Skip to content

Commit 596f545

Browse files
committed
fix: all operations except get/search cause 403 error if manager is not member of project
1 parent f95ca33 commit 596f545

File tree

6 files changed

+107
-77
lines changed

6 files changed

+107
-77
lines changed

docs/Topcoder-bookings-api.postman_collection.json

Lines changed: 31 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -7887,10 +7887,10 @@
78877887
"name": "Request with Topcoder User Role",
78887888
"item": [
78897889
{
7890-
"name": "Before Test",
7890+
"name": "README",
78917891
"item": [
78927892
{
7893-
"name": "[STUB] refresh the jwt token for user tester1234",
7893+
"name": "[STUB] all operations cause 403 error if user is not member of project",
78947894
"request": {
78957895
"method": "LOCK",
78967896
"header": [],
@@ -7900,9 +7900,7 @@
79007900
},
79017901
"response": []
79027902
}
7903-
],
7904-
"protocolProfileBehavior": {},
7905-
"_postman_isSubFolder": true
7903+
]
79067904
},
79077905
{
79087906
"name": "Jobs",
@@ -8768,10 +8766,10 @@
87688766
"name": "Request with Connect Manager Role",
87698767
"item": [
87708768
{
8771-
"name": "Before Test",
8769+
"name": "README",
87728770
"item": [
87738771
{
8774-
"name": "[STUB] refresh the jwt token for connect manager",
8772+
"name": "[STUB] all operations except get/search cause 403 error if manager is not member of project",
87758773
"request": {
87768774
"method": "LOCK",
87778775
"header": [],
@@ -8781,9 +8779,7 @@
87818779
},
87828780
"response": []
87838781
}
8784-
],
8785-
"protocolProfileBehavior": {},
8786-
"_postman_isSubFolder": true
8782+
]
87878783
},
87888784
{
87898785
"name": "Jobs",
@@ -8808,13 +8804,13 @@
88088804
"header": [
88098805
{
88108806
"key": "Authorization",
8811-
"value": "Bearer {{token_connectUser}}",
8807+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}",
88128808
"type": "text"
88138809
}
88148810
],
88158811
"body": {
88168812
"mode": "raw",
8817-
"raw": "{\r\n \"projectId\": {{project_id_16718}},\r\n \"externalId\": \"1212\",\r\n \"description\": \"Dummy Description\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"numPositions\": 13,\r\n \"resourceType\": \"Dummy Resource Type\",\r\n \"rateType\": \"hourly\",\r\n \"workload\": \"full-time\",\r\n \"skills\": [\r\n \"23e00d92-207a-4b5b-b3c9-4c5662644941\",\r\n \"7d076384-ccf6-4e43-a45d-1b24b1e624aa\",\r\n \"cbac57a3-7180-4316-8769-73af64893158\",\r\n \"a2b4bc11-c641-4a19-9eb7-33980378f82e\"\r\n ]\r\n}\r\n",
8813+
"raw": "{\r\n \"projectId\": {{project_id_16843}},\r\n \"externalId\": \"1212\",\r\n \"description\": \"Dummy Description\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"numPositions\": 13,\r\n \"resourceType\": \"Dummy Resource Type\",\r\n \"rateType\": \"hourly\",\r\n \"workload\": \"full-time\",\r\n \"skills\": [\r\n \"23e00d92-207a-4b5b-b3c9-4c5662644941\",\r\n \"7d076384-ccf6-4e43-a45d-1b24b1e624aa\",\r\n \"cbac57a3-7180-4316-8769-73af64893158\",\r\n \"a2b4bc11-c641-4a19-9eb7-33980378f82e\"\r\n ]\r\n}\r\n",
88188814
"options": {
88198815
"raw": {
88208816
"language": "json"
@@ -8841,7 +8837,7 @@
88418837
{
88428838
"key": "Authorization",
88438839
"type": "text",
8844-
"value": "Bearer {{token_connectUser}}"
8840+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
88458841
}
88468842
],
88478843
"url": {
@@ -8865,7 +8861,7 @@
88658861
{
88668862
"key": "Authorization",
88678863
"type": "text",
8868-
"value": "Bearer {{token_connectUser}}"
8864+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
88698865
}
88708866
],
88718867
"url": {
@@ -8960,12 +8956,12 @@
89608956
{
89618957
"key": "Authorization",
89628958
"type": "text",
8963-
"value": "Bearer {{token_connectUser}}"
8959+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
89648960
}
89658961
],
89668962
"body": {
89678963
"mode": "raw",
8968-
"raw": "{\r\n \"projectId\": {{project_id_16718}},\r\n \"externalId\": \"1212\",\r\n \"description\": \"Dummy Description\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"numPositions\": 13,\r\n \"resourceType\": \"Dummy Resource Type\",\r\n \"rateType\": \"hourly\",\r\n \"workload\": \"fractional\",\r\n \"skills\": [\r\n \"cbac57a3-7180-4316-8769-73af64893158\",\r\n \"a2b4bc11-c641-4a19-9eb7-33980378f82e\"\r\n ],\r\n \"status\": \"sourcing\"\r\n}",
8964+
"raw": "{\r\n \"projectId\": {{project_id_16843}},\r\n \"externalId\": \"1212\",\r\n \"description\": \"Dummy Description\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"numPositions\": 13,\r\n \"resourceType\": \"Dummy Resource Type\",\r\n \"rateType\": \"hourly\",\r\n \"workload\": \"fractional\",\r\n \"skills\": [\r\n \"cbac57a3-7180-4316-8769-73af64893158\",\r\n \"a2b4bc11-c641-4a19-9eb7-33980378f82e\"\r\n ],\r\n \"status\": \"sourcing\"\r\n}",
89698965
"options": {
89708966
"raw": {
89718967
"language": "json"
@@ -8993,7 +8989,7 @@
89938989
{
89948990
"key": "Authorization",
89958991
"type": "text",
8996-
"value": "Bearer {{token_connectUser}}"
8992+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
89978993
}
89988994
],
89998995
"body": {
@@ -9026,7 +9022,7 @@
90269022
{
90279023
"key": "Authorization",
90289024
"type": "text",
9029-
"value": "Bearer {{token_connectUser}}"
9025+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
90309026
}
90319027
],
90329028
"body": {
@@ -9131,12 +9127,12 @@
91319127
{
91329128
"key": "Authorization",
91339129
"type": "text",
9134-
"value": "Bearer {{token_connectUser}}"
9130+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
91359131
}
91369132
],
91379133
"body": {
91389134
"mode": "raw",
9139-
"raw": "{\r\n \"jobId\": \"{{job_id_created_for_connect_manager}}\",\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\"\r\n}",
9135+
"raw": "{\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\"\r\n}",
91409136
"options": {
91419137
"raw": {
91429138
"language": "json"
@@ -9163,7 +9159,7 @@
91639159
{
91649160
"key": "Authorization",
91659161
"type": "text",
9166-
"value": "Bearer {{token_connectUser}}"
9162+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
91679163
}
91689164
],
91699165
"url": {
@@ -9187,7 +9183,7 @@
91879183
{
91889184
"key": "Authorization",
91899185
"type": "text",
9190-
"value": "Bearer {{token_connectUser}}"
9186+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
91919187
}
91929188
],
91939189
"url": {
@@ -9247,12 +9243,12 @@
92479243
{
92489244
"key": "Authorization",
92499245
"type": "text",
9250-
"value": "Bearer {{token_connectUser}}"
9246+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
92519247
}
92529248
],
92539249
"body": {
92549250
"mode": "raw",
9255-
"raw": "{\r\n \"jobId\": \"{{job_id_created_for_connect_manager}}\",\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"status\": \"selected\"\r\n}",
9251+
"raw": "{\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"status\": \"selected\"\r\n}",
92569252
"options": {
92579253
"raw": {
92589254
"language": "json"
@@ -9280,7 +9276,7 @@
92809276
{
92819277
"key": "Authorization",
92829278
"type": "text",
9283-
"value": "Bearer {{token_connectUser}}"
9279+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
92849280
}
92859281
],
92869282
"body": {
@@ -9313,7 +9309,7 @@
93139309
{
93149310
"key": "Authorization",
93159311
"type": "text",
9316-
"value": "Bearer {{token_connectUser}}"
9312+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
93179313
}
93189314
],
93199315
"body": {
@@ -9374,7 +9370,7 @@
93749370
],
93759371
"body": {
93769372
"mode": "raw",
9377-
"raw": "{\r\n \"projectId\": {{project_id_16718}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\"\r\n}",
9373+
"raw": "{\r\n \"projectId\": {{project_id_16843}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\"\r\n}",
93789374
"options": {
93799375
"raw": {
93809376
"language": "json"
@@ -9418,12 +9414,12 @@
94189414
{
94199415
"key": "Authorization",
94209416
"type": "text",
9421-
"value": "Bearer {{token_connectUser}}"
9417+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
94229418
}
94239419
],
94249420
"body": {
94259421
"mode": "raw",
9426-
"raw": "{\r\n \"projectId\": {{project_id_16718}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_for_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\"\r\n}",
9422+
"raw": "{\r\n \"projectId\": {{project_id_16843}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\"\r\n}",
94279423
"options": {
94289424
"raw": {
94299425
"language": "json"
@@ -9450,7 +9446,7 @@
94509446
{
94519447
"key": "Authorization",
94529448
"type": "text",
9453-
"value": "Bearer {{token_connectUser}}"
9449+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
94549450
}
94559451
],
94569452
"url": {
@@ -9474,7 +9470,7 @@
94749470
{
94759471
"key": "Authorization",
94769472
"type": "text",
9477-
"value": "Bearer {{token_connectUser}}"
9473+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
94789474
}
94799475
],
94809476
"url": {
@@ -9544,12 +9540,12 @@
95449540
{
95459541
"key": "Authorization",
95469542
"type": "text",
9547-
"value": "Bearer {{token_connectUser}}"
9543+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
95489544
}
95499545
],
95509546
"body": {
95519547
"mode": "raw",
9552-
"raw": "{\r\n \"projectId\": {{project_id_16718}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_for_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\",\r\n \"status\": \"assigned\"\r\n}",
9548+
"raw": "{\r\n \"projectId\": {{project_id_16843}},\r\n \"userId\": \"fe38eed1-af73-41fd-85a2-ac4da1ff09a3\",\r\n \"jobId\": \"{{job_id_created_by_connect_manager}}\",\r\n \"startDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"endDate\": \"2020-09-27T04:17:23.131Z\",\r\n \"memberRate\": 13.23,\r\n \"customerRate\": 13,\r\n \"rateType\": \"hourly\",\r\n \"status\": \"assigned\"\r\n}",
95539549
"options": {
95549550
"raw": {
95559551
"language": "json"
@@ -9577,7 +9573,7 @@
95779573
{
95789574
"key": "Authorization",
95799575
"type": "text",
9580-
"value": "Bearer {{token_connectUser}}"
9576+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
95819577
}
95829578
],
95839579
"body": {
@@ -9610,7 +9606,7 @@
96109606
{
96119607
"key": "Authorization",
96129608
"type": "text",
9613-
"value": "Bearer {{token_connectUser}}"
9609+
"value": "Bearer {{token_connect_manager_pshahcopmanag2}}"
96149610
}
96159611
],
96169612
"body": {

docs/topcoder-bookings.postman_environment.json

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,11 @@
3737
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5VSkZORGd4UlRVME5EWTBOVVkzTlRkR05qTXlRamxETmpOQk5UYzVRVUV3UlRFeU56TTJRUSJ9.eyJodHRwczovL3RvcGNvZGVyLWRldi5jb20vcm9sZXMiOlsiVG9wY29kZXIgVXNlciIsImNvcGlsb3QiLCJDb25uZWN0IE1hbmFnZXIiLCJ1LWJhaG4iXSwiaHR0cHM6Ly90b3Bjb2Rlci1kZXYuY29tL3VzZXJJZCI6Ijg1NDc4OTkiLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vaGFuZGxlIjoicHNoYWhfbWFuYWdlciIsImh0dHBzOi8vdG9wY29kZXItZGV2LmNvbS91c2VyX2lkIjoiYXV0aDB8NDAxNTI4NTYiLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vdGNzc28iOiI0MDE1Mjg1Nnw4MTM0ZjQ4ZWJlMTFhODQ4YTM3NTllNWVmOWU5MmYyMTQ2OTJlMjExMzA0MGM4MmI1ZDhmNTgxYzZkZmNjYzg4IiwiaHR0cHM6Ly90b3Bjb2Rlci1kZXYuY29tL2FjdGl2ZSI6dHJ1ZSwibmlja25hbWUiOiJwc2hhaF9tYW5hZ2VyIiwibmFtZSI6InZpa2FzLmFnYXJ3YWwrcHNoYWhfbWFuYWdlckB0b3Bjb2Rlci5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9zLmdyYXZhdGFyLmNvbS9hdmF0YXIvOTJhZmIyZjBlZDUyZmRmYWUxZjM3MTAyMWFlNjUwMTM_cz00ODAmcj1wZyZkPWh0dHBzJTNBJTJGJTJGY2RuLmF1dGgwLmNvbSUyRmF2YXRhcnMlMkZ2aS5wbmciLCJ1cGRhdGVkX2F0IjoiMjAyMC0xMC0yNFQwODoyODoyNC4xODRaIiwiZW1haWwiOiJ2aWthcy5hZ2Fyd2FsK3BzaGFoX21hbmFnZXJAdG9wY29kZXIuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOi8vYXV0aC50b3Bjb2Rlci1kZXYuY29tLyIsInN1YiI6ImF1dGgwfDQwMTUyODU2IiwiYXVkIjoiQlhXWFVXbmlsVlVQZE4wMXQyU2UyOVR3MlpZTkdadkgiLCJpYXQiOjE2MDM1NDMzMzgsImV4cCI6MzMxNjA0NTI3MzgsIm5vbmNlIjoiUjFBMmN6WXVWVFptYmpaSFJHOTJWbDlEU1VKNlVsbHZRWGMzUkhoNVMzWldkV1pEY0ROWE1FWjFYdz09In0.hxQ-lcJTw4M_nDIELABWxOB3nKXS322MJ-W7r5eA10o",
3838
"enabled": true
3939
},
40+
{
41+
"key": "token_connect_manager_pshahcopmanag2",
42+
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL3RvcGNvZGVyLWRldi5jb20vcm9sZXMiOlsiQnVzaW5lc3MgVXNlciIsIlRvcGNvZGVyIFVzZXIiLCJDb25uZWN0IENvcGlsb3QgTWFuYWdlciIsIkNvbm5lY3QgTWFuYWdlciJdLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vdXNlcklkIjoiODg3NzQ0ODkiLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vaGFuZGxlIjoicHNoYWhjb3BtYW5hZzIiLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vdXNlcl9pZCI6ImF1dGgwfDg4Nzc0NDg5IiwiaHR0cHM6Ly90b3Bjb2Rlci1kZXYuY29tL3Rjc3NvIjoiODg3NzQ0ODl8ODdhZDNiNjNiZGZjMmYyNjczNGJiMDIzMTM2YWEzM2NhYWY5MzdiNzdhZmQyYjE3YzljMWY3ZWVkZWI4IiwiaHR0cHM6Ly90b3Bjb2Rlci1kZXYuY29tL2FjdGl2ZSI6dHJ1ZSwibmlja25hbWUiOiJwc2hhaGNvcG1hbmFnMiIsIm5hbWUiOiJtYXhjZWVtK3RjK3BzaGFoY29wbWFuYWcyQGdtYWlsLmNvbSIsInBpY3R1cmUiOiJodHRwczovL3MuZ3JhdmF0YXIuY29tL2F2YXRhci8wZDY1NWNlZDM4NTFiM2JmY2I1Y2Y3Y2U3NjY0ODQwNj9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRm1hLnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIxLTAxLTAyVDEyOjM3OjAxLjE2MFoiLCJlbWFpbCI6Im1heGNlZW0rdGMrcHNoYWhjb3BtYW5hZzJAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOi8vYXV0aC50b3Bjb2Rlci1kZXYuY29tLyIsInN1YiI6ImF1dGgwfDg4Nzc0NDg5IiwiYXVkIjoiQlhXWFVXbmlsVlVQZE4wMXQyU2UyOVR3MlpZTkdadkgiLCJpYXQiOjE2MDk1OTEwMjQsImV4cCI6MjE0NzQ4MzY0OCwibm9uY2UiOiJaVmhCV1dKbU5GbFlOa0pGU0ZWSU9VSkZTbFIrYkhoVVVEYzJmak41UkVWcFFuWkRWSFZUVlVKU1RRPT0ifQ.G-wrxaqoRH9GQS9cjqX93nRoH91tn-wPW1j_MA42lCY",
43+
"enabled": true
44+
},
4045
{
4146
"key": "token_member",
4247
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5VSkZORGd4UlRVME5EWTBOVVkzTlRkR05qTXlRamxETmpOQk5UYzVRVUV3UlRFeU56TTJRUSJ9.eyJodHRwczovL3RvcGNvZGVyLWRldi5jb20vcm9sZXMiOlsiVG9wY29kZXIgVXNlciJdLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vdXNlcklkIjoiODU0Nzg5OSIsImh0dHBzOi8vdG9wY29kZXItZGV2LmNvbS9oYW5kbGUiOiJwc2hhaF9tYW5hZ2VyIiwiaHR0cHM6Ly90b3Bjb2Rlci1kZXYuY29tL3VzZXJfaWQiOiJhdXRoMHw0MDE1Mjg1NiIsImh0dHBzOi8vdG9wY29kZXItZGV2LmNvbS90Y3NzbyI6IjQwMTUyODU2fDgxMzRmNDhlYmUxMWE4NDhhMzc1OWU1ZWY5ZTkyZjIxNDY5MmUyMTEzMDQwYzgyYjVkOGY1ODFjNmRmY2NjODgiLCJodHRwczovL3RvcGNvZGVyLWRldi5jb20vYWN0aXZlIjp0cnVlLCJuaWNrbmFtZSI6InBzaGFoX21hbmFnZXIiLCJuYW1lIjoidmlrYXMuYWdhcndhbCtwc2hhaF9tYW5hZ2VyQHRvcGNvZGVyLmNvbSIsInBpY3R1cmUiOiJodHRwczovL3MuZ3JhdmF0YXIuY29tL2F2YXRhci85MmFmYjJmMGVkNTJmZGZhZTFmMzcxMDIxYWU2NTAxMz9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRnZpLnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIwLTEwLTI0VDA4OjI4OjI0LjE4NFoiLCJlbWFpbCI6InZpa2FzLmFnYXJ3YWwrcHNoYWhfbWFuYWdlckB0b3Bjb2Rlci5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRvcGNvZGVyLWRldi5jb20vIiwic3ViIjoiYXV0aDB8NDAxNTI4NTYiLCJhdWQiOiJCWFdYVVduaWxWVVBkTjAxdDJTZTI5VHcyWllOR1p2SCIsImlhdCI6MTYwMzU0MzMzOCwiZXhwIjozMzE2MDQ1MjczOCwibm9uY2UiOiJSMUEyY3pZdVZUWm1ialpIUkc5MlZsOURTVUo2VWxsdlFYYzNSSGg1UzNaV2RXWkRjRE5YTUVaMVh3PT0ifQ.HbAisH30DLcbFNQeIifSzk1yhDmlGHNpPi9LSZbAowo",
@@ -62,6 +67,11 @@
6267
"value": "16718",
6368
"enabled": true
6469
},
70+
{
71+
"key": "project_id_16843",
72+
"value": "16843",
73+
"enabled": true
74+
},
6575
{
6676
"key": "jobIdCreatedByMember",
6777
"value": "",

src/common/helper.js

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,29 @@ async function ensureUserById (userId) {
603603
}
604604
}
605605

606+
/**
607+
* Function to check whether a user is a member of a project
608+
* by first retrieving the project detail via /v5/projects/:projectId and
609+
* then checking whether the user was included in the `members` property of the project detail object.
610+
*
611+
* @param {Object} userId the id of the user
612+
* @param {Number} projectId project id
613+
* @returns the result
614+
*/
615+
async function checkIsMemberOfProject (userId, projectId) {
616+
const m2mToken = await getM2Mtoken()
617+
const res = await request
618+
.get(`${config.TC_API}/projects/${projectId}`)
619+
.set('Authorization', `Bearer ${m2mToken}`)
620+
.set('Content-Type', 'application/json')
621+
.set('Accept', 'application/json')
622+
const memberIdList = _.map(res.body.members, 'userId')
623+
localLogger.debug({ context: 'checkIsMemberOfProject', message: `the members of project ${projectId}: ${memberIdList}` })
624+
if (!memberIdList.includes(userId)) {
625+
throw new errors.UnauthorizedError(`userId: ${userId} the user is not a member of project ${projectId}`)
626+
}
627+
}
628+
606629
module.exports = {
607630
checkIfExists,
608631
autoWrapExpress,
@@ -629,5 +652,6 @@ module.exports = {
629652
getSkillById,
630653
getUserSkill,
631654
ensureJobById,
632-
ensureUserById
655+
ensureUserById,
656+
checkIsMemberOfProject
633657
}

0 commit comments

Comments
 (0)