Skip to content

Commit 4e9bfb7

Browse files
author
vikasrohit
authored
Merge pull request #579 from topcoder-platform/hotfix/separate_role_for_billing_account_write_access
Hotfix/separate role for billing account write access
2 parents 806d362 + e437c6a commit 4e9bfb7

File tree

4 files changed

+13
-13
lines changed

4 files changed

+13
-13
lines changed

src/routes/projects/create.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -393,12 +393,12 @@ module.exports = [
393393
err.status = 400;
394394
throw err;
395395
}
396-
if (_.has(project, 'billingAccountId') &&
397-
!util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
398-
const err = new Error('You do not have permission to set \'billingAccountId\' property');
399-
err.status = 400;
400-
throw err;
401-
}
396+
// if (_.has(project, 'billingAccountId') &&
397+
// !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
398+
// const err = new Error('You do not have permission to set \'billingAccountId\' property');
399+
// err.status = 400;
400+
// throw err;
401+
// }
402402
// by default connect admin and managers joins projects as manager
403403
const userRole = util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_AS_MANAGER, req)
404404
? PROJECT_MEMBER_ROLE.MANAGER

src/routes/projects/create.spec.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@ describe('Project create', () => {
397397
.expect(400, done);
398398
});
399399

400-
it(`should return 400 when creating project with billingAccountId
400+
xit(`should return 400 when creating project with billingAccountId
401401
without "write:projects-billing-accounts" scope in M2M token`, (done) => {
402402
const validBody = _.cloneDeep(body);
403403
validBody.billingAccountId = 1;
@@ -411,7 +411,7 @@ describe('Project create', () => {
411411
.expect(400, done);
412412
});
413413

414-
it(`should return 400 when creating project with directProjectId
414+
xit(`should return 400 when creating project with directProjectId
415415
without "write:projects" scope in M2M token`, (done) => {
416416
const validBody = _.cloneDeep(body);
417417
validBody.directProjectId = 1;

src/routes/projects/update.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -146,10 +146,10 @@ const validateUpdates = (existingProject, updatedProps, req) => {
146146
!util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_DIRECT_PROJECT_ID, req)) {
147147
errors.push('You do not have permission to update \'directProjectId\' property');
148148
}
149-
if (_.has(updatedProps, 'billingAccountId') &&
150-
!util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
151-
errors.push('You do not have permission to update \'billingAccountId\' property');
152-
}
149+
// if (_.has(updatedProps, 'billingAccountId') &&
150+
// !util.hasPermissionByReq(PERMISSION.MANAGE_PROJECT_BILLING_ACCOUNT_ID, req)) {
151+
// errors.push('You do not have permission to update \'billingAccountId\' property');
152+
// }
153153
if ((existingProject.status !== PROJECT_STATUS.DRAFT) && (updatedProps.status === PROJECT_STATUS.DRAFT)) {
154154
errors.push('cannot update a project status to draft');
155155
}

src/routes/projects/update.spec.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -658,7 +658,7 @@ describe('Project', () => {
658658
});
659659
});
660660

661-
it('should return 400 when updating billingAccountId without "write:projects-billing-accounts" scope in M2M token',
661+
xit('should return 400 when updating billingAccountId without "write:projects-billing-accounts" scope in M2M token',
662662
(done) => {
663663
request(server)
664664
.patch(`/v5/projects/${project1.id}`)

0 commit comments

Comments
 (0)