topcoder-platform
diff --git a/‎docs/permissions.html
Lines changed: 57 additions & 34 deletions b/‎docs/permissions.html
Lines changed: 57 additions & 34 deletions
diff --git a/‎src/permissions/constants.js
Lines changed: 39 additions & 24 deletions b/‎src/permissions/constants.js
Lines changed: 39 additions & 24 deletions
diff --git a/‎src/permissions/index.js
Lines changed: 6 additions & 3 deletions b/‎src/permissions/index.js
Lines changed: 6 additions & 3 deletions
diff --git a/‎src/routes/projectMemberInvites/create.js
Lines changed: 9 additions & 3 deletions b/‎src/routes/projectMemberInvites/create.js
Lines changed: 9 additions & 3 deletions
@@ -523,19 +523,19 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#UPDATE_PROJECT_MEMBER_TO_COPILOT" name="UPDATE_PROJECT_MEMBER_TO_COPILOT" class="anchor"></a>Update Project Member (to copilot)
+                <a href="#DELETE_PROJECT_MEMBER_CUSTOMER" name="DELETE_PROJECT_MEMBER_CUSTOMER" class="anchor"></a>Delete Project Member (customer)
               </div>
-              <div class="permission-variable"><small><code>UPDATE_PROJECT_MEMBER_TO_COPILOT</code></small></div>
-              <div class="text-black-50 small-text">Who can update project member role to &quot;copilot&quot;.</div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_CUSTOMER</code></small></div>
+              <div class="text-black-50 small-text">Who can delete project members with &quot;customer&quot; role.</div>
             </div>
             <div class="col-9 py-2">
               <div>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
               </div>
 
               <div>
                     <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
                     <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
               </div>
 
               <div>
@@ -548,14 +548,19 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#DELETE_PROJECT_MEMBER_CUSTOMER" name="DELETE_PROJECT_MEMBER_CUSTOMER" class="anchor"></a>Delete Project Member (customer)
+                <a href="#DELETE_PROJECT_MEMBER_TOPCODER" name="DELETE_PROJECT_MEMBER_TOPCODER" class="anchor"></a>Delete Project Member (topcoder)
               </div>
-              <div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_CUSTOMER</code></small></div>
-              <div class="text-black-50 small-text">Who can delete project members with &quot;customer&quot; role.</div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_TOPCODER</code></small></div>
+              <div class="text-black-50 small-text">Who can delete project members with some topcoder role like &quot;manager&quot; etc.</div>
             </div>
             <div class="col-9 py-2">
               <div>
-                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
               </div>
 
               <div>
@@ -573,24 +578,20 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#DELETE_PROJECT_MEMBER_NON_CUSTOMER" name="DELETE_PROJECT_MEMBER_NON_CUSTOMER" class="anchor"></a>Delete Project Member (non-customer)
+                <a href="#DELETE_PROJECT_MEMBER_COPILOT" name="DELETE_PROJECT_MEMBER_COPILOT" class="anchor"></a>Delete Project Member (copilot)
               </div>
-              <div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_NON_CUSTOMER</code></small></div>
-              <div class="text-black-50 small-text">Who can delete project members with non &quot;customer&quot; role.</div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_COPILOT</code></small></div>
+              <div class="text-black-50 small-text">Who can delete project members with &quot;copilot&quot; role.</div>
             </div>
             <div class="col-9 py-2">
               <div>
-                    <span class="badge badge-primary" title="Allowed Project Role">manager</span>
-                    <span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
-                    <span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
-                    <span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
-                    <span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
-                    <span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
+                  <span class="badge badge-primary" title="Allowed">Any Project Member</span>
               </div>
 
               <div>
                     <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
                     <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
               </div>
 
               <div>
@@ -680,15 +681,6 @@ <h2 class="anchor-container">
               <div>
                     <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
                     <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
-                    <span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
               </div>
 
               <div>
@@ -701,10 +693,10 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#CREATE_PROJECT_INVITE_NON_CUSTOMER" name="CREATE_PROJECT_INVITE_NON_CUSTOMER" class="anchor"></a>Create Project Invite (non-customer)
+                <a href="#CREATE_PROJECT_INVITE_TOPCODER" name="CREATE_PROJECT_INVITE_TOPCODER" class="anchor"></a>Create Project Invite (topcoder)
               </div>
-              <div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_NON_CUSTOMER</code></small></div>
-              <div class="text-black-50 small-text">Who can invite project members with non &quot;customer&quot; role.</div>
+              <div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_TOPCODER</code></small></div>
+              <div class="text-black-50 small-text">Who can invite project members with topcoder role like &quot;manager&quot; etc.</div>
             </div>
             <div class="col-9 py-2">
               <div>
@@ -731,9 +723,9 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#CREATE_PROJECT_INVITE_COPILOT_DIRECTLY" name="CREATE_PROJECT_INVITE_COPILOT_DIRECTLY" class="anchor"></a>Create Project Invite (copilot)
+                <a href="#CREATE_PROJECT_INVITE_COPILOT" name="CREATE_PROJECT_INVITE_COPILOT" class="anchor"></a>Create Project Invite (copilot)
               </div>
-              <div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_COPILOT_DIRECTLY</code></small></div>
+              <div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_COPILOT</code></small></div>
               <div class="text-black-50 small-text">Who can invite user with &quot;copilot&quot; role directly without requesting.</div>
             </div>
             <div class="col-9 py-2">
@@ -876,10 +868,40 @@ <h2 class="anchor-container">
           <div class="row border-top">
             <div class="col py-2">
               <div class="permission-title anchor-container">
-                <a href="#DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER" name="DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER" class="anchor"></a>Delete Project Invite (not own, non-customer)
+                <a href="#DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER" name="DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER" class="anchor"></a>Delete Project Invite (not own, topcoder)
+              </div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER</code></small></div>
+              <div class="text-black-50 small-text">Who can delete project invites for other members with some topcoder role like &quot;manager&quot; etc.</div>
+            </div>
+            <div class="col-9 py-2">
+              <div>
+                    <span class="badge badge-primary" title="Allowed Project Role">manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
+                    <span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
+              </div>
+
+              <div>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+              </div>
+
+              <div>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">all:project-invites</span>
+                  <span class="badge badge-dark" title="Allowed Topcoder Role">write:project-invites</span>
+              </div>
+            </div>
+          </div>
+          <div class="row border-top">
+            <div class="col py-2">
+              <div class="permission-title anchor-container">
+                <a href="#DELETE_PROJECT_INVITE_NOT_OWN_COPILOT" name="DELETE_PROJECT_INVITE_NOT_OWN_COPILOT" class="anchor"></a>Delete Project Invite (not own, copilot)
               </div>
-              <div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER</code></small></div>
-              <div class="text-black-50 small-text">Who can delete project invites for other members with non &quot;customer&quot; role.</div>
+              <div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_COPILOT</code></small></div>
+              <div class="text-black-50 small-text">Who can delete invites for other members with &quot;copilot&quot; role.</div>
             </div>
             <div class="col-9 py-2">
               <div>
@@ -894,6 +916,7 @@ <h2 class="anchor-container">
               <div>
                     <span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
                     <span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
+                    <span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
               </div>
 
               <div>
 
@@ -306,19 +306,6 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
     scopes: SCOPES_PROJECT_MEMBERS_WRITE,
   },
 
-  UPDATE_PROJECT_MEMBER_TO_COPILOT: {
-    meta: {
-      title: 'Update Project Member (to copilot)',
-      group: 'Project Member',
-      description: 'Who can update project member role to "copilot".',
-    },
-    topcoderRoles: [
-      ...TOPCODER_ROLES_ADMINS,
-      USER_ROLE.COPILOT_MANAGER,
-    ],
-    scopes: SCOPES_PROJECT_MEMBERS_WRITE,
-  },
-
   DELETE_PROJECT_MEMBER_CUSTOMER: {
     meta: {
       title: 'Delete Project Member (customer)',
@@ -330,17 +317,31 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
     scopes: SCOPES_PROJECT_MEMBERS_WRITE,
   },
 
-  DELETE_PROJECT_MEMBER_NON_CUSTOMER: {
+  DELETE_PROJECT_MEMBER_TOPCODER: {
     meta: {
-      title: 'Delete Project Member (non-customer)',
+      title: 'Delete Project Member (topcoder)',
       group: 'Project Member',
-      description: 'Who can delete project members with non "customer" role.',
+      description: 'Who can delete project members with some topcoder role like "manager" etc.',
     },
     topcoderRoles: TOPCODER_ROLES_ADMINS,
     projectRoles: PROJECT_ROLES_MANAGEMENT,
     scopes: SCOPES_PROJECT_MEMBERS_WRITE,
   },
 
+  DELETE_PROJECT_MEMBER_COPILOT: {
+    meta: {
+      title: 'Delete Project Member (copilot)',
+      group: 'Project Member',
+      description: 'Who can delete project members with "copilot" role.',
+    },
+    topcoderRoles: [
+      ...TOPCODER_ROLES_ADMINS,
+      USER_ROLE.COPILOT_MANAGER,
+    ],
+    projectRoles: ALL,
+    scopes: SCOPES_PROJECT_MEMBERS_WRITE,
+  },
+
   /*
    * Project Invite
    */
@@ -371,23 +372,23 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
       group: 'Project Invite',
       description: 'Who can invite project members with "customer" role.',
     },
-    topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
+    topcoderRoles: TOPCODER_ROLES_ADMINS,
     projectRoles: ALL,
     scopes: SCOPES_PROJECT_INVITES_WRITE,
   },
 
-  CREATE_PROJECT_INVITE_NON_CUSTOMER: {
+  CREATE_PROJECT_INVITE_TOPCODER: {
     meta: {
-      title: 'Create Project Invite (non-customer)',
+      title: 'Create Project Invite (topcoder)',
       group: 'Project Invite',
-      description: 'Who can invite project members with non "customer" role.',
+      description: 'Who can invite project members with topcoder role like "manager" etc.',
     },
     topcoderRoles: TOPCODER_ROLES_ADMINS,
     projectRoles: PROJECT_ROLES_MANAGEMENT,
     scopes: SCOPES_PROJECT_INVITES_WRITE,
   },
 
-  CREATE_PROJECT_INVITE_COPILOT_DIRECTLY: {
+  CREATE_PROJECT_INVITE_COPILOT: {
     meta: {
       title: 'Create Project Invite (copilot)',
       group: 'Project Invite',
@@ -454,17 +455,31 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
     scopes: SCOPES_PROJECT_INVITES_WRITE,
   },
 
-  DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER: {
+  DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER: {
     meta: {
-      title: 'Delete Project Invite (not own, non-customer)',
+      title: 'Delete Project Invite (not own, topcoder)',
       group: 'Project Invite',
-      description: 'Who can delete project invites for other members with non "customer" role.',
+      description: 'Who can delete project invites for other members with some topcoder role like "manager" etc.',
     },
     topcoderRoles: TOPCODER_ROLES_ADMINS,
     projectRoles: PROJECT_ROLES_MANAGEMENT,
     scopes: SCOPES_PROJECT_INVITES_WRITE,
   },
 
+  DELETE_PROJECT_INVITE_NOT_OWN_COPILOT: {
+    meta: {
+      title: 'Delete Project Invite (not own, copilot)',
+      group: 'Project Invite',
+      description: 'Who can delete invites for other members with "copilot" role.',
+    },
+    topcoderRoles: [
+      ...TOPCODER_ROLES_ADMINS,
+      USER_ROLE.COPILOT_MANAGER,
+    ],
+    projectRoles: PROJECT_ROLES_MANAGEMENT,
+    scopes: SCOPES_PROJECT_INVITES_WRITE,
+  },
+
   DELETE_PROJECT_INVITE_REQUESTED: {
     meta: {
       title: 'Delete Project Invite (requested)',
 
@@ -31,12 +31,14 @@ module.exports = () => {
   ]));
   Authorizer.setPolicy('projectMember.delete', generalPermission([
     PERMISSION.DELETE_PROJECT_MEMBER_CUSTOMER,
-    PERMISSION.DELETE_PROJECT_MEMBER_NON_CUSTOMER,
+    PERMISSION.DELETE_PROJECT_MEMBER_TOPCODER,
+    PERMISSION.DELETE_PROJECT_MEMBER_COPILOT,
   ]));
 
   Authorizer.setPolicy('projectMemberInvite.create', generalPermission([
     PERMISSION.CREATE_PROJECT_INVITE_CUSTOMER,
-    PERMISSION.CREATE_PROJECT_INVITE_NON_CUSTOMER,
+    PERMISSION.CREATE_PROJECT_INVITE_TOPCODER,
+    PERMISSION.CREATE_PROJECT_INVITE_COPILOT,
   ]));
   Authorizer.setPolicy('projectMemberInvite.view', generalPermission([
     PERMISSION.READ_PROJECT_INVITE_OWN,
@@ -49,7 +51,8 @@ module.exports = () => {
   Authorizer.setPolicy('projectMemberInvite.delete', generalPermission([
     PERMISSION.DELETE_PROJECT_INVITE_OWN,
     PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_CUSTOMER,
-    PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER,
+    PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_COPILOT,
+    PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER,
   ]));
 
   Authorizer.setPolicy('projectAttachment.create', generalPermission(PERMISSION.CREATE_PROJECT_ATTACHMENT));
 
@@ -274,8 +274,14 @@ module.exports = [
     }
 
     if (
-      invite.role !== PROJECT_MEMBER_ROLE.CUSTOMER &&
-      !util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_NON_CUSTOMER, req)
+      ( // if cannot invite non-customer user
+        invite.role !== PROJECT_MEMBER_ROLE.CUSTOMER &&
+        !util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_TOPCODER, req)
+      ) && !(
+        // and if cannot invite copilot directly
+        invite.role === PROJECT_MEMBER_ROLE.COPILOT &&
+        util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT, req)
+      )
     ) {
       const err = new Error(`You are not allowed to invite user as ${invite.role}.`);
       err.status = 403;
@@ -373,7 +379,7 @@ module.exports = [
                 role: invite.role,
                 // invite copilots directly if user has permissions
                 status: (invite.role !== PROJECT_MEMBER_ROLE.COPILOT ||
-                util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT_DIRECTLY, req))
+                util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT, req))
                   ? INVITE_STATUS.PENDING
                   : INVITE_STATUS.REQUESTED,
                 createdBy: req.authUser.userId,