Skip to content

feat: remove copilot members and invites #594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Nov 20, 2020
Merged

feat: remove copilot members and invites #594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ec0fa1d
feat: remove copilot members and invites
maxceem Nov 20, 2020
173d937
fix: unit test
maxceem Nov 20, 2020
d6346b4
fix: invite create unit test and debug
maxceem Nov 20, 2020
3d56176
fix: debug unit tests
maxceem Nov 20, 2020
f64e8fb
fix: more debug
maxceem Nov 20, 2020
e8bc70f
fix: more debug
maxceem Nov 20, 2020
37dfe47
fix: more debug
maxceem Nov 20, 2020
c2214d4
fix: more debug
maxceem Nov 20, 2020
7524a0a
fix: Copilot Manager token for unit tests
maxceem Nov 20, 2020
266f4ea
fix: remove debugging
maxceem Nov 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 57 additions & 34 deletions docs/permissions.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -523,19 +523,19 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#UPDATE_PROJECT_MEMBER_TO_COPILOT" name="UPDATE_PROJECT_MEMBER_TO_COPILOT" class="anchor"></a>Update Project Member (to copilot)
<a href="#DELETE_PROJECT_MEMBER_CUSTOMER" name="DELETE_PROJECT_MEMBER_CUSTOMER" class="anchor"></a>Delete Project Member (customer)
</div>
<div class="permission-variable"><small><code>UPDATE_PROJECT_MEMBER_TO_COPILOT</code></small></div>
<div class="text-black-50 small-text">Who can update project member role to &quot;copilot&quot;.</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_CUSTOMER</code></small></div>
<div class="text-black-50 small-text">Who can delete project members with &quot;customer&quot; role.</div>
</div>
<div class="col-9 py-2">
<div>
<span class="badge badge-primary" title="Allowed">Any Project Member</span>
</div>

<div>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
<span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
</div>

<div>
Expand All @@ -548,14 +548,19 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#DELETE_PROJECT_MEMBER_CUSTOMER" name="DELETE_PROJECT_MEMBER_CUSTOMER" class="anchor"></a>Delete Project Member (customer)
<a href="#DELETE_PROJECT_MEMBER_TOPCODER" name="DELETE_PROJECT_MEMBER_TOPCODER" class="anchor"></a>Delete Project Member (topcoder)
</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_CUSTOMER</code></small></div>
<div class="text-black-50 small-text">Who can delete project members with &quot;customer&quot; role.</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_TOPCODER</code></small></div>
<div class="text-black-50 small-text">Who can delete project members with some topcoder role like &quot;manager&quot; etc.</div>
</div>
<div class="col-9 py-2">
<div>
<span class="badge badge-primary" title="Allowed">Any Project Member</span>
<span class="badge badge-primary" title="Allowed Project Role">manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
<span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
<span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
</div>

<div>
Expand All @@ -573,24 +578,20 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#DELETE_PROJECT_MEMBER_NON_CUSTOMER" name="DELETE_PROJECT_MEMBER_NON_CUSTOMER" class="anchor"></a>Delete Project Member (non-customer)
<a href="#DELETE_PROJECT_MEMBER_COPILOT" name="DELETE_PROJECT_MEMBER_COPILOT" class="anchor"></a>Delete Project Member (copilot)
</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_NON_CUSTOMER</code></small></div>
<div class="text-black-50 small-text">Who can delete project members with non &quot;customer&quot; role.</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_MEMBER_COPILOT</code></small></div>
<div class="text-black-50 small-text">Who can delete project members with &quot;copilot&quot; role.</div>
</div>
<div class="col-9 py-2">
<div>
<span class="badge badge-primary" title="Allowed Project Role">manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
<span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
<span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
<span class="badge badge-primary" title="Allowed">Any Project Member</span>
</div>

<div>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
<span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
</div>

<div>
Expand Down Expand Up @@ -680,15 +681,6 @@ <h2 class="anchor-container">
<div>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
<span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Manager</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Account Manager</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Business Development Representative</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Presales</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Account Executive</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Program Manager</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Solution Architect</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Project Manager</span>
</div>

<div>
Expand All @@ -701,10 +693,10 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#CREATE_PROJECT_INVITE_NON_CUSTOMER" name="CREATE_PROJECT_INVITE_NON_CUSTOMER" class="anchor"></a>Create Project Invite (non-customer)
<a href="#CREATE_PROJECT_INVITE_TOPCODER" name="CREATE_PROJECT_INVITE_TOPCODER" class="anchor"></a>Create Project Invite (topcoder)
</div>
<div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_NON_CUSTOMER</code></small></div>
<div class="text-black-50 small-text">Who can invite project members with non &quot;customer&quot; role.</div>
<div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_TOPCODER</code></small></div>
<div class="text-black-50 small-text">Who can invite project members with topcoder role like &quot;manager&quot; etc.</div>
</div>
<div class="col-9 py-2">
<div>
Expand All @@ -731,9 +723,9 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#CREATE_PROJECT_INVITE_COPILOT_DIRECTLY" name="CREATE_PROJECT_INVITE_COPILOT_DIRECTLY" class="anchor"></a>Create Project Invite (copilot)
<a href="#CREATE_PROJECT_INVITE_COPILOT" name="CREATE_PROJECT_INVITE_COPILOT" class="anchor"></a>Create Project Invite (copilot)
</div>
<div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_COPILOT_DIRECTLY</code></small></div>
<div class="permission-variable"><small><code>CREATE_PROJECT_INVITE_COPILOT</code></small></div>
<div class="text-black-50 small-text">Who can invite user with &quot;copilot&quot; role directly without requesting.</div>
</div>
<div class="col-9 py-2">
Expand Down Expand Up @@ -876,10 +868,40 @@ <h2 class="anchor-container">
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER" name="DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER" class="anchor"></a>Delete Project Invite (not own, non-customer)
<a href="#DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER" name="DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER" class="anchor"></a>Delete Project Invite (not own, topcoder)
</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER</code></small></div>
<div class="text-black-50 small-text">Who can delete project invites for other members with some topcoder role like &quot;manager&quot; etc.</div>
</div>
<div class="col-9 py-2">
<div>
<span class="badge badge-primary" title="Allowed Project Role">manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">program_manager</span>
<span class="badge badge-primary" title="Allowed Project Role">account_executive</span>
<span class="badge badge-primary" title="Allowed Project Role">solution_architect</span>
<span class="badge badge-primary" title="Allowed Project Role">project_manager</span>
</div>

<div>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
<span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
</div>

<div>
<span class="badge badge-dark" title="Allowed Topcoder Role">all:connect_project</span>
<span class="badge badge-dark" title="Allowed Topcoder Role">all:project-invites</span>
<span class="badge badge-dark" title="Allowed Topcoder Role">write:project-invites</span>
</div>
</div>
</div>
<div class="row border-top">
<div class="col py-2">
<div class="permission-title anchor-container">
<a href="#DELETE_PROJECT_INVITE_NOT_OWN_COPILOT" name="DELETE_PROJECT_INVITE_NOT_OWN_COPILOT" class="anchor"></a>Delete Project Invite (not own, copilot)
</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER</code></small></div>
<div class="text-black-50 small-text">Who can delete project invites for other members with non &quot;customer&quot; role.</div>
<div class="permission-variable"><small><code>DELETE_PROJECT_INVITE_NOT_OWN_COPILOT</code></small></div>
<div class="text-black-50 small-text">Who can delete invites for other members with &quot;copilot&quot; role.</div>
</div>
<div class="col-9 py-2">
<div>
Expand All @@ -894,6 +916,7 @@ <h2 class="anchor-container">
<div>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Admin</span>
<span class="badge badge-success" title="Allowed Topcoder Role">administrator</span>
<span class="badge badge-success" title="Allowed Topcoder Role">Connect Copilot Manager</span>
</div>

<div>
Expand Down
63 changes: 39 additions & 24 deletions src/permissions/constants.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,19 +306,6 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
scopes: SCOPES_PROJECT_MEMBERS_WRITE,
},

UPDATE_PROJECT_MEMBER_TO_COPILOT: {
meta: {
title: 'Update Project Member (to copilot)',
group: 'Project Member',
description: 'Who can update project member role to "copilot".',
},
topcoderRoles: [
...TOPCODER_ROLES_ADMINS,
USER_ROLE.COPILOT_MANAGER,
],
scopes: SCOPES_PROJECT_MEMBERS_WRITE,
},

DELETE_PROJECT_MEMBER_CUSTOMER: {
meta: {
title: 'Delete Project Member (customer)',
Expand All @@ -330,17 +317,31 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
scopes: SCOPES_PROJECT_MEMBERS_WRITE,
},

DELETE_PROJECT_MEMBER_NON_CUSTOMER: {
DELETE_PROJECT_MEMBER_TOPCODER: {
meta: {
title: 'Delete Project Member (non-customer)',
title: 'Delete Project Member (topcoder)',
group: 'Project Member',
description: 'Who can delete project members with non "customer" role.',
description: 'Who can delete project members with some topcoder role like "manager" etc.',
},
topcoderRoles: TOPCODER_ROLES_ADMINS,
projectRoles: PROJECT_ROLES_MANAGEMENT,
scopes: SCOPES_PROJECT_MEMBERS_WRITE,
},

DELETE_PROJECT_MEMBER_COPILOT: {
meta: {
title: 'Delete Project Member (copilot)',
group: 'Project Member',
description: 'Who can delete project members with "copilot" role.',
},
topcoderRoles: [
...TOPCODER_ROLES_ADMINS,
USER_ROLE.COPILOT_MANAGER,
],
projectRoles: ALL,
scopes: SCOPES_PROJECT_MEMBERS_WRITE,
},

/*
* Project Invite
*/
Expand Down Expand Up @@ -371,23 +372,23 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
group: 'Project Invite',
description: 'Who can invite project members with "customer" role.',
},
topcoderRoles: TOPCODER_ROLES_MANAGERS_AND_ADMINS,
topcoderRoles: TOPCODER_ROLES_ADMINS,
projectRoles: ALL,
scopes: SCOPES_PROJECT_INVITES_WRITE,
},

CREATE_PROJECT_INVITE_NON_CUSTOMER: {
CREATE_PROJECT_INVITE_TOPCODER: {
meta: {
title: 'Create Project Invite (non-customer)',
title: 'Create Project Invite (topcoder)',
group: 'Project Invite',
description: 'Who can invite project members with non "customer" role.',
description: 'Who can invite project members with topcoder role like "manager" etc.',
},
topcoderRoles: TOPCODER_ROLES_ADMINS,
projectRoles: PROJECT_ROLES_MANAGEMENT,
scopes: SCOPES_PROJECT_INVITES_WRITE,
},

CREATE_PROJECT_INVITE_COPILOT_DIRECTLY: {
CREATE_PROJECT_INVITE_COPILOT: {
meta: {
title: 'Create Project Invite (copilot)',
group: 'Project Invite',
Expand Down Expand Up @@ -454,17 +455,31 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
scopes: SCOPES_PROJECT_INVITES_WRITE,
},

DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER: {
DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER: {
meta: {
title: 'Delete Project Invite (not own, non-customer)',
title: 'Delete Project Invite (not own, topcoder)',
group: 'Project Invite',
description: 'Who can delete project invites for other members with non "customer" role.',
description: 'Who can delete project invites for other members with some topcoder role like "manager" etc.',
},
topcoderRoles: TOPCODER_ROLES_ADMINS,
projectRoles: PROJECT_ROLES_MANAGEMENT,
scopes: SCOPES_PROJECT_INVITES_WRITE,
},

DELETE_PROJECT_INVITE_NOT_OWN_COPILOT: {
meta: {
title: 'Delete Project Invite (not own, copilot)',
group: 'Project Invite',
description: 'Who can delete invites for other members with "copilot" role.',
},
topcoderRoles: [
...TOPCODER_ROLES_ADMINS,
USER_ROLE.COPILOT_MANAGER,
],
projectRoles: PROJECT_ROLES_MANAGEMENT,
scopes: SCOPES_PROJECT_INVITES_WRITE,
},

DELETE_PROJECT_INVITE_REQUESTED: {
meta: {
title: 'Delete Project Invite (requested)',
Expand Down
9 changes: 6 additions & 3 deletions src/permissions/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,14 @@ module.exports = () => {
]));
Authorizer.setPolicy('projectMember.delete', generalPermission([
PERMISSION.DELETE_PROJECT_MEMBER_CUSTOMER,
PERMISSION.DELETE_PROJECT_MEMBER_NON_CUSTOMER,
PERMISSION.DELETE_PROJECT_MEMBER_TOPCODER,
PERMISSION.DELETE_PROJECT_MEMBER_COPILOT,
]));

Authorizer.setPolicy('projectMemberInvite.create', generalPermission([
PERMISSION.CREATE_PROJECT_INVITE_CUSTOMER,
PERMISSION.CREATE_PROJECT_INVITE_NON_CUSTOMER,
PERMISSION.CREATE_PROJECT_INVITE_TOPCODER,
PERMISSION.CREATE_PROJECT_INVITE_COPILOT,
]));
Authorizer.setPolicy('projectMemberInvite.view', generalPermission([
PERMISSION.READ_PROJECT_INVITE_OWN,
Expand All @@ -49,7 +51,8 @@ module.exports = () => {
Authorizer.setPolicy('projectMemberInvite.delete', generalPermission([
PERMISSION.DELETE_PROJECT_INVITE_OWN,
PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_CUSTOMER,
PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_NON_CUSTOMER,
PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_COPILOT,
PERMISSION.DELETE_PROJECT_INVITE_NOT_OWN_TOPCODER,
]));

Authorizer.setPolicy('projectAttachment.create', generalPermission(PERMISSION.CREATE_PROJECT_ATTACHMENT));
Expand Down
12 changes: 9 additions & 3 deletions src/routes/projectMemberInvites/create.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -274,8 +274,14 @@ module.exports = [
}

if (
invite.role !== PROJECT_MEMBER_ROLE.CUSTOMER &&
!util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_NON_CUSTOMER, req)
( // if cannot invite non-customer user
invite.role !== PROJECT_MEMBER_ROLE.CUSTOMER &&
!util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_TOPCODER, req)
) && !(
// and if cannot invite copilot directly
invite.role === PROJECT_MEMBER_ROLE.COPILOT &&
util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT, req)
)
) {
const err = new Error(`You are not allowed to invite user as ${invite.role}.`);
err.status = 403;
Expand Down Expand Up @@ -373,7 +379,7 @@ module.exports = [
role: invite.role,
// invite copilots directly if user has permissions
status: (invite.role !== PROJECT_MEMBER_ROLE.COPILOT ||
util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT_DIRECTLY, req))
util.hasPermissionByReq(PERMISSION.CREATE_PROJECT_INVITE_COPILOT, req))
? INVITE_STATUS.PENDING
: INVITE_STATUS.REQUESTED,
createdBy: req.authUser.userId,
Expand Down
Loading