fixes #54, fixes #53

Parth Shah · Parth Shah · commit 2b4c3d5f9ed3 · 2017-04-04T18:22:16.000-07:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tc-projects-service",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "Projects microservice",
   "main": "index.js",
   "engines": {
diff --git a/src/routes/projects/list.js b/src/routes/projects/list.js
@@ -30,6 +30,8 @@ const PROJECT_ATTACHMENT_ATTRIBUTES = _.without(
   'deletedAt',
 );
 
+
+const escapeEsKeyword = keyword => keyword.replace(/[+-=><!|(){}[&\]^"~*?:\\/]/g, '\\\\$&');
 /**
  * Parse the ES search criteria and prepare search request body
  *
@@ -44,11 +46,13 @@ const parseElasticSearchCriteria = (criteria, fields, order) => {
     type: ES_PROJECT_TYPE,
     size: criteria.limit,
     from: criteria.offset,
-    sort: `${order[0]}:${order[1]}`,
   };
-  let sourceInclude;
-
+  // best match / relevancy is the default sort w/ elasticsearch
+  if (order[0].toLowerCase() !== 'best match') {
+    searchCriteria.sort = `${order[0]}:${order[1]}`;
+  }
 
+  let sourceInclude;
   if (_.get(fields, 'projects', null)) {
     sourceInclude = _.get(fields, 'projects');
   }
@@ -103,25 +107,26 @@ const parseElasticSearchCriteria = (criteria, fields, order) => {
       },
     });
   }
-
   if (_.has(criteria, 'filters.keyword')) {
     // keyword is a full text search
+    // escape special fields from keyword search
+    const keyword = escapeEsKeyword(criteria.filters.keyword);
     fullTextQuery = {
       bool: {
         should: [
           {
             query_string: {
-              query: `*${criteria.filters.keyword}*`,
+              query: `*${keyword}*`,
               analyze_wildcard: true,
-              fields: ['name', 'description', 'type'],
+              fields: ['name^3', 'description', 'type'], // boost name field
             },
           },
           {
             nested: {
               path: 'members',
               query: {
                 query_string: {
-                  query: `*${criteria.filters.keyword}*`,
+                  query: `*${keyword}*`,
                   analyze_wildcard: true,
                   fields: ['members.email', 'members.handle', 'members.firstName', 'members.lastName'],
                 },
@@ -188,6 +193,7 @@ module.exports = [
       sort += ' asc';
     }
     const sortableProps = [
+      'best match',
       'createdAt', 'createdAt asc', 'createdAt desc',
       'updatedAt', 'updatedAt asc', 'updatedAt desc',
       'id', 'id asc', 'id desc',
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
@@ -43,6 +43,7 @@ const updateProjectValdiations = {
       name: Joi.string(),
       description: Joi.string().allow(null).allow('').optional(),
       billingAccountId: Joi.number().positive(),
+      directProjectId: Joi.number().positive().allow(null),
       status: Joi.any().valid(_.values(PROJECT_STATUS)),
       estimatedPrice: Joi.number().precision(2).positive().allow(null),
       actualPrice: Joi.number().precision(2).positive(),
@@ -79,7 +80,7 @@ const updateProjectValdiations = {
 };
 
 // NOTE- decided to disable all additional checks for now.
-const validateUpdates = (existingProject) => {
+const validateUpdates = (existingProject, updatedProps, authUser) => {
   const errors = [];
   switch (existingProject.status) {
     case PROJECT_STATUS.COMPLETED:
@@ -97,6 +98,12 @@ const validateUpdates = (existingProject) => {
       //     }
       //   }
   }
+  console.log(_.intersection(authUser.roles, [USER_ROLE.MANAGER, USER_ROLE.TOPCODER_ADMIN]));
+  if (_.has(updatedProps, 'directProjectId') &&
+  _.intersection(authUser.roles, [USER_ROLE.MANAGER, USER_ROLE.TOPCODER_ADMIN]).length === 0) {
+    errors.push('Don\'t have permission to update \'directProjectId\' property');
+  }
+
   return errors;
 };
 
@@ -113,8 +120,7 @@ module.exports = [
     let updatedProps = req.body.param;
     const projectId = _.parseInt(req.params.projectId);
     // prune any fields that cannot be updated directly
-    updatedProps = _.omit(updatedProps, ['createdBy', 'createdAt', 'updatedBy', 'updatedAt',
-      'id', 'directProjectId']);
+    updatedProps = _.omit(updatedProps, ['createdBy', 'createdAt', 'updatedBy', 'updatedAt', 'id']);
 
     let previousValue;
     models.sequelize.transaction(() => models.Project.findOne({
@@ -133,7 +139,7 @@ module.exports = [
         }
         previousValue = _.clone(project.get({ plain: true }));
         // run additional validations
-        const validationErrors = validateUpdates(previousValue, updatedProps);
+        const validationErrors = validateUpdates(previousValue, updatedProps, req.authUser);
         if (validationErrors.length > 0) {
           const err = new Error('Unable to update project');
           _.assign(err, {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "tc-projects-service",`
`3`		`- "version": "1.4.0",`
	`3`	`+ "version": "1.4.1",`
`4`	`4`	`"description": "Projects microservice",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"engines": {`