Merge pull request #433 from xxcxy/feature/only-list-project-with-pending-invites

[HOTFIX] [PROD] Copilots with "requested" invite shouldn't see projects in the list

Author: vikasrohit

src/routes/projects/list.js

@@ -5,7 +5,7 @@ import _ from 'lodash';
 import config from 'config';
 
 import models from '../../models';
-import { MANAGER_ROLES } from '../../constants';
+import { MANAGER_ROLES, INVITE_STATUS } from '../../constants';
 import util from '../../util';
 
 const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
@@ -127,9 +127,20 @@ const buildEsShouldQuery = (userId, email) => {
       nested: {
         path: 'invites',
         query: {
-          query_string: {
-            query: userId,
-            fields: ['invites.userId'],
+          bool: {
+            must: [
+              {
+                query_string: {
+                  query: userId,
+                  fields: ['invites.userId'],
+                },
+              }, {
+                query_string: {
+                  query: INVITE_STATUS.PENDING,
+                  fields: ['invites.status'],
+                },
+              },
+            ],
           },
         },
       },
@@ -141,9 +152,20 @@ const buildEsShouldQuery = (userId, email) => {
       nested: {
         path: 'invites',
         query: {
-          query_string: {
-            query: email,
-            fields: ['invites.email'],
+          bool: {
+            must: [
+              {
+                query_string: {
+                  query: email,
+                  fields: ['invites.email'],
+                },
+              }, {
+                query_string: {
+                  query: INVITE_STATUS.PENDING,
+                  fields: ['invites.status'],
+                },
+              },
+            ],
           },
         },
       },

src/routes/projects/list.spec.js

@@ -54,6 +54,14 @@ const data = [
         updatedBy: 1,
       },
     ],
+    invites: [
+      {
+        id: 1,
+        userId: 40051335,
+        email: 'test@topcoder.com',
+        status: 'pending',
+      },
+    ],
     attachments: [
       {
         id: 1,
@@ -90,6 +98,14 @@ const data = [
         updatedBy: 1,
       },
     ],
+    invites: [
+      {
+        id: 1,
+        userId: 40051335,
+        email: 'test@topcoder.com',
+        status: 'requested',
+      },
+    ],
   },
   {
     id: 3,
@@ -836,5 +852,46 @@ describe('LIST Project', () => {
           });
       });
     });
+    describe('GET All /projects/ for non-admins users who are invited', () => {
+      it('should return projects where a non-admin user has an invitation in pending status', (done) => {
+        request(server)
+          .get(`/v5/projects/?id=${project1.id}`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.member2}`,
+          })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end((err, res) => {
+            if (err) {
+              done(err);
+            } else {
+              const resJson = res.body;
+              should.exist(resJson);
+              resJson.should.have.lengthOf(1);
+              resJson[0].name.should.equal('test1');
+              done();
+            }
+          });
+      });
+      it('should not return projects where a non-admin user has an invitation in requested status', (done) => {
+        request(server)
+          .get(`/v5/projects/?id=${project2.id}`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.member2}`,
+          })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end((err, res) => {
+            if (err) {
+              done(err);
+            } else {
+              const resJson = res.body;
+              should.exist(resJson);
+              resJson.should.have.lengthOf(0);
+              done();
+            }
+          });
+      });
+    });
   });
 });