topcoder-platform
diff --git a/‎docs/permissions.html
Lines changed: 215 additions & 0 deletions b/‎docs/permissions.html
Lines changed: 215 additions & 0 deletions
diff --git a/‎src/permissions/constants.js
Lines changed: 112 additions & 1 deletion b/‎src/permissions/constants.js
Lines changed: 112 additions & 1 deletion
@@ -939,6 +939,221 @@ <h2 class="anchor-container">
               </div>
             </div>
           </div>
+        <div class="row">
+          <div class="col pt-5 pb-2">
+            <h2 class="anchor-container">
+              <a href="#section-project-attachment" name="section-project-attachment" class="anchor"></a>Project Attachment
+            </h2>
+          </div>
+        </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#CREATE_PROJECT_ATTACHMENT" name="CREATE_PROJECT_ATTACHMENT" class="anchor"></a>Create Project Attachment
+              </div>
+              <div class="permission-variable"><small><code>CREATE_PROJECT_ATTACHMENT</code></small></div>
+              <div class="text-black-50 small-text"></div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#READ_PROJECT_ATTACHMENT_OWN_OR_ALLOWED" name="READ_PROJECT_ATTACHMENT_OWN_OR_ALLOWED" class="anchor"></a>Read Project Attachment (own or allowed)
+              </div>
+              <div class="permission-variable"><small><code>READ_PROJECT_ATTACHMENT_OWN_OR_ALLOWED</code></small></div>
+              <div class="text-black-50 small-text">Who can view own attachment or an attachment of another user when they are in the &quot;allowed&quot; list.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">read:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#READ_PROJECT_ATTACHMENT_NOT_OWN_AND_NOT_ALLOWED" name="READ_PROJECT_ATTACHMENT_NOT_OWN_AND_NOT_ALLOWED" class="anchor"></a>Read Project Attachment (not own and not allowed)
+              </div>
+              <div class="permission-variable"><small><code>READ_PROJECT_ATTACHMENT_NOT_OWN_AND_NOT_ALLOWED</code></small></div>
+              <div class="text-black-50 small-text">Who can view attachment of another user when they are not in &quot;allowed&quot; users list.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">read:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#UPDATE_PROJECT_ATTACHMENT_OWN" name="UPDATE_PROJECT_ATTACHMENT_OWN" class="anchor"></a>Update Project Attachment (own)
+              </div>
+              <div class="permission-variable"><small><code>UPDATE_PROJECT_ATTACHMENT_OWN</code></small></div>
+              <div class="text-black-50 small-text">Who can edit attachment they created.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#UPDATE_PROJECT_ATTACHMENT_NOT_OWN" name="UPDATE_PROJECT_ATTACHMENT_NOT_OWN" class="anchor"></a>Update Project Attachment (not own)
+              </div>
+              <div class="permission-variable"><small><code>UPDATE_PROJECT_ATTACHMENT_NOT_OWN</code></small></div>
+              <div class="text-black-50 small-text">Who can edit attachment created by another user.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#DELETE_PROJECT_ATTACHMENT_OWN" name="DELETE_PROJECT_ATTACHMENT_OWN" class="anchor"></a>Delete Project Attachment (own)
+              </div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_ATTACHMENT_OWN</code></small></div>
+              <div class="text-black-50 small-text">Who can delete attachment they created.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:projects</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#DELETE_PROJECT_ATTACHMENT_NOT_OWN" name="DELETE_PROJECT_ATTACHMENT_NOT_OWN" class="anchor"></a>Delete Project Attachment (not own)
+              </div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_ATTACHMENT_NOT_OWN</code></small></div>
+              <div class="text-black-50 small-text">Who can delete attachment created by another user.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:projects</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:projects</span>
+              </div>
+            </div>
+          </div>
         <div class="row">
           <div class="col pt-5 pb-2">
             <h2 class="anchor-container">
 
@@ -53,44 +53,73 @@ import {
   M2M_SCOPES,
 } from '../constants';
 
+/**
+ * All Project Roles
+ */
 const PROJECT_ROLES_ALL = _.values(PROJECT_MEMBER_ROLE);
+
+/**
+ * "Management Level" Project Roles
+ */
 const PROJECT_ROLES_MANAGEMENT = _.difference(PROJECT_ROLES_ALL, [
   PROJECT_MEMBER_ROLE.COPILOT,
   PROJECT_MEMBER_ROLE.CUSTOMER,
   PROJECT_MEMBER_ROLE.OBSERVER,
 ]);
 
+/**
+ * This is a special constant to indicate that all project members or any logged-in user
+ * has permission.
+ */
 const ALL = true;
 
+/**
+ * M2M scopes to "read" projects
+ */
 const SCOPES_PROJECTS_READ = [
   M2M_SCOPES.CONNECT_PROJECT_ADMIN,
   M2M_SCOPES.PROJECTS.ALL,
   M2M_SCOPES.PROJECTS.READ,
 ];
 
+/**
+ * M2M scopes to "write" projects
+ */
 const SCOPES_PROJECTS_WRITE = [
   M2M_SCOPES.CONNECT_PROJECT_ADMIN,
   M2M_SCOPES.PROJECTS.ALL,
   M2M_SCOPES.PROJECTS.WRITE,
 ];
 
+/**
+ * M2M scopes to "write" billingAccountId property
+ */
 const SCOPES_PROJECTS_WRITE_BILLING_ACCOUNTS = [
   M2M_SCOPES.CONNECT_PROJECT_ADMIN,
   M2M_SCOPES.PROJECTS.WRITE_BILLING_ACCOUNTS,
 ];
 
+/**
+ * M2M scopes to "read" projects members
+ */
 const SCOPES_PROJECT_MEMBERS_READ = [
   M2M_SCOPES.CONNECT_PROJECT_ADMIN,
   M2M_SCOPES.PROJECT_MEMBERS.ALL,
   M2M_SCOPES.PROJECT_MEMBERS.READ,
 ];
 
+/**
+ * M2M scopes to "write" projects members
+ */
 const SCOPES_PROJECT_MEMBERS_WRITE = [
   M2M_SCOPES.CONNECT_PROJECT_ADMIN,
   M2M_SCOPES.PROJECT_MEMBERS.ALL,
   M2M_SCOPES.PROJECT_MEMBERS.WRITE,
 ];
 
+/**
+ * The full list of possible permission rules in Project Service
+ */
 export const PERMISSION = { // eslint-disable-line import/prefer-default-export
   /*
    * Project
@@ -430,7 +459,85 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
     scopes: SCOPES_PROJECT_MEMBERS_WRITE,
   },
 
-  /**
+  /*
+   * Project Attachments
+   */
+  CREATE_PROJECT_ATTACHMENT: {
+    meta: {
+      title: 'Create Project Attachment',
+      group: 'Project Attachment',
+    },
+    topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
+    projectRoles: ALL,
+    scopes: SCOPES_PROJECTS_WRITE,
+  },
+
+  READ_PROJECT_ATTACHMENT_OWN_OR_ALLOWED: {
+    meta: {
+      title: 'Read Project Attachment (own or allowed)',
+      group: 'Project Attachment',
+      description: 'Who can view own attachment or an attachment of another user when they are in the "allowed" list.',
+    },
+    topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
+    projectRoles: ALL,
+    scopes: SCOPES_PROJECTS_READ,
+  },
+
+  READ_PROJECT_ATTACHMENT_NOT_OWN_AND_NOT_ALLOWED: {
+    meta: {
+      title: 'Read Project Attachment (not own and not allowed)',
+      group: 'Project Attachment',
+      description: 'Who can view attachment of another user when they are not in "allowed" users list.',
+    },
+    topcoderRoles: TOPCODER_ROLES_ADMINS,
+    scopes: SCOPES_PROJECTS_READ,
+  },
+
+  UPDATE_PROJECT_ATTACHMENT_OWN: {
+    meta: {
+      title: 'Update Project Attachment (own)',
+      group: 'Project Attachment',
+      description: 'Who can edit attachment they created.',
+    },
+    topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
+    projectRoles: ALL,
+    scopes: SCOPES_PROJECTS_WRITE,
+  },
+
+  UPDATE_PROJECT_ATTACHMENT_NOT_OWN: {
+    meta: {
+      title: 'Update Project Attachment (not own)',
+      group: 'Project Attachment',
+      description: 'Who can edit attachment created by another user.',
+    },
+    topcoderRoles: TOPCODER_ROLES_ADMINS,
+    scopes: SCOPES_PROJECTS_WRITE,
+  },
+
+  DELETE_PROJECT_ATTACHMENT_OWN: {
+    meta: {
+      title: 'Delete Project Attachment (own)',
+      group: 'Project Attachment',
+      description: 'Who can delete attachment they created.',
+    },
+    topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
+    projectRoles: ALL,
+    scopes: SCOPES_PROJECTS_WRITE,
+  },
+
+  DELETE_PROJECT_ATTACHMENT_NOT_OWN: {
+    meta: {
+      title: 'Delete Project Attachment (not own)',
+      group: 'Project Attachment',
+      description: 'Who can delete attachment created by another user.',
+    },
+    topcoderRoles: TOPCODER_ROLES_ADMINS,
+    scopes: SCOPES_PROJECTS_WRITE,
+  },
+
+  /*
+   * DEPRECATED - THIS PERMISSION RULE HAS TO BE REMOVED
+   *
    * Permissions defined by logic: **WHO** can do actions with such a permission.
    */
   ROLES_COPILOT_AND_ABOVE: {
@@ -448,6 +555,10 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
   },
 };
 
+/**
+ * Matrix which define Project Roles and corresponding Topcoder Roles of users
+ * who may join with such Project Roles.
+ */
 export const PROJECT_TO_TOPCODER_ROLES_MATRIX = {
   [PROJECT_MEMBER_ROLE.CUSTOMER]: _.values(USER_ROLE),
   [PROJECT_MEMBER_ROLE.MANAGER]: [