Fine tuning the embed report end point to use project category and user role to map the key to report. Also, using env variable to map report to actual looker construct.

Author: Vikas Agarwal

config/custom-environment-variables.json

@@ -63,12 +63,13 @@
     "CLIENT_ID": "LOOKER_API_CLIENT_ID",
     "CLIENT_SECRET": "LOOKER_API_CLIENT_SECRET",
     "TOKEN": "TOKEN",
-    "USE_MOCK": "LOOKER_API_ENABLE_MOCK",
-    "MOCK_EMBED_REPORT": "MOCK_EMBED_REPORT",
+    "USE_MOCK": "ENABLE_MOCK_REPORTS",
     "QUERIES": {
       "REG_STATS": "LOOKER_API_REG_STATS_QUERY_ID",
       "BUDGET": "LOOKER_API_BUDGET_QUERY_ID"
-    }
+    },
+    "EMBED_REPORTS_MAPPING": "EMBED_REPORTS_MAPPING",
+    "ALLOWED_USERS": "REPORTS_ALLOWED_USERS"
   },
   "DEFAULT_M2M_USERID": "DEFAULT_M2M_USERID"
 }

config/default.json

@@ -69,11 +69,12 @@
     "CLIENT_SECRET": "",
     "TOKEN": "TOKEN",
     "USE_MOCK": "true",
-    "MOCK_EMBED_REPORT": "/embed/looks/2",
     "QUERIES": {
       "REG_STATS": 1234,
       "BUDGET": 123
-    }
+    },
+    "EMBED_REPORTS_MAPPING": "{\"mock\": \"/embed/looks/2\"}",
+    "ALLOWED_USERS": "[]"
   },
   "DEFAULT_M2M_USERID": -101
 }

src/permissions/index.js

@@ -141,5 +141,5 @@ module.exports = () => {
   Authorizer.setPolicy('projectEstimation.item.list', copilotAndAbove);
 
   // Project Reporting
-  Authorizer.setPolicy('projectReporting.managers', connectManagerOrAdmin);
+  Authorizer.setPolicy('projectReporting.view', projectView);
 };

src/routes/projectReports/getEmbedReport.js

@@ -3,54 +3,89 @@ import config from 'config';
 import _ from 'lodash';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import util from '../../util';
-import { USER_ROLE } from '../../constants';
+import { USER_ROLE, PROJECT_MEMBER_ROLE, PROJECT_MEMBER_MANAGER_ROLES } from '../../constants';
+import models from '../../models';
 import lookerSerivce from '../../services/lookerService';
 
 const permissions = tcMiddleware.permissions;
 
 
 module.exports = [
-  permissions('projectReporting.managers'),
+  permissions('projectReporting.view'),
   async (req, res, next) => {
     const projectId = Number(req.params.projectId);
-    const reportName = config.lookerConfig.USE_MOCK === 'true' ? 'mock' : req.query.reportName;
+    const mockReport = config.lookerConfig.USE_MOCK === 'true';
+    let reportName = mockReport ? 'mock' : req.query.reportName;
     const authUser = req.authUser;
+    let REPORTS = null;
+    let allowedUsers = null;
+    try {
+      allowedUsers = JSON.parse(_.get(config, 'lookerConfig.ALLOWED_USERS', '[]'));
+      req.log.trace(allowedUsers, 'allowedUsers');
+      REPORTS = JSON.parse(config.lookerConfig.EMBED_REPORTS_MAPPING);
+    } catch (error) {
+      req.log.error(error);
+      req.log.debug('Invalid reports mapping. Should be a valid JSON.');
+    }
+    if (!mockReport && !REPORTS) {
+      return res.status(404).send('Report not found');
+    }
 
     try {
+      if (!mockReport) {
+        const project = await models.Project.findOne({
+          where: { id: projectId },
+          attributes: ['id', 'templateId'],
+          raw: true,
+        });
+        const projectTemplate = project.templateId
+          ? await models.ProjectTemplate.findByPk(project.templateId, { attributes: ['category'], raw: true })
+          : null;
+        const projectCategory = _.get(projectTemplate, 'category', '');
+        reportName = `${reportName}-${projectCategory}`;
+      }
       // check if auth user has acecss to this project
       const members = req.context.currentProjectMembers;
-      let member = _.find(members, m => m.userId === req.authUser.userId);
+      let member = _.find(members, m => m.userId === authUser.userId);
       const isAdmin = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN]);
+      const userDisallowed = allowedUsers.length > 0 && !allowedUsers.includes(authUser.userId);
+      if (userDisallowed) {
+        req.log.error(`User whitelisting prevented accessing report ${reportName} to ${authUser.userId}`);
+        return res.status(403).send('User is not allowed to access the report');
+      }
       if (!member && isAdmin) {
         const token = await util.getM2MToken();
         const adminUser = await util.getTopcoderUser(authUser.userId, token, req.log);
-        req.log.debug(adminUser, 'adminUser');
+        req.log.trace(adminUser, 'adminUser');
         member = {
           firstName: adminUser.firstName,
           lastName: adminUser.lastName,
           userId: adminUser.userId,
           role: '',
         };
       }
+      let roleKey = '';
+      if (!mockReport) {
+        if ([PROJECT_MEMBER_ROLE.CUSTOMER, PROJECT_MEMBER_ROLE.COPILOT].includes(member.role)) {
+          roleKey = member.role;
+        }
+        if (isAdmin || PROJECT_MEMBER_MANAGER_ROLES.includes(member.role)) {
+          roleKey = 'topcoder';
+        }
+        reportName = `${reportName}-${roleKey}`;
+      }
       // pick the report based on its name
       let result = {};
-      let embedUrl = null;
       const project = { id: projectId };
-      switch (reportName) {
-        case 'summary':
-          embedUrl = '/embed/looks/1';
-          break;
-        case 'mock':
-          embedUrl = config.lookerConfig.MOCK_EMBED_REPORT;
-          break;
-        default:
-          return res.status(404).send('Report not found');
-      }
+      const embedUrl = REPORTS[reportName];
+      req.log.trace(`Generating embed URL for ${reportName} report, using ${embedUrl} as embed URL.`);
       if (embedUrl) {
         result = await lookerSerivce.generateEmbedUrl(req.authUser, project, member, embedUrl);
+      } else {
+        return res.status(404).send('Report not found');
       }
 
-      req.log.debug(result);
+      req.log.trace(result);
       return res.status(200).json(result);
     } catch (err) {
       req.log.error(err);