Added project members to the request context for managerOrAdmin permission policy to allow reporting routes to use the members

Vikas Agarwal · Vikas Agarwal · commit 041d4f9f2307 · 2020-01-29T14:14:44.000+05:30
Removed console log statements
diff --git a/src/permissions/connectManagerOrAdmin.ops.js b/src/permissions/connectManagerOrAdmin.ops.js
@@ -1,18 +1,27 @@
+import _ from 'lodash';
 import util from '../util';
 import { MANAGER_ROLES } from '../constants';
+import models from '../models';
 
 
 /**
  * Only Connect Manager, Connect Admin, and administrator are allowed to perform the operations
  * @param {Object}    req         the express request instance
  * @return {Promise}              returns a promise
  */
-module.exports = req => new Promise((resolve, reject) => {
+module.exports = req => new Promise(async (resolve, reject) => {
   const hasAccess = util.hasRoles(req, MANAGER_ROLES);
 
   if (!hasAccess) {
     return reject(new Error('You do not have permissions to perform this action'));
   }
+  let projectId = req.params.projectId;
+  if (projectId) {
+    projectId = _.parseInt(projectId);
+    const members = await models.ProjectMember.getActiveProjectMembers(projectId);
+    req.context = req.context || {};
+    req.context.currentProjectMembers = members;
+  }
 
   return resolve(true);
 });
diff --git a/src/permissions/index.js b/src/permissions/index.js
@@ -141,5 +141,5 @@ module.exports = () => {
   Authorizer.setPolicy('projectEstimation.item.list', copilotAndAbove);
 
   // Project Reporting
-  Authorizer.setPolicy('projectReporting.managers', copilotAndAbove);
+  Authorizer.setPolicy('projectReporting.managers', connectManagerOrAdmin);
 };
diff --git a/src/routes/projectReports/getEmbedReport.js b/src/routes/projectReports/getEmbedReport.js
@@ -3,7 +3,7 @@
 import _ from 'lodash';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import util from '../../util';
-import { PROJECT_MEMBER_MANAGER_ROLES, USER_ROLE, PROJECT_MEMBER_ROLE } from '../../constants';
+import { USER_ROLE } from '../../constants';
 import lookerSerivce from '../../services/lookerService';
 
 const permissions = tcMiddleware.permissions;
@@ -20,17 +20,11 @@ module.exports = [
       // check if auth user has acecss to this project
       const members = req.context.currentProjectMembers;
       let member = _.find(members, m => m.userId === req.authUser.userId);
-      const isManager = member && PROJECT_MEMBER_MANAGER_ROLES.indexOf(member.role) > -1;
       const isAdmin = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN]);
-      const isCopilot = member && member.role === PROJECT_MEMBER_ROLE.COPILOT;
-      const isCustomer = member && member.role === PROJECT_MEMBER_ROLE.CUSTOMER;
-      console.log(isAdmin, 'isAdmin');
-      console.log(member, 'member');
       if (!member && isAdmin) {
         const token = await util.getM2MToken();
-        console.log(token);
         const adminUser = await util.getTopcoderUser(authUser.userId, token, req.log);
-        console.log(adminUser, 'adminUser');
+        req.log.debug(adminUser, 'adminUser');
         member = {
           firstName: adminUser.firstName,
           lastName: adminUser.lastName,
