topcoder-platform
diff --git a/‎src/routes/projects/get.js
Lines changed: 25 additions & 2 deletions b/‎src/routes/projects/get.js
Lines changed: 25 additions & 2 deletions
diff --git a/‎src/routes/projects/get.spec.js
Lines changed: 270 additions & 2 deletions b/‎src/routes/projects/get.spec.js
Lines changed: 270 additions & 2 deletions
@@ -22,9 +22,18 @@ const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
 // var permissions = require('tc-core-library-js').middleware.permissions
 const permissions = tcMiddleware.permissions;
 const PROJECT_ATTRIBUTES = _.without(_.keys(models.Project.rawAttributes), 'utm', 'deletedAt');
-const PROJECT_MEMBER_ATTRIBUTES = _.without(_.keys(models.ProjectMember.rawAttributes), 'deletedAt');
+const PROJECT_MEMBER_ATTRIBUTES = _.concat(_.without(_.keys(models.ProjectMember.rawAttributes), 'deletedAt'),
+  ['firstName', 'lastName', 'handle', 'email']);
 const PROJECT_MEMBER_INVITE_ATTRIBUTES = _.without(_.keys(models.ProjectMemberInvite.rawAttributes), 'deletedAt');
 const PROJECT_ATTACHMENT_ATTRIBUTES = _.without(_.keys(models.ProjectAttachment.rawAttributes), 'deletedAt');
+const PROJECT_PHASE_ATTRIBUTES = _.without(
+  _.keys(models.ProjectPhase.rawAttributes),
+  'deletedAt',
+);
+const PROJECT_PHASE_PRODUCTS_ATTRIBUTES = _.without(
+  _.keys(models.PhaseProduct.rawAttributes),
+  'deletedAt',
+);
 
 /**
  * Parse the ES search criteria and prepare search request body
@@ -52,13 +61,21 @@ const parseElasticSearchCriteria = (projectId, fields) => {
     sourceInclude = sourceInclude.concat(_.map(memberFields, single => `invites.${single}`));
   }
 
+  if (_.get(fields, 'project_phases', null)) {
+    const phaseFields = _.get(fields, 'project_phases');
+    sourceInclude = sourceInclude.concat(_.map(phaseFields, single => `phases.${single}`));
+  }
+  if (_.get(fields, 'project_phases_products', null)) {
+    const phaseFields = _.get(fields, 'project_phases_products');
+    sourceInclude = sourceInclude.concat(_.map(phaseFields, single => `phases.products.${single}`));
+  }
   if (_.get(fields, 'attachments', null)) {
     const attachmentFields = _.get(fields, 'attachments');
     sourceInclude = sourceInclude.concat(_.map(attachmentFields, single => `attachments.${single}`));
   }
 
   if (sourceInclude) {
-    searchCriteria._sourceInclude = sourceInclude;        // eslint-disable-line no-underscore-dangle
+    searchCriteria._sourceIncludes = sourceInclude;        // eslint-disable-line no-underscore-dangle
   }
 
 
@@ -87,9 +104,14 @@ const retrieveProjectFromES = (projectId, req) => {
     projects: PROJECT_ATTRIBUTES,
     project_members: PROJECT_MEMBER_ATTRIBUTES,
     project_member_invites: PROJECT_MEMBER_INVITE_ATTRIBUTES,
+    project_phases: PROJECT_PHASE_ATTRIBUTES,
+    project_phases_products: PROJECT_PHASE_PRODUCTS_ATTRIBUTES,
     attachments: PROJECT_ATTACHMENT_ATTRIBUTES,
   });
 
+  // if user is not admin, ignore email field for project_members
+  fields = util.ignoreEmailField(req, fields);
+
   const searchCriteria = parseElasticSearchCriteria(projectId, fields) || {};
   return new Promise((accept, reject) => {
     const es = util.getElasticSearchClient();
@@ -108,6 +130,7 @@ const retrieveProjectFromDB = (projectId, req) => {
     projects: PROJECT_ATTRIBUTES,
     project_members: PROJECT_MEMBER_ATTRIBUTES,
   });
+
   return models.Project
     .findOne({
       where: { id: projectId },
 
@@ -3,7 +3,7 @@
 import chai from 'chai';
 import sinon from 'sinon';
 import request from 'supertest';
-
+import _ from 'lodash';
 import config from 'config';
 import models from '../../models';
 import util from '../../util';
@@ -23,7 +23,8 @@ const data = [
     billingAccountId: 1,
     name: 'test1',
     description: 'es_project',
-    status: 'active',
+    cancelReason: 'price/cost',
+    status: 'draft',
     details: {
       utm: {
         code: 'code1',
@@ -42,6 +43,7 @@ const data = [
         firstName: 'es_member_1_firstName',
         lastName: 'Lastname',
         handle: 'test_tourist_handle',
+        email: 'test@test.com',
         isPrimary: true,
         createdBy: 1,
         updatedBy: 1,
@@ -56,6 +58,30 @@ const data = [
         updatedBy: 1,
       },
     ],
+    invites: [
+      {
+        id: 1,
+        userId: 40051335,
+        email: 'test@topcoder.com',
+        status: 'pending',
+      },
+    ],
+    phases: [
+
+      {
+        id: 45,
+        name: 'test phases',
+        spentBudget: 0,
+        products: [
+          {
+
+            phaseId: 45,
+            id: 3,
+            name: 'tet product',
+          },
+        ],
+      },
+    ],
     attachments: [
       {
         id: 1,
@@ -80,6 +106,7 @@ describe('GET Project', () => {
         .then(() => testUtil.clearES())
         .then(() => {
           const p1 = models.Project.create({
+            id: 5,
             type: 'generic',
             billingAccountId: 1,
             name: 'test1',
@@ -98,6 +125,10 @@ describe('GET Project', () => {
               projectId: project1.id,
               role: 'customer',
               isPrimary: true,
+              firstName: 'Firstname',
+              lastName: 'Lastname',
+              handle: 'test_tourist_handle',
+              email: 'test@test.com',
               createdBy: 1,
               updatedBy: 1,
             });
@@ -343,5 +374,242 @@ describe('GET Project', () => {
             });
       });
     });
+
+    describe('URL Query fields', () => {
+      it('should not return "email" for project members when "fields" query param is not defined (to non-admin users)', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=members.handle`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.members[0].should.have.property('handle');
+            resJson.members[0].should.not.have.property('email');
+            done();
+          }
+        });
+      });
+
+      it('should not return "email" for project members even if it\'s defined in "fields" query param (to non-admin users)', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=members.email,members.handle`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.members[0].should.have.property('handle');
+            resJson.members[0].should.not.have.property('email');
+            done();
+          }
+        });
+      });
+
+
+      it('should not return "cancelReason" if it is not listed in "fields" query param ', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=description`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.should.have.property('description');
+            resJson.description.should.be.eq('es_project');
+            resJson.should.not.have.property('cancelReason');
+            done();
+          }
+        });
+      });
+
+      it('should not return "email" for project members when "fields" query param is not defined (to admin users)', (done) => {
+        request(server)
+          .get(`/v5/projects/${project1.id}?fields=description,members.id`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.admin}`,
+          })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end((err, res) => {
+            if (err) {
+              done(err);
+            } else {
+              const resJson = res.body;
+              should.exist(resJson);
+              resJson.members.should.have.lengthOf(2);
+              resJson.members[0].should.not.have.property('email');
+              done();
+            }
+          });
+      });
+
+      it('should return "email" for project members if it\'s defined in "fields" query param (to admin users', (done) => {
+        request(server)
+          .get(`/v5/projects/${project1.id}?fields=description,members.id,members.email`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.admin}`,
+          })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end((err, res) => {
+            if (err) {
+              done(err);
+            } else {
+              const resJson = res.body;
+              should.exist(resJson);
+              resJson.members.should.have.lengthOf(2);
+              resJson.members[0].should.have.property('email');
+              resJson.members[0].email.should.be.eq('test@test.com');
+              done();
+            }
+          });
+      });
+
+
+      it('should only return "id" field, when it\'s defined in "fields"  query param', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=id`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.should.have.property('id');
+            _.keys(resJson).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+
+      it('should only return "invites.userId" field, when it\'s defined in "fields"  query param', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=invites.userId`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.invites[0].should.have.property('userId');
+            _.keys(resJson.invites[0]).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+
+      it('should only return "members.role" field, when it\'s defined in "fields"  query param', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=members.role`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.members[0].should.have.property('role');
+            _.keys(resJson.members[0]).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+
+      it('should only return "attachments.title" field, when it\'s defined in "fields"  query param', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=attachments.title`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.attachments[0].should.have.property('title');
+            _.keys(resJson.attachments[0]).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+
+      it('should only return "phases.name" field, when it\'s defined in "fields"  query param', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=phases.name`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.phases[0].should.have.property('name');
+            _.keys(resJson.phases[0]).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+
+      it('should only return "phases.products.name" field, when it\'s defined in "fields" query param and "phases" is also defined', (done) => {
+        request(server)
+        .get(`/v5/projects/${project1.id}?fields=phases.products.name,phases.name`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body;
+            should.exist(resJson);
+            resJson.phases[0].products[0].should.have.property('name');
+            _.keys(resJson.phases[0].products[0]).length.should.be.eq(1);
+            done();
+          }
+        });
+      });
+    });
   });
 });