Description
Users with bookingmanager role can access all the teams in TaaS App even if they are not members of that team. In particular, such a user can Manager Access: see invites, members, add and remove members, see UI example https://platform.topcoder-dev.com/taas/myteams/16718/access
At the moment to view invites and members and to delete members we are using Projects API. But Projets API doesn't allow users with bookingmanager role to GET invites and members or delete members if such a user is not a member of the project. This leads to the issues like this in TaaS App: topcoder-archive/topcoder-platform-taas-app#111
To overcome this limitation we have to create proxy endpoints inside TaaS API:
-
GET /taas-teams/:teamId/members->GET /projects/{projectId}/members -
GET /taas-teams/:teamId/invites->GET /projects/{projectId}/invites -
DELETE /taas-teams/:teamId/members/:memberId->DELETE /projects/{projectId}/members/:memberId -
These endpoints should be allowed to be called by any user who has access to the project. The same way as we implemented permissions for "POST /taas-teams/:teamId/members" endpoint.
-
For
GETendpoints passfieldsfrom the TaaS API request to the Projects API request. So when making request to TaaS API we could define which fields we would like to get from Projects API. -
To keep requests consistent, let's update
POST /taas-teams/:teamId/membersendpoint to passfieldsquery param from the TaaS API request to the Projets API request, instead of always getting all the fields https://github.com/topcoder-platform/taas-apis/blob/dev/src/services/TeamService.js#L350 -
Update Swagger
-
Update Postman