Merge pull request #579 from topcoder-platform/hotfix/separate_role_for_billing_account_write_access

vikasrohit · web-flow · commit 4e9bfb7f4a6b · 2020-06-03T18:00:55.000+05:30
Hotfix/separate role for billing account write access
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
@@ -393,12 +393,12 @@ module.exports = [
       err.status = 400;
       throw err;
     }
-    if (_.has(project, 'billingAccountId') &&
-      !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
-      const err = new Error('You do not have permission to set \'billingAccountId\' property');
-      err.status = 400;
-      throw err;
-    }
+    // if (_.has(project, 'billingAccountId') &&
+    //   !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
+    //   const err = new Error('You do not have permission to set \'billingAccountId\' property');
+    //   err.status = 400;
+    //   throw err;
+    // }
     // by default connect admin and managers joins projects as manager
     const userRole = util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_AS_MANAGER, req)
       ? PROJECT_MEMBER_ROLE.MANAGER
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
@@ -397,7 +397,7 @@ describe('Project create', () => {
         .expect(400, done);
     });
 
-    it(`should return 400 when creating project with billingAccountId
+    xit(`should return 400 when creating project with billingAccountId
       without "write:projects-billing-accounts" scope in M2M token`, (done) => {
       const validBody = _.cloneDeep(body);
       validBody.billingAccountId = 1;
@@ -411,7 +411,7 @@ describe('Project create', () => {
         .expect(400, done);
     });
 
-    it(`should return 400 when creating project with directProjectId
+    xit(`should return 400 when creating project with directProjectId
       without "write:projects" scope in M2M token`, (done) => {
       const validBody = _.cloneDeep(body);
       validBody.directProjectId = 1;
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
@@ -146,10 +146,10 @@ const validateUpdates = (existingProject, updatedProps, req) => {
     !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_DIRECT_PROJECT_ID, req)) {
     errors.push('You do not have permission to update \'directProjectId\' property');
   }
-  if (_.has(updatedProps, 'billingAccountId') &&
-    !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
-    errors.push('You do not have permission to update \'billingAccountId\' property');
-  }
+  // if (_.has(updatedProps, 'billingAccountId') &&
+  //   !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
+  //   errors.push('You do not have permission to update \'billingAccountId\' property');
+  // }
   if ((existingProject.status !== PROJECT_STATUS.DRAFT) && (updatedProps.status === PROJECT_STATUS.DRAFT)) {
     errors.push('cannot update a project status to draft');
   }
diff --git a/src/routes/projects/update.spec.js b/src/routes/projects/update.spec.js
@@ -658,7 +658,7 @@ describe('Project', () => {
         });
     });
 
-    it('should return 400 when updating billingAccountId without "write:projects-billing-accounts" scope in M2M token',
+    xit('should return 400 when updating billingAccountId without "write:projects-billing-accounts" scope in M2M token',
       (done) => {
         request(server)
           .patch(`/v5/projects/${project1.id}`)
