to be a member of the group, or an admin.
+        If the group is private, the user needs to be a member of the group, or an admin or the user making the request is having the role of groupManager or groupAdmin.
       tags:
         - group membership
       security:
@@ -92,7 +92,7 @@ paths:
       description: |
         Remove a member from specified group
 
-        The user has to have admin role and the group allows self registration.
+        The user has to have admin role or the role of groupManager or groupAdmin and the group allows self registration.
       tags:
         - group membership
       security:
@@ -365,6 +365,131 @@ paths:
           $ref: "#/components/responses/NotFound"
         500:
           $ref: "#/components/responses/InternalServerError"
+          
+  /groups/{groupId}/subGroup:
+    post:
+      description: |
+        Creation of a new sub group
+
+        The user has to have admin role or have a "groupAdmin" role for that group.
+      tags:
+        - sub groups
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/groupId'
+      requestBody:
+        $ref: '#/components/requestBodies/NewGroupBodyParam'
+      responses:
+        200:
+          $ref: "#/components/responses/GroupResponse"
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+
+  /groups/{groupId}/subGroup/{subGroupId}:
+    delete:
+      description: |
+        Creation of a new sub group
+
+        The user has to have admin role or have a "groupAdmin" role for that group.
+      tags:
+        - sub groups
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/groupId'
+        - $ref: '#/components/parameters/subGroupId'
+      responses:
+        204:
+          description: The resource was deleted successfully.
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+
+  /groupRoles/users/{memberId}:
+    get:
+      description: |
+        Returns the groups and roles of the user identified by memberId.
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+        - $ref: '#/components/parameters/page'
+        - $ref: '#/components/parameters/perPage'
+      responses:
+        200:
+          $ref: '#/components/responses/GroupMemberRoleResponse'
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+    post:
+      description: |
+        Creation of new group role for a user
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+      requestBody:
+        $ref: '#/components/requestBodies/GroupRoleBodyParam'
+      responses:
+        201:
+          description: CREATED
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
+    delete:
+      description: |
+        Delete a group role
+
+        The user has to have admin role.
+      tags:
+        - group roles
+      security:
+        - bearer: []
+      parameters:
+        - $ref: '#/components/parameters/memberId'
+      requestBody:
+        $ref: '#/components/requestBodies/GroupRoleBodyParam'
+      responses:
+        204:
+          description: The resource was deleted successfully.
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthenticated"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        500:
+          $ref: "#/components/responses/InternalServerError"
 
   /groups/health:
     get:
@@ -400,6 +525,14 @@ components:
       schema:
         type: string
       example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
+    subGroupId:
+      name: subGroupId
+      in: path
+      description: The sub group id.
+      required: true
+      schema:
+        type: string
+      example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
     oldId:
       name: oldId
       in: path
@@ -617,10 +750,15 @@ components:
       content:
         application/json:
           schema:
-            type: object
-            properties:
-              result:
-                $ref: '#/components/schemas/Group'
+            $ref: '#/components/schemas/Group'
+    GroupMemberRoleResponse:
+      description: The group role response
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              $ref: '#/components/schemas/GroupRole'
 
   schemas:
     GroupMembership:
@@ -695,6 +833,24 @@ components:
           type: array
           items:
               $ref: '#/components/schemas/Group'
+              
+    GroupRole:
+      description: The group role entity
+      properties:
+        groupId:
+          type: string
+          description: The group id
+        role:
+          type: string
+          enum: ['groupManager', 'groupAdmin']
+          description: The group role
+        createdAt:
+          type: string
+          format: date-time
+          description: The time the group role created at
+        createdBy:
+          type: string
+          description: The id of the user who created the group role
 
   requestBodies:
     NewGroupMembershipBodyParam:
@@ -738,4 +894,20 @@ components:
               status:
                 type: string
                 enum: ['active', 'inactive']
-                description: Value indicating the status of the group
+                description: Value indicating the status of the group
+    GroupRoleBodyParam:
+      description: A JSON object containing group role body information
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              groupId:
+                type: string
+                description: The group id
+                example: '10ba038e-48da-123b-96e8-8d3b99b6d18a'
+              role:
+                type: string
+                enum: ['groupManager', 'groupAdmin']
+                description: The group role

src/common/helper.js

@@ -7,9 +7,11 @@ const busApi = require('tc-bus-api-wrapper')
 const config = require('config')
 const neo4j = require('neo4j-driver')
 const querystring = require('querystring')
+const uuid = require('uuid/v4')
 let validate = require('uuid-validate')
 
 const errors = require('./errors')
+const logger = require('./logger')
 const constants = require('../../app-constants')
 
 // Bus API Client
@@ -133,6 +135,26 @@ async function ensureGroupMember(session, groupId, userId) {
   }
 }
 
+/**
+ * Return whether the user has one of the group roles or not.
+ * @param {Object} session the db session
+ * @param {String} groupId the group id
+ * @param {String} userId the user id
+ * @param {Array} roles an array of group roles
+ * @returns {Boolean} true if user has one of the group roles
+ */
+async function hasGroupRole (session, groupId, userId, roles) {
+  const memberCheckRes = await session.run(
+    'MATCH (g:Group {id: {groupId}})-[r:GroupContains {type: {membershipType}}]->(u:User {id: {userId}}) RETURN r',
+    { groupId, membershipType: config.MEMBERSHIP_TYPES.User, userId }
+  )
+  if (memberCheckRes.records.length === 0) {
+    return false
+  }
+  const existRoles = memberCheckRes.records[0]._fields[0].properties.roles || []
+  return _.some(existRoles, r => _.some(roles, role => JSON.parse(r).role === role))
+}
+
 /**
  * Get child groups.
  * @param {Object} session the db session
@@ -305,6 +327,73 @@ async function postBusEvent(topic, payload) {
   })
 }
 
+async function createGroup (tx, data, currentUser) {
+  // check whether group name is already used
+  const nameCheckRes = await tx.run('MATCH (g:Group {name: {name}}) RETURN g LIMIT 1', {
+    name: data.name
+  })
+  if (nameCheckRes.records.length > 0) {
+    throw new errors.ConflictError(`The group name ${data.name} is already used`)
+  }
+
+  // create group
+  const groupData = data
+
+  // generate next group id
+  groupData.id = uuid()
+  groupData.createdAt = new Date().toISOString()
+  groupData.createdBy = currentUser === 'M2M' ? '00000000' : currentUser.userId
+  groupData.domain = groupData.domain ? groupData.domain : ''
+  groupData.ssoId = groupData.ssoId ? groupData.ssoId : ''
+  groupData.organizationId = groupData.organizationId ? groupData.organizationId : ''
+
+  const createRes = await tx.run(
+    'CREATE (group:Group {id: {id}, name: {name}, description: {description}, privateGroup: {privateGroup}, selfRegister: {selfRegister}, createdAt: {createdAt}, createdBy: {createdBy}, domain: {domain}, ssoId: {ssoId}, organizationId: {organizationId}, status: {status}}) RETURN group',
+    groupData
+  )
+
+  return createRes.records[0]._fields[0].properties
+}
+
+async function deleteGroup (tx, group) {
+  const groupsToDelete = [group]
+  let index = 0
+  while (index < groupsToDelete.length) {
+    const g = groupsToDelete[index]
+    index += 1
+
+    const childGroups = await getChildGroups(tx, g.id)
+    for (let i = 0; i < childGroups.length; i += 1) {
+      const child = childGroups[i]
+      if (_.find(groupsToDelete, (gtd) => gtd.id === child.id)) {
+        // the child was checked, ignore duplicate processing
+        continue
+      }
+      // delete child if it doesn't belong to other group
+      const parents = await getParentGroups(tx, child.id)
+      if (parents.length <= 1) {
+        groupsToDelete.push(child)
+      }
+    }
+  }
+
+  logger.debug(`Groups to delete ${JSON.stringify(groupsToDelete)}`)
+
+  for (let i = 0; i < groupsToDelete.length; i += 1) {
+    const id = groupsToDelete[i].id
+    // delete group's relationships
+    await tx.run('MATCH (g:Group {id: {groupId}})-[r]-() DELETE r', {
+      groupId: id
+    })
+
+    // delete group
+    await tx.run('MATCH (g:Group {id: {groupId}}) DELETE g', {
+      groupId: id
+    })
+  }
+  return groupsToDelete
+}
+
 module.exports = {
   wrapExpress,
   autoWrapExpress,
@@ -316,5 +405,8 @@ module.exports = {
   setResHeaders,
   checkIfExists,
   hasAdminRole,
-  postBusEvent
+  hasGroupRole,
+  postBusEvent,
+  createGroup,
+  deleteGroup
 }