From be01938841eea0e625a8d64e99ef34c94adeb2f0 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho <pvmagacho@gmail.com>
Date: Thu, 24 May 2018 09:12:18 -0300
Subject: [PATCH 01/59] Merge from phases and products challenge

---
 .circleci/config.yml                    |   2 +-
 config/default.json                     |   3 +-
 src/models/phaseProduct.js              |  45 ++++++
 src/models/project.js                   |   1 +
 src/models/projectPhase.js              | 105 +++++++++++++
 src/permissions/index.js                |   6 +
 src/routes/index.js                     |  17 ++
 src/routes/phaseProducts/create.js      | 102 ++++++++++++
 src/routes/phaseProducts/create.spec.js | 185 ++++++++++++++++++++++
 src/routes/phaseProducts/delete.js      |  43 ++++++
 src/routes/phaseProducts/delete.spec.js | 129 ++++++++++++++++
 src/routes/phaseProducts/get.js         |  36 +++++
 src/routes/phaseProducts/get.spec.js    | 147 ++++++++++++++++++
 src/routes/phaseProducts/list.js        |  41 +++++
 src/routes/phaseProducts/list.spec.js   | 129 ++++++++++++++++
 src/routes/phaseProducts/update.js      |  63 ++++++++
 src/routes/phaseProducts/update.spec.js | 178 +++++++++++++++++++++
 src/routes/phases/create.js             |  69 +++++++++
 src/routes/phases/create.spec.js        | 196 ++++++++++++++++++++++++
 src/routes/phases/delete.js             |  42 +++++
 src/routes/phases/delete.spec.js        | 103 +++++++++++++
 src/routes/phases/get.js                |  31 ++++
 src/routes/phases/get.spec.js           | 121 +++++++++++++++
 src/routes/phases/list.js               |  74 +++++++++
 src/routes/phases/list.spec.js          | 102 ++++++++++++
 src/routes/phases/update.js             |  83 ++++++++++
 src/routes/phases/update.spec.js        | 167 ++++++++++++++++++++
 27 files changed, 2218 insertions(+), 2 deletions(-)
 create mode 100644 src/models/phaseProduct.js
 create mode 100644 src/models/projectPhase.js
 create mode 100644 src/routes/phaseProducts/create.js
 create mode 100644 src/routes/phaseProducts/create.spec.js
 create mode 100644 src/routes/phaseProducts/delete.js
 create mode 100644 src/routes/phaseProducts/delete.spec.js
 create mode 100644 src/routes/phaseProducts/get.js
 create mode 100644 src/routes/phaseProducts/get.spec.js
 create mode 100644 src/routes/phaseProducts/list.js
 create mode 100644 src/routes/phaseProducts/list.spec.js
 create mode 100644 src/routes/phaseProducts/update.js
 create mode 100644 src/routes/phaseProducts/update.spec.js
 create mode 100644 src/routes/phases/create.js
 create mode 100644 src/routes/phases/create.spec.js
 create mode 100644 src/routes/phases/delete.js
 create mode 100644 src/routes/phases/delete.spec.js
 create mode 100644 src/routes/phases/get.js
 create mode 100644 src/routes/phases/get.spec.js
 create mode 100644 src/routes/phases/list.js
 create mode 100644 src/routes/phases/list.spec.js
 create mode 100644 src/routes/phases/update.js
 create mode 100644 src/routes/phases/update.spec.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
index cfc1f527..4fea1158 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -76,7 +76,7 @@ workflows:
             - test
           filters:
             branches:
-              only: [dev, 'feature/db-lock-issue']
+              only: dev
       - deployProd:
           requires:
             - test
diff --git a/config/default.json b/config/default.json
index 2358f4a0..9cd04951 100644
--- a/config/default.json
+++ b/config/default.json
@@ -37,5 +37,6 @@
   "jwksUri": "",
   "busApiUrl": "http://api.topcoder-dev.com",
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
-  "HEALTH_CHECK_URL": "_health"
+  "HEALTH_CHECK_URL": "_health",
+  "maxPhaseProductCount": 1
 }
diff --git a/src/models/phaseProduct.js b/src/models/phaseProduct.js
new file mode 100644
index 00000000..da7a5bc0
--- /dev/null
+++ b/src/models/phaseProduct.js
@@ -0,0 +1,45 @@
+
+
+module.exports = function definePhaseProduct(sequelize, DataTypes) {
+  const PhaseProduct = sequelize.define('PhaseProduct', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING, allowNull: true },
+    projectId: DataTypes.BIGINT,
+    directProjectId: DataTypes.BIGINT,
+    billingAccountId: DataTypes.BIGINT,
+    // TODO: associate this with product_template
+    templateId: { type: DataTypes.BIGINT, defaultValue: 0 },
+    type: { type: DataTypes.STRING, allowNull: true },
+    estimatedPrice: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
+    actualPrice: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
+    details: { type: DataTypes.JSON, defaultValue: '' },
+
+    deletedAt: { type: DataTypes.DATE, allowNull: true },
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: { type: DataTypes.INTEGER, allowNull: true },
+    createdBy: { type: DataTypes.INTEGER, allowNull: false },
+    updatedBy: { type: DataTypes.INTEGER, allowNull: false },
+  }, {
+    tableName: 'phase_products',
+    paranoid: false,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+    indexes: [],
+    classMethods: {
+      getActivePhaseProducts(phaseId) {
+        return this.findAll({
+          where: {
+            deletedAt: { $eq: null },
+            phaseId,
+          },
+          raw: true,
+        });
+      },
+    },
+  });
+
+  return PhaseProduct;
+};
diff --git a/src/models/project.js b/src/models/project.js
index 0c832e5f..ae6724ce 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -92,6 +92,7 @@ module.exports = function defineProject(sequelize, DataTypes) {
       associate: (models) => {
         Project.hasMany(models.ProjectMember, { as: 'members', foreignKey: 'projectId' });
         Project.hasMany(models.ProjectAttachment, { as: 'attachments', foreignKey: 'projectId' });
+        Project.hasMany(models.ProjectPhase, { as: 'phases', foreignKey: 'projectId' });
       },
 
       /**
diff --git a/src/models/projectPhase.js b/src/models/projectPhase.js
new file mode 100644
index 00000000..b855f44d
--- /dev/null
+++ b/src/models/projectPhase.js
@@ -0,0 +1,105 @@
+/* eslint-disable valid-jsdoc */
+
+import _ from 'lodash';
+
+module.exports = function defineProjectPhase(sequelize, DataTypes) {
+  const ProjectPhase = sequelize.define('ProjectPhase', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING, allowNull: true },
+    status: { type: DataTypes.STRING, allowNull: true },
+    startDate: { type: DataTypes.DATE, allowNull: true },
+    endDate: { type: DataTypes.DATE, allowNull: true },
+    budget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
+    progress: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
+    details: { type: DataTypes.JSON, defaultValue: '' },
+
+    deletedAt: { type: DataTypes.DATE, allowNull: true },
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: { type: DataTypes.INTEGER, allowNull: true },
+    createdBy: { type: DataTypes.INTEGER, allowNull: false },
+    updatedBy: { type: DataTypes.INTEGER, allowNull: false },
+  }, {
+    tableName: 'project_phases',
+    paranoid: false,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+    indexes: [],
+    classMethods: {
+      getActiveProjectPhases(projectId) {
+        return this.findAll({
+          where: {
+            deletedAt: { $eq: null },
+            projectId,
+          },
+          raw: true,
+        });
+      },
+      associate: (models) => {
+        ProjectPhase.hasMany(models.PhaseProduct, { as: 'products', foreignKey: 'phaseId' });
+      },
+      /**
+       * Search name or status
+       * @param parameters the parameters
+       *          - filters: the filters contains keyword
+       *          - order: the order
+       *          - limit: the limit
+       *          - offset: the offset
+       *          - attributes: the attributes to get
+       * @param log the request log
+       * @return the result rows and count
+       */
+      searchText(parameters, log) {
+        // special handling for keyword filter
+        let query = '1=1 ';
+        if (_.has(parameters.filters, 'id')) {
+          if (_.isObject(parameters.filters.id)) {
+            if (parameters.filters.id.$in.length === 0) {
+              parameters.filters.id.$in.push(-1);
+            }
+            query += `AND id IN (${parameters.filters.id.$in}) `;
+          } else if (_.isString(parameters.filters.id) || _.isNumber(parameters.filters.id)) {
+            query += `AND id = ${parameters.filters.id} `;
+          }
+        }
+        if (_.has(parameters.filters, 'status')) {
+          const statusFilter = parameters.filters.status;
+          if (_.isObject(statusFilter)) {
+            const statuses = statusFilter.$in.join("','");
+            query += `AND status IN ('${statuses}') `;
+          } else if (_.isString(statusFilter)) {
+            query += `AND status ='${statusFilter}'`;
+          }
+        }
+        if (_.has(parameters.filters, 'name')) {
+          query += `AND name like '%${parameters.filters.name}%' `;
+        }
+
+        const attributesStr = `"${parameters.attributes.join('","')}"`;
+        const orderStr = `"${parameters.order[0][0]}" ${parameters.order[0][1]}`;
+
+        // select count of project_phases
+        return sequelize.query(`SELECT COUNT(1) FROM project_phases WHERE ${query}`,
+          { type: sequelize.QueryTypes.SELECT,
+            logging: (str) => { log.debug(str); },
+            raw: true,
+          })
+          .then((fcount) => {
+            const count = fcount[0].count;
+            // select project attributes
+            return sequelize.query(`SELECT ${attributesStr} FROM project_phases WHERE ${query} ORDER BY ` +
+              ` ${orderStr} LIMIT ${parameters.limit} OFFSET ${parameters.offset}`,
+              { type: sequelize.QueryTypes.SELECT,
+                logging: (str) => { log.debug(str); },
+                raw: true,
+              })
+              .then(phases => ({ rows: phases, count }));
+          });
+      },
+    },
+  });
+
+  return ProjectPhase;
+};
diff --git a/src/permissions/index.js b/src/permissions/index.js
index e0797b3c..3fc2a2a5 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -23,4 +23,10 @@ module.exports = () => {
   Authorizer.setPolicy('project.downloadAttachment', projectView);
   Authorizer.setPolicy('project.updateMember', projectEdit);
   Authorizer.setPolicy('project.admin', projectAdmin);
+  Authorizer.setPolicy('project.addProjectPhase', projectEdit);
+  Authorizer.setPolicy('project.updateProjectPhase', projectEdit);
+  Authorizer.setPolicy('project.deleteProjectPhase', projectEdit);
+  Authorizer.setPolicy('project.addPhaseProduct', projectEdit);
+  Authorizer.setPolicy('project.updatePhaseProduct', projectEdit);
+  Authorizer.setPolicy('project.deletePhaseProduct', projectEdit);
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index 47a51502..4c7291a5 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -64,6 +64,23 @@ router.route('/v4/projects/:projectId(\\d+)/attachments/:id(\\d+)')
     .patch(require('./attachments/update'))
     .delete(require('./attachments/delete'));
 
+router.route('/v4/projects/:projectId(\\d+)/phases')
+    .get(require('./phases/list'))
+    .post(require('./phases/create'));
+
+router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)')
+    .get(require('./phases/get'))
+    .patch(require('./phases/update'))
+    .delete(require('./phases/delete'));
+
+router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)/products')
+    .get(require('./phaseProducts/list'))
+    .post(require('./phaseProducts/create'));
+
+router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)/products/:productId(\\d+)')
+    .get(require('./phaseProducts/get'))
+    .patch(require('./phaseProducts/update'))
+    .delete(require('./phaseProducts/delete'));
 
 // register error handler
 router.use((err, req, res, next) => { // eslint-disable-line no-unused-vars
diff --git a/src/routes/phaseProducts/create.js b/src/routes/phaseProducts/create.js
new file mode 100644
index 00000000..5a67ef01
--- /dev/null
+++ b/src/routes/phaseProducts/create.js
@@ -0,0 +1,102 @@
+
+import validate from 'express-validation';
+import _ from 'lodash';
+import config from 'config';
+import Joi from 'joi';
+
+import models from '../../models';
+import util from '../../util';
+
+const permissions = require('tc-core-library-js').middleware.permissions;
+
+const addPhaseProductValidations = {
+  body: {
+    param: Joi.object().keys({
+      name: Joi.string().required(),
+      type: Joi.string().required(),
+      templateId: Joi.number().optional(),
+      estimatedPrice: Joi.number().positive().optional(),
+      actualPrice: Joi.number().positive().optional(),
+      details: Joi.any().optional(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  // validate request payload
+  validate(addPhaseProductValidations),
+  // check permission
+  permissions('project.addPhaseProduct'),
+  // do the real work
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+
+    const data = req.body.param;
+    // default values
+    _.assign(data, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    let newPhaseProduct = null;
+    models.sequelize.transaction(() => models.Project.findOne({
+      where: { id: projectId, deletedAt: { $eq: null } },
+      raw: true,
+    }).then((existingProject) => {
+        // make sure project exists
+      if (!existingProject) {
+        const err = new Error(`project not found for project id ${projectId}`);
+        err.status = 404;
+        throw err;
+      }
+      _.assign(data, {
+        projectId,
+        directProjectId: existingProject.directProjectId,
+        billingAccountId: existingProject.billingAccountId,
+      });
+
+      return models.ProjectPhase.findOne({
+        where: { id: phaseId, projectId, deletedAt: { $eq: null } },
+        raw: true,
+      });
+    }).then((existingPhase) => {
+        // make sure phase exists
+      if (!existingPhase) {
+        const err = new Error(`project phase not found for project id ${projectId}` +
+            ` and phase id ${phaseId}`);
+        err.status = 404;
+        throw err;
+      }
+      _.assign(data, {
+        phaseId,
+      });
+
+      return models.PhaseProduct.count({
+        where: {
+          projectId,
+          phaseId,
+          deletedAt: { $eq: null },
+        },
+        raw: true,
+      });
+    }).then((productCount) => {
+        // make sure number of products of per phase <= max value
+      if (productCount >= config.maxPhaseProductCount) {
+        const err = new Error('the number of products per phase cannot exceed ' +
+            `${config.maxPhaseProductCount}`);
+        err.status = 400;
+        throw err;
+      }
+      return models.PhaseProduct.create(data);
+    })
+      .then((_newPhaseProduct) => {
+        newPhaseProduct = _.cloneDeep(_newPhaseProduct);
+        req.log.debug('new phase product created (id# %d, name: %s)',
+                newPhaseProduct.id, newPhaseProduct.name);
+        newPhaseProduct = newPhaseProduct.get({ plain: true });
+        newPhaseProduct = _.omit(newPhaseProduct, ['deletedAt', 'utm']);
+        res.status(201).json(util.wrapResponse(req.id, newPhaseProduct, 1, 201));
+      })).catch((err) => { next(err); });
+  },
+];
diff --git a/src/routes/phaseProducts/create.spec.js b/src/routes/phaseProducts/create.spec.js
new file mode 100644
index 00000000..95a6d1ca
--- /dev/null
+++ b/src/routes/phaseProducts/create.spec.js
@@ -0,0 +1,185 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test phase product',
+  type: 'product1',
+  estimatedPrice: 20.0,
+  actualPrice: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+};
+
+describe('Phase Products', () => {
+  let projectId;
+  let phaseId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              models.ProjectPhase.create({
+                name: 'test project phase',
+                status: 'active',
+                startDate: '2018-05-15T00:00:00Z',
+                endDate: '2018-05-15T12:00:00Z',
+                budget: 20.0,
+                progress: 1.23456,
+                details: {
+                  message: 'This can be any json',
+                },
+                createdBy: 1,
+                updatedBy: 1,
+                projectId,
+              }).then((phase) => {
+                phaseId = phase.id;
+                done();
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('POST /projects/{projectId}/phases/{phaseId}/products', () => {
+    it('should return 403 if user does not have permissions', (done) => {
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 422 when name not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.name;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when type not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.type;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when estimatedPrice is negative', (done) => {
+      const reqBody = _.cloneDeep(body);
+      reqBody.estimatedPrice = -20;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when actualPrice is negative', (done) => {
+      const reqBody = _.cloneDeep(body);
+      reqBody.actualPrice = -20;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 404 when project is not found', (done) => {
+      request(server)
+        .post(`/v4/projects/99999/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when project phase is not found', (done) => {
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/99999/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 201 if payload is valid', (done) => {
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(body.name);
+            resJson.type.should.be.eql(body.type);
+            resJson.estimatedPrice.should.be.eql(body.estimatedPrice);
+            resJson.actualPrice.should.be.eql(body.actualPrice);
+            resJson.details.should.be.eql(body.details);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phaseProducts/delete.js b/src/routes/phaseProducts/delete.js
new file mode 100644
index 00000000..a7e5e8ee
--- /dev/null
+++ b/src/routes/phaseProducts/delete.js
@@ -0,0 +1,43 @@
+
+
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  // check permission
+  permissions('project.deletePhaseProduct'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+    const productId = _.parseInt(req.params.productId);
+
+    models.sequelize.transaction(() =>
+      // soft delete the record
+      models.PhaseProduct.findOne({
+        where: {
+          id: productId,
+          projectId,
+          phaseId,
+          deletedAt: { $eq: null },
+        },
+      }).then(existing => new Promise((accept, reject) => {
+        if (!existing) {
+        // handle 404
+          const err = new Error('No active phase product found for project id ' +
+              `${projectId}, phase id ${phaseId} and product id ${productId}`);
+          err.status = 404;
+          reject(err);
+        } else {
+          _.extend(existing, { deletedBy: req.authUser.userId, deletedAt: Date.now() });
+          existing.save().then(accept).catch(reject);
+        }
+      })).then((deleted) => {
+        req.log.debug('deleted phase product', JSON.stringify(deleted, null, 2));
+        res.status(204).json({});
+      }).catch(err => next(err)));
+  },
+];
diff --git a/src/routes/phaseProducts/delete.spec.js b/src/routes/phaseProducts/delete.spec.js
new file mode 100644
index 00000000..2908bee9
--- /dev/null
+++ b/src/routes/phaseProducts/delete.spec.js
@@ -0,0 +1,129 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const body = {
+  name: 'test phase product',
+  type: 'product1',
+  estimatedPrice: 20.0,
+  actualPrice: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Phase Products', () => {
+  let projectId;
+  let phaseId;
+  let productId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              models.ProjectPhase.create({
+                name: 'test project phase',
+                status: 'active',
+                startDate: '2018-05-15T00:00:00Z',
+                endDate: '2018-05-15T12:00:00Z',
+                budget: 20.0,
+                progress: 1.23456,
+                details: {
+                  message: 'This can be any json',
+                },
+                createdBy: 1,
+                updatedBy: 1,
+                projectId,
+              }).then((phase) => {
+                phaseId = phase.id;
+                _.assign(body, { phaseId, projectId });
+
+                models.PhaseProduct.create(body).then((product) => {
+                  productId = product.id;
+                  done();
+                });
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('DELETE /projects/{id}/phases/{phaseId}/products/{productId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .delete(`/v4/projects/999/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/99999/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no product with specific productId', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 204 when user have project permission', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(204, done);
+    });
+  });
+});
diff --git a/src/routes/phaseProducts/get.js b/src/routes/phaseProducts/get.js
new file mode 100644
index 00000000..30aa2ed4
--- /dev/null
+++ b/src/routes/phaseProducts/get.js
@@ -0,0 +1,36 @@
+
+import _ from 'lodash';
+
+import models from '../../models';
+import util from '../../util';
+
+const permissions = require('tc-core-library-js').middleware.permissions;
+
+module.exports = [
+  // check permission
+  permissions('project.view'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+    const productId = _.parseInt(req.params.productId);
+
+    return models.PhaseProduct.findOne({
+      where: {
+        id: productId,
+        projectId,
+        phaseId,
+      },
+    }).then((product) => {
+      if (!product) {
+        // handle 404
+        const err = new Error('phase product not found for project id ' +
+              `${projectId}, phase id ${phaseId} and product id ${productId}`);
+        err.status = 404;
+        throw err;
+      } else {
+        res.json(util.wrapResponse(req.id, product));
+      }
+    }).catch(err => next(err));
+  },
+];
diff --git a/src/routes/phaseProducts/get.spec.js b/src/routes/phaseProducts/get.spec.js
new file mode 100644
index 00000000..b2b65b2a
--- /dev/null
+++ b/src/routes/phaseProducts/get.spec.js
@@ -0,0 +1,147 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test phase product',
+  type: 'product1',
+  estimatedPrice: 20.0,
+  actualPrice: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Phase Products', () => {
+  let projectId;
+  let phaseId;
+  let productId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              models.ProjectPhase.create({
+                name: 'test project phase',
+                status: 'active',
+                startDate: '2018-05-15T00:00:00Z',
+                endDate: '2018-05-15T12:00:00Z',
+                budget: 20.0,
+                progress: 1.23456,
+                details: {
+                  message: 'This can be any json',
+                },
+                createdBy: 1,
+                updatedBy: 1,
+                projectId,
+              }).then((phase) => {
+                phaseId = phase.id;
+                _.assign(body, { phaseId, projectId });
+
+                models.PhaseProduct.create(body).then((product) => {
+                  productId = product.id;
+                  done();
+                });
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('GET /projects/{id}/phases/{phaseId}/products/{productId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .get(`/v4/projects/999/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/99999/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no product with specific productId', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 1 phase when user have project permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(body.name);
+            resJson.type.should.be.eql(body.type);
+            resJson.estimatedPrice.should.be.eql(body.estimatedPrice);
+            resJson.actualPrice.should.be.eql(body.actualPrice);
+            resJson.details.should.be.eql(body.details);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phaseProducts/list.js b/src/routes/phaseProducts/list.js
new file mode 100644
index 00000000..2abb3076
--- /dev/null
+++ b/src/routes/phaseProducts/list.js
@@ -0,0 +1,41 @@
+
+import _ from 'lodash';
+
+import models from '../../models';
+import util from '../../util';
+
+const permissions = require('tc-core-library-js').middleware.permissions;
+
+module.exports = [
+  // check permission
+  permissions('project.view'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+
+    return models.ProjectPhase.findOne({
+      where: { id: phaseId, projectId, deletedAt: { $eq: null } },
+    }).then((existingPhase) => {
+      if (!existingPhase) {
+        const err = new Error(`active project phase not found for project id ${projectId}` +
+          ` and phase id ${phaseId}`);
+        err.status = 404;
+        throw err;
+      }
+      return models.PhaseProduct.findAll({
+        where: {
+          projectId,
+          phaseId,
+          deletedAt: { $eq: null },
+        },
+      });
+    }).then((products) => {
+      if (!products) {
+        res.json(util.wrapResponse(req.id, [], 0));
+      } else {
+        res.json(util.wrapResponse(req.id, products, products.length));
+      }
+    }).catch(err => next(err));
+  },
+];
diff --git a/src/routes/phaseProducts/list.spec.js b/src/routes/phaseProducts/list.spec.js
new file mode 100644
index 00000000..92d0b0dc
--- /dev/null
+++ b/src/routes/phaseProducts/list.spec.js
@@ -0,0 +1,129 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const body = {
+  name: 'test phase product',
+  type: 'product1',
+  estimatedPrice: 20.0,
+  actualPrice: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Phase Products', () => {
+  let projectId;
+  let phaseId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              models.ProjectPhase.create({
+                name: 'test project phase',
+                status: 'active',
+                startDate: '2018-05-15T00:00:00Z',
+                endDate: '2018-05-15T12:00:00Z',
+                budget: 20.0,
+                progress: 1.23456,
+                details: {
+                  message: 'This can be any json',
+                },
+                createdBy: 1,
+                updatedBy: 1,
+                projectId,
+              }).then((phase) => {
+                phaseId = phase.id;
+                _.assign(body, { phaseId, projectId });
+
+                models.PhaseProduct.create(body).then(() => done());
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('GET /projects/{id}/phases/{phaseId}/products', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .get(`/v4/projects/999/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/99999/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 1 phase when user have project permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            resJson.should.have.lengthOf(1);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phaseProducts/update.js b/src/routes/phaseProducts/update.js
new file mode 100644
index 00000000..2d42f618
--- /dev/null
+++ b/src/routes/phaseProducts/update.js
@@ -0,0 +1,63 @@
+
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+import util from '../../util';
+
+
+const permissions = tcMiddleware.permissions;
+
+const updatePhaseProductValidation = {
+  body: {
+    param: Joi.object().keys({
+      name: Joi.string().optional(),
+      type: Joi.string().optional(),
+      templateId: Joi.number().optional(),
+      estimatedPrice: Joi.number().positive().optional(),
+      actualPrice: Joi.number().positive().optional(),
+      details: Joi.any().optional(),
+    }).required(),
+  },
+};
+
+
+module.exports = [
+  // validate request payload
+  validate(updatePhaseProductValidation),
+  // check permission
+  permissions('project.updatePhaseProduct'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+    const productId = _.parseInt(req.params.productId);
+
+    const updatedProps = req.body.param;
+    updatedProps.updatedBy = req.authUser.userId;
+
+    models.sequelize.transaction(() => models.PhaseProduct.findOne({
+      where: {
+        id: productId,
+        projectId,
+        phaseId,
+        deletedAt: { $eq: null },
+      },
+    }).then(existing => new Promise((accept, reject) => {
+      if (!existing) {
+          // handle 404
+        const err = new Error('No active phase product found for project id ' +
+              `${projectId}, phase id ${phaseId} and product id ${productId}`);
+        err.status = 404;
+        reject(err);
+      } else {
+        _.extend(existing, updatedProps);
+        existing.save().then(accept).catch(reject);
+      }
+    })).then((updated) => {
+      req.log.debug('updated phase product', JSON.stringify(updated, null, 2));
+      res.json(util.wrapResponse(req.id, updated));
+    }).catch(err => next(err)));
+  },
+];
diff --git a/src/routes/phaseProducts/update.spec.js b/src/routes/phaseProducts/update.spec.js
new file mode 100644
index 00000000..1a8b8a21
--- /dev/null
+++ b/src/routes/phaseProducts/update.spec.js
@@ -0,0 +1,178 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test phase product',
+  type: 'product1',
+  estimatedPrice: 20.0,
+  actualPrice: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+const updateBody = {
+  name: 'test phase product xxx',
+  type: 'product2',
+  estimatedPrice: 123456.789,
+  actualPrice: 9.8765432,
+  details: {
+    message: 'This is another json',
+  },
+};
+
+describe('Phase Products', () => {
+  let projectId;
+  let phaseId;
+  let productId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              models.ProjectPhase.create({
+                name: 'test project phase',
+                status: 'active',
+                startDate: '2018-05-15T00:00:00Z',
+                endDate: '2018-05-15T12:00:00Z',
+                budget: 20.0,
+                progress: 1.23456,
+                details: {
+                  message: 'This can be any json',
+                },
+                createdBy: 1,
+                updatedBy: 1,
+                projectId,
+              }).then((phase) => {
+                phaseId = phase.id;
+                _.assign(body, { phaseId, projectId });
+
+                models.PhaseProduct.create(body).then((product) => {
+                  productId = product.id;
+                  done();
+                });
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('PATCH /projects/{id}/phases/{phaseId}/products/{productId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .patch(`/v4/projects/999/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/99999/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no product with specific productId', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 422 when parameters are invalid', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({
+          param: {
+            estimatedPrice: -15,
+          },
+        })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+
+    it('should return updated product when user have permission and parameters are valid', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(updateBody.name);
+            resJson.type.should.be.eql(updateBody.type);
+            resJson.estimatedPrice.should.be.eql(updateBody.estimatedPrice);
+            resJson.actualPrice.should.be.eql(updateBody.actualPrice);
+            resJson.details.should.be.eql(updateBody.details);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
new file mode 100644
index 00000000..6a81df61
--- /dev/null
+++ b/src/routes/phases/create.js
@@ -0,0 +1,69 @@
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+
+import models from '../../models';
+import util from '../../util';
+
+const permissions = require('tc-core-library-js').middleware.permissions;
+
+
+const addProjectPhaseValidations = {
+  body: {
+    param: Joi.object().keys({
+      name: Joi.string().required(),
+      status: Joi.string().required(),
+      startDate: Joi.date().max(Joi.ref('endDate')).required(),
+      endDate: Joi.date().required(),
+      budget: Joi.number().positive().optional(),
+      progress: Joi.number().positive().optional(),
+      details: Joi.any().optional(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  // validate request payload
+  validate(addProjectPhaseValidations),
+  // check permission
+  permissions('project.addProjectPhase'),
+  // do the real work
+  (req, res, next) => {
+    const data = req.body.param;
+    // default values
+    const projectId = _.parseInt(req.params.projectId);
+    _.assign(data, {
+      projectId,
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    models.sequelize.transaction(() => {
+      let newProjectPhase = null;
+
+      models.Project.findOne({
+        where: { id: projectId, deletedAt: { $eq: null } },
+      }).then((existingProject) => {
+        if (!existingProject) {
+          const err = new Error(`active project not found for project id ${projectId}`);
+          err.status = 404;
+          throw err;
+        }
+        models.ProjectPhase
+          .create(data)
+          .then((_newProjectPhase) => {
+            newProjectPhase = _.cloneDeep(_newProjectPhase);
+            req.log.debug('new project phase created (id# %d, name: %s)',
+                  newProjectPhase.id, newProjectPhase.name);
+
+            newProjectPhase = newProjectPhase.get({ plain: true });
+            newProjectPhase = _.omit(newProjectPhase, ['deletedAt', 'deletedBy', 'utm']);
+            res.status(201).json(util.wrapResponse(req.id, newProjectPhase, 1, 201));
+          });
+      }).catch((err) => {
+        util.handleError('Error creating project phase', err, req, next);
+      });
+    });
+  },
+
+];
diff --git a/src/routes/phases/create.spec.js b/src/routes/phases/create.spec.js
new file mode 100644
index 00000000..9a1fb5ce
--- /dev/null
+++ b/src/routes/phases/create.spec.js
@@ -0,0 +1,196 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test project phase',
+  status: 'active',
+  startDate: '2018-05-15T00:00:00Z',
+  endDate: '2018-05-15T12:00:00Z',
+  budget: 20.0,
+  progress: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+};
+
+describe('Project Phases', () => {
+  let projectId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => done());
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('POST /projects/{id}/phases/', () => {
+    it('should return 403 if user does not have permissions', (done) => {
+      request(server)
+          .post(`/v4/projects/${projectId}/phases/`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.member}`,
+          })
+          .send({ param: body })
+          .expect('Content-Type', /json/)
+          .expect(403, done);
+    });
+
+    it('should return 422 when name not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.name;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when status not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.status;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when startDate not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.startDate;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when endDate not provided', (done) => {
+      const reqBody = _.cloneDeep(body);
+      delete reqBody.endDate;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when startDate > endDate', (done) => {
+      const reqBody = _.cloneDeep(body);
+      reqBody.startDate = '2018-05-16T12:00:00';
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when budget is negative', (done) => {
+      const reqBody = _.cloneDeep(body);
+      reqBody.budget = -20;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 when progress is negative', (done) => {
+      const reqBody = _.cloneDeep(body);
+      reqBody.progress = -20;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: reqBody })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 404 when project is not found', (done) => {
+      request(server)
+        .post('/v4/projects/99999/phases/')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 201 if payload is valid', (done) => {
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(body.name);
+            resJson.status.should.be.eql(body.status);
+            resJson.budget.should.be.eql(body.budget);
+            resJson.progress.should.be.eql(body.progress);
+            resJson.details.should.be.eql(body.details);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phases/delete.js b/src/routes/phases/delete.js
new file mode 100644
index 00000000..c8979ca2
--- /dev/null
+++ b/src/routes/phases/delete.js
@@ -0,0 +1,42 @@
+
+
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  // check permission
+  permissions('project.deleteProjectPhase'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+
+    models.sequelize.transaction(() =>
+      // soft delete the record
+      models.ProjectPhase.findOne({
+        where: {
+          id: phaseId,
+          projectId,
+          deletedAt: { $eq: null },
+        },
+      }).then(existing => new Promise((accept, reject) => {
+        if (!existing) {
+          // handle 404
+          const err = new Error('no active project phase found for project id ' +
+              `${projectId} and phase id ${phaseId}`);
+          err.status = 404;
+          reject(err);
+        } else {
+          _.extend(existing, { deletedBy: req.authUser.userId, deletedAt: Date.now() });
+          existing.save().then(accept).catch(reject);
+        }
+      })).then((deleted) => {
+        req.log.debug('deleted project phase', JSON.stringify(deleted, null, 2));
+        res.status(204).json({});
+      }).catch(err => next(err)));
+  },
+];
+
diff --git a/src/routes/phases/delete.spec.js b/src/routes/phases/delete.spec.js
new file mode 100644
index 00000000..cb1ea251
--- /dev/null
+++ b/src/routes/phases/delete.spec.js
@@ -0,0 +1,103 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const body = {
+  name: 'test project phase',
+  status: 'active',
+  startDate: '2018-05-15T00:00:00Z',
+  endDate: '2018-05-15T12:00:00Z',
+  budget: 20.0,
+  progress: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Project Phases', () => {
+  let projectId;
+  let phaseId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              _.assign(body, { projectId });
+              models.ProjectPhase.create(body).then((phase) => {
+                phaseId = phase.id;
+                done();
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('DELETE /projects/{projectId}/phases/{phaseId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .delete(`/v4/projects/999/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 204 when user have project permission', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(204, done);
+    });
+  });
+});
diff --git a/src/routes/phases/get.js b/src/routes/phases/get.js
new file mode 100644
index 00000000..cee2c3f2
--- /dev/null
+++ b/src/routes/phases/get.js
@@ -0,0 +1,31 @@
+
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  permissions('project.view'),
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+    return models.ProjectPhase
+      .findOne({
+        where: { id: phaseId, projectId },
+        raw: true,
+      })
+      .then((phase) => {
+        if (!phase) {
+          // handle 404
+          const err = new Error('project phase not found for project id ' +
+                `${projectId} and phase id ${phaseId}`);
+          err.status = 404;
+          throw err;
+        }
+        res.json(util.wrapResponse(req.id, phase));
+      })
+      .catch(err => next(err));
+  },
+];
diff --git a/src/routes/phases/get.spec.js b/src/routes/phases/get.spec.js
new file mode 100644
index 00000000..8a384e38
--- /dev/null
+++ b/src/routes/phases/get.spec.js
@@ -0,0 +1,121 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test project phase',
+  status: 'active',
+  startDate: '2018-05-15T00:00:00Z',
+  endDate: '2018-05-15T12:00:00Z',
+  budget: 20.0,
+  progress: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Project Phases', () => {
+  let projectId;
+  let phaseId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              _.assign(body, { projectId });
+              models.ProjectPhase.create(body).then((phase) => {
+                phaseId = phase.id;
+                done();
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('GET /projects/{projectId}/phases/{phaseId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .get(`/v4/projects/999/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 1 phase when user have project permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql('test project phase');
+            resJson.status.should.be.eql('active');
+            resJson.budget.should.be.eql(20.0);
+            resJson.progress.should.be.eql(1.23456);
+            resJson.details.should.be.eql({ message: 'This can be any json' });
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phases/list.js b/src/routes/phases/list.js
new file mode 100644
index 00000000..bfec53d8
--- /dev/null
+++ b/src/routes/phases/list.js
@@ -0,0 +1,74 @@
+
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const PHASE_ATTRIBUTES = _.without(_.keys(models.ProjectPhase.rawAttributes),
+   'utm',
+);
+
+const permissions = tcMiddleware.permissions;
+
+const retrieveProjectPhases = (req, criteria, sort, ffields) => {
+  // order by
+  const order = sort ? [sort.split(' ')] : [['createdAt', 'asc']];
+  let fields = ffields ? ffields.split(',') : PHASE_ATTRIBUTES;
+  // parse the fields string to determine what fields are to be returned
+  fields = _.intersection(fields, PHASE_ATTRIBUTES);
+  if (_.indexOf(fields, 'id') < 0) fields.push('id');
+
+  return models.ProjectPhase.searchText({
+    filters: criteria.filters,
+    order,
+    limit: criteria.limit,
+    offset: criteria.offset,
+    attributes: fields,
+  }, req.log);
+};
+
+module.exports = [
+  permissions('project.view'),
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+
+    const filters = util.parseQueryFilter(req.query.filter);
+    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'createdAt';
+    if (sort && sort.indexOf(' ') === -1) {
+      sort += ' asc';
+    }
+    const sortableProps = [
+      'createdAt', 'createdAt asc', 'createdAt desc',
+      'updatedAt', 'updatedAt asc', 'updatedAt desc',
+      'id', 'id asc', 'id desc',
+      'status', 'status asc', 'status desc',
+      'name', 'name asc', 'name desc',
+      'budget', 'budget asc', 'budget desc',
+      'progress', 'progress asc', 'progress desc',
+    ];
+    if (!util.isValidFilter(filters, ['id', 'status', 'type', 'name', 'status', 'budget', 'progress']) ||
+      (sort && _.indexOf(sortableProps, sort) < 0)) {
+      return util.handleError('Invalid filters or sort', null, req, next);
+    }
+
+    const criteria = {
+      filters,
+      limit: Math.min(req.query.limit || 20, 20),
+      offset: req.query.offset || 0,
+    };
+
+    criteria.filters.projectId = projectId;
+
+    return models.Project.findOne({
+      where: { id: projectId, deletedAt: { $eq: null } },
+    }).then((existingProject) => {
+      if (!existingProject) {
+        const err = new Error(`active project not found for project id ${projectId}`);
+        err.status = 404;
+        throw err;
+      }
+      return retrieveProjectPhases(req, criteria, sort, req.query.fields);
+    }).then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
+      .catch(err => next(err));
+  },
+];
diff --git a/src/routes/phases/list.spec.js b/src/routes/phases/list.spec.js
new file mode 100644
index 00000000..2136a87e
--- /dev/null
+++ b/src/routes/phases/list.spec.js
@@ -0,0 +1,102 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const body = {
+  name: 'test project phase',
+  status: 'active',
+  startDate: '2018-05-15T00:00:00Z',
+  endDate: '2018-05-15T12:00:00Z',
+  budget: 20.0,
+  progress: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+describe('Project Phases', () => {
+  let projectId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              _.assign(body, { projectId });
+              models.ProjectPhase.create(body).then(() => done());
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('GET /projects/{id}/phases/', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .get('/v4/projects/999/phases/')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 1 phase when user have project permission', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            resJson.should.have.lengthOf(1);
+            done();
+          }
+        });
+    });
+  });
+});
diff --git a/src/routes/phases/update.js b/src/routes/phases/update.js
new file mode 100644
index 00000000..543e0fac
--- /dev/null
+++ b/src/routes/phases/update.js
@@ -0,0 +1,83 @@
+
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+import util from '../../util';
+
+
+const permissions = tcMiddleware.permissions;
+
+const updateProjectPhaseValidation = {
+  body: {
+    param: Joi.object().keys({
+      name: Joi.string().optional(),
+      status: Joi.string().optional(),
+      startDate: Joi.date().optional(),
+      endDate: Joi.date().optional(),
+      budget: Joi.number().positive().optional(),
+      progress: Joi.number().positive().optional(),
+      details: Joi.any().optional(),
+    }).required(),
+  },
+};
+
+
+module.exports = [
+  // validate request payload
+  validate(updateProjectPhaseValidation),
+  // check permission
+  permissions('project.updateProjectPhase'),
+
+  (req, res, next) => {
+    const projectId = _.parseInt(req.params.projectId);
+    const phaseId = _.parseInt(req.params.phaseId);
+
+    const updatedProps = req.body.param;
+    updatedProps.updatedBy = req.authUser.userId;
+
+    models.sequelize.transaction(() => models.ProjectPhase.findOne({
+      where: {
+        id: phaseId,
+        projectId,
+        deletedAt: { $eq: null },
+      },
+    }).then(existing => new Promise((accept, reject) => {
+      if (!existing) {
+          // handle 404
+        const err = new Error('No active project phase found for project id ' +
+              `${projectId} and phase id ${phaseId}`);
+        err.status = 404;
+        reject(err);
+      } else {
+        // make sure startDate < endDate
+        let startDate;
+        let endDate;
+        if (updatedProps.startDate) {
+          startDate = new Date(updatedProps.startDate);
+        } else {
+          startDate = new Date(existing.startDate);
+        }
+
+        if (updatedProps.endDate) {
+          endDate = new Date(updatedProps.endDate);
+        } else {
+          endDate = new Date(existing.endDate);
+        }
+
+        if (startDate >= endDate) {
+          const err = new Error('startDate must be before endDate.');
+          err.status = 400;
+          reject(err);
+        } else {
+          _.extend(existing, updatedProps);
+          existing.save().then(accept).catch(reject);
+        }
+      }
+    })).then((updated) => {
+      req.log.debug('updated project phase', JSON.stringify(updated, null, 2));
+      res.json(util.wrapResponse(req.id, updated));
+    }).catch(err => next(err)));
+  },
+];
diff --git a/src/routes/phases/update.spec.js b/src/routes/phases/update.spec.js
new file mode 100644
index 00000000..a129255e
--- /dev/null
+++ b/src/routes/phases/update.spec.js
@@ -0,0 +1,167 @@
+/* eslint-disable no-unused-expressions */
+import _ from 'lodash';
+import chai from 'chai';
+import request from 'supertest';
+import server from '../../app';
+import models from '../../models';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const body = {
+  name: 'test project phase',
+  status: 'active',
+  startDate: '2018-05-15T00:00:00Z',
+  endDate: '2018-05-15T12:00:00Z',
+  budget: 20.0,
+  progress: 1.23456,
+  details: {
+    message: 'This can be any json',
+  },
+  createdBy: 1,
+  updatedBy: 1,
+};
+
+const updateBody = {
+  name: 'test project phase xxx',
+  status: 'inactive',
+  startDate: '2018-05-11T00:00:00Z',
+  endDate: '2018-05-12T12:00:00Z',
+  budget: 123456.789,
+  progress: 9.8765432,
+  details: {
+    message: 'This is another json',
+  },
+};
+
+describe('Project Phases', () => {
+  let projectId;
+  let phaseId;
+  before((done) => {
+    // mocks
+    testUtil.clearDb()
+        .then(() => {
+          models.Project.create({
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          }).then((p) => {
+            projectId = p.id;
+            // create members
+            models.ProjectMember.create({
+              userId: 40051332,
+              projectId,
+              role: 'copilot',
+              isPrimary: true,
+              createdBy: 1,
+              updatedBy: 1,
+            }).then(() => {
+              _.assign(body, { projectId });
+              models.ProjectPhase.create(body).then((phase) => {
+                phaseId = phase.id;
+                done();
+              });
+            });
+          });
+        });
+  });
+
+  after((done) => {
+    testUtil.clearDb(done);
+  });
+
+  describe('PATCH /projects/{projectId}/phases/{phaseId}', () => {
+    it('should return 403 when user have no permission', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 404 when no project with specific projectId', (done) => {
+      request(server)
+        .patch(`/v4/projects/999/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 when no phase with specific phaseId', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/999`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 422 when parameters are invalid', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({
+          param: {
+            progress: -15,
+          },
+        })
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 400 when startDate >= endDate', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send({
+          param: {
+            endDate: '2018-05-13T00:00:00Z',
+          },
+        })
+        .expect('Content-Type', /json/)
+        .expect(400, done);
+    });
+
+    it('should return updated phase when user have permission and parameters are valid', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(updateBody.name);
+            resJson.status.should.be.eql(updateBody.status);
+            resJson.budget.should.be.eql(updateBody.budget);
+            resJson.progress.should.be.eql(updateBody.progress);
+            resJson.details.should.be.eql(updateBody.details);
+            done();
+          }
+        });
+    });
+  });
+});

From fb0fc89e23c743b36ec2be0c7b2f18e7d5beee91 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho <pvmagacho@gmail.com>
Date: Thu, 24 May 2018 09:15:08 -0300
Subject: [PATCH 02/59] merge from phases and products elasticsearch challenge

---
 config/default.json                   |    2 +-
 local/mock-services/authMiddleware.js |    2 +-
 local/mock-services/server.js         |    5 +-
 local/mock-services/services.json     |  150 ++
 migrations/elasticsearch_sync.js      |    4 +
 migrations/seedElasticsearchIndex.js  |   28 +-
 postman.json                          | 1083 ++++++++++-
 postman_environment.json              |   22 +
 src/constants.js                      |   16 +
 src/events/busApi.js                  |  217 ++-
 src/events/index.js                   |   13 +
 src/events/phaseProducts/index.js     |  129 ++
 src/events/projectPhases/index.js     |  110 ++
 src/models/phaseProduct.js            |    2 +-
 src/models/projectPhase.js            |    2 +-
 src/routes/phaseProducts/create.js    |   23 +-
 src/routes/phaseProducts/delete.js    |   14 +-
 src/routes/phaseProducts/list.js      |   56 +-
 src/routes/phaseProducts/list.spec.js |   98 +-
 src/routes/phaseProducts/update.js    |   17 +
 src/routes/phases/create.js           |   11 +
 src/routes/phases/delete.js           |   12 +-
 src/routes/phases/list.js             |   85 +-
 src/routes/phases/list.spec.js        |   67 +-
 src/routes/phases/update.js           |   19 +-
 swagger.yaml                          | 2424 +++++++++++++++----------
 26 files changed, 3422 insertions(+), 1189 deletions(-)
 create mode 100644 postman_environment.json
 create mode 100644 src/events/phaseProducts/index.js
 create mode 100644 src/events/projectPhases/index.js

diff --git a/config/default.json b/config/default.json
index 9cd04951..35cb7d30 100644
--- a/config/default.json
+++ b/config/default.json
@@ -35,7 +35,7 @@
   "analyticsKey": "",
   "validIssuers": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]",
   "jwksUri": "",
-  "busApiUrl": "http://api.topcoder-dev.com",
+  "busApiUrl": "http://api.topcoder-dev.com/v5",
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1
diff --git a/local/mock-services/authMiddleware.js b/local/mock-services/authMiddleware.js
index f7939a67..9cf0387c 100644
--- a/local/mock-services/authMiddleware.js
+++ b/local/mock-services/authMiddleware.js
@@ -1,5 +1,5 @@
 module.exports = function def(req, res, next) {
-  if (req.method === 'POST' && req.url === '/authorizations/') {
+  if (req.method === 'POST' && (req.url === '/authorizations/' || req.url === '/authorizations')) {
     const resp = {
       id: '1',
       result: {
diff --git a/local/mock-services/server.js b/local/mock-services/server.js
index 0a5ca5fd..029df5b7 100644
--- a/local/mock-services/server.js
+++ b/local/mock-services/server.js
@@ -23,9 +23,10 @@ server.use(authMiddleware);
 // add additional search route for project members
 server.get('/v3/members/_search', (req, res) => {
   const fields = _.isString(req.query.fields) ? req.query.fields.split(',') : [];
-  const filter = _.isString(req.query.query) ? req.query.query.split(' OR ') : [];
+  const filter = _.isString(req.query.query) ?
+    req.query.query.replace('%2520', ' ').replace('%20', ' ').split(' OR ') : [];
   const criteria = _.map(filter, (single) => {
-    const ret = { };
+    const ret = {};
     const splitted = single.split(':');
     // if the result can be parsed successfully
     const parsed = jsprim.parseInteger(splitted[1], { allowTrailing: true, trimWhitespace: true });
diff --git a/local/mock-services/services.json b/local/mock-services/services.json
index e391a9b9..87ef7863 100644
--- a/local/mock-services/services.json
+++ b/local/mock-services/services.json
@@ -99,6 +99,156 @@
                 }
             },
             "version": "v3"
+        },
+        {
+            "id": "test_customer1",
+            "result": {
+                "success": true,
+                "status": 200,
+                "metadata": null,
+                "content": {
+                    "maxRating": {
+                        "rating": 1114,
+                        "track": "DATA_SCIENCE",
+                        "subTrack": "SRM"
+                    },
+                    "createdBy": "40011578",
+                    "updatedBy": "40011578",
+                    "userId": 40051331,
+                    "firstName": "Firstname",
+                    "lastName": "Lastname",
+                    "quote": "It is a mistake to think you can solve any major problems just with potatoes.",
+                    "description": null,
+                    "otherLangName": null,
+                    "handle": "test_customer1",
+                    "handleLower": "test_customer1",
+                    "status": "ACTIVE",
+                    "email": "test_customer1@email.com",
+                    "addresses": [
+                        {
+                            "streetAddr1": "100 Main Street",
+                            "streetAddr2": "",
+                            "city": "Chicago",
+                            "zip": "60601",
+                            "stateCode": "IL",
+                            "type": "HOME",
+                            "updatedAt": null,
+                            "createdAt": null,
+                            "createdBy": null,
+                            "updatedBy": null
+                        }
+                    ],
+                    "homeCountryCode": "USA",
+                    "competitionCountryCode": "USA",
+                    "photoURL": null,
+                    "tracks": [
+                        "DEVELOP"
+                    ],
+                    "updatedAt": "2015-12-02T14:00Z",
+                    "createdAt": "2014-04-10T10:55Z"
+                }
+            },
+            "version": "v3"
+        },
+        {
+            "id": "test_copilot1",
+            "result": {
+                "success": true,
+                "status": 200,
+                "metadata": null,
+                "content": {
+                    "maxRating": {
+                        "rating": 1114,
+                        "track": "DATA_SCIENCE",
+                        "subTrack": "SRM"
+                    },
+                    "createdBy": "40011578",
+                    "updatedBy": "40011578",
+                    "userId": 40051332,
+                    "firstName": "Firstname",
+                    "lastName": "Lastname",
+                    "quote": "It is a mistake to think you can solve any major problems just with potatoes.",
+                    "description": null,
+                    "otherLangName": null,
+                    "handle": "test_copilot1",
+                    "handleLower": "test_copilot1",
+                    "status": "ACTIVE",
+                    "email": "test_copilot1@email.com",
+                    "addresses": [
+                        {
+                            "streetAddr1": "100 Main Street",
+                            "streetAddr2": "",
+                            "city": "Chicago",
+                            "zip": "60601",
+                            "stateCode": "IL",
+                            "type": "HOME",
+                            "updatedAt": null,
+                            "createdAt": null,
+                            "createdBy": null,
+                            "updatedBy": null
+                        }
+                    ],
+                    "homeCountryCode": "USA",
+                    "competitionCountryCode": "USA",
+                    "photoURL": null,
+                    "tracks": [
+                        "DEVELOP"
+                    ],
+                    "updatedAt": "2015-12-02T14:00Z",
+                    "createdAt": "2014-04-10T10:55Z"
+                }
+            },
+            "version": "v3"
+        },
+        {
+            "id": "test_manager1",
+            "result": {
+                "success": true,
+                "status": 200,
+                "metadata": null,
+                "content": {
+                    "maxRating": {
+                        "rating": 1114,
+                        "track": "DATA_SCIENCE",
+                        "subTrack": "SRM"
+                    },
+                    "createdBy": "40011578",
+                    "updatedBy": "40011578",
+                    "userId": 40051333,
+                    "firstName": "Firstname",
+                    "lastName": "Lastname",
+                    "quote": "It is a mistake to think you can solve any major problems just with potatoes.",
+                    "description": null,
+                    "otherLangName": null,
+                    "handle": "test_manager1",
+                    "handleLower": "test_manager1",
+                    "status": "ACTIVE",
+                    "email": "test_manager1@email.com",
+                    "addresses": [
+                        {
+                            "streetAddr1": "100 Main Street",
+                            "streetAddr2": "",
+                            "city": "Chicago",
+                            "zip": "60601",
+                            "stateCode": "IL",
+                            "type": "HOME",
+                            "updatedAt": null,
+                            "createdAt": null,
+                            "createdBy": null,
+                            "updatedBy": null
+                        }
+                    ],
+                    "homeCountryCode": "USA",
+                    "competitionCountryCode": "USA",
+                    "photoURL": null,
+                    "tracks": [
+                        "DEVELOP"
+                    ],
+                    "updatedAt": "2015-12-02T14:00Z",
+                    "createdAt": "2014-04-10T10:55Z"
+                }
+            },
+            "version": "v3"
         }
     ]
 }
diff --git a/migrations/elasticsearch_sync.js b/migrations/elasticsearch_sync.js
index 1c9e5713..321f86cb 100644
--- a/migrations/elasticsearch_sync.js
+++ b/migrations/elasticsearch_sync.js
@@ -293,6 +293,10 @@ function getRequestBody(indexName) {
           },
         },
       },
+      phases: {
+        type: 'nested',
+        dynamic: true,
+      },
     },
   };
   switch (indexName) {
diff --git a/migrations/seedElasticsearchIndex.js b/migrations/seedElasticsearchIndex.js
index 7752efeb..4a10ec48 100644
--- a/migrations/seedElasticsearchIndex.js
+++ b/migrations/seedElasticsearchIndex.js
@@ -33,15 +33,21 @@ Promise.coroutine(function* wrapped() {
       config.get('pubsubQueueName'),
     );
 
-
     const projectIds = getProjectIds();
     const projectWhereClause = (projectIds.length > 0) ? { id: { $in: projectIds } } : { deletedAt: { $eq: null } };
-    const projects = yield models.Project.findAll({
+    let projects = yield models.Project.findAll({
       where: projectWhereClause,
-      raw: true,
+      include: [{
+        model: models.ProjectPhase,
+        as: 'phases',
+        include: [{ model: models.PhaseProduct, as: 'products' }],
+      }],
     });
     logger.info(`Retrieved #${projects.length} projects`);
 
+    // Convert to raw json
+    projects = _.map(projects, project => project.toJSON());
+
     const memberWhereClause = (projectIds.length > 0)
       ? { projectId: { $in: projectIds } }
       : { deletedAt: { $eq: null } };
@@ -59,14 +65,14 @@ Promise.coroutine(function* wrapped() {
       promises.push(rabbit.publish('project.initial', p, {}));
     });
     Promise.all(promises)
-    .then(() => {
-      logger.info(`Published ${promises.length} msgs`);
-      process.exit();
-    })
-    .catch((err) => {
-      logger.error(err);
-      process.exit();
-    });
+      .then(() => {
+        logger.info(`Published ${promises.length} msgs`);
+        process.exit();
+      })
+      .catch((err) => {
+        logger.error(err);
+        process.exit();
+      });
   } catch (err) {
     logger.error(err);
     process.exit();
diff --git a/postman.json b/postman.json
index 807c4f87..11ebff26 100644
--- a/postman.json
+++ b/postman.json
@@ -1,13 +1,13 @@
 {
 	"info": {
+		"_postman_id": "0d2b00c1-bd90-40ab-ba13-e730e4ddfcf4",
 		"name": "tc-project-service ",
-		"_postman_id": "8f323d9c-63bd-5f2c-87f1-1e99083786f3",
-		"description": "",
-		"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
 	"item": [
 		{
 			"name": "Project Attachments",
+			"description": null,
 			"item": [
 				{
 					"name": "Upload attachment",
@@ -27,7 +27,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"title\": \"first attachment submission\",\n\t\t\"filePath\": \"asdjshdasdas/asdsadj/asdasd.png\",\n\t\t\"s3Bucket\": \"topcoder-project-service\",\n\t\t\"contentType\": \"application/png\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/attachments",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/attachments",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"attachments"
+							]
+						},
 						"description": "Create an project attachment"
 					},
 					"response": []
@@ -50,7 +61,19 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"title\": \"first attachment submission updated\",\n\t\t\"description\": \"updated project attachment\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/attachments/2",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/attachments/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"attachments",
+								"2"
+							]
+						},
 						"description": "Update project attachment"
 					},
 					"response": []
@@ -73,7 +96,19 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/7/attachments/2",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/attachments/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"attachments",
+								"2"
+							]
+						},
 						"description": "Delete a project attachment"
 					},
 					"response": []
@@ -82,6 +117,7 @@
 		},
 		{
 			"name": "Project Members",
+			"description": null,
 			"item": [
 				{
 					"name": "Create project member with no payload",
@@ -101,7 +137,18 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/1/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"members"
+							]
+						},
 						"description": "Request payload is mandatory while creating project. If no request payload is specified this should result in 422 status code."
 					},
 					"response": []
@@ -124,7 +171,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"role\": \"copilot\"\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"members"
+							]
+						},
 						"description": "Certain fields are mandatory while creating project. If invalid fields are specified this should result in 422 status code."
 					},
 					"response": []
@@ -147,7 +205,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"copilot\",\n\t\t\"userId\": 40051331,\n\t\t\"isPrimary\": true\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members"
+							]
+						},
 						"description": "If the request payload is valid, than project member should be created."
 					},
 					"response": []
@@ -170,7 +239,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"copilot\",\n\t\t\"userId\": 40051331,\n\t\t\"isPrimary\": true\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"members"
+							]
+						},
 						"description": "If the request payload is valid and user is already registered with the specified role than this should result in 400."
 					},
 					"response": []
@@ -193,7 +273,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"manager\",\n\t\t\"userId\": 40051330,\n\t\t\"isPrimary\": true\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members"
+							]
+						},
 						"description": "If the request payload is valid, than project manager should be added. This should sync with the direct project is project is associated with direct project."
 					},
 					"response": []
@@ -216,7 +307,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"customer\",\n\t\t\"userId\": 40051332,\n\t\t\"isPrimary\": true\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/members",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members"
+							]
+						},
 						"description": "If the request payload is valid, than project customer should be added. This should sync with the direct project is project is associated with direct project."
 					},
 					"response": []
@@ -239,7 +341,19 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"copilot\",\n\t\t\"isPrimary\": true\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/members/16",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members/16",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members",
+								"16"
+							]
+						},
 						"description": "Update a project's member."
 					},
 					"response": []
@@ -262,7 +376,19 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"role\": \"copilot\",\n\t\t\"isPrimary\": false\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/members/16",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members/16",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members",
+								"16"
+							]
+						},
 						"description": "Update a project's member."
 					},
 					"response": []
@@ -285,7 +411,19 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/7/members/15",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/members/15",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"members",
+								"15"
+							]
+						},
 						"description": "Delete a project's member"
 					},
 					"response": []
@@ -314,7 +452,16 @@
 							"mode": "raw",
 							"raw": "{\n\t\n}"
 						},
-						"url": "{{api-url}}/v4/projects",
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						},
 						"description": "Request body is mandatory while creating project. If invalid request body is supplied this should return 422 status code."
 					},
 					"response": []
@@ -337,7 +484,16 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects",
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						},
 						"description": "Certain fields are mandatory while creating project. If invalid request body is supplied this should return 422 status code."
 					},
 					"response": []
@@ -360,7 +516,16 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project\",\n\t\t\"description\": \"Hello I am a test project\",\n\t\t\"type\": \"generic\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects",
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						},
 						"description": "Valid request body. Project should be created successfully."
 					},
 					"response": []
@@ -379,7 +544,17 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Get a project by id. project members and attachments should also be returned."
 					},
 					"response": []
@@ -433,7 +608,16 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects",
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						},
 						"description": "List all the project with no filter. Default sort and limits are applied."
 					},
 					"response": []
@@ -592,7 +776,17 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/3",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/3",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"3"
+							]
+						},
 						"description": "Delete a project by id"
 					},
 					"response": []
@@ -615,7 +809,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"name\": \"project name updated\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/13",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/13",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"13"
+							]
+						},
 						"description": "Update the project name. Name should be updated successfully."
 					},
 					"response": []
@@ -638,7 +842,17 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"project name updated\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						},
 						"description": "Update the project name. If user don't have permission to the project than it should return 403."
 					},
 					"response": []
@@ -661,7 +875,17 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"project name updated\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/10",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/10",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"10"
+							]
+						},
 						"description": "Update the project name. If project is not found than this result in 404 status code."
 					},
 					"response": []
@@ -684,7 +908,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"status\": \"in_review\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Update the project status."
 					},
 					"response": []
@@ -707,7 +941,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"status\": \"reviewed\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Update the project status."
 					},
 					"response": []
@@ -730,7 +974,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"status\": \"paused\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Update the project status."
 					},
 					"response": []
@@ -753,7 +1007,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"status\": \"cancelled\",\n    \"cancelReason\": \"price/cost\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Update the project status. While cancelling the project `cancelReason` is mandatory."
 					},
 					"response": []
@@ -776,7 +1040,17 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"status\": \"cancelled\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						},
 						"description": "Update the project status. While cancelling the project `cancelReason` is mandatory. If no `cancelReason` is supplied this should result in 422 status code."
 					},
 					"response": []
@@ -799,7 +1073,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"status\": \"completed\"\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7"
+							]
+						},
 						"description": "Update the project status."
 					},
 					"response": []
@@ -822,7 +1106,17 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"status\": \"active\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						},
 						"description": "Move a project out of cancel state. Only admin and manager is allowed to do so."
 					},
 					"response": []
@@ -845,9 +1139,19 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"status\": \"active\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1",
-						"description": "Move a project out of cancel state. Only admin and manager is allowed to do so."
-					},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						},
+						"description": "Move a project out of cancel state. Only admin and manager is allowed to do so."
+					},
 					"response": []
 				},
 				{
@@ -868,7 +1172,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"details\": {\n      \"summary\": \"project name updated\"\n    }\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/8",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/8",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"8"
+							]
+						},
 						"description": "Update the project details. This should fire specification modified event"
 					},
 					"response": []
@@ -891,7 +1205,17 @@
 							"mode": "raw",
 							"raw": "{\n  \"param\": {\n    \"bookmarks\": [\n      {\n        \"title\": \"test\",\n        \"address\": \"http://topcoder.com\"\n      }\n    \n    ]\n  }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/8",
+						"url": {
+							"raw": "{{api-url}}/v4/projects/8",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"8"
+							]
+						},
 						"description": "Update the project bookmarks. This should fire project link created event"
 					},
 					"response": []
@@ -900,6 +1224,7 @@
 		},
 		{
 			"name": "bookmarks",
+			"description": null,
 			"item": [
 				{
 					"name": " Create project without bookmarks",
@@ -919,7 +1244,16 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"type\": \"generic\",\n        \"description\": \"test project\",\n        \"details\": {},\n        \"billingAccountId\": 123,\n        \"name\": \"test project1\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				},
@@ -941,7 +1275,16 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"type\": \"generic\",\n        \"description\": \"test project\",\n        \"details\": {},\n        \"bookmarks\":[{\n            \"title\":\"title1\",\n            \"address\":\"address1\"\n        },{\n            \"title\":\"title2\",\n            \"address\":\"address2\"\n        }],\n        \"billingAccountId\": 123,\n        \"name\": \"test project1\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				},
@@ -963,7 +1306,16 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"type\": \"generic\",\n        \"description\": \"test project\",\n        \"details\": {},\n        \"bookmarks\":[{\n            \"title\":\"title1\",\n            \"invalid\":3,\n            \"address\":\"address1\"\n        },{\n            \"title\":\"title2\",\n            \"address\":\"address2\"\n        }],\n        \"billingAccountId\": 123,\n        \"name\": \"test project1\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				},
@@ -985,7 +1337,17 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"billingAccountId\": 9999, \n        \"name\": \"new project name\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1007,7 +1369,17 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"billingAccountId\": 9999, \n        \"name\": \"new project name\",\n         \"bookmarks\":[{\n            \"title\":\"title1\",\n            \"address\":\"address1\"\n        },{\n            \"title\":\"title2\",\n            \"address\":\"address2\"\n        }]\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1029,7 +1401,17 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"billingAccountId\": 9999, \n        \"name\": \"new project name2\",\n         \"bookmarks\":null\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1051,7 +1433,17 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"billingAccountId\": 9999, \n        \"name\": \"new project name2\",\n         \"bookmarks\":3\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1069,7 +1461,16 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				}
@@ -1077,6 +1478,7 @@
 		},
 		{
 			"name": "issue1",
+			"description": null,
 			"item": [
 				{
 					"name": "get projects with copilot token",
@@ -1092,7 +1494,16 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				}
@@ -1100,6 +1511,7 @@
 		},
 		{
 			"name": "issue10",
+			"description": null,
 			"item": [
 				{
 					"name": "wrong role",
@@ -1119,7 +1531,19 @@
 							"mode": "raw",
 							"raw": " {\n \"param\": {\n    \"role\": \"wrong\"\n   }\n } "
 						},
-						"url": "{{api-url}}/v4/projects/3/members/5"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/3/members/5",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"3",
+								"members",
+								"5"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1141,7 +1565,19 @@
 							"mode": "raw",
 							"raw": " {\n \"param\": {\n    \"role\": \"manager\",\n    \"isPrimary\": true\n   }\n } "
 						},
-						"url": "{{api-url}}/v4/projects/1/members/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/members/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"members",
+								"1"
+							]
+						}
 					},
 					"response": []
 				}
@@ -1149,6 +1585,7 @@
 		},
 		{
 			"name": "issue5",
+			"description": null,
 			"item": [
 				{
 					"name": "launch a project by topcoder managers ",
@@ -1168,7 +1605,17 @@
 							"mode": "raw",
 							"raw": "{\n    \n    \"param\":{\n        \"name\": \"updatedProject name\",\n         \"status\": \"active\"\n    }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1190,7 +1637,17 @@
 							"mode": "raw",
 							"raw": "{\n    \n    \"param\":{\n        \"name\": \"updatedProject name\",\n         \"status\": \"active\"\n    }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1212,7 +1669,17 @@
 							"mode": "raw",
 							"raw": "{\n    \n    \"param\":{\n        \"name\": \"updatedProject name\",\n         \"status\": \"active\"\n    }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1"
+							]
+						}
 					},
 					"response": []
 				}
@@ -1220,6 +1687,7 @@
 		},
 		{
 			"name": "issue8",
+			"description": null,
 			"item": [
 				{
 					"name": "mock direct projects",
@@ -1239,7 +1707,19 @@
 							"mode": "raw",
 							"raw": " {\n \"param\": {\n    \"role\": \"copilot\",\n    \"isPrimary\": true\n   }\n } "
 						},
-						"url": "https://localhost:8443/v3/direct/projects"
+						"url": {
+							"raw": "https://localhost:8443/v3/direct/projects",
+							"protocol": "https",
+							"host": [
+								"localhost"
+							],
+							"port": "8443",
+							"path": [
+								"v3",
+								"direct",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1261,7 +1741,16 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"type\": \"generic\",\n        \"description\": \"test project\",\n        \"details\": {},\n        \"billingAccountId\": 123,\n        \"name\": \"test project1\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects"
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1283,7 +1772,18 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"userId\": 2, \n        \"role\": \"copilot\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/1/members"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"members"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1305,7 +1805,18 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"userId\": 2, \n        \"role\": \"copilot\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2/members"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2/members",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2",
+								"members"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1327,7 +1838,19 @@
 							"mode": "raw",
 							"raw": " {\n \"param\": {\n    \"role\": \"customer\",\n    \"isPrimary\": true\n   }\n } "
 						},
-						"url": "{{api-url}}/v4/projects/2/members/4"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2/members/4",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2",
+								"members",
+								"4"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1349,7 +1872,17 @@
 							"mode": "raw",
 							"raw": "{\n      \"param\": {\n        \"billingAccountId\": 9999, \n        \"name\": \"new project name\"\n      }\n}"
 						},
-						"url": "{{api-url}}/v4/projects/2"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2"
+							]
+						}
 					},
 					"response": []
 				},
@@ -1371,7 +1904,443 @@
 							"mode": "raw",
 							"raw": ""
 						},
-						"url": "{{api-url}}/v4/projects/2/members/4"
+						"url": {
+							"raw": "{{api-url}}/v4/projects/2/members/4",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"2",
+								"members",
+								"4"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Project Phase",
+			"description": null,
+			"item": [
+				{
+					"name": "Create Phase",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase\",\n\t\t\"status\": \"active\",\n\t\t\"startDate\": \"2018-05-15T00:00:00\",\n\t\t\"endDate\": \"2018-05-16T00:00:00\",\n\t\t\"budget\": 20,\n\t\t\"details\": {\n\t\t\t\"aDetails\": \"a details\"\n\t\t}\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List Phase",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase\",\n\t\t\"status\": \"active\",\n\t\t\"startDate\": \"2018-05-15T00:00:00\",\n\t\t\"endDate\": \"2018-05-16T00:00:00\",\n\t\t\"budget\": 20\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List Phase with fields",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase\",\n\t\t\"status\": \"active\",\n\t\t\"startDate\": \"2018-05-15T00:00:00\",\n\t\t\"endDate\": \"2018-05-16T00:00:00\",\n\t\t\"budget\": 20\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases?fields=status,name,budget",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases"
+							],
+							"query": [
+								{
+									"key": "fields",
+									"value": "status,name,budget"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List Phase with sort",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase\",\n\t\t\"status\": \"active\",\n\t\t\"startDate\": \"2018-05-15T00:00:00\",\n\t\t\"endDate\": \"2018-05-16T00:00:00\",\n\t\t\"budget\": 20\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases?sort=status desc",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases"
+							],
+							"query": [
+								{
+									"key": "sort",
+									"value": "status desc"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get Phase",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase\",\n\t\t\"status\": \"active\",\n\t\t\"startDate\": \"2018-05-15T00:00:00\",\n\t\t\"endDate\": \"2018-05-16T00:00:00\",\n\t\t\"budget\": 20\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update Phase",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project phase xxx\",\n\t\t\"status\": \"inactive\",\n\t\t\"startDate\": \"2018-05-14T00:00:00\",\n\t\t\"endDate\": \"2018-05-15T00:00:00\",\n\t\t\"budget\": 30,\n\t\t\"progress\": 15,\n\t\t\"details\": {\n\t\t\t\"message\": \"phase details\"\n\t\t}\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete Phase",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/3",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"3"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Phase Products",
+			"description": null,
+			"item": [
+				{
+					"name": "Create Phase Product",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test phase product\",\n\t\t\"type\": \"type 1\",\n\t\t\"estimatedPrice\": 10\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1/products",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1",
+								"products"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List Phase Products",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1/products",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1",
+								"products"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get Phase Product",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1/products/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1",
+								"products",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update Phase Product",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test phase product xxx\",\n\t\t\"type\": \"type 2\",\n\t\t\"templateId\": 10,\n\t\t\"estimatedPrice\": 1.234567,\n\t\t\"actualPrice\": 2.34567,\n\t\t\"details\": {\n\t\t\t\"message\": \"this is a JSON type. You can use any json\"\n\t\t}\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1/products/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1",
+								"products",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete Phase Product",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects/1/phases/1/products/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"1",
+								"phases",
+								"1",
+								"products",
+								"1"
+							]
+						}
 					},
 					"response": []
 				}
diff --git a/postman_environment.json b/postman_environment.json
new file mode 100644
index 00000000..4f8f54be
--- /dev/null
+++ b/postman_environment.json
@@ -0,0 +1,22 @@
+{
+  "id": "1d4b6c34-6da6-8651-3372-9c6d4d09cc8c",
+  "name": "project service",
+  "values": [
+    {
+      "enabled": true,
+      "key": "api-url",
+      "value": "http://localhost:3000",
+      "type": "text"
+    },
+    {
+      "enabled": true,
+      "key": "jwt-token",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbmlzdHJhdG9yIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJwc2hhaDEiLCJleHAiOjI0NjI0OTQ2MTgsInVzZXJJZCI6IjQwMTM1OTc4IiwiaWF0IjoxNDYyNDk0MDE4LCJlbWFpbCI6InBzaGFoMUB0ZXN0LmNvbSIsImp0aSI6ImY0ZTFhNTE0LTg5ODAtNDY0MC04ZWM1LWUzNmUzMWE3ZTg0OSJ9.XuNN7tpMOXvBG1QwWRQROj7NfuUbqhkjwn39Vy4tR5I",
+      "type": "text"
+    }
+  ],
+  "timestamp": 1526351351170,
+  "_postman_variable_scope": "environment",
+  "_postman_exported_at": "2018-05-15T14:19:14.630Z",
+  "_postman_exported_using": "Postman/5.5.2"
+}
\ No newline at end of file
diff --git a/src/constants.js b/src/constants.js
index e642eb66..0f2a46e0 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -50,6 +50,14 @@ export const EVENT = {
     PROJECT_DRAFT_CREATED: 'project.draft-created',
     PROJECT_UPDATED: 'project.updated',
     PROJECT_DELETED: 'project.deleted',
+
+    PROJECT_PHASE_ADDED: 'project.phase.added',
+    PROJECT_PHASE_UPDATED: 'project.phase.updated',
+    PROJECT_PHASE_REMOVED: 'project.phase.removed',
+
+    PROJECT_PHASE_PRODUCT_ADDED: 'project.phase.product.added',
+    PROJECT_PHASE_PRODUCT_UPDATED: 'project.phase.product.updated',
+    PROJECT_PHASE_PRODUCT_REMOVED: 'project.phase.product.removed',
   },
 };
 
@@ -72,6 +80,14 @@ export const BUS_API_EVENT = {
   PROJECT_LINK_CREATED: 'notifications.connect.project.linkCreated',
   PROJECT_FILE_UPLOADED: 'notifications.connect.project.fileUploaded',
   PROJECT_SPECIFICATION_MODIFIED: 'notifications.connect.project.specificationModified',
+
+  // When phase is added/updated/deleted from the project,
+  // When product is added/deleted from a phase
+  // When product is updated on any field other than specification
+  PROJECT_PLAN_MODIFIED: 'notifications.connect.project.planModified',
+
+  // When specification of a product is modified
+  PROJECT_PRODUCT_SPECIFICATION_MODIFIED: 'notifications.connect.project.productSpecificationModified',
 };
 
 export const REGEX = {
diff --git a/src/events/busApi.js b/src/events/busApi.js
index ac5f7b45..ae693f02 100644
--- a/src/events/busApi.js
+++ b/src/events/busApi.js
@@ -92,14 +92,14 @@ module.exports = (app, logger) => {
     models.Project.findOne({
       where: { id: projectId },
     })
-    .then((project) => {
-      createEvent(eventType, {
-        projectId,
-        projectName: project.name,
-        userId: member.userId,
-        initiatorUserId: req.authUser.userId,
-      }, logger);
-    }).catch(err => null);    // eslint-disable-line no-unused-vars
+      .then((project) => {
+        createEvent(eventType, {
+          projectId,
+          projectName: project.name,
+          userId: member.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
   });
 
   /**
@@ -119,16 +119,16 @@ module.exports = (app, logger) => {
     models.Project.findOne({
       where: { id: projectId },
     })
-    .then((project) => {
-      if (project) {
-        createEvent(eventType, {
-          projectId,
-          projectName: project.name,
-          userId: member.userId,
-          initiatorUserId: req.authUser.userId,
-        }, logger);
-      }
-    }).catch(err => null);    // eslint-disable-line no-unused-vars
+      .then((project) => {
+        if (project) {
+          createEvent(eventType, {
+            projectId,
+            projectName: project.name,
+            userId: member.userId,
+            initiatorUserId: req.authUser.userId,
+          }, logger);
+        }
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
   });
 
   /**
@@ -142,16 +142,16 @@ module.exports = (app, logger) => {
       models.Project.findOne({
         where: { id: projectId },
       })
-      .then((project) => {
-        if (project) {
-          createEvent(BUS_API_EVENT.MEMBER_ASSIGNED_AS_OWNER, {
-            projectId,
-            projectName: project.name,
-            userId: updated.userId,
-            initiatorUserId: req.authUser.userId,
-          }, logger);
-        }
-      }).catch(err => null);    // eslint-disable-line no-unused-vars
+        .then((project) => {
+          if (project) {
+            createEvent(BUS_API_EVENT.MEMBER_ASSIGNED_AS_OWNER, {
+              projectId,
+              projectName: project.name,
+              userId: updated.userId,
+              initiatorUserId: req.authUser.userId,
+            }, logger);
+          }
+        }).catch(err => null);    // eslint-disable-line no-unused-vars
     }
   });
 
@@ -166,14 +166,157 @@ module.exports = (app, logger) => {
     models.Project.findOne({
       where: { id: projectId },
     })
-    .then((project) => {
-      createEvent(BUS_API_EVENT.PROJECT_FILE_UPLOADED, {
-        projectId,
-        projectName: project.name,
-        fileName: attachment.filePath.replace(/^.*[\\\/]/, ''),    // eslint-disable-line
-        userId: req.authUser.userId,
-        initiatorUserId: req.authUser.userId,
-      }, logger);
-    }).catch(err => null);    // eslint-disable-line no-unused-vars
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_FILE_UPLOADED, {
+          projectId,
+          projectName: project.name,
+          fileName: attachment.filePath.replace(/^.*[\\\/]/, ''),    // eslint-disable-line
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+   * PROJECT_PHASE_ADDED
+   */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED, ({ req, created }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_ADDED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+          projectId,
+          projectName: project.name,
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+  * PROJECT_PHASE_REMOVED
+  */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_REMOVED, ({ req, deleted }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_REMOVED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+          projectId,
+          projectName: project.name,
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+  * PROJECT_PHASE_UPDATED
+  */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_UPDATED, ({ req, original, updated }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_UPDATED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+          projectId,
+          projectName: project.name,
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+   * PROJECT_PHASE_PRODUCT_ADDED
+   */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED, ({ req, created }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_PRODUCT_ADDED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+          projectId,
+          projectName: project.name,
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+  * PROJECT_PHASE_PRODUCT_REMOVED
+  */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED, ({ req, deleted }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_PRODUCT_REMOVED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+          projectId,
+          projectName: project.name,
+          userId: req.authUser.userId,
+          initiatorUserId: req.authUser.userId,
+        }, logger);
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
+  });
+
+  /**
+  * PROJECT_PHASE_PRODUCT_UPDATED
+  */
+  app.on(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED, ({ req, original, updated }) => { // eslint-disable-line no-unused-vars
+    logger.debug('receive PROJECT_PHASE_PRODUCT_UPDATED event');
+
+    const projectId = _.parseInt(req.params.projectId);
+
+    models.Project.findOne({
+      where: { id: projectId },
+    })
+      .then((project) => {
+        // Spec changes
+        if (!_.isEqual(original.details, updated.details)) {
+          logger.debug(`Spec changed for product id ${updated.id}`);
+
+          createEvent(BUS_API_EVENT.PROJECT_PRODUCT_SPECIFICATION_MODIFIED, {
+            projectId,
+            projectName: project.name,
+            userId: req.authUser.userId,
+            initiatorUserId: req.authUser.userId,
+          }, logger);
+        }
+
+        // Other fields change
+        const originalWithouDetails = _.omit(original, 'details');
+        const updatedWithouDetails = _.omit(updated, 'details');
+        if (!_.isEqual(originalWithouDetails.details, updatedWithouDetails.details)) {
+          createEvent(BUS_API_EVENT.PROJECT_PLAN_MODIFIED, {
+            projectId,
+            projectName: project.name,
+            userId: req.authUser.userId,
+            initiatorUserId: req.authUser.userId,
+          }, logger);
+        }
+      }).catch(err => null);    // eslint-disable-line no-unused-vars
   });
 };
diff --git a/src/events/index.js b/src/events/index.js
index a8ac3096..cf6decf8 100644
--- a/src/events/index.js
+++ b/src/events/index.js
@@ -5,6 +5,10 @@ import { projectMemberAddedHandler, projectMemberRemovedHandler,
   projectMemberUpdatedHandler } from './projectMembers';
 import { projectAttachmentAddedHandler, projectAttachmentRemovedHandler,
   projectAttachmentUpdatedHandler } from './projectAttachments';
+import { projectPhaseAddedHandler, projectPhaseRemovedHandler,
+  projectPhaseUpdatedHandler } from './projectPhases';
+import { phaseProductAddedHandler, phaseProductRemovedHandler,
+  phaseProductUpdatedHandler } from './phaseProducts';
 
 export default {
   'project.initial': projectCreatedHandler,
@@ -17,4 +21,13 @@ export default {
   [EVENT.ROUTING_KEY.PROJECT_ATTACHMENT_ADDED]: projectAttachmentAddedHandler,
   [EVENT.ROUTING_KEY.PROJECT_ATTACHMENT_REMOVED]: projectAttachmentRemovedHandler,
   [EVENT.ROUTING_KEY.PROJECT_ATTACHMENT_UPDATED]: projectAttachmentUpdatedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED]: projectPhaseAddedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_REMOVED]: projectPhaseRemovedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_UPDATED]: projectPhaseUpdatedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED]: projectPhaseAddedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_REMOVED]: projectPhaseRemovedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_UPDATED]: projectPhaseUpdatedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED]: phaseProductAddedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED]: phaseProductRemovedHandler,
+  [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED]: phaseProductUpdatedHandler,
 };
diff --git a/src/events/phaseProducts/index.js b/src/events/phaseProducts/index.js
new file mode 100644
index 00000000..b6b6c063
--- /dev/null
+++ b/src/events/phaseProducts/index.js
@@ -0,0 +1,129 @@
+/**
+ * Event handlers for phase product create, update and delete.
+ * Current functionality just updates the elasticsearch indexes.
+ */
+
+import config from 'config';
+import _ from 'lodash';
+import Promise from 'bluebird';
+import util from '../../util';
+
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+
+const eClient = util.getElasticSearchClient();
+
+/**
+ * Handler for phase product creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const phaseProductAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
+    const phases = _.isArray(doc._source.phases) ? doc._source.phases : [];    // eslint-disable-line no-underscore-dangle
+
+    _.each(phases, (phase) => {
+      if (phase.id === data.phaseId) {
+        phase.products = _.isArray(phase.products) ? phase.products : []; // eslint-disable-line no-param-reassign
+        phase.products.push(_.omit(data, ['deletedAt', 'deletedBy']));
+      }
+    });
+
+    const merged = _.assign(doc._source, { phases });       // eslint-disable-line no-underscore-dangle
+    yield eClient.update({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId, body: { doc: merged } });
+    logger.debug('phase product added to project document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error handling project.phase.added event', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for phase product updated event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const phaseProductUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.original.projectId });
+    const phases = _.map(doc._source.phases, (phase) => {   // eslint-disable-line no-underscore-dangle
+      if (phase.id === data.original.phaseId) {
+        phase.products = _.map(phase.products, (product) => { // eslint-disable-line no-param-reassign
+          if (product.id === data.original.id) {
+            return _.assign(product, _.omit(data.updated, ['deletedAt', 'deletedBy']));
+          }
+          return product;
+        });
+      }
+      return phase;
+    });
+    const merged = _.assign(doc._source, { phases });       // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_PROJECT_INDEX,
+      type: ES_PROJECT_TYPE,
+      id: data.original.projectId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('elasticsearch index updated, phase product updated successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error handling project.phase.updated event', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for phase product deleted event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const phaseProductRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
+    const phases = _.map(doc._source.phases, (phase) => {   // eslint-disable-line no-underscore-dangle
+      if (phase.id === data.phaseId) {
+        phase.products = _.filter(phase.products, product => product.id !== data.id); // eslint-disable-line no-param-reassign
+      }
+      return phase;
+    });
+
+    const merged = _.assign(doc._source, { phases });       // eslint-disable-line no-underscore-dangle
+
+    yield eClient.update({
+      index: ES_PROJECT_INDEX,
+      type: ES_PROJECT_TYPE,
+      id: data.projectId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('phase product removed from project document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error fetching project document from elasticsearch', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+
+module.exports = {
+  phaseProductAddedHandler,
+  phaseProductRemovedHandler,
+  phaseProductUpdatedHandler,
+};
diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
new file mode 100644
index 00000000..7543bdae
--- /dev/null
+++ b/src/events/projectPhases/index.js
@@ -0,0 +1,110 @@
+/**
+ * Event handlers for project phase create, update and delete.
+ * Current functionality just updates the elasticsearch indexes.
+ */
+
+import config from 'config';
+import _ from 'lodash';
+import Promise from 'bluebird';
+import util from '../../util';
+
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+
+const eClient = util.getElasticSearchClient();
+
+/**
+ * Handler for project phase creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
+    const phases = _.isArray(doc._source.phases) ? doc._source.phases : []; // eslint-disable-line no-underscore-dangle
+    phases.push(_.omit(data, ['deletedAt', 'deletedBy']));
+    const merged = _.assign(doc._source, { phases }); // eslint-disable-line no-underscore-dangle
+    yield eClient.update({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId, body: { doc: merged } });
+    logger.debug('project phase added to project document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error handling project.phase.added event', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for project phase updated event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectPhaseUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.original.projectId });
+    const phases = _.map(doc._source.phases, (single) => { // eslint-disable-line no-underscore-dangle
+      if (single.id === data.original.id) {
+        return _.assign(single, _.omit(data.updated, ['deletedAt', 'deletedBy']));
+      }
+      return single;
+    });
+    const merged = _.assign(doc._source, { phases }); // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_PROJECT_INDEX,
+      type: ES_PROJECT_TYPE,
+      id: data.original.projectId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('elasticsearch index updated, project phase updated successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error handling project.phase.updated event', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for project phase deleted event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectPhaseRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    const data = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
+    const phases = _.filter(doc._source.phases, single => single.id !== data.id); // eslint-disable-line no-underscore-dangle
+    const merged = _.assign(doc._source, { phases });       // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_PROJECT_INDEX,
+      type: ES_PROJECT_TYPE,
+      id: data.projectId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('project phase removed from project document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error('Error fetching project document from elasticsearch', error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+
+module.exports = {
+  projectPhaseAddedHandler,
+  projectPhaseRemovedHandler,
+  projectPhaseUpdatedHandler,
+};
diff --git a/src/models/phaseProduct.js b/src/models/phaseProduct.js
index da7a5bc0..4ec1ea90 100644
--- a/src/models/phaseProduct.js
+++ b/src/models/phaseProduct.js
@@ -12,7 +12,7 @@ module.exports = function definePhaseProduct(sequelize, DataTypes) {
     type: { type: DataTypes.STRING, allowNull: true },
     estimatedPrice: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     actualPrice: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
-    details: { type: DataTypes.JSON, defaultValue: '' },
+    details: { type: DataTypes.JSON, defaultValue: {} },
 
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/models/projectPhase.js b/src/models/projectPhase.js
index b855f44d..3d21ec1c 100644
--- a/src/models/projectPhase.js
+++ b/src/models/projectPhase.js
@@ -11,7 +11,7 @@ module.exports = function defineProjectPhase(sequelize, DataTypes) {
     endDate: { type: DataTypes.DATE, allowNull: true },
     budget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     progress: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
-    details: { type: DataTypes.JSON, defaultValue: '' },
+    details: { type: DataTypes.JSON, defaultValue: {} },
 
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/phaseProducts/create.js b/src/routes/phaseProducts/create.js
index 5a67ef01..670e89d1 100644
--- a/src/routes/phaseProducts/create.js
+++ b/src/routes/phaseProducts/create.js
@@ -6,6 +6,7 @@ import Joi from 'joi';
 
 import models from '../../models';
 import util from '../../util';
+import { EVENT } from '../../constants';
 
 const permissions = require('tc-core-library-js').middleware.permissions;
 
@@ -44,7 +45,7 @@ module.exports = [
       where: { id: projectId, deletedAt: { $eq: null } },
       raw: true,
     }).then((existingProject) => {
-        // make sure project exists
+      // make sure project exists
       if (!existingProject) {
         const err = new Error(`project not found for project id ${projectId}`);
         err.status = 404;
@@ -61,10 +62,10 @@ module.exports = [
         raw: true,
       });
     }).then((existingPhase) => {
-        // make sure phase exists
+      // make sure phase exists
       if (!existingPhase) {
         const err = new Error(`project phase not found for project id ${projectId}` +
-            ` and phase id ${phaseId}`);
+          ` and phase id ${phaseId}`);
         err.status = 404;
         throw err;
       }
@@ -81,10 +82,10 @@ module.exports = [
         raw: true,
       });
     }).then((productCount) => {
-        // make sure number of products of per phase <= max value
+      // make sure number of products of per phase <= max value
       if (productCount >= config.maxPhaseProductCount) {
         const err = new Error('the number of products per phase cannot exceed ' +
-            `${config.maxPhaseProductCount}`);
+          `${config.maxPhaseProductCount}`);
         err.status = 400;
         throw err;
       }
@@ -93,9 +94,19 @@ module.exports = [
       .then((_newPhaseProduct) => {
         newPhaseProduct = _.cloneDeep(_newPhaseProduct);
         req.log.debug('new phase product created (id# %d, name: %s)',
-                newPhaseProduct.id, newPhaseProduct.name);
+          newPhaseProduct.id, newPhaseProduct.name);
         newPhaseProduct = newPhaseProduct.get({ plain: true });
         newPhaseProduct = _.omit(newPhaseProduct, ['deletedAt', 'utm']);
+
+        // Send events to buses
+        req.log.debug('Sending event to RabbitMQ bus for phase product %d', newPhaseProduct.id);
+        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED,
+          newPhaseProduct,
+          { correlationId: req.id },
+        );
+        req.log.debug('Sending event to Kafka bus for phase product %d', newPhaseProduct.id);
+        req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED, { req, created: newPhaseProduct });
+
         res.status(201).json(util.wrapResponse(req.id, newPhaseProduct, 1, 201));
       })).catch((err) => { next(err); });
   },
diff --git a/src/routes/phaseProducts/delete.js b/src/routes/phaseProducts/delete.js
index a7e5e8ee..2faa6295 100644
--- a/src/routes/phaseProducts/delete.js
+++ b/src/routes/phaseProducts/delete.js
@@ -3,6 +3,7 @@
 import _ from 'lodash';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import models from '../../models';
+import { EVENT } from '../../constants';
 
 const permissions = tcMiddleware.permissions;
 
@@ -26,9 +27,9 @@ module.exports = [
         },
       }).then(existing => new Promise((accept, reject) => {
         if (!existing) {
-        // handle 404
+          // handle 404
           const err = new Error('No active phase product found for project id ' +
-              `${projectId}, phase id ${phaseId} and product id ${productId}`);
+            `${projectId}, phase id ${phaseId} and product id ${productId}`);
           err.status = 404;
           reject(err);
         } else {
@@ -37,6 +38,15 @@ module.exports = [
         }
       })).then((deleted) => {
         req.log.debug('deleted phase product', JSON.stringify(deleted, null, 2));
+
+        // Send events to buses
+        req.app.services.pubsub.publish(
+          EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED,
+          deleted,
+          { correlationId: req.id },
+        );
+        req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED, { req, deleted });
+
         res.status(204).json({});
       }).catch(err => next(err)));
   },
diff --git a/src/routes/phaseProducts/list.js b/src/routes/phaseProducts/list.js
index 2abb3076..5899c425 100644
--- a/src/routes/phaseProducts/list.js
+++ b/src/routes/phaseProducts/list.js
@@ -1,9 +1,13 @@
 
 import _ from 'lodash';
-
-import models from '../../models';
+import config from 'config';
 import util from '../../util';
 
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+
+const eClient = util.getElasticSearchClient();
+
 const permissions = require('tc-core-library-js').middleware.permissions;
 
 module.exports = [
@@ -14,28 +18,32 @@ module.exports = [
     const projectId = _.parseInt(req.params.projectId);
     const phaseId = _.parseInt(req.params.phaseId);
 
-    return models.ProjectPhase.findOne({
-      where: { id: phaseId, projectId, deletedAt: { $eq: null } },
-    }).then((existingPhase) => {
-      if (!existingPhase) {
-        const err = new Error(`active project phase not found for project id ${projectId}` +
-          ` and phase id ${phaseId}`);
-        err.status = 404;
-        throw err;
-      }
-      return models.PhaseProduct.findAll({
-        where: {
-          projectId,
-          phaseId,
-          deletedAt: { $eq: null },
-        },
-      });
-    }).then((products) => {
-      if (!products) {
-        res.json(util.wrapResponse(req.id, [], 0));
-      } else {
+    // Get project from ES
+    eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: req.params.projectId })
+      .then((doc) => {
+        if (!doc) {
+          const err = new Error(`active project not found for project id ${projectId}`);
+          err.status = 404;
+          throw err;
+        }
+
+        // Get the phases
+        let phases = _.isArray(doc._source.phases) ? doc._source.phases : []; // eslint-disable-line no-underscore-dangle
+
+        // Get the phase by id
+        phases = _.filter(phases, { id: phaseId });
+        if (phases.length <= 0) {
+          const err = new Error(`active project phase not found for phase id ${phaseId}`);
+          err.status = 404;
+          throw err;
+        }
+
+        // Get the products
+        let products = phases[0].products;
+        products = _.isArray(products) ? products : []; // eslint-disable-line no-underscore-dangle
+
         res.json(util.wrapResponse(req.id, products, products.length));
-      }
-    }).catch(err => next(err));
+      })
+      .catch(err => next(err));
   },
 ];
diff --git a/src/routes/phaseProducts/list.spec.js b/src/routes/phaseProducts/list.spec.js
index 92d0b0dc..5f91dece 100644
--- a/src/routes/phaseProducts/list.spec.js
+++ b/src/routes/phaseProducts/list.spec.js
@@ -1,10 +1,18 @@
 /* eslint-disable no-unused-expressions */
 import _ from 'lodash';
 import request from 'supertest';
+import sleep from 'sleep';
+import chai from 'chai';
+import config from 'config';
 import server from '../../app';
 import models from '../../models';
 import testUtil from '../../tests/util';
 
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+
+const should = chai.should();
+
 const body = {
   name: 'test phase product',
   type: 'product1',
@@ -20,52 +28,71 @@ const body = {
 describe('Phase Products', () => {
   let projectId;
   let phaseId;
-  before((done) => {
+  let project;
+  before(function beforeHook(done) {
+    this.timeout(10000);
     // mocks
     testUtil.clearDb()
-        .then(() => {
-          models.Project.create({
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
+      .then(() => {
+        models.Project.create({
+          type: 'generic',
+          billingAccountId: 1,
+          name: 'test1',
+          description: 'test project1',
+          status: 'draft',
+          details: {},
+          createdBy: 1,
+          updatedBy: 1,
+        }).then((p) => {
+          projectId = p.id;
+          project = p.toJSON();
+          // create members
+          models.ProjectMember.create({
+            userId: 40051332,
+            projectId,
+            role: 'copilot',
+            isPrimary: true,
             createdBy: 1,
             updatedBy: 1,
-          }).then((p) => {
-            projectId = p.id;
-            // create members
-            models.ProjectMember.create({
-              userId: 40051332,
-              projectId,
-              role: 'copilot',
-              isPrimary: true,
+          }).then(() => {
+            models.ProjectPhase.create({
+              name: 'test project phase',
+              status: 'active',
+              startDate: '2018-05-15T00:00:00Z',
+              endDate: '2018-05-15T12:00:00Z',
+              budget: 20.0,
+              progress: 1.23456,
+              details: {
+                message: 'This can be any json',
+              },
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
-              models.ProjectPhase.create({
-                name: 'test project phase',
-                status: 'active',
-                startDate: '2018-05-15T00:00:00Z',
-                endDate: '2018-05-15T12:00:00Z',
-                budget: 20.0,
-                progress: 1.23456,
-                details: {
-                  message: 'This can be any json',
-                },
-                createdBy: 1,
-                updatedBy: 1,
-                projectId,
-              }).then((phase) => {
-                phaseId = phase.id;
-                _.assign(body, { phaseId, projectId });
+              projectId,
+            }).then((phase) => {
+              phaseId = phase.id;
+              _.assign(body, { phaseId, projectId });
+
+              project.phases = [phase.toJSON()];
+
+              models.PhaseProduct.create(body).then((product) => {
+                project.phases[0].products = [product.toJSON()];
 
-                models.PhaseProduct.create(body).then(() => done());
+                // Index to ES
+                return server.services.es.index({
+                  index: ES_PROJECT_INDEX,
+                  type: ES_PROJECT_TYPE,
+                  id: projectId,
+                  body: project,
+                }).then(() => {
+                  // sleep for some time, let elasticsearch indices be settled
+                  sleep.sleep(5);
+                  done();
+                });
               });
             });
           });
         });
+      });
   });
 
   after((done) => {
@@ -120,6 +147,7 @@ describe('Phase Products', () => {
             done(err);
           } else {
             const resJson = res.body.result.content;
+            should.exist(resJson);
             resJson.should.have.lengthOf(1);
             done();
           }
diff --git a/src/routes/phaseProducts/update.js b/src/routes/phaseProducts/update.js
index 2d42f618..9d335f2a 100644
--- a/src/routes/phaseProducts/update.js
+++ b/src/routes/phaseProducts/update.js
@@ -5,6 +5,7 @@ import Joi from 'joi';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import models from '../../models';
 import util from '../../util';
+import { EVENT } from '../../constants';
 
 
 const permissions = tcMiddleware.permissions;
@@ -37,6 +38,8 @@ module.exports = [
     const updatedProps = req.body.param;
     updatedProps.updatedBy = req.authUser.userId;
 
+    let previousValue;
+
     models.sequelize.transaction(() => models.PhaseProduct.findOne({
       where: {
         id: productId,
@@ -52,11 +55,25 @@ module.exports = [
         err.status = 404;
         reject(err);
       } else {
+        previousValue = _.clone(existing.get({ plain: true }));
+
         _.extend(existing, updatedProps);
         existing.save().then(accept).catch(reject);
       }
     })).then((updated) => {
       req.log.debug('updated phase product', JSON.stringify(updated, null, 2));
+
+      const updatedValue = updated.get({ plain: true });
+
+      // emit original and updated project phase information
+      req.app.services.pubsub.publish(
+        EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED,
+        { original: previousValue, updated: updatedValue },
+        { correlationId: req.id },
+      );
+      req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED,
+        { req, original: previousValue, updated: updatedValue });
+
       res.json(util.wrapResponse(req.id, updated));
     }).catch(err => next(err)));
   },
diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index 6a81df61..1a5828c7 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -4,6 +4,7 @@ import Joi from 'joi';
 
 import models from '../../models';
 import util from '../../util';
+import { EVENT } from '../../constants';
 
 const permissions = require('tc-core-library-js').middleware.permissions;
 
@@ -58,6 +59,16 @@ module.exports = [
 
             newProjectPhase = newProjectPhase.get({ plain: true });
             newProjectPhase = _.omit(newProjectPhase, ['deletedAt', 'deletedBy', 'utm']);
+
+            // Send events to buses
+            req.log.debug('Sending event to RabbitMQ bus for project phase %d', newProjectPhase.id);
+            req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED,
+              newProjectPhase,
+              { correlationId: req.id },
+            );
+            req.log.debug('Sending event to Kafka bus for project phase %d', newProjectPhase.id);
+            req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED, { req, created: newProjectPhase });
+
             res.status(201).json(util.wrapResponse(req.id, newProjectPhase, 1, 201));
           });
       }).catch((err) => {
diff --git a/src/routes/phases/delete.js b/src/routes/phases/delete.js
index c8979ca2..3bc34012 100644
--- a/src/routes/phases/delete.js
+++ b/src/routes/phases/delete.js
@@ -3,6 +3,7 @@
 import _ from 'lodash';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import models from '../../models';
+import { EVENT } from '../../constants';
 
 const permissions = tcMiddleware.permissions;
 
@@ -26,7 +27,7 @@ module.exports = [
         if (!existing) {
           // handle 404
           const err = new Error('no active project phase found for project id ' +
-              `${projectId} and phase id ${phaseId}`);
+            `${projectId} and phase id ${phaseId}`);
           err.status = 404;
           reject(err);
         } else {
@@ -35,6 +36,15 @@ module.exports = [
         }
       })).then((deleted) => {
         req.log.debug('deleted project phase', JSON.stringify(deleted, null, 2));
+
+        // Send events to buses
+        req.app.services.pubsub.publish(
+          EVENT.ROUTING_KEY.PROJECT_PHASE_REMOVED,
+          deleted,
+          { correlationId: req.id },
+        );
+        req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_REMOVED, { req, deleted });
+
         res.status(204).json({});
       }).catch(err => next(err)));
   },
diff --git a/src/routes/phases/list.js b/src/routes/phases/list.js
index bfec53d8..6644a365 100644
--- a/src/routes/phases/list.js
+++ b/src/routes/phases/list.js
@@ -1,74 +1,65 @@
 
 import _ from 'lodash';
+import config from 'config';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import util from '../../util';
 import models from '../../models';
 
-const PHASE_ATTRIBUTES = _.without(_.keys(models.ProjectPhase.rawAttributes),
-   'utm',
-);
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
 
-const permissions = tcMiddleware.permissions;
+const eClient = util.getElasticSearchClient();
+
+const PHASE_ATTRIBUTES = _.keys(models.ProjectPhase.rawAttributes);
 
-const retrieveProjectPhases = (req, criteria, sort, ffields) => {
-  // order by
-  const order = sort ? [sort.split(' ')] : [['createdAt', 'asc']];
-  let fields = ffields ? ffields.split(',') : PHASE_ATTRIBUTES;
-  // parse the fields string to determine what fields are to be returned
-  fields = _.intersection(fields, PHASE_ATTRIBUTES);
-  if (_.indexOf(fields, 'id') < 0) fields.push('id');
+const permissions = tcMiddleware.permissions;
 
-  return models.ProjectPhase.searchText({
-    filters: criteria.filters,
-    order,
-    limit: criteria.limit,
-    offset: criteria.offset,
-    attributes: fields,
-  }, req.log);
-};
 
 module.exports = [
   permissions('project.view'),
   (req, res, next) => {
     const projectId = _.parseInt(req.params.projectId);
 
-    const filters = util.parseQueryFilter(req.query.filter);
-    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'createdAt';
+    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'startDate';
     if (sort && sort.indexOf(' ') === -1) {
       sort += ' asc';
     }
     const sortableProps = [
-      'createdAt', 'createdAt asc', 'createdAt desc',
-      'updatedAt', 'updatedAt asc', 'updatedAt desc',
-      'id', 'id asc', 'id desc',
-      'status', 'status asc', 'status desc',
-      'name', 'name asc', 'name desc',
-      'budget', 'budget asc', 'budget desc',
-      'progress', 'progress asc', 'progress desc',
+      'startDate asc', 'startDate desc',
+      'endDate asc', 'endDate desc',
+      'status asc', 'status desc',
     ];
-    if (!util.isValidFilter(filters, ['id', 'status', 'type', 'name', 'status', 'budget', 'progress']) ||
-      (sort && _.indexOf(sortableProps, sort) < 0)) {
-      return util.handleError('Invalid filters or sort', null, req, next);
+    if (sort && _.indexOf(sortableProps, sort) < 0) {
+      return util.handleError('Invalid sort criteria', null, req, next);
     }
+    const sortColumnAndOrder = sort.split(' ');
+
+    // Get project from ES
+    return eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: req.params.projectId })
+      .then((doc) => {
+        if (!doc) {
+          const err = new Error(`active project not found for project id ${projectId}`);
+          err.status = 404;
+          throw err;
+        }
+
+        // Get the phases
+        let phases = _.isArray(doc._source.phases) ? doc._source.phases : []; // eslint-disable-line no-underscore-dangle
+
+        // Sort
+        phases = _.sortBy(phases, [sortColumnAndOrder[0]], [sortColumnAndOrder[1]]);
 
-    const criteria = {
-      filters,
-      limit: Math.min(req.query.limit || 20, 20),
-      offset: req.query.offset || 0,
-    };
+        // Parse the fields string to determine what fields are to be returned
+        let fields = req.query.fields ? req.query.fields.split(',') : PHASE_ATTRIBUTES;
+        fields = _.intersection(fields, PHASE_ATTRIBUTES);
+        if (_.indexOf(fields, 'id') < 0) {
+          fields.push('id');
+        }
 
-    criteria.filters.projectId = projectId;
+        phases = _.map(phases, phase => _.pick(phase, fields));
 
-    return models.Project.findOne({
-      where: { id: projectId, deletedAt: { $eq: null } },
-    }).then((existingProject) => {
-      if (!existingProject) {
-        const err = new Error(`active project not found for project id ${projectId}`);
-        err.status = 404;
-        throw err;
-      }
-      return retrieveProjectPhases(req, criteria, sort, req.query.fields);
-    }).then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
+        res.json(util.wrapResponse(req.id, phases, phases.length));
+      })
       .catch(err => next(err));
   },
 ];
diff --git a/src/routes/phases/list.spec.js b/src/routes/phases/list.spec.js
index 2136a87e..74761ad2 100644
--- a/src/routes/phases/list.spec.js
+++ b/src/routes/phases/list.spec.js
@@ -1,10 +1,18 @@
 /* eslint-disable no-unused-expressions */
 import _ from 'lodash';
 import request from 'supertest';
+import config from 'config';
+import sleep from 'sleep';
+import chai from 'chai';
 import server from '../../app';
 import models from '../../models';
 import testUtil from '../../tests/util';
 
+const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
+const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+
+const should = chai.should();
+
 const body = {
   name: 'test project phase',
   status: 'active',
@@ -21,35 +29,51 @@ const body = {
 
 describe('Project Phases', () => {
   let projectId;
-  before((done) => {
+  let project;
+  before(function beforeHook(done) {
+    this.timeout(10000);
     // mocks
     testUtil.clearDb()
-        .then(() => {
-          models.Project.create({
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
+      .then(() => {
+        models.Project.create({
+          type: 'generic',
+          billingAccountId: 1,
+          name: 'test1',
+          description: 'test project1',
+          status: 'draft',
+          details: {},
+          createdBy: 1,
+          updatedBy: 1,
+        }).then((p) => {
+          projectId = p.id;
+          project = p.toJSON();
+          // create members
+          models.ProjectMember.create({
+            userId: 40051332,
+            projectId,
+            role: 'copilot',
+            isPrimary: true,
             createdBy: 1,
             updatedBy: 1,
-          }).then((p) => {
-            projectId = p.id;
-            // create members
-            models.ProjectMember.create({
-              userId: 40051332,
-              projectId,
-              role: 'copilot',
-              isPrimary: true,
-              createdBy: 1,
-              updatedBy: 1,
+          }).then(() => {
+            _.assign(body, { projectId });
+            return models.ProjectPhase.create(body);
+          }).then((phase) => {
+            // Index to ES
+            project.phases = [phase];
+            return server.services.es.index({
+              index: ES_PROJECT_INDEX,
+              type: ES_PROJECT_TYPE,
+              id: projectId,
+              body: project,
             }).then(() => {
-              _.assign(body, { projectId });
-              models.ProjectPhase.create(body).then(() => done());
+              // sleep for some time, let elasticsearch indices be settled
+              sleep.sleep(5);
+              done();
             });
           });
         });
+      });
   });
 
   after((done) => {
@@ -93,6 +117,7 @@ describe('Project Phases', () => {
             done(err);
           } else {
             const resJson = res.body.result.content;
+            should.exist(resJson);
             resJson.should.have.lengthOf(1);
             done();
           }
diff --git a/src/routes/phases/update.js b/src/routes/phases/update.js
index 543e0fac..96b589d3 100644
--- a/src/routes/phases/update.js
+++ b/src/routes/phases/update.js
@@ -5,6 +5,7 @@ import Joi from 'joi';
 import { middleware as tcMiddleware } from 'tc-core-library-js';
 import models from '../../models';
 import util from '../../util';
+import { EVENT } from '../../constants';
 
 
 const permissions = tcMiddleware.permissions;
@@ -37,6 +38,8 @@ module.exports = [
     const updatedProps = req.body.param;
     updatedProps.updatedBy = req.authUser.userId;
 
+    let previousValue;
+
     models.sequelize.transaction(() => models.ProjectPhase.findOne({
       where: {
         id: phaseId,
@@ -45,12 +48,14 @@ module.exports = [
       },
     }).then(existing => new Promise((accept, reject) => {
       if (!existing) {
-          // handle 404
+        // handle 404
         const err = new Error('No active project phase found for project id ' +
-              `${projectId} and phase id ${phaseId}`);
+          `${projectId} and phase id ${phaseId}`);
         err.status = 404;
         reject(err);
       } else {
+        previousValue = _.clone(existing.get({ plain: true }));
+
         // make sure startDate < endDate
         let startDate;
         let endDate;
@@ -77,6 +82,16 @@ module.exports = [
       }
     })).then((updated) => {
       req.log.debug('updated project phase', JSON.stringify(updated, null, 2));
+
+      // emit original and updated project phase information
+      req.app.services.pubsub.publish(
+        EVENT.ROUTING_KEY.PROJECT_PHASE_UPDATED,
+        { original: previousValue, updated },
+        { correlationId: req.id },
+      );
+      req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_UPDATED,
+        { req, original: previousValue, updated });
+
       res.json(util.wrapResponse(req.id, updated));
     }).catch(err => next(err)));
   },
diff --git a/swagger.yaml b/swagger.yaml
index f195828f..f8178324 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -1,940 +1,1484 @@
----
-swagger: "2.0"
-info:
-  version: "v4"
-  title: "Projects API"
-# during production,should point to your server machine
-host: localhost:3000
-basePath: "/v4"
-# during production, should use https
-schemes:
-- "http"
-produces:
-- application/json
-consumes:
-- application/json
-
-securityDefinitions:
-  Bearer:
-    type: apiKey
-    name: Authorization
-    in: header
-
-paths:
-  /projects:
-    get:
-      tags:
-        - project
-      operationId: findProjects
-      security:
-        - Bearer: []
-      description: Retreive projects that match the filter
-      responses:
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: A list of projects
-          schema:
-            $ref: "#/definitions/ProjectListResponse"
-      parameters:
-        - $ref: "#/parameters/offsetParam"
-        - $ref: "#/parameters/limitParam"
-        - name: filter
-          required: true
-          type: string
-          in: query
-          description: |
-            Url encoded list of Supported filters
-             - id
-             - status
-             - type
-             - memberOnly
-             - keyword
-        - name: sort
-          required: false
-          description: |
-            sort projects by status, name, type, createdAt, updatedAt. Default is createdAt asc
-          in: query
-          type: string
-    post:
-      operationId: addProject
-      security:
-        - Bearer: []
-      description: Create a project
-      parameters:
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/NewProjectBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created project
-          schema:
-            $ref: "#/definitions/ProjectResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /projects/{projectId}:
-    get:
-      description: Retrieve project by id
-      security:
-        - Bearer: []
-      responses:
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: a project
-          schema:
-            $ref: "#/definitions/ProjectResponse"
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - name: fields
-          required: false
-          type: string
-          in: query
-          description: |
-            Comma separated list of project fields to return.
-            Can also specify project_members, attachments to get project members and project attachments.
-            Sub fields of project members and project attachments are also allowed.
-      operationId: getProject
-
-    patch:
-      operationId: updateProject
-      security:
-        - Bearer: []
-      description: Update a project that user has access to. Managers and admin are able to pull out a project from cancelled state.
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: Successfully updated project. Returns original and updated project object
-          schema:
-            $ref: "#/definitions/UpdateProjectResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        default:
-          description: error payload
-          schema:
-            $ref: '#/definitions/ErrorModel'
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - name: body
-          in: body
-          required: true
-          description: Only specify those properties that needs to be updated. `cancelReason` is mandatory if status is cancelled
-          schema:
-            $ref: "#/definitions/ProjectBodyParam"
-
-    delete:
-      description: remove an existing project
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: If project is not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Project successfully removed
-
-  /projects/{projectId}/attachments:
-    post:
-      description: add a new project attachment
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/NewProjectAttachmentBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created project attachment
-          schema:
-            $ref: "#/definitions/NewProjectAttachmentResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /projects/{projectId}/attachments/{id}:
-    patch:
-      description: Update an existing attachment
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - in: path
-          name: id
-          required: true
-          description: The id of attachment to update
-          type: integer
-        - in: body
-          name: body
-          required: true
-          description: Specify only those properties that needs to be updated
-          schema:
-            $ref: '#/definitions/NewProjectAttachmentBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created project
-          schema:
-            $ref: "#/definitions/NewProjectAttachmentResponse"
-        '404':
-          description: If project attachment is not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-    delete:
-      description: remove an existing attachment
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - in: path
-          name: id
-          required: true
-          description: The id of attachment to delete
-          type: integer
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: If attachment is not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Attachment successfully removed
-
-  /projects/{projectId}/members:
-    post:
-      description: add a new project member
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/NewProjectMemberBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created project
-          schema:
-            $ref: "#/definitions/NewProjectMemberResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /projects/{projectId}/members/{id}:
-    delete:
-      description: Delete a project member
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/projectIdParam"
-        - in: path
-          name: id
-          required: true
-          type: integer
-
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Member successfully removed
-    patch:
-        security:
-          - Bearer: []
-        description: Support editing project member roles & primary option.
-        responses:
-          '403':
-            description: No permission or wrong token
-            schema:
-              $ref: "#/definitions/ErrorModel"
-          '404':
-            description: Not found
-            schema:
-              $ref: "#/definitions/ErrorModel"
-          '200':
-            description: Successfully updated project member. Returns entire project member object
-            schema:
-              $ref: "#/definitions/UpdateProjectMemberResponse"
-          '422':
-            description: Invalid input
-            schema:
-              $ref: "#/definitions/ErrorModel"
-          default:
-            description: error payload
-            schema:
-              $ref: '#/definitions/ErrorModel'
-        parameters:
-          - $ref: "#/parameters/projectIdParam"
-          - in: path
-            name: id
-            required: true
-            type: integer
-          - name: body
-            in: body
-            required: true
-            schema:
-              $ref: "#/definitions/UpdateProjectMemberBodyParam"
-
-
-parameters:
-  projectIdParam:
-    name: projectId
-    in: path
-    description: project identifier
-    required: true
-    type: integer
-    format: int64
-  offsetParam:
-    name: offset
-    description: "number of items to skip. Defaults to 0"
-    in: query
-    required: false
-    type: integer
-    format: int32
-  limitParam:
-    name: limit
-    description: "max records to return. Defaults to 20"
-    in: query
-    required: false
-    type: integer
-    format: int32
-
-definitions:
-  ResponseMetadata:
-    title: Metadata object for a response
-    type: object
-    properties:
-      totalCount:
-        type: integer
-        format: int64
-        description: Total count of the objects
-
-  ErrorModel:
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            description: http status code
-            type: integer
-            format: int32
-          debug:
-            type: object
-          content:
-            type: object
-
-  ProjectBookMark:
-    title: Project bookmark
-    type: object
-    properties:
-      title:
-        type: string
-      address:
-        type: string
-
-  ProjectBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/Project"
-
-  NewProject:
-    type: object
-    required:
-       - name
-       - description
-       - type
-    properties:
-      name:
-        type: string
-        description: project name (required)
-      description:
-        type: string
-        description: Project description
-      billingAccountId:
-        type: number
-        format: long
-        description: the customer billing account id
-      estimatedPrice:
-        type: number
-        format: float
-        description: The estimated price of the project
-      terms:
-        type: array
-        items:
-          type: number
-          format: integer
-      external:
-        type: object
-        description: READ-ONLY, OPTIONAL. Refernce to external task/issue.
-        properties:
-          id:
-            type: string
-            description: Identifier for external reference
-          type:
-            type: string
-            description: external source type
-            enum: [ "github", "jira", "asana", "other"]
-          data:
-            type: string
-            description: "300 Char length text blob for customer provided data"
-      type:
-        type: string
-        description: project type
-        enum: ["generic", "visual_design", "visual_prototype", "app_dev"]
-      bookmarks:
-        type: array
-        items:
-          $ref: "#/definitions/ProjectBookMark"
-      challengeEligibility:
-        description: List of eligibility criteria (one entry per role)
-        type: array
-        items:
-          $ref: "#/definitions/ChallengeEligibility"
-      details:
-        $ref: "#/definitions/ProjectDetails"
-      utm:
-        description: READ-ONLY. Used for tracking
-        type: object
-        properties:
-          campaign:
-            type: string
-          medium:
-            type: string
-          source:
-            type: string
-
-
-  NewProjectBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/NewProject"
-
-  ChallengeEligibility:
-    description: Object describing who is eligible to work on this task
-    type: object
-    properties:
-        role:
-          type: string
-          enum: ["submitter", "reviewer", "copilot"]
-        users:
-          type: array
-          items:
-            type: integer
-            format: int64
-        groups:
-          type: array
-          items:
-            type: integer
-            format: int64
-
-
-  Project:
-    type: object
-    properties:
-      id:
-        description: unique identifier
-        type: integer
-        format: int64
-      directProjectId:
-        description: unique identifier in direct
-        type: integer
-        format: int64
-      billingAccountId:
-        type: integer
-        format: int64
-        description: The customer billing account id
-      utm:
-        description: READ-ONLY. Used for tracking
-        type: object
-        properties:
-          campaign:
-            type: string
-          medium:
-            type: string
-          source:
-            type: string
-      estimatedPrice:
-        type: number
-        format: float
-        description: The estimated price of the project
-      actualPrice:
-        type: number
-        format: float
-        description: The actual price of the project
-      terms:
-        type: array
-        items:
-          type: number
-          format: integer
-      name:
-        type: string
-        description: project name
-      description:
-        type: string
-        description: Project description
-
-      external:
-        type: object
-        description: READ-ONLY, OPTIONAL. Refernce to external task/issue.
-        properties:
-          id:
-            type: string
-            description: Identifier for external reference
-          type:
-            type: string
-            description: external source type
-            enum: [ "github", "jira", "asana", "other"]
-          data:
-            type: string
-            description: "300 Char length text blob for customer provided data"
-      type:
-        type: string
-        description: project type
-        enum: ["app_dev", "generic", "visual_prototype", "visual_design"]
-      status:
-        type: string
-        description: current state of the task
-        enum: ["draft", "in_review", "reviewed", "active", "paused", "cancelled", "completed"]
-      cancelReason:
-        type: string
-        description: If a project is cancelled, define the reason of cancellation
-      challengeEligibility:
-        description: List of eligibility criteria (one entry per role)
-        type: array
-        items:
-          $ref: "#/definitions/ChallengeEligibility"
-      bookmarks:
-        type: array
-        items:
-          $ref: "#/definitions/ProjectBookMark"
-      members:
-        description: |
-          READ-ONLY. List of project members.
-          Use project member api to add/remove members
-        type: array
-        items:
-          $ref: "#/definitions/ProjectMember"
-      attachments:
-        description: |
-          READ-ONLY. List of project attachmens.
-          Use project attachment api to add/remove attachments
-        type: array
-        items:
-          $ref: "#/definitions/ProjectAttachment"
-      details:
-        $ref: "#/definitions/ProjectDetails"
-
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
-        type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-  ProjectDetails:
-    description: Project details
-    type: object
-    properties:
-      summary:
-        type: string
-        description: text summary of the project
-      TBD_usageDescription:
-        type: string
-        description: a description of how the app will be used
-      TBD_features:
-        type: object
-        properties:
-          id:
-            type: integer
-          title:
-            type: string
-          description:
-            type: string
-          isCustom:
-            type: boolean
-
-
-  NewProjectMember:
-    title: Project Member object
-    type: object
-    required:
-      - userId
-      - role
-    properties:
-      userId:
-        type: number
-        format: int64
-        description: user identifier
-      isPrimary:
-        type: boolean
-        description: Flag to indicate this member is primary for specified role
-      role:
-        type: string
-        description: member role on specified project
-        enum: ["customer", "manager", "copilot"]
-
-  NewProjectMemberBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/NewProjectMember"
-
-  UpdateProjectMember:
-      title: Project Member object
-      type: object
-      required:
-        - role
-      properties:
-        isPrimary:
-          type: boolean
-          description: primary option
-        role:
-          type: string
-          description: member role on specified project
-          enum: ["customer", "manager", "copilot"]
-
-  UpdateProjectMemberBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/UpdateProjectMember"
-
-  NewProjectAttachment:
-    title: Project attachment request
-    type: object
-    required:
-      - filePath
-      - s3Bucket
-      - title
-      - contentType
-    properties:
-      filePath:
-        type: string
-        description: path where file is stored
-      s3Bucket:
-        type: string
-        description: The s3 bucket of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
-        type: string
-        description: Name of the attachment
-      description:
-        type: string
-        description: Optional description for the attached file.
-      category:
-        type: string
-        description: Category of attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
-
-  NewProjectAttachmentBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/NewProjectAttachment"
-
-  NewProjectAttachmentResponse:
-    title: Project attachment object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectAttachment"
-
-  ProjectAttachment:
-    title: Project attachment
-    type: object
-    properties:
-      id:
-        type: number
-        description: unique id for the attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
-      category:
-        type: string
-        description: The category of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
-        type: string
-        description: Name of the attachment
-      description:
-        type: string
-        description: Optional description for the attached file.
-      downloadUrl:
-        type: string
-        description: download link for the attachment.
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
-        type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-  ProjectMember:
-    title: Project Member object
-    type: object
-    properties:
-      id:
-        type: number
-        description: unique identifier for record
-      userId:
-        type: number
-        format: int64
-        description: user identifier
-      isPrimary:
-        type: boolean
-        description: Flag to indicate this member is primary for specified role
-      projectId:
-        type: number
-        format: int64
-        description: project identifier
-      role:
-        type: string
-        description: member role on specified project
-        enum: ["customer", "manager", "copilot"]
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
-        type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-
-
-  NewProjectMemberResponse:
-    title: Project member object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectMember"
-
-  UpdateProjectMemberResponse:
-    title: Project member object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectMember"
-
-
-  ProjectResponse:
-    title: Single project object
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/Project"
-
-  UpdateProjectResponse:
-    title: response with original and updated project object
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            type: object
-            properties:
-              original:
-                $ref: "#/definitions/Project"
-              updated:
-                 $ref: "#/definitions/Project"
-
-  ProjectListResponse:
-    title: List response
-    type: object
-    properties:
-      id:
-        type: string
-        readOnly: true
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
-          content:
-            type: array
-            items:
-              $ref: "#/definitions/Project"
+---
+swagger: "2.0"
+info:
+  version: "v4"
+  title: "Projects API"
+# during production,should point to your server machine
+host: localhost:3000
+basePath: "/v4"
+# during production, should use https
+schemes:
+- "http"
+produces:
+- application/json
+consumes:
+- application/json
+
+securityDefinitions:
+  Bearer:
+    type: apiKey
+    name: Authorization
+    in: header
+
+paths:
+  /projects:
+    get:
+      tags:
+        - project
+      operationId: findProjects
+      security:
+        - Bearer: []
+      description: Retreive projects that match the filter
+      responses:
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of projects
+          schema:
+            $ref: "#/definitions/ProjectListResponse"
+      parameters:
+        - $ref: "#/parameters/offsetParam"
+        - $ref: "#/parameters/limitParam"
+        - name: filter
+          required: true
+          type: string
+          in: query
+          description: |
+            Url encoded list of Supported filters
+             - id
+             - status
+             - type
+             - memberOnly
+             - keyword
+        - name: sort
+          required: false
+          description: |
+            sort projects by status, name, type, createdAt, updatedAt. Default is createdAt asc
+          in: query
+          type: string
+    post:
+      operationId: addProject
+      security:
+        - Bearer: []
+      description: Create a project
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/NewProjectBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project
+          schema:
+            $ref: "#/definitions/ProjectResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projects/{projectId}:
+    get:
+      description: Retrieve project by id
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a project
+          schema:
+            $ref: "#/definitions/ProjectResponse"
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - name: fields
+          required: false
+          type: string
+          in: query
+          description: |
+            Comma separated list of project fields to return.
+            Can also specify project_members, attachments to get project members and project attachments.
+            Sub fields of project members and project attachments are also allowed.
+      operationId: getProject
+
+    patch:
+      operationId: updateProject
+      security:
+        - Bearer: []
+      description: Update a project that user has access to. Managers and admin are able to pull out a project from cancelled state.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated project. Returns original and updated project object
+          schema:
+            $ref: "#/definitions/UpdateProjectResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - name: body
+          in: body
+          required: true
+          description: Only specify those properties that needs to be updated. `cancelReason` is mandatory if status is cancelled
+          schema:
+            $ref: "#/definitions/ProjectBodyParam"
+
+    delete:
+      description: remove an existing project
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If project is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Project successfully removed
+
+  /projects/{projectId}/attachments:
+    post:
+      description: add a new project attachment
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/NewProjectAttachmentBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project attachment
+          schema:
+            $ref: "#/definitions/NewProjectAttachmentResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projects/{projectId}/attachments/{id}:
+    patch:
+      description: Update an existing attachment
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - in: path
+          name: id
+          required: true
+          description: The id of attachment to update
+          type: integer
+        - in: body
+          name: body
+          required: true
+          description: Specify only those properties that needs to be updated
+          schema:
+            $ref: '#/definitions/NewProjectAttachmentBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project
+          schema:
+            $ref: "#/definitions/NewProjectAttachmentResponse"
+        '404':
+          description: If project attachment is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+    delete:
+      description: remove an existing attachment
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - in: path
+          name: id
+          required: true
+          description: The id of attachment to delete
+          type: integer
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If attachment is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Attachment successfully removed
+
+  /projects/{projectId}/members:
+    post:
+      description: add a new project member
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/NewProjectMemberBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project
+          schema:
+            $ref: "#/definitions/NewProjectMemberResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projects/{projectId}/members/{id}:
+    delete:
+      description: Delete a project member
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - in: path
+          name: id
+          required: true
+          type: integer
+
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Member successfully removed
+    patch:
+        security:
+          - Bearer: []
+        description: Support editing project member roles & primary option.
+        responses:
+          '403':
+            description: No permission or wrong token
+            schema:
+              $ref: "#/definitions/ErrorModel"
+          '404':
+            description: Not found
+            schema:
+              $ref: "#/definitions/ErrorModel"
+          '200':
+            description: Successfully updated project member. Returns entire project member object
+            schema:
+              $ref: "#/definitions/UpdateProjectMemberResponse"
+          '422':
+            description: Invalid input
+            schema:
+              $ref: "#/definitions/ErrorModel"
+          default:
+            description: error payload
+            schema:
+              $ref: '#/definitions/ErrorModel'
+        parameters:
+          - $ref: "#/parameters/projectIdParam"
+          - in: path
+            name: id
+            required: true
+            type: integer
+          - name: body
+            in: body
+            required: true
+            schema:
+              $ref: "#/definitions/UpdateProjectMemberBodyParam"
+
+
+
+  /projects/{projectId}/phases:
+    parameters:
+      - $ref: "#/parameters/projectIdParam"
+    get:
+      tags:
+        - phase
+      operationId: findProjectPhases
+      security:
+        - Bearer: []
+      description: Retreive all project phases. All users who can edit project can access this endpoint.
+      parameters:
+        - name: fields
+          required: false
+          type: string
+          in: query
+          description: |
+            Comma separated list of project phase fields to return.
+        - name: sort
+          required: false
+          description: |
+            sort project phases by startDate, endDate, status. Default is startDate asc
+          in: query
+          type: string
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of project phases
+          schema:
+            $ref: "#/definitions/ProjectPhaseListResponse"
+    post:
+      tags:
+        - phase
+      operationId: addProjectPhase
+      security:
+        - Bearer: []
+      description: Create a project phase
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/ProjectPhaseBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project phase
+          schema:
+            $ref: "#/definitions/ProjectPhaseResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projects/{projectId}/phases/{phaseId}:
+    parameters:
+      - $ref: "#/parameters/projectIdParam"
+      - $ref: "#/parameters/phaseIdParam"
+    get:
+      tags:
+        - phase
+      description: Retrieve project phase by id. All users who can edit project can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a project phase
+          schema:
+            $ref: "#/definitions/ProjectPhaseResponse"
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+      operationId: getProjectPhase
+
+    patch:
+      tags:
+        - phase
+      operationId: updateProjectPhase
+      security:
+        - Bearer: []
+      description: Update a project phase. All users who can edit project can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated project phase.
+          schema:
+            $ref: "#/definitions/ProjectPhaseResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/ProjectPhaseBodyParam"
+
+    delete:
+      tags:
+        - phase
+      description: Remove an existing project phase. All users who can edit project can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If project is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Project phase successfully removed
+
+
+
+  /projects/{projectId}/phases/{phaseId}/products:
+    parameters:
+      - $ref: "#/parameters/projectIdParam"
+      - $ref: "#/parameters/phaseIdParam"
+    get:
+      tags:
+        - phase product
+      operationId: findPhaseProducts
+      security:
+        - Bearer: []
+      description: Retreive all phase products. All users who can edit project can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of phase products
+          schema:
+            $ref: "#/definitions/PhaseProductListResponse"
+    post:
+      tags:
+        - phase product
+      operationId: addPhaseProduct
+      security:
+        - Bearer: []
+      description: Create a phase product
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/PhaseProductBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created phase product
+          schema:
+            $ref: "#/definitions/PhaseProductResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projects/{projectId}/phases/{phaseId}/products/{productId}:
+    parameters:
+      - $ref: "#/parameters/projectIdParam"
+      - $ref: "#/parameters/phaseIdParam"
+      - $ref: "#/parameters/productIdParam"
+    get:
+      tags:
+        - phase product
+      description: Retrieve phase product by id. All users who can edit project can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a phase product
+          schema:
+            $ref: "#/definitions/PhaseProductResponse"
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+      operationId: getPhaseProduct
+
+    patch:
+      tags:
+        - phase product
+      operationId: updatePhaseProduct
+      security:
+        - Bearer: []
+      description: Update a phase product. All users who can edit project can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated phase product.
+          schema:
+            $ref: "#/definitions/PhaseProductResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/PhaseProductBodyParam"
+
+    delete:
+      tags:
+        - phase product
+      description: Remove an existing phase product. All users who can edit project can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/phaseIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If project is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Project phase successfully removed
+
+
+parameters:
+  projectIdParam:
+    name: projectId
+    in: path
+    description: project identifier
+    required: true
+    type: integer
+    format: int64
+  phaseIdParam:
+    name: phaseId
+    in: path
+    description: project phase identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
+  productIdParam:
+    name: productId
+    in: path
+    description: project phase product identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
+  offsetParam:
+    name: offset
+    description: "number of items to skip. Defaults to 0"
+    in: query
+    required: false
+    type: integer
+    format: int32
+  limitParam:
+    name: limit
+    description: "max records to return. Defaults to 20"
+    in: query
+    required: false
+    type: integer
+    format: int32
+
+definitions:
+  ResponseMetadata:
+    title: Metadata object for a response
+    type: object
+    properties:
+      totalCount:
+        type: integer
+        format: int64
+        description: Total count of the objects
+
+  ErrorModel:
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            description: http status code
+            type: integer
+            format: int32
+          debug:
+            type: object
+          content:
+            type: object
+
+  ProjectBookMark:
+    title: Project bookmark
+    type: object
+    properties:
+      title:
+        type: string
+      address:
+        type: string
+
+  ProjectBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/Project"
+
+  NewProject:
+    type: object
+    required:
+       - name
+       - description
+       - type
+    properties:
+      name:
+        type: string
+        description: project name (required)
+      description:
+        type: string
+        description: Project description
+      billingAccountId:
+        type: number
+        format: long
+        description: the customer billing account id
+      estimatedPrice:
+        type: number
+        format: float
+        description: The estimated price of the project
+      terms:
+        type: array
+        items:
+          type: number
+          format: integer
+      external:
+        type: object
+        description: READ-ONLY, OPTIONAL. Refernce to external task/issue.
+        properties:
+          id:
+            type: string
+            description: Identifier for external reference
+          type:
+            type: string
+            description: external source type
+            enum: [ "github", "jira", "asana", "other"]
+          data:
+            type: string
+            description: "300 Char length text blob for customer provided data"
+      type:
+        type: string
+        description: project type
+        enum: ["generic", "visual_design", "visual_prototype", "app_dev"]
+      bookmarks:
+        type: array
+        items:
+          $ref: "#/definitions/ProjectBookMark"
+      challengeEligibility:
+        description: List of eligibility criteria (one entry per role)
+        type: array
+        items:
+          $ref: "#/definitions/ChallengeEligibility"
+      details:
+        $ref: "#/definitions/ProjectDetails"
+      utm:
+        description: READ-ONLY. Used for tracking
+        type: object
+        properties:
+          campaign:
+            type: string
+          medium:
+            type: string
+          source:
+            type: string
+
+
+  NewProjectBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/NewProject"
+
+  ChallengeEligibility:
+    description: Object describing who is eligible to work on this task
+    type: object
+    properties:
+        role:
+          type: string
+          enum: ["submitter", "reviewer", "copilot"]
+        users:
+          type: array
+          items:
+            type: integer
+            format: int64
+        groups:
+          type: array
+          items:
+            type: integer
+            format: int64
+
+
+  Project:
+    type: object
+    properties:
+      id:
+        description: unique identifier
+        type: integer
+        format: int64
+      directProjectId:
+        description: unique identifier in direct
+        type: integer
+        format: int64
+      billingAccountId:
+        type: integer
+        format: int64
+        description: The customer billing account id
+      utm:
+        description: READ-ONLY. Used for tracking
+        type: object
+        properties:
+          campaign:
+            type: string
+          medium:
+            type: string
+          source:
+            type: string
+      estimatedPrice:
+        type: number
+        format: float
+        description: The estimated price of the project
+      actualPrice:
+        type: number
+        format: float
+        description: The actual price of the project
+      terms:
+        type: array
+        items:
+          type: number
+          format: integer
+      name:
+        type: string
+        description: project name
+      description:
+        type: string
+        description: Project description
+
+      external:
+        type: object
+        description: READ-ONLY, OPTIONAL. Refernce to external task/issue.
+        properties:
+          id:
+            type: string
+            description: Identifier for external reference
+          type:
+            type: string
+            description: external source type
+            enum: [ "github", "jira", "asana", "other"]
+          data:
+            type: string
+            description: "300 Char length text blob for customer provided data"
+      type:
+        type: string
+        description: project type
+        enum: ["app_dev", "generic", "visual_prototype", "visual_design"]
+      status:
+        type: string
+        description: current state of the task
+        enum: ["draft", "in_review", "reviewed", "active", "paused", "cancelled", "completed"]
+      cancelReason:
+        type: string
+        description: If a project is cancelled, define the reason of cancellation
+      challengeEligibility:
+        description: List of eligibility criteria (one entry per role)
+        type: array
+        items:
+          $ref: "#/definitions/ChallengeEligibility"
+      bookmarks:
+        type: array
+        items:
+          $ref: "#/definitions/ProjectBookMark"
+      members:
+        description: |
+          READ-ONLY. List of project members.
+          Use project member api to add/remove members
+        type: array
+        items:
+          $ref: "#/definitions/ProjectMember"
+      attachments:
+        description: |
+          READ-ONLY. List of project attachmens.
+          Use project attachment api to add/remove attachments
+        type: array
+        items:
+          $ref: "#/definitions/ProjectAttachment"
+      details:
+        $ref: "#/definitions/ProjectDetails"
+
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
+        type: string
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+  ProjectDetails:
+    description: Project details
+    type: object
+    properties:
+      summary:
+        type: string
+        description: text summary of the project
+      TBD_usageDescription:
+        type: string
+        description: a description of how the app will be used
+      TBD_features:
+        type: object
+        properties:
+          id:
+            type: integer
+          title:
+            type: string
+          description:
+            type: string
+          isCustom:
+            type: boolean
+
+
+  NewProjectMember:
+    title: Project Member object
+    type: object
+    required:
+      - userId
+      - role
+    properties:
+      userId:
+        type: number
+        format: int64
+        description: user identifier
+      isPrimary:
+        type: boolean
+        description: Flag to indicate this member is primary for specified role
+      role:
+        type: string
+        description: member role on specified project
+        enum: ["customer", "manager", "copilot"]
+
+  NewProjectMemberBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/NewProjectMember"
+
+  UpdateProjectMember:
+      title: Project Member object
+      type: object
+      required:
+        - role
+      properties:
+        isPrimary:
+          type: boolean
+          description: primary option
+        role:
+          type: string
+          description: member role on specified project
+          enum: ["customer", "manager", "copilot"]
+
+  UpdateProjectMemberBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/UpdateProjectMember"
+
+  NewProjectAttachment:
+    title: Project attachment request
+    type: object
+    required:
+      - filePath
+      - s3Bucket
+      - title
+      - contentType
+    properties:
+      filePath:
+        type: string
+        description: path where file is stored
+      s3Bucket:
+        type: string
+        description: The s3 bucket of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
+      category:
+        type: string
+        description: Category of attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
+
+  NewProjectAttachmentBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/NewProjectAttachment"
+
+  NewProjectAttachmentResponse:
+    title: Project attachment object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectAttachment"
+
+  ProjectAttachment:
+    title: Project attachment
+    type: object
+    properties:
+      id:
+        type: number
+        description: unique id for the attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
+      category:
+        type: string
+        description: The category of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
+      downloadUrl:
+        type: string
+        description: download link for the attachment.
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
+        type: string
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+  ProjectMember:
+    title: Project Member object
+    type: object
+    properties:
+      id:
+        type: number
+        description: unique identifier for record
+      userId:
+        type: number
+        format: int64
+        description: user identifier
+      isPrimary:
+        type: boolean
+        description: Flag to indicate this member is primary for specified role
+      projectId:
+        type: number
+        format: int64
+        description: project identifier
+      role:
+        type: string
+        description: member role on specified project
+        enum: ["customer", "manager", "copilot"]
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
+        type: string
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+
+
+  NewProjectMemberResponse:
+    title: Project member object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectMember"
+
+  UpdateProjectMemberResponse:
+    title: Project member object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectMember"
+
+
+  ProjectResponse:
+    title: Single project object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/Project"
+
+  UpdateProjectResponse:
+    title: response with original and updated project object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            type: object
+            properties:
+              original:
+                $ref: "#/definitions/Project"
+              updated:
+                 $ref: "#/definitions/Project"
+
+  ProjectListResponse:
+    title: List response
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/Project"
+
+
+
+
+  ProjectPhaseRequest:
+    title: Project phase request object
+    type: object
+    required:
+      - name
+      - status
+      - startDate
+      - endDate
+    properties:
+      name:
+        type: string
+        description: the project phase name
+      status:
+        type: string
+        description: the project phase status
+      startDate:
+        type: string
+        format: date
+        description: the project phase start date
+      endDate:
+        type: string
+        format: date
+        description: the project phase end date
+      budget:
+        type: number
+        description: the project phase budget
+      progress:
+        type: number
+        description: the project phase progress
+      details:
+        type: object
+        description: the project phase details
+
+  ProjectPhaseBodyParam:
+    title: Project phase body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectPhaseRequest"
+
+  ProjectPhase:
+    title: Project phase object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProjectPhaseRequest"
+
+
+  ProjectPhaseResponse:
+    title: Single project phase response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/ProjectPhase"
+
+  ProjectPhaseListResponse:
+    title: Project phase list response object
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/ProjectPhase"
+
+
+  PhaseProductRequest:
+    title: Phase product request object
+    type: object
+    properties:
+      name:
+        type: string
+        description: the phase product name
+      directProjectId:
+        type: number
+        description: the phase product direct project id
+      billingAccountId:
+        type: number
+        description: the phase product billing account Id
+      templateId:
+        type: number
+        description: the phase product template id
+      type:
+        type: string
+        description: the phase product type
+      estimatedPrice:
+        type: number
+        description: the phase product estimated price
+      actualPrice:
+        type: number
+        description: the phase product actual price
+      details:
+        type: object
+        description: the phase product details
+
+  PhaseProductBodyParam:
+    title: Phase product body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/PhaseProductRequest"
+
+  PhaseProduct:
+    title: Phase product object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/PhaseProductRequest"
+
+
+  PhaseProductResponse:
+    title: Single phase product response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/PhaseProduct"
+
+  PhaseProductListResponse:
+    title: Phase product list response object
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/PhaseProduct"
+              
\ No newline at end of file

From 1e65c939eb4428cd7fa89d81bdecae39715a99e9 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho <pvmagacho@gmail.com>
Date: Sat, 26 May 2018 08:13:49 -0300
Subject: [PATCH 03/59] merge from project and product templates

---
 .circleci/config.yml                         |   2 +-
 README.md                                    |   2 +-
 postman.json                                 | 242 ++++++++-
 postman_environment.json                     |  23 +
 src/models/productTemplate.js                |  32 ++
 src/models/projectTemplate.js                |  30 ++
 src/permissions/connectManagerOrAdmin.ops.js |  18 +
 src/permissions/index.js                     |  11 +
 src/routes/index.js                          |  35 +-
 src/routes/productTemplates/create.js        |  51 ++
 src/routes/productTemplates/create.spec.js   | 157 ++++++
 src/routes/productTemplates/delete.js        |  55 ++
 src/routes/productTemplates/delete.spec.js   | 129 +++++
 src/routes/productTemplates/get.js           |  41 ++
 src/routes/productTemplates/get.spec.js      | 153 ++++++
 src/routes/productTemplates/list.js          |  23 +
 src/routes/productTemplates/list.spec.js     | 148 ++++++
 src/routes/productTemplates/update.js        |  72 +++
 src/routes/productTemplates/update.spec.js   | 244 +++++++++
 src/routes/projectTemplates/create.js        |  49 ++
 src/routes/projectTemplates/create.spec.js   | 153 ++++++
 src/routes/projectTemplates/delete.js        |  55 ++
 src/routes/projectTemplates/delete.spec.js   | 127 +++++
 src/routes/projectTemplates/get.js           |  41 ++
 src/routes/projectTemplates/get.spec.js      | 148 ++++++
 src/routes/projectTemplates/list.js          |  23 +
 src/routes/projectTemplates/list.spec.js     | 141 ++++++
 src/routes/projectTemplates/update.js        |  70 +++
 src/routes/projectTemplates/update.spec.js   | 237 +++++++++
 src/tests/seed.js                            | 296 +++++++----
 src/util.js                                  |  80 +--
 swagger.yaml                                 | 500 +++++++++++++++++++
 32 files changed, 3237 insertions(+), 151 deletions(-)
 create mode 100644 postman_environment.json
 create mode 100644 src/models/productTemplate.js
 create mode 100644 src/models/projectTemplate.js
 create mode 100644 src/permissions/connectManagerOrAdmin.ops.js
 create mode 100644 src/routes/productTemplates/create.js
 create mode 100644 src/routes/productTemplates/create.spec.js
 create mode 100644 src/routes/productTemplates/delete.js
 create mode 100644 src/routes/productTemplates/delete.spec.js
 create mode 100644 src/routes/productTemplates/get.js
 create mode 100644 src/routes/productTemplates/get.spec.js
 create mode 100644 src/routes/productTemplates/list.js
 create mode 100644 src/routes/productTemplates/list.spec.js
 create mode 100644 src/routes/productTemplates/update.js
 create mode 100644 src/routes/productTemplates/update.spec.js
 create mode 100644 src/routes/projectTemplates/create.js
 create mode 100644 src/routes/projectTemplates/create.spec.js
 create mode 100644 src/routes/projectTemplates/delete.js
 create mode 100644 src/routes/projectTemplates/delete.spec.js
 create mode 100644 src/routes/projectTemplates/get.js
 create mode 100644 src/routes/projectTemplates/get.spec.js
 create mode 100644 src/routes/projectTemplates/list.js
 create mode 100644 src/routes/projectTemplates/list.spec.js
 create mode 100644 src/routes/projectTemplates/update.js
 create mode 100644 src/routes/projectTemplates/update.spec.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
index cfc1f527..4fea1158 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -76,7 +76,7 @@ workflows:
             - test
           filters:
             branches:
-              only: [dev, 'feature/db-lock-issue']
+              only: dev
       - deployProd:
           requires:
             - test
diff --git a/README.md b/README.md
index 2a18f10c..e2e5a707 100644
--- a/README.md
+++ b/README.md
@@ -71,7 +71,7 @@ Run image:
 `docker run -p 3000:3000 -i -t -e DB_HOST=172.17.0.1 tc_projects_services`
 You may replace 172.17.0.1 with your docker0 IP.
 
-You can paste **swagger.yaml** to  [swagger editor](http://editor.swagger.io/) or import **postman.json** to verify endpoints.
+You can paste **swagger.yaml** to  [swagger editor](http://editor.swagger.io/) or import **postman.json** and **postman_environment.json** to verify endpoints.
 
 #### Deploying without docker
 If you don't want to use docker to deploy to localhost. You can simply run `npm run start` from root of project. This should start the server on default port `3000`.
diff --git a/postman.json b/postman.json
index 807c4f87..314c5d4b 100644
--- a/postman.json
+++ b/postman.json
@@ -1,13 +1,13 @@
 {
 	"info": {
+		"_postman_id": "469f0f40-b34a-40f9-b89d-bd7fde996676",
 		"name": "tc-project-service ",
-		"_postman_id": "8f323d9c-63bd-5f2c-87f1-1e99083786f3",
-		"description": "",
 		"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
 	},
 	"item": [
 		{
 			"name": "Project Attachments",
+			"description": null,
 			"item": [
 				{
 					"name": "Upload attachment",
@@ -82,6 +82,7 @@
 		},
 		{
 			"name": "Project Members",
+			"description": null,
 			"item": [
 				{
 					"name": "Create project member with no payload",
@@ -900,6 +901,7 @@
 		},
 		{
 			"name": "bookmarks",
+			"description": null,
 			"item": [
 				{
 					"name": " Create project without bookmarks",
@@ -1077,6 +1079,7 @@
 		},
 		{
 			"name": "issue1",
+			"description": null,
 			"item": [
 				{
 					"name": "get projects with copilot token",
@@ -1100,6 +1103,7 @@
 		},
 		{
 			"name": "issue10",
+			"description": null,
 			"item": [
 				{
 					"name": "wrong role",
@@ -1149,6 +1153,7 @@
 		},
 		{
 			"name": "issue5",
+			"description": null,
 			"item": [
 				{
 					"name": "launch a project by topcoder managers ",
@@ -1220,6 +1225,7 @@
 		},
 		{
 			"name": "issue8",
+			"description": null,
 			"item": [
 				{
 					"name": "mock direct projects",
@@ -1376,6 +1382,238 @@
 					"response": []
 				}
 			]
+		},
+		{
+			"name": "Project Templates",
+			"description": "",
+			"item": [
+				{
+					"name": "Create project template",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/projectTemplates"
+					},
+					"response": []
+				},
+				{
+					"name": "List project templates",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/projectTemplates"
+					},
+					"response": []
+				},
+				{
+					"name": "Get project template",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/projectTemplates/1"
+					},
+					"response": []
+				},
+				{
+					"name": "Update project template",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/projectTemplates/1"
+					},
+					"response": []
+				},
+				{
+					"name": "Delete project template",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/projectTemplates/1"
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Product Templates",
+			"description": "",
+			"item": [
+				{
+					"name": "Create product template",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"productKey\":\"new productKey\",\r\n    \"icon\":\"http://example.com/icon-new.ico\",\r\n    \"brief\": \"new brief\",\r\n    \"details\": \"new details\",\r\n    \"aliases\":{\r\n      \"alias1\":\"alias 1\"\r\n    },\r\n    \"template\":{\r\n      \"template1\":\"template 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/productTemplates"
+					},
+					"response": []
+				},
+				{
+					"name": "List product templates",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/productTemplates"
+					},
+					"response": []
+				},
+				{
+					"name": "Get product template",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/productTemplates/1"
+					},
+					"response": []
+				},
+				{
+					"name": "Update product template",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"productKey\":\"new productKey\",\r\n    \"icon\":\"http://example.com/icon-new.ico\",\r\n    \"brief\": \"new brief\",\r\n    \"details\": \"new details\",\r\n    \"aliases\":{\r\n      \"alias1\":\"scope 1\",\r\n      \"alias2\": [\"a\"]\r\n    },\r\n    \"template\":{\r\n      \"template1\":\"template 1\",\r\n      \"template2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/productTemplates/1"
+					},
+					"response": []
+				},
+				{
+					"name": "Delete product template",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
+						},
+						"url": "{{api-url}}/v4/productTemplates/1"
+					},
+					"response": []
+				}
+			]
 		}
 	]
 }
\ No newline at end of file
diff --git a/postman_environment.json b/postman_environment.json
new file mode 100644
index 00000000..12fab912
--- /dev/null
+++ b/postman_environment.json
@@ -0,0 +1,23 @@
+{
+  "id": "e6b30b4b-1388-4622-8314-bc49ba1d752b",
+  "name": "tc-project-service",
+  "values": [
+    {
+      "key": "api-url",
+      "value": "http://localhost:3000",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiYWRtaW5pc3RyYXRvciJdLCJpc3MiOiJodHRwczovL2FwaS50b3Bjb2Rlci1kZXYuY29tIiwiaGFuZGxlIjoidGVzdDEiLCJleHAiOjI1NjMwNzY2ODksInVzZXJJZCI6IjQwMDUxMzMzIiwiaWF0IjoxNDYzMDc2MDg5LCJlbWFpbCI6InRlc3RAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.wKWUe0-SaiFVN-VR_-GwgFlvWaDkSbc8H55ktb9LAVw",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    }
+  ],
+  "_postman_variable_scope": "environment",
+  "_postman_exported_at": "2018-05-18T18:54:18.167Z",
+  "_postman_exported_using": "Postman/6.0.10"
+}
\ No newline at end of file
diff --git a/src/models/productTemplate.js b/src/models/productTemplate.js
new file mode 100644
index 00000000..72d7bc30
--- /dev/null
+++ b/src/models/productTemplate.js
@@ -0,0 +1,32 @@
+/* eslint-disable valid-jsdoc */
+
+/**
+ * The Product Template model
+ */
+module.exports = (sequelize, DataTypes) => {
+  const ProductTemplate = sequelize.define('ProductTemplate', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING(255), allowNull: false },
+    productKey: { type: DataTypes.STRING(45), allowNull: false },
+    icon: { type: DataTypes.STRING(255), allowNull: false },
+    brief: { type: DataTypes.STRING(45), allowNull: false },
+    details: { type: DataTypes.STRING(255), allowNull: false },
+    aliases: { type: DataTypes.JSON, allowNull: false },
+    template: { type: DataTypes.JSON, allowNull: false },
+    deletedAt: DataTypes.DATE,
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: DataTypes.BIGINT,
+    createdBy: { type: DataTypes.BIGINT, allowNull: false },
+    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
+  }, {
+    tableName: 'product_templates',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+  });
+
+  return ProductTemplate;
+};
diff --git a/src/models/projectTemplate.js b/src/models/projectTemplate.js
new file mode 100644
index 00000000..206fa9e0
--- /dev/null
+++ b/src/models/projectTemplate.js
@@ -0,0 +1,30 @@
+/* eslint-disable valid-jsdoc */
+
+/**
+ * The Project Template model
+ */
+module.exports = (sequelize, DataTypes) => {
+  const ProjectTemplate = sequelize.define('ProjectTemplate', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING(255), allowNull: false },
+    key: { type: DataTypes.STRING(45), allowNull: false },
+    category: { type: DataTypes.STRING(45), allowNull: false },
+    scope: { type: DataTypes.JSON, allowNull: false },
+    phases: { type: DataTypes.JSON, allowNull: false },
+    deletedAt: DataTypes.DATE,
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: DataTypes.BIGINT,
+    createdBy: { type: DataTypes.BIGINT, allowNull: false },
+    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
+  }, {
+    tableName: 'project_templates',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+  });
+
+  return ProjectTemplate;
+};
diff --git a/src/permissions/connectManagerOrAdmin.ops.js b/src/permissions/connectManagerOrAdmin.ops.js
new file mode 100644
index 00000000..0a5fb15a
--- /dev/null
+++ b/src/permissions/connectManagerOrAdmin.ops.js
@@ -0,0 +1,18 @@
+import util from '../util';
+import { MANAGER_ROLES } from '../constants';
+
+
+/**
+ * Only Connect Manager, Connect Admin, and administrator are allowed to perform the operations
+ * @param {Object}    req         the express request instance
+ * @return {Promise}              returns a promise
+ */
+module.exports = req => new Promise((resolve, reject) => {
+  const hasAccess = util.hasRoles(req, MANAGER_ROLES);
+
+  if (!hasAccess) {
+    return reject(new Error('You do not have permissions to perform this action'));
+  }
+
+  return resolve(true);
+});
diff --git a/src/permissions/index.js b/src/permissions/index.js
index e0797b3c..54365072 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -6,6 +6,7 @@ const projectEdit = require('./project.edit');
 const projectDelete = require('./project.delete');
 const projectMemberDelete = require('./projectMember.delete');
 const projectAdmin = require('./admin.ops');
+const connectManagerOrAdmin = require('./connectManagerOrAdmin.ops');
 
 module.exports = () => {
   Authorizer.setDeniedStatusCode(403);
@@ -23,4 +24,14 @@ module.exports = () => {
   Authorizer.setPolicy('project.downloadAttachment', projectView);
   Authorizer.setPolicy('project.updateMember', projectEdit);
   Authorizer.setPolicy('project.admin', projectAdmin);
+
+  Authorizer.setPolicy('projectTemplate.create', connectManagerOrAdmin);
+  Authorizer.setPolicy('projectTemplate.edit', connectManagerOrAdmin);
+  Authorizer.setPolicy('projectTemplate.delete', connectManagerOrAdmin);
+  Authorizer.setPolicy('projectTemplate.view', true);
+
+  Authorizer.setPolicy('productTemplate.create', connectManagerOrAdmin);
+  Authorizer.setPolicy('productTemplate.edit', connectManagerOrAdmin);
+  Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
+  Authorizer.setPolicy('productTemplate.view', true);
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index 47a51502..35abd8ba 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -26,7 +26,9 @@ router.get(`/${apiVersion}/projects/health`, (req, res) => {
 // All project service endpoints need authentication
 const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
 
-router.all(RegExp(`\\/${apiVersion}\\/projects(?!\\/health).*`), jwtAuth());
+router.all(
+  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates)(?!\\/health).*`),
+  jwtAuth());
 
 // Register all the routes
 router.route('/v4/projects')
@@ -51,19 +53,34 @@ router.route('/v4/projects/:projectId(\\d+)')
   .delete(require('./projects/delete'));
 
 router.route('/v4/projects/:projectId(\\d+)/members')
-    .post(require('./projectMembers/create'));
+  .post(require('./projectMembers/create'));
 
 router.route('/v4/projects/:projectId(\\d+)/members/:id(\\d+)')
-    .delete(require('./projectMembers/delete'))
-    .patch(require('./projectMembers/update'));
+  .delete(require('./projectMembers/delete'))
+  .patch(require('./projectMembers/update'));
 
 router.route('/v4/projects/:projectId(\\d+)/attachments')
-    .post(require('./attachments/create'));
+  .post(require('./attachments/create'));
 router.route('/v4/projects/:projectId(\\d+)/attachments/:id(\\d+)')
-    .get(require('./attachments/download'))
-    .patch(require('./attachments/update'))
-    .delete(require('./attachments/delete'));
-
+  .get(require('./attachments/download'))
+  .patch(require('./attachments/update'))
+  .delete(require('./attachments/delete'));
+
+router.route('/v4/projectTemplates')
+  .post(require('./projectTemplates/create'))
+  .get(require('./projectTemplates/list'));
+router.route('/v4/projectTemplates/:templateId(\\d+)')
+  .get(require('./projectTemplates/get'))
+  .patch(require('./projectTemplates/update'))
+  .delete(require('./projectTemplates/delete'));
+
+router.route('/v4/productTemplates')
+  .post(require('./productTemplates/create'))
+  .get(require('./productTemplates/list'));
+router.route('/v4/productTemplates/:templateId(\\d+)')
+  .get(require('./productTemplates/get'))
+  .patch(require('./productTemplates/update'))
+  .delete(require('./productTemplates/delete'));
 
 // register error handler
 router.use((err, req, res, next) => { // eslint-disable-line no-unused-vars
diff --git a/src/routes/productTemplates/create.js b/src/routes/productTemplates/create.js
new file mode 100644
index 00000000..b00363e3
--- /dev/null
+++ b/src/routes/productTemplates/create.js
@@ -0,0 +1,51 @@
+/**
+ * API to add a product template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      productKey: Joi.string().max(45).required(),
+      icon: Joi.string().max(255).required(),
+      brief: Joi.string().max(45).required(),
+      details: Joi.string().max(255).required(),
+      aliases: Joi.object().required(),
+      template: Joi.object().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('productTemplate.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    return models.ProductTemplate.create(entity)
+      .then((createdEntity) => {
+        // Omit deletedAt, deletedBy
+        res.status(201).json(util.wrapResponse(
+          req.id, _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy'), 1, 201));
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/productTemplates/create.spec.js b/src/routes/productTemplates/create.spec.js
new file mode 100644
index 00000000..8476a5ef
--- /dev/null
+++ b/src/routes/productTemplates/create.spec.js
@@ -0,0 +1,157 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('CREATE product template', () => {
+  describe('POST /productTemplates', () => {
+    const body = {
+      param: {
+        name: 'name 1',
+        productKey: 'productKey 1',
+        icon: 'http://example.com/icon1.ico',
+        brief: 'brief 1',
+        details: 'details 1',
+        aliases: {
+          alias1: {
+            subAlias1A: 1,
+            subAlias1B: 2,
+          },
+          alias2: [1, 2, 3],
+        },
+        template: {
+          template1: {
+            name: 'template 1',
+            details: {
+              anyDetails: 'any details 1',
+            },
+            others: ['others 11', 'others 12'],
+          },
+          template2: {
+            name: 'template 2',
+            details: {
+              anyDetails: 'any details 2',
+            },
+            others: ['others 21', 'others 22'],
+          },
+        },
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 422 if validations dont pass', (done) => {
+      const invalidBody = {
+        param: {
+          aliases: 'a',
+          template: 1,
+        },
+      };
+
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.productKey.should.be.eql(body.param.productKey);
+          resJson.icon.should.be.eql(body.param.icon);
+          resJson.brief.should.be.eql(body.param.brief);
+          resJson.details.should.be.eql(body.param.details);
+          resJson.aliases.should.be.eql(body.param.aliases);
+          resJson.template.should.be.eql(body.param.template);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 201 for connect manager', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051334); // manager
+          resJson.updatedBy.should.be.eql(40051334); // manager
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/productTemplates/delete.js b/src/routes/productTemplates/delete.js
new file mode 100644
index 00000000..81c65b6b
--- /dev/null
+++ b/src/routes/productTemplates/delete.js
@@ -0,0 +1,55 @@
+/**
+ * API to delete a product template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('productTemplate.delete'),
+  (req, res, next) => {
+    const where = {
+      deletedAt: { $eq: null },
+      id: req.params.templateId,
+    };
+
+    return models.sequelize.transaction(tx =>
+      // Update the deletedBy
+      models.ProductTemplate.update({ deletedBy: req.authUser.userId }, {
+        where,
+        returning: true,
+        raw: true,
+        transaction: tx,
+      })
+        .then((updatedResults) => {
+          // Not found
+          if (updatedResults[0] === 0) {
+            const apiErr = new Error(`Product template not found for template id ${req.params.templateId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Soft delete
+          return models.ProductTemplate.destroy({
+            where,
+            transaction: tx,
+            raw: true,
+          });
+        })
+        .then(() => {
+          res.status(204).end();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/productTemplates/delete.spec.js b/src/routes/productTemplates/delete.spec.js
new file mode 100644
index 00000000..058fea4c
--- /dev/null
+++ b/src/routes/productTemplates/delete.spec.js
@@ -0,0 +1,129 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+
+describe('DELETE product template', () => {
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.create({
+      name: 'name 1',
+      productKey: 'productKey 1',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        template1: {
+          name: 'template 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        template2: {
+          name: 'template 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    })).then((template) => {
+      templateId = template.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('DELETE /productTemplates/{templateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProductTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .delete(`/v4/productTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 204, for admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect manager, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/productTemplates/get.js b/src/routes/productTemplates/get.js
new file mode 100644
index 00000000..e660f979
--- /dev/null
+++ b/src/routes/productTemplates/get.js
@@ -0,0 +1,41 @@
+/**
+ * API to get a product template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('productTemplate.view'),
+  (req, res, next) => models.ProductTemplate.findOne({
+    where: {
+      deletedAt: { $eq: null },
+      id: req.params.templateId,
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((productTemplate) => {
+      // Not found
+      if (!productTemplate) {
+        const apiErr = new Error(`Product template not found for product id ${req.params.templateId}`);
+        apiErr.status = 404;
+        return Promise.reject(apiErr);
+      }
+
+      res.json(util.wrapResponse(req.id, productTemplate));
+      return Promise.resolve();
+    })
+    .catch(next),
+];
diff --git a/src/routes/productTemplates/get.spec.js b/src/routes/productTemplates/get.spec.js
new file mode 100644
index 00000000..0fbdf37e
--- /dev/null
+++ b/src/routes/productTemplates/get.spec.js
@@ -0,0 +1,153 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('GET product template', () => {
+  const template = {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  };
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.create(template))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /productTemplates/{templateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProductTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .get(`/v4/productTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(templateId);
+          resJson.name.should.be.eql(template.name);
+          resJson.productKey.should.be.eql(template.productKey);
+          resJson.icon.should.be.eql(template.icon);
+          resJson.brief.should.be.eql(template.brief);
+          resJson.details.should.be.eql(template.details);
+          resJson.aliases.should.be.eql(template.aliases);
+          resJson.template.should.be.eql(template.template);
+
+          resJson.createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(template.updatedBy);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/productTemplates/list.js b/src/routes/productTemplates/list.js
new file mode 100644
index 00000000..11a9e276
--- /dev/null
+++ b/src/routes/productTemplates/list.js
@@ -0,0 +1,23 @@
+/**
+ * API to list all product templates
+ */
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  permissions('productTemplate.view'),
+  (req, res, next) => models.ProductTemplate.findAll({
+    where: {
+      deletedAt: { $eq: null },
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((productTemplates) => {
+      res.json(util.wrapResponse(req.id, productTemplates));
+    })
+    .catch(next),
+];
diff --git a/src/routes/productTemplates/list.spec.js b/src/routes/productTemplates/list.spec.js
new file mode 100644
index 00000000..e487d777
--- /dev/null
+++ b/src/routes/productTemplates/list.spec.js
@@ -0,0 +1,148 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('LIST product templates', () => {
+  const templates = [
+    {
+      name: 'name 1',
+      productKey: 'productKey 1',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        template1: {
+          name: 'template 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        template2: {
+          name: 'template 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'template 2',
+      productKey: 'productKey 2',
+      icon: 'http://example.com/icon2.ico',
+      brief: 'brief 2',
+      details: 'details 2',
+      aliases: {},
+      template: {},
+      createdBy: 3,
+      updatedBy: 4,
+    },
+  ];
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.create(templates[0]))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return models.ProductTemplate.create(templates[1]);
+    }).then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /productTemplates', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .expect(403, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const template = templates[0];
+
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+          resJson[0].id.should.be.eql(templateId);
+          resJson[0].name.should.be.eql(template.name);
+          resJson[0].productKey.should.be.eql(template.productKey);
+          resJson[0].icon.should.be.eql(template.icon);
+          resJson[0].brief.should.be.eql(template.brief);
+          resJson[0].details.should.be.eql(template.details);
+          resJson[0].aliases.should.be.eql(template.aliases);
+          resJson[0].template.should.be.eql(template.template);
+
+          resJson[0].createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson[0].createdAt);
+          resJson[0].updatedBy.should.be.eql(template.updatedBy);
+          should.exist(resJson[0].updatedAt);
+          should.not.exist(resJson[0].deletedBy);
+          should.not.exist(resJson[0].deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/productTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/productTemplates/update.js b/src/routes/productTemplates/update.js
new file mode 100644
index 00000000..c5ebf633
--- /dev/null
+++ b/src/routes/productTemplates/update.js
@@ -0,0 +1,72 @@
+/**
+ * API to update a product template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      productKey: Joi.string().max(45).required(),
+      icon: Joi.string().max(255).required(),
+      brief: Joi.string().max(45).required(),
+      details: Joi.string().max(255).required(),
+      aliases: Joi.object().required(),
+      template: Joi.object().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('productTemplate.edit'),
+  (req, res, next) => {
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+    });
+
+    return models.ProductTemplate.findOne({
+      where: {
+        deletedAt: { $eq: null },
+        id: req.params.templateId,
+      },
+      attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    })
+      .then((productTemplate) => {
+        // Not found
+        if (!productTemplate) {
+          const apiErr = new Error(`Product template not found for template id ${req.params.templateId}`);
+          apiErr.status = 404;
+          return Promise.reject(apiErr);
+        }
+
+        // Merge JSON fields
+        entityToUpdate.aliases = util.mergeJsonObjects(productTemplate.aliases, entityToUpdate.aliases);
+        entityToUpdate.template = util.mergeJsonObjects(productTemplate.template, entityToUpdate.template);
+
+        return productTemplate.update(entityToUpdate);
+      })
+      .then((productTemplate) => {
+        res.json(util.wrapResponse(req.id, productTemplate));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/productTemplates/update.spec.js b/src/routes/productTemplates/update.spec.js
new file mode 100644
index 00000000..0d5c5e0e
--- /dev/null
+++ b/src/routes/productTemplates/update.spec.js
@@ -0,0 +1,244 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('UPDATE product template', () => {
+  const template = {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  };
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.create(template))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('PATCH /productTemplates/{templateId}', () => {
+    const body = {
+      param: {
+        name: 'template 1 - update',
+        productKey: 'productKey 1 - update',
+        icon: 'http://example.com/icon1-update.ico',
+        brief: 'brief 1 - update',
+        details: 'details 1 - update',
+        aliases: {
+          alias1: {
+            subAlias1A: 11,
+            subAlias1C: 'new',
+          },
+          alias2: [4],
+          alias3: 'new',
+        },
+        template: {
+          template1: {
+            name: 'template 1 - update',
+            details: {
+              anyDetails: 'any details 1 - update',
+              newDetails: 'new',
+            },
+            others: ['others new'],
+          },
+          template3: {
+            name: 'template 3',
+            details: {
+              anyDetails: 'any details 3',
+            },
+            others: ['others 31', 'others 32'],
+          },
+        },
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 422 for invalid request', (done) => {
+      const invalidBody = {
+        param: {
+          aliases: 'a',
+          template: 1,
+        },
+      };
+
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProductTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .patch(`/v4/productTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(body)
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(templateId);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.productKey.should.be.eql(body.param.productKey);
+          resJson.icon.should.be.eql(body.param.icon);
+          resJson.brief.should.be.eql(body.param.brief);
+          resJson.details.should.be.eql(body.param.details);
+
+          resJson.aliases.should.be.eql({
+            alias1: {
+              subAlias1A: 11,
+              subAlias1B: 2,
+              subAlias1C: 'new',
+            },
+            alias2: [4],
+            alias3: 'new',
+          });
+          resJson.template.should.be.eql({
+            template1: {
+              name: 'template 1 - update',
+              details: {
+                anyDetails: 'any details 1 - update',
+                newDetails: 'new',
+              },
+              others: ['others new'],
+            },
+            template2: {
+              name: 'template 2',
+              details: {
+                anyDetails: 'any details 2',
+              },
+              others: ['others 21', 'others 22'],
+            },
+            template3: {
+              name: 'template 3',
+              details: {
+                anyDetails: 'any details 3',
+              },
+              others: ['others 31', 'others 32'],
+            },
+          });
+          resJson.createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .patch(`/v4/productTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/projectTemplates/create.js b/src/routes/projectTemplates/create.js
new file mode 100644
index 00000000..4c19fc0f
--- /dev/null
+++ b/src/routes/projectTemplates/create.js
@@ -0,0 +1,49 @@
+/**
+ * API to add a project template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      key: Joi.string().max(45).required(),
+      category: Joi.string().max(45).required(),
+      scope: Joi.object().required(),
+      phases: Joi.object().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectTemplate.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    return models.ProjectTemplate.create(entity)
+      .then((createdEntity) => {
+        // Omit deletedAt, deletedBy
+        res.status(201).json(util.wrapResponse(
+          req.id, _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy'), 1, 201));
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/projectTemplates/create.spec.js b/src/routes/projectTemplates/create.spec.js
new file mode 100644
index 00000000..afb46113
--- /dev/null
+++ b/src/routes/projectTemplates/create.spec.js
@@ -0,0 +1,153 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('CREATE project template', () => {
+  describe('POST /projectTemplates', () => {
+    const body = {
+      param: {
+        name: 'template 1',
+        key: 'key 1',
+        category: 'category 1',
+        scope: {
+          scope1: {
+            subScope1A: 1,
+            subScope1B: 2,
+          },
+          scope2: [1, 2, 3],
+        },
+        phases: {
+          phase1: {
+            name: 'phase 1',
+            details: {
+              anyDetails: 'any details 1',
+            },
+            others: ['others 11', 'others 12'],
+          },
+          phase2: {
+            name: 'phase 2',
+            details: {
+              anyDetails: 'any details 2',
+            },
+            others: ['others 21', 'others 22'],
+          },
+        },
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 422 if validations dont pass', (done) => {
+      const invalidBody = {
+        param: {
+          scope: 'a',
+          phases: 1,
+        },
+      };
+
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.key.should.be.eql(body.param.key);
+          resJson.category.should.be.eql(body.param.category);
+          resJson.scope.should.be.eql(body.param.scope);
+          resJson.phases.should.be.eql(body.param.phases);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 201 for connect manager', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051334); // manager
+          resJson.updatedBy.should.be.eql(40051334); // manager
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/projectTemplates/delete.js b/src/routes/projectTemplates/delete.js
new file mode 100644
index 00000000..4db9a855
--- /dev/null
+++ b/src/routes/projectTemplates/delete.js
@@ -0,0 +1,55 @@
+/**
+ * API to delete a project template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectTemplate.delete'),
+  (req, res, next) => {
+    const where = {
+      deletedAt: { $eq: null },
+      id: req.params.templateId,
+    };
+
+    return models.sequelize.transaction(tx =>
+      // Update the deletedBy
+      models.ProjectTemplate.update({ deletedBy: req.authUser.userId }, {
+        where,
+        returning: true,
+        raw: true,
+        transaction: tx,
+      })
+        .then((updatedResults) => {
+          // Not found
+          if (updatedResults[0] === 0) {
+            const apiErr = new Error(`Project template not found for template id ${req.params.templateId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Soft delete
+          return models.ProjectTemplate.destroy({
+            where,
+            transaction: tx,
+            raw: true,
+          });
+        })
+        .then(() => {
+          res.status(204).end();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/projectTemplates/delete.spec.js b/src/routes/projectTemplates/delete.spec.js
new file mode 100644
index 00000000..27973d7e
--- /dev/null
+++ b/src/routes/projectTemplates/delete.spec.js
@@ -0,0 +1,127 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+
+describe('DELETE project template', () => {
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectTemplate.create({
+      name: 'template 1',
+      key: 'key 1',
+      category: 'category 1',
+      scope: {
+        scope1: {
+          subScope1A: 1,
+          subScope1B: 2,
+        },
+        scope2: [1, 2, 3],
+      },
+      phases: {
+        phase1: {
+          name: 'phase 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        phase2: {
+          name: 'phase 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+    })).then((template) => {
+      templateId = template.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('DELETE /projectTemplates/{templateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .delete('/v4/projectTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProjectTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .delete(`/v4/projectTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 204, for admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect manager, if template was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/projectTemplates/get.js b/src/routes/projectTemplates/get.js
new file mode 100644
index 00000000..e81c0939
--- /dev/null
+++ b/src/routes/projectTemplates/get.js
@@ -0,0 +1,41 @@
+/**
+ * API to get a project template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectTemplate.view'),
+  (req, res, next) => models.ProjectTemplate.findOne({
+    where: {
+      deletedAt: { $eq: null },
+      id: req.params.templateId,
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((projectTemplate) => {
+      // Not found
+      if (!projectTemplate) {
+        const apiErr = new Error(`Project template not found for project id ${req.params.templateId}`);
+        apiErr.status = 404;
+        return Promise.reject(apiErr);
+      }
+
+      res.json(util.wrapResponse(req.id, projectTemplate));
+      return Promise.resolve();
+    })
+    .catch(next),
+];
diff --git a/src/routes/projectTemplates/get.spec.js b/src/routes/projectTemplates/get.spec.js
new file mode 100644
index 00000000..4c9b2ccf
--- /dev/null
+++ b/src/routes/projectTemplates/get.spec.js
@@ -0,0 +1,148 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('GET project template', () => {
+  const template = {
+    name: 'template 1',
+    key: 'key 1',
+    category: 'category 1',
+    scope: {
+      scope1: {
+        subScope1A: 1,
+        subScope1B: 2,
+      },
+      scope2: [1, 2, 3],
+    },
+    phases: {
+      phase1: {
+        name: 'phase 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      phase2: {
+        name: 'phase 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 1,
+  };
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectTemplate.create(template))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /projectTemplates/{templateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .get('/v4/projectTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProjectTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .get(`/v4/projectTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(templateId);
+          resJson.name.should.be.eql(template.name);
+          resJson.key.should.be.eql(template.key);
+          resJson.category.should.be.eql(template.category);
+          resJson.scope.should.be.eql(template.scope);
+          resJson.phases.should.be.eql(template.phases);
+          resJson.createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(template.updatedBy);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/projectTemplates/list.js b/src/routes/projectTemplates/list.js
new file mode 100644
index 00000000..3e83f2e4
--- /dev/null
+++ b/src/routes/projectTemplates/list.js
@@ -0,0 +1,23 @@
+/**
+ * API to list all project templates
+ */
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  permissions('projectTemplate.view'),
+  (req, res, next) => models.ProjectTemplate.findAll({
+    where: {
+      deletedAt: { $eq: null },
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((projectTemplates) => {
+      res.json(util.wrapResponse(req.id, projectTemplates));
+    })
+    .catch(next),
+];
diff --git a/src/routes/projectTemplates/list.spec.js b/src/routes/projectTemplates/list.spec.js
new file mode 100644
index 00000000..b68fc28d
--- /dev/null
+++ b/src/routes/projectTemplates/list.spec.js
@@ -0,0 +1,141 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('LIST project templates', () => {
+  const templates = [
+    {
+      name: 'template 1',
+      key: 'key 1',
+      category: 'category 1',
+      scope: {
+        scope1: {
+          subScope1A: 1,
+          subScope1B: 2,
+        },
+        scope2: [1, 2, 3],
+      },
+      phases: {
+        phase1: {
+          name: 'phase 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        phase2: {
+          name: 'phase 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+    },
+    {
+      name: 'template 2',
+      key: 'key 2',
+      category: 'category 2',
+      scope: {},
+      phases: {},
+      createdBy: 1,
+      updatedBy: 2,
+    },
+  ];
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectTemplate.create(templates[0]))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return models.ProjectTemplate.create(templates[1]);
+    }).then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /projectTemplates', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .expect(403, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const template = templates[0];
+
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+          resJson[0].id.should.be.eql(templateId);
+          resJson[0].name.should.be.eql(template.name);
+          resJson[0].key.should.be.eql(template.key);
+          resJson[0].category.should.be.eql(template.category);
+          resJson[0].scope.should.be.eql(template.scope);
+          resJson[0].phases.should.be.eql(template.phases);
+          resJson[0].createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson[0].createdAt);
+          resJson[0].updatedBy.should.be.eql(template.updatedBy);
+          should.exist(resJson[0].updatedAt);
+          should.not.exist(resJson[0].deletedBy);
+          should.not.exist(resJson[0].deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/projectTemplates')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/projectTemplates/update.js b/src/routes/projectTemplates/update.js
new file mode 100644
index 00000000..8b88c84a
--- /dev/null
+++ b/src/routes/projectTemplates/update.js
@@ -0,0 +1,70 @@
+/**
+ * API to update a project template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    templateId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      key: Joi.string().max(45).required(),
+      category: Joi.string().max(45).required(),
+      scope: Joi.object().required(),
+      phases: Joi.object().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectTemplate.edit'),
+  (req, res, next) => {
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+    });
+
+    return models.ProjectTemplate.findOne({
+      where: {
+        deletedAt: { $eq: null },
+        id: req.params.templateId,
+      },
+      attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    })
+      .then((projectTemplate) => {
+        // Not found
+        if (!projectTemplate) {
+          const apiErr = new Error(`Project template not found for template id ${req.params.templateId}`);
+          apiErr.status = 404;
+          return Promise.reject(apiErr);
+        }
+
+        // Merge JSON fields
+        entityToUpdate.scope = util.mergeJsonObjects(projectTemplate.scope, entityToUpdate.scope);
+        entityToUpdate.phases = util.mergeJsonObjects(projectTemplate.phases, entityToUpdate.phases);
+
+        return projectTemplate.update(entityToUpdate);
+      })
+      .then((projectTemplate) => {
+        res.json(util.wrapResponse(req.id, projectTemplate));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/projectTemplates/update.spec.js b/src/routes/projectTemplates/update.spec.js
new file mode 100644
index 00000000..dd286a77
--- /dev/null
+++ b/src/routes/projectTemplates/update.spec.js
@@ -0,0 +1,237 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('UPDATE project template', () => {
+  const template = {
+    name: 'template 1',
+    key: 'key 1',
+    category: 'category 1',
+    scope: {
+      scope1: {
+        subScope1A: 1,
+        subScope1B: 2,
+      },
+      scope2: [1, 2, 3],
+    },
+    phases: {
+      phase1: {
+        name: 'phase 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      phase2: {
+        name: 'phase 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 1,
+  };
+
+  let templateId;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectTemplate.create(template))
+    .then((createdTemplate) => {
+      templateId = createdTemplate.id;
+      return Promise.resolve();
+    }),
+  );
+  after(testUtil.clearDb);
+
+  describe('PATCH /projectTemplates/{templateId}', () => {
+    const body = {
+      param: {
+        name: 'template 1 - update',
+        key: 'key 1 - update',
+        category: 'category 1 - update',
+        scope: {
+          scope1: {
+            subScope1A: 11,
+            subScope1C: 'new',
+          },
+          scope2: [4],
+          scope3: 'new',
+        },
+        phases: {
+          phase1: {
+            name: 'phase 1 - update',
+            details: {
+              anyDetails: 'any details 1 - update',
+              newDetails: 'new',
+            },
+            others: ['others new'],
+          },
+          phase3: {
+            name: 'phase 3',
+            details: {
+              anyDetails: 'any details 3',
+            },
+            others: ['others 31', 'others 32'],
+          },
+        },
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 422 for invalid request', (done) => {
+      const invalidBody = {
+        param: {
+          scope: 'a',
+          phases: 1,
+        },
+      };
+
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .patch('/v4/projectTemplates/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      models.ProjectTemplate.destroy({ where: { id: templateId } })
+        .then(() => {
+          request(server)
+            .patch(`/v4/projectTemplates/${templateId}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(body)
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(templateId);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.key.should.be.eql(body.param.key);
+          resJson.category.should.be.eql(body.param.category);
+          resJson.scope.should.be.eql({
+            scope1: {
+              subScope1A: 11,
+              subScope1B: 2,
+              subScope1C: 'new',
+            },
+            scope2: [4],
+            scope3: 'new',
+          });
+          resJson.phases.should.be.eql({
+            phase1: {
+              name: 'phase 1 - update',
+              details: {
+                anyDetails: 'any details 1 - update',
+                newDetails: 'new',
+              },
+              others: ['others new'],
+            },
+            phase2: {
+              name: 'phase 2',
+              details: {
+                anyDetails: 'any details 2',
+              },
+              others: ['others 21', 'others 22'],
+            },
+            phase3: {
+              name: 'phase 3',
+              details: {
+                anyDetails: 'any details 3',
+              },
+              others: ['others 31', 'others 32'],
+            },
+          });
+          resJson.createdBy.should.be.eql(template.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .patch(`/v4/projectTemplates/${templateId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/tests/seed.js b/src/tests/seed.js
index a1f53c84..bbd0aa08 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -1,108 +1,194 @@
 import models from '../models';
 
 models.sequelize.sync({ force: true })
-    .then(() =>
-        models.Project.bulkCreate([{
-          type: 'generic',
-          directProjectId: 9999999,
-          billingAccountId: 1,
-          name: 'test1',
-          description: 'test project1',
-          status: 'active',
-          details: {},
-          createdBy: 1,
-          updatedBy: 1,
-        }, {
-          type: 'visual_design',
-          directProjectId: 1,
-          billingAccountId: 2,
-          name: 'test2',
-          description: 'test project2',
-          status: 'draft',
-          details: {},
-          createdBy: 1,
-          updatedBy: 1,
-        }, {
-          type: 'visual_design',
-          billingAccountId: 3,
-          name: 'test2',
-          description: 'completed project without copilot',
-          status: 'completed',
-          details: {},
-          createdBy: 1,
-          updatedBy: 1,
-        }, {
-          type: 'generic',
-          billingAccountId: 4,
-          name: 'test2',
-          description: 'draft project without copilot',
-          status: 'draft',
-          details: {},
-          createdBy: 1,
-          updatedBy: 1,
-        }, {
-          type: 'generic',
-          billingAccountId: 5,
-          name: 'test2',
-          description: 'active project without copilot',
-          status: 'active',
-          details: {},
-          createdBy: 1,
-          updatedBy: 1,
-        }]))
-    .then(() => models.Project.findAll())
-    .then((projects) => {
-      const project1 = projects[0];
-      const project2 = projects[1];
-      const operations = [];
-      operations.push(models.ProjectMember.bulkCreate([{
-        userId: 40051331,
-        projectId: project1.id,
-        role: 'customer',
-        isPrimary: false,
-        createdBy: 1,
-        updatedBy: 1,
-      }, {
-        userId: 40051332,
-        projectId: project1.id,
-        role: 'copilot',
-        isPrimary: false,
-        createdBy: 1,
-        updatedBy: 1,
-      }, {
-        userId: 40051333,
-        projectId: project1.id,
-        role: 'manager',
-        isPrimary: true,
-        createdBy: 1,
-        updatedBy: 1,
-      }, {
-        userId: 40051332,
-        projectId: project2.id,
-        role: 'copilot',
-        isPrimary: false,
-        createdBy: 1,
-        updatedBy: 1,
-      }, {
-        userId: 40051331,
-        projectId: projects[2].id,
-        role: 'customer',
-        isPrimary: false,
-        createdBy: 1,
-        updatedBy: 1,
-      }]));
-      operations.push(models.ProjectAttachment.create({
-        title: 'Spec',
-        projectId: project1.id,
-        description: 'specification',
-        filePath: 'projects/1/spec.pdf',
-        contentType: 'application/pdf',
-        createdBy: 1,
-        updatedBy: 1,
-      }));
-      return Promise.all(operations);
-    })
-    .then(() => {
-      process.exit(0);
-    })
-    .catch(() => process.exit(1));
+  .then(() =>
+    models.Project.bulkCreate([{
+      type: 'generic',
+      directProjectId: 9999999,
+      billingAccountId: 1,
+      name: 'test1',
+      description: 'test project1',
+      status: 'active',
+      details: {},
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      type: 'visual_design',
+      directProjectId: 1,
+      billingAccountId: 2,
+      name: 'test2',
+      description: 'test project2',
+      status: 'draft',
+      details: {},
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      type: 'visual_design',
+      billingAccountId: 3,
+      name: 'test2',
+      description: 'completed project without copilot',
+      status: 'completed',
+      details: {},
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      type: 'generic',
+      billingAccountId: 4,
+      name: 'test2',
+      description: 'draft project without copilot',
+      status: 'draft',
+      details: {},
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      type: 'generic',
+      billingAccountId: 5,
+      name: 'test2',
+      description: 'active project without copilot',
+      status: 'active',
+      details: {},
+      createdBy: 1,
+      updatedBy: 1,
+    }]))
+  .then(() => models.Project.findAll())
+  .then((projects) => {
+    const project1 = projects[0];
+    const project2 = projects[1];
+    const operations = [];
+    operations.push(models.ProjectMember.bulkCreate([{
+      userId: 40051331,
+      projectId: project1.id,
+      role: 'customer',
+      isPrimary: false,
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      userId: 40051332,
+      projectId: project1.id,
+      role: 'copilot',
+      isPrimary: false,
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      userId: 40051333,
+      projectId: project1.id,
+      role: 'manager',
+      isPrimary: true,
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      userId: 40051332,
+      projectId: project2.id,
+      role: 'copilot',
+      isPrimary: false,
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      userId: 40051331,
+      projectId: projects[2].id,
+      role: 'customer',
+      isPrimary: false,
+      createdBy: 1,
+      updatedBy: 1,
+    }]));
+    operations.push(models.ProjectAttachment.create({
+      title: 'Spec',
+      projectId: project1.id,
+      description: 'specification',
+      filePath: 'projects/1/spec.pdf',
+      contentType: 'application/pdf',
+      createdBy: 1,
+      updatedBy: 1,
+    }));
+    return Promise.all(operations);
+  })
+  .then(() => models.ProjectTemplate.bulkCreate([
+    {
+      name: 'template 1',
+      key: 'key 1',
+      category: 'category 1',
+      scope: {
+        scope1: {
+          subScope1A: 1,
+          subScope1B: 2,
+        },
+        scope2: [1, 2, 3],
+      },
+      phases: {
+        phase1: {
+          name: 'phase 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        phase2: {
+          name: 'phase 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+    },
+    {
+      name: 'template 2',
+      key: 'key 2',
+      category: 'category 2',
+      scope: {},
+      phases: {},
+      createdBy: 1,
+      updatedBy: 2,
+    },
+  ]))
+  .then(() => models.ProductTemplate.bulkCreate([
+    {
+      name: 'name 1',
+      productKey: 'productKey 1',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        template1: {
+          name: 'template 1',
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        template2: {
+          name: 'template 2',
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'template 2',
+      productKey: 'productKey 2',
+      icon: 'http://example.com/icon2.ico',
+      brief: 'brief 2',
+      details: 'details 2',
+      aliases: {},
+      template: {},
+      createdBy: 3,
+      updatedBy: 4,
+    },
+  ]))
+  .then(() => {
+    process.exit(0);
+  })
+  .catch(() => process.exit(1));
diff --git a/src/util.js b/src/util.js
index 86386add..efbcf3e1 100644
--- a/src/util.js
+++ b/src/util.js
@@ -209,30 +209,30 @@ _.assignIn(util, {
   getProjectAttachments: (req, projectId) => {
     let attachments = [];
     return models.ProjectAttachment.getActiveProjectAttachments(projectId)
-        .then((_attachments) => {
-          // if attachments were requested
-          if (attachments) {
-            attachments = _attachments;
-          } else {
-            return attachments;
-          }
-          // TODO consider using redis to cache attachments urls
-          const promises = [];
-          _.each(attachments, (a) => {
-            promises.push(util.getFileDownloadUrl(req, a.filePath));
-          });
-          return Promise.all(promises);
-        })
-        .then((result) => {
-          // result is an array of 'tuples' => [[path, url], [path,url]]
-          // convert it to a map for easy lookup
-          const urls = _.fromPairs(result);
-          _.each(attachments, (at) => {
-            const a = at;
-            a.downloadUrl = urls[a.filePath];
-          });
+      .then((_attachments) => {
+        // if attachments were requested
+        if (attachments) {
+          attachments = _attachments;
+        } else {
           return attachments;
+        }
+        // TODO consider using redis to cache attachments urls
+        const promises = [];
+        _.each(attachments, (a) => {
+          promises.push(util.getFileDownloadUrl(req, a.filePath));
+        });
+        return Promise.all(promises);
+      })
+      .then((result) => {
+        // result is an array of 'tuples' => [[path, url], [path,url]]
+        // convert it to a map for easy lookup
+        const urls = _.fromPairs(result);
+        _.each(attachments, (at) => {
+          const a = at;
+          a.downloadUrl = urls[a.filePath];
         });
+        return attachments;
+      });
   },
 
   getSystemUserToken: (logger, id = 'system') => {
@@ -245,19 +245,19 @@ _.assignIn(util, {
         timeout: 4000,
         headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
       },
-      )
+    )
       .then(res => res.data.result.content.token);
   },
 
-    /**
-     * Fetches the topcoder user details using the given JWT token.
-     *
-     * @param {Number}  userId        id of the user to be fetched
-     * @param {String}  jwtToken      JWT token of the admin user or JWT token of the user to be fecthed
-     * @param {Object}  logger        logger to be used for logging purposes
-     *
-     * @return {Promise}              promise which resolves to the user's information
-     */
+  /**
+   * Fetches the topcoder user details using the given JWT token.
+   *
+   * @param {Number}  userId        id of the user to be fetched
+   * @param {String}  jwtToken      JWT token of the admin user or JWT token of the user to be fecthed
+   * @param {Object}  logger        logger to be used for logging purposes
+   *
+   * @return {Promise}              promise which resolves to the user's information
+   */
   getTopcoderUser: (userId, jwtToken, logger) => {
     const httpClient = util.getHttpClient({ id: `userService_${userId}`, log: logger });
     httpClient.defaults.timeout = 3000;
@@ -266,7 +266,7 @@ _.assignIn(util, {
     httpClient.defaults.headers.common.Authorization = `Bearer ${jwtToken}`;
     return httpClient.get(`${config.identityServiceEndpoint}users/${userId}`).then((response) => {
       if (response.data && response.data.result
-          && response.data.result.status === 200 && response.data.result.content) {
+        && response.data.result.status === 200 && response.data.result.content) {
         return response.data.result.content;
       }
       return null;
@@ -338,6 +338,20 @@ _.assignIn(util, {
       return Promise.reject(err);
     }
   }),
+
+  /**
+  * Merge two JSON objects. For array fields, the target will be replaced by source.
+  * @param {Object} targetObj the target object
+  * @param {Object} sourceObj the source object
+  * @returns {Object} the merged object
+  */
+  // eslint-disable-next-line consistent-return
+  mergeJsonObjects: (targetObj, sourceObj) => _.mergeWith(targetObj, sourceObj, (target, source) => {
+    // Overwrite the array
+    if (_.isArray(source)) {
+      return source;
+    }
+  }),
 });
 
 export default util;
diff --git a/swagger.yaml b/swagger.yaml
index f195828f..14a15ee1 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -336,6 +336,256 @@ paths:
             schema:
               $ref: "#/definitions/UpdateProjectMemberBodyParam"
 
+  /projectTemplates:
+    get:
+      tags:
+        - projectTemplate
+      operationId: findProjectTemplates
+      security:
+        - Bearer: []
+      description: Retreive all project templates. All user roles can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of project templates
+          schema:
+            $ref: "#/definitions/ProjectTemplateListResponse"
+    post:
+      tags:
+        - projectTemplate
+      operationId: addProjectTemplate
+      security:
+        - Bearer: []
+      description: Create a project template
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/ProjectTemplateBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project template
+          schema:
+            $ref: "#/definitions/ProjectTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projectTemplates/{templateId}:
+    get:
+      tags:
+        - projectTemplate
+      description: Retrieve project template by id. All user roles can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a project template
+          schema:
+            $ref: "#/definitions/ProjectTemplateResponse"
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+      operationId: getProjectTemplate
+
+    patch:
+      tags:
+        - projectTemplate
+      operationId: updateProjectTemplate
+      security:
+        - Bearer: []
+      description: Update a project template. Only connect manager, connect admin, and admin can access this endpoint.
+        For attributes with JSON object type, it would overwrite the existing fields, or add new if the fields don't exist in the JSON object.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated project template.
+          schema:
+            $ref: "#/definitions/ProjectTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/ProjectTemplateBodyParam"
+
+    delete:
+      tags:
+        - projectTemplate
+      description: Remove an existing project template. Only connect manager, connect admin, and admin can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If project is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Project template successfully removed
+
+
+  /productTemplates:
+    get:
+      tags:
+        - productTemplate
+      operationId: findProductTemplates
+      security:
+        - Bearer: []
+      description: Retreive all product templates. All user roles can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of product templates
+          schema:
+            $ref: "#/definitions/ProductTemplateListResponse"
+    post:
+      tags:
+        - productTemplate
+      operationId: addProductTemplate
+      security:
+        - Bearer: []
+      description: Create a product template
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/ProductTemplateBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created product template
+          schema:
+            $ref: "#/definitions/ProductTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /productTemplates/{templateId}:
+    get:
+      tags:
+        - productTemplate
+      description: Retrieve product template by id. All user roles can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a product template
+          schema:
+            $ref: "#/definitions/ProductTemplateResponse"
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+      operationId: getProductTemplate
+
+    patch:
+      tags:
+        - productTemplate
+      operationId: updateProductTemplate
+      security:
+        - Bearer: []
+      description: Update a product template. Only connect manager, connect admin, and admin can access this endpoint.
+        For attributes with JSON object type, it would overwrite the existing fields, or add new if the fields don't exist in the JSON object.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated product template.
+          schema:
+            $ref: "#/definitions/ProductTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/ProductTemplateBodyParam"
+
+    delete:
+      tags:
+        - productTemplate
+      description: Remove an existing product template. Only connect manager, connect admin, and admin can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/templateIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If product is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Product template successfully removed
 
 parameters:
   projectIdParam:
@@ -345,6 +595,14 @@ parameters:
     required: true
     type: integer
     format: int64
+  templateIdParam:
+    name: templateId
+    in: path
+    description: template identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
   offsetParam:
     name: offset
     description: "number of items to skip. Defaults to 0"
@@ -938,3 +1196,245 @@ definitions:
             type: array
             items:
               $ref: "#/definitions/Project"
+
+  ProjectTemplateRequest:
+    title: Project template request object
+    type: object
+    required:
+      - name
+      - key
+      - category
+      - scope
+      - phases
+    properties:
+      name:
+        type: string
+        description: the project template name
+      key:
+        type: string
+        description: the project template key
+      category:
+        type: string
+        description: the project template category
+      scope:
+        type: object
+        description: the project template scope
+      phases:
+        type: object
+        description: the project template phases
+
+  ProjectTemplateBodyParam:
+    title: Project template body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectTemplateRequest"
+
+  ProjectTemplate:
+    title: Project template object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProjectTemplateRequest"
+
+
+  ProjectTemplateResponse:
+    title: Single project template response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/ProjectTemplate"
+
+  ProjectTemplateListResponse:
+    title: Project template list response object
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/ProjectTemplate"
+              
+  ProductTemplateRequest:
+    title: Product template request object
+    type: object
+    required:
+      - name
+      - key
+      - category
+      - scope
+      - phases
+    properties:
+      name:
+        type: string
+        description: the product template name
+      productKey:
+        type: string
+        description: the product template key
+      icon:
+        type: string
+        description: the product template icon
+      brief:
+        type: string
+        description: the product template brief
+      details:
+        type: string
+        description: the product template details
+      aliases:
+        type: object
+        description: the product template aliases
+      template:
+        type: object
+        description: the product template template
+
+  ProductTemplateBodyParam:
+    title: Product template body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProductTemplateRequest"
+
+  ProductTemplate:
+    title: Product template object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProductTemplateRequest"
+
+
+  ProductTemplateResponse:
+    title: Single product template response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/ProductTemplate"
+
+  ProductTemplateListResponse:
+    title: Product template list response object
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/ProductTemplate"
\ No newline at end of file

From 8e84aedd0345b147252957b68d8d0b83546bdc7e Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 28 May 2018 18:05:32 +0530
Subject: [PATCH 04/59] Deploy feature branch to dev env Fixed product
 tempalte#aliases field type

---
 .circleci/config.yml                  | 2 +-
 src/routes/productTemplates/create.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 83db606d..c3db4502 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -76,7 +76,7 @@ workflows:
             - test
           filters:
             branches:
-              only: 'dev'
+              only: ['dev', 'feature/dev-challenges']
       - deployProd:
           requires:
             - test
diff --git a/src/routes/productTemplates/create.js b/src/routes/productTemplates/create.js
index b00363e3..1a7ba7db 100644
--- a/src/routes/productTemplates/create.js
+++ b/src/routes/productTemplates/create.js
@@ -19,7 +19,7 @@ const schema = {
       icon: Joi.string().max(255).required(),
       brief: Joi.string().max(45).required(),
       details: Joi.string().max(255).required(),
-      aliases: Joi.object().required(),
+      aliases: Joi.array().required(),
       template: Joi.object().required(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),

From 513632112f190594925a3e20a7912d7e59cdfc6b Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 28 May 2018 19:07:10 +0530
Subject: [PATCH 05/59] Trying fix for aliases schema change

---
 src/routes/productTemplates/create.spec.js | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/routes/productTemplates/create.spec.js b/src/routes/productTemplates/create.spec.js
index 8476a5ef..b54d000b 100644
--- a/src/routes/productTemplates/create.spec.js
+++ b/src/routes/productTemplates/create.spec.js
@@ -18,13 +18,7 @@ describe('CREATE product template', () => {
         icon: 'http://example.com/icon1.ico',
         brief: 'brief 1',
         details: 'details 1',
-        aliases: {
-          alias1: {
-            subAlias1A: 1,
-            subAlias1B: 2,
-          },
-          alias2: [1, 2, 3],
-        },
+        aliases: ['product key 1', 'product_key_1'],
         template: {
           template1: {
             name: 'template 1',

From e6d3543eedebc5ea774d77f21520ee63a0838a6f Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 10:57:43 +0530
Subject: [PATCH 06/59] added aliases to the project template

---
 src/models/projectTemplate.js         | 1 +
 src/routes/projectTemplates/create.js | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/models/projectTemplate.js b/src/models/projectTemplate.js
index 206fa9e0..65599e3f 100644
--- a/src/models/projectTemplate.js
+++ b/src/models/projectTemplate.js
@@ -9,6 +9,7 @@ module.exports = (sequelize, DataTypes) => {
     name: { type: DataTypes.STRING(255), allowNull: false },
     key: { type: DataTypes.STRING(45), allowNull: false },
     category: { type: DataTypes.STRING(45), allowNull: false },
+    aliases: { type: DataTypes.JSON, allowNull: false },
     scope: { type: DataTypes.JSON, allowNull: false },
     phases: { type: DataTypes.JSON, allowNull: false },
     deletedAt: DataTypes.DATE,
diff --git a/src/routes/projectTemplates/create.js b/src/routes/projectTemplates/create.js
index 4c19fc0f..55d04b09 100644
--- a/src/routes/projectTemplates/create.js
+++ b/src/routes/projectTemplates/create.js
@@ -17,6 +17,7 @@ const schema = {
       name: Joi.string().max(255).required(),
       key: Joi.string().max(45).required(),
       category: Joi.string().max(45).required(),
+      aliases: Joi.array().required(),
       scope: Joi.object().required(),
       phases: Joi.object().required(),
       createdAt: Joi.any().strip(),

From 24f381d3d59afdb1e8aefea5ce59efbe1ad03607 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 11:23:07 +0530
Subject: [PATCH 07/59] Fixed required validations in update methods info, icon
 and question field in project template

---
 src/models/projectTemplate.js              |  3 +++
 src/routes/productTemplates/update.js      | 14 +++++++-------
 src/routes/projectTemplates/create.js      |  3 +++
 src/routes/projectTemplates/create.spec.js |  1 +
 src/routes/projectTemplates/update.js      | 14 +++++++++-----
 src/routes/projectTemplates/update.spec.js |  1 +
 6 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/src/models/projectTemplate.js b/src/models/projectTemplate.js
index 65599e3f..9adac016 100644
--- a/src/models/projectTemplate.js
+++ b/src/models/projectTemplate.js
@@ -9,6 +9,9 @@ module.exports = (sequelize, DataTypes) => {
     name: { type: DataTypes.STRING(255), allowNull: false },
     key: { type: DataTypes.STRING(45), allowNull: false },
     category: { type: DataTypes.STRING(45), allowNull: false },
+    icon: { type: DataTypes.STRING(255), allowNull: false },
+    question: { type: DataTypes.STRING(255), allowNull: false },
+    info: { type: DataTypes.STRING(255), allowNull: false },
     aliases: { type: DataTypes.JSON, allowNull: false },
     scope: { type: DataTypes.JSON, allowNull: false },
     phases: { type: DataTypes.JSON, allowNull: false },
diff --git a/src/routes/productTemplates/update.js b/src/routes/productTemplates/update.js
index c5ebf633..0950688e 100644
--- a/src/routes/productTemplates/update.js
+++ b/src/routes/productTemplates/update.js
@@ -17,13 +17,13 @@ const schema = {
   body: {
     param: Joi.object().keys({
       id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      productKey: Joi.string().max(45).required(),
-      icon: Joi.string().max(255).required(),
-      brief: Joi.string().max(45).required(),
-      details: Joi.string().max(255).required(),
-      aliases: Joi.object().required(),
-      template: Joi.object().required(),
+      name: Joi.string().max(255),
+      productKey: Joi.string().max(45),
+      icon: Joi.string().max(255),
+      brief: Joi.string().max(45),
+      details: Joi.string().max(255),
+      aliases: Joi.object(),
+      template: Joi.object(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/projectTemplates/create.js b/src/routes/projectTemplates/create.js
index 55d04b09..66450b86 100644
--- a/src/routes/projectTemplates/create.js
+++ b/src/routes/projectTemplates/create.js
@@ -17,6 +17,9 @@ const schema = {
       name: Joi.string().max(255).required(),
       key: Joi.string().max(45).required(),
       category: Joi.string().max(45).required(),
+      icon: Joi.string().max(255).required(),
+      question: Joi.string().max(255).required(),
+      info: Joi.string().max(255).required(),
       aliases: Joi.array().required(),
       scope: Joi.object().required(),
       phases: Joi.object().required(),
diff --git a/src/routes/projectTemplates/create.spec.js b/src/routes/projectTemplates/create.spec.js
index afb46113..e07e3ad1 100644
--- a/src/routes/projectTemplates/create.spec.js
+++ b/src/routes/projectTemplates/create.spec.js
@@ -16,6 +16,7 @@ describe('CREATE project template', () => {
         name: 'template 1',
         key: 'key 1',
         category: 'category 1',
+        aliases: ['key-1', 'key_1'],
         scope: {
           scope1: {
             subScope1A: 1,
diff --git a/src/routes/projectTemplates/update.js b/src/routes/projectTemplates/update.js
index 8b88c84a..0e60e49c 100644
--- a/src/routes/projectTemplates/update.js
+++ b/src/routes/projectTemplates/update.js
@@ -17,11 +17,15 @@ const schema = {
   body: {
     param: Joi.object().keys({
       id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      key: Joi.string().max(45).required(),
-      category: Joi.string().max(45).required(),
-      scope: Joi.object().required(),
-      phases: Joi.object().required(),
+      name: Joi.string().max(255),
+      key: Joi.string().max(45),
+      category: Joi.string().max(45),
+      icon: Joi.string().max(255),
+      question: Joi.string().max(255),
+      info: Joi.string().max(255),
+      aliases: Joi.array(),
+      scope: Joi.object(),
+      phases: Joi.object(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/projectTemplates/update.spec.js b/src/routes/projectTemplates/update.spec.js
index dd286a77..fd7cf6cc 100644
--- a/src/routes/projectTemplates/update.spec.js
+++ b/src/routes/projectTemplates/update.spec.js
@@ -15,6 +15,7 @@ describe('UPDATE project template', () => {
     name: 'template 1',
     key: 'key 1',
     category: 'category 1',
+    aliases: ['key-1', 'key_1'],
     scope: {
       scope1: {
         subScope1A: 1,

From 57d7137afb86441447f772c1e6a77d067c52bc4d Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 11:46:18 +0530
Subject: [PATCH 08/59] fixed unit tests for recent changes

---
 src/routes/productTemplates/delete.spec.js | 8 +-------
 src/routes/projectTemplates/create.spec.js | 3 +++
 src/routes/projectTemplates/delete.spec.js | 4 ++++
 src/routes/projectTemplates/get.spec.js    | 4 ++++
 src/routes/projectTemplates/list.spec.js   | 8 ++++++++
 src/routes/projectTemplates/update.spec.js | 3 +++
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/routes/productTemplates/delete.spec.js b/src/routes/productTemplates/delete.spec.js
index 058fea4c..07dab1c0 100644
--- a/src/routes/productTemplates/delete.spec.js
+++ b/src/routes/productTemplates/delete.spec.js
@@ -18,13 +18,7 @@ describe('DELETE product template', () => {
       icon: 'http://example.com/icon1.ico',
       brief: 'brief 1',
       details: 'details 1',
-      aliases: {
-        alias1: {
-          subAlias1A: 1,
-          subAlias1B: 2,
-        },
-        alias2: [1, 2, 3],
-      },
+      aliases: ['product key 1', 'product_key_1'],
       template: {
         template1: {
           name: 'template 1',
diff --git a/src/routes/projectTemplates/create.spec.js b/src/routes/projectTemplates/create.spec.js
index e07e3ad1..2cb8fa56 100644
--- a/src/routes/projectTemplates/create.spec.js
+++ b/src/routes/projectTemplates/create.spec.js
@@ -16,6 +16,9 @@ describe('CREATE project template', () => {
         name: 'template 1',
         key: 'key 1',
         category: 'category 1',
+        icon: 'http://example.com/icon1.ico',
+        question: 'question 1',
+        info: 'info 1',
         aliases: ['key-1', 'key_1'],
         scope: {
           scope1: {
diff --git a/src/routes/projectTemplates/delete.spec.js b/src/routes/projectTemplates/delete.spec.js
index 27973d7e..3ff10470 100644
--- a/src/routes/projectTemplates/delete.spec.js
+++ b/src/routes/projectTemplates/delete.spec.js
@@ -16,6 +16,10 @@ describe('DELETE project template', () => {
       name: 'template 1',
       key: 'key 1',
       category: 'category 1',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
+      aliases: ['key-1', 'key_1'],
       scope: {
         scope1: {
           subScope1A: 1,
diff --git a/src/routes/projectTemplates/get.spec.js b/src/routes/projectTemplates/get.spec.js
index 4c9b2ccf..764093c5 100644
--- a/src/routes/projectTemplates/get.spec.js
+++ b/src/routes/projectTemplates/get.spec.js
@@ -15,6 +15,10 @@ describe('GET project template', () => {
     name: 'template 1',
     key: 'key 1',
     category: 'category 1',
+    icon: 'http://example.com/icon1.ico',
+    question: 'question 1',
+    info: 'info 1',
+    aliases: ['key-1', 'key_1'],
     scope: {
       scope1: {
         subScope1A: 1,
diff --git a/src/routes/projectTemplates/list.spec.js b/src/routes/projectTemplates/list.spec.js
index b68fc28d..8eb2089f 100644
--- a/src/routes/projectTemplates/list.spec.js
+++ b/src/routes/projectTemplates/list.spec.js
@@ -16,6 +16,10 @@ describe('LIST project templates', () => {
       name: 'template 1',
       key: 'key 1',
       category: 'category 1',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
+      aliases: ['key-1', 'key_1'],
       scope: {
         scope1: {
           subScope1A: 1,
@@ -46,6 +50,10 @@ describe('LIST project templates', () => {
       name: 'template 2',
       key: 'key 2',
       category: 'category 2',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 2',
+      info: 'info 2',
+      aliases: ['key-2', 'key_2'],
       scope: {},
       phases: {},
       createdBy: 1,
diff --git a/src/routes/projectTemplates/update.spec.js b/src/routes/projectTemplates/update.spec.js
index fd7cf6cc..aeaf2a82 100644
--- a/src/routes/projectTemplates/update.spec.js
+++ b/src/routes/projectTemplates/update.spec.js
@@ -15,6 +15,9 @@ describe('UPDATE project template', () => {
     name: 'template 1',
     key: 'key 1',
     category: 'category 1',
+    icon: 'http://example.com/icon1.ico',
+    question: 'question 1',
+    info: 'info 1',
     aliases: ['key-1', 'key_1'],
     scope: {
       scope1: {

From 180b3bf0323b644a73835442898a033e07cc1305 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 13:54:42 +0530
Subject: [PATCH 09/59] adding version and templateId fields to project  model

---
 src/models/project.js         | 2 ++
 src/routes/projects/create.js | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/models/project.js b/src/models/project.js
index ae6724ce..efdcca5f 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -37,6 +37,8 @@ module.exports = function defineProject(sequelize, DataTypes) {
     details: { type: DataTypes.JSON },
     challengeEligibility: DataTypes.JSON,
     cancelReason: DataTypes.STRING,
+    version: DataTypes.STRING(15),
+    templateId: DataTypes.BIGINT,
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 393ffbf6..06e93405 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -52,6 +52,8 @@ const createProjectValdiations = {
         users: Joi.array().items(Joi.number().positive()),
         groups: Joi.array().items(Joi.number().positive()),
       })).allow(null),
+      templateId: Joi.number().positive(),
+      version: Joi.string(),
     }).required(),
   },
 };

From 7a3d0c7111c41ba1fb8e2e07bc91104c5e0ba97e Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 14:56:47 +0530
Subject: [PATCH 10/59] Optional phase startDate and endDate

---
 src/routes/phases/create.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index 1a5828c7..92e3cd90 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -14,8 +14,8 @@ const addProjectPhaseValidations = {
     param: Joi.object().keys({
       name: Joi.string().required(),
       status: Joi.string().required(),
-      startDate: Joi.date().max(Joi.ref('endDate')).required(),
-      endDate: Joi.date().required(),
+      startDate: Joi.date().max(Joi.ref('endDate')).optional(),
+      endDate: Joi.date().optional(),
       budget: Joi.number().positive().optional(),
       progress: Joi.number().positive().optional(),
       details: Joi.any().optional(),

From 7e596d448b3f943db4ab0d8ab3aafea321ba1097 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 15:26:44 +0530
Subject: [PATCH 11/59] Removed tests cases for required start and end dates
 for a phase

---
 src/routes/phases/create.spec.js | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/src/routes/phases/create.spec.js b/src/routes/phases/create.spec.js
index 9a1fb5ce..81debe7f 100644
--- a/src/routes/phases/create.spec.js
+++ b/src/routes/phases/create.spec.js
@@ -92,32 +92,6 @@ describe('Project Phases', () => {
         .expect(422, done);
     });
 
-    it('should return 422 when startDate not provided', (done) => {
-      const reqBody = _.cloneDeep(body);
-      delete reqBody.startDate;
-      request(server)
-        .post(`/v4/projects/${projectId}/phases/`)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send({ param: reqBody })
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 when endDate not provided', (done) => {
-      const reqBody = _.cloneDeep(body);
-      delete reqBody.endDate;
-      request(server)
-        .post(`/v4/projects/${projectId}/phases/`)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send({ param: reqBody })
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
     it('should return 422 when startDate > endDate', (done) => {
       const reqBody = _.cloneDeep(body);
       reqBody.startDate = '2018-05-16T12:00:00';

From 9cb3bc3a02f0f27f44fd401be929c32970063220 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 29 May 2018 18:04:03 +0530
Subject: [PATCH 12/59] startDate endDate validation fix for null case optional
 direct project id and billing account id

---
 src/routes/phaseProducts/create.js |  4 +++-
 src/routes/phases/update.js        |  6 +++---
 src/routes/projects/list.js        | 18 ++++++++++++++++++
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/routes/phaseProducts/create.js b/src/routes/phaseProducts/create.js
index 670e89d1..47ba2825 100644
--- a/src/routes/phaseProducts/create.js
+++ b/src/routes/phaseProducts/create.js
@@ -15,7 +15,9 @@ const addPhaseProductValidations = {
     param: Joi.object().keys({
       name: Joi.string().required(),
       type: Joi.string().required(),
-      templateId: Joi.number().optional(),
+      templateId: Joi.number().positive().optional(),
+      directProjectId: Joi.number().positive().optional(),
+      billingAccountId: Joi.number().positive().optional(),
       estimatedPrice: Joi.number().positive().optional(),
       actualPrice: Joi.number().positive().optional(),
       details: Joi.any().optional(),
diff --git a/src/routes/phases/update.js b/src/routes/phases/update.js
index 96b589d3..194becfa 100644
--- a/src/routes/phases/update.js
+++ b/src/routes/phases/update.js
@@ -62,16 +62,16 @@ module.exports = [
         if (updatedProps.startDate) {
           startDate = new Date(updatedProps.startDate);
         } else {
-          startDate = new Date(existing.startDate);
+          startDate = existing.startDate !== null ? new Date(existing.startDate) : null;
         }
 
         if (updatedProps.endDate) {
           endDate = new Date(updatedProps.endDate);
         } else {
-          endDate = new Date(existing.endDate);
+          endDate = existing.endDate !== null ? new Date(existing.endDate) : null;
         }
 
-        if (startDate >= endDate) {
+        if (startDate !== null && endDate !== null && startDate >= endDate) {
           const err = new Error('startDate must be before endDate.');
           err.status = 400;
           reject(err);
diff --git a/src/routes/projects/list.js b/src/routes/projects/list.js
index d2ffa319..3925c3d2 100755
--- a/src/routes/projects/list.js
+++ b/src/routes/projects/list.js
@@ -29,6 +29,14 @@ const PROJECT_ATTACHMENT_ATTRIBUTES = _.without(
   _.keys(models.ProjectAttachment.rawAttributes),
   'deletedAt',
 );
+const PROJECT_PHASE_ATTRIBUTES = _.without(
+  _.keys(models.ProjectPhase.rawAttributes),
+  'deletedAt',
+);
+const PROJECT_PHASE_PRODUCTS_ATTRIBUTES = _.without(
+  _.keys(models.PhaseProduct.rawAttributes),
+  'deletedAt',
+);
 
 
 const escapeEsKeyword = keyword => keyword.replace(/[+-=><!|(){}[&\]^"~*?:\\/]/g, '\\\\$&');
@@ -60,6 +68,14 @@ const parseElasticSearchCriteria = (criteria, fields, order) => {
     const memberFields = _.get(fields, 'project_members');
     sourceInclude = sourceInclude.concat(_.map(memberFields, single => `members.${single}`));
   }
+  if (_.get(fields, 'project_phases', null)) {
+    const phaseFields = _.get(fields, 'project_phases');
+    sourceInclude = sourceInclude.concat(_.map(phaseFields, single => `phases.${single}`));
+  }
+  if (_.get(fields, 'project_phases_products', null)) {
+    const phaseFields = _.get(fields, 'project_phases_products');
+    sourceInclude = sourceInclude.concat(_.map(phaseFields, single => `phases.products.${single}`));
+  }
   sourceInclude = sourceInclude.concat(_.map(PROJECT_ATTACHMENT_ATTRIBUTES, single => `attachments.${single}`));
 
   if (sourceInclude) {
@@ -180,6 +196,8 @@ const retrieveProjects = (req, criteria, sort, ffields) => {
   fields = util.parseFields(fields, {
     projects: PROJECT_ATTRIBUTES,
     project_members: PROJECT_MEMBER_ATTRIBUTES,
+    project_phases: PROJECT_PHASE_ATTRIBUTES,
+    project_phases_products: PROJECT_PHASE_PRODUCTS_ATTRIBUTES,
   });
   // make sure project.id is part of fields
   if (_.indexOf(fields.projects, 'id') < 0) {

From d1c284d6b07b3338b0988464d0d0ceebec434785 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Thu, 31 May 2018 10:49:31 +0700
Subject: [PATCH 13/59] #87 - Added /projectTypes endpoints (code, unit tests,
 Postman updates)

---
 postman.json                           | 288 +++++++++++++++++++++++--
 src/models/project.js                  |   3 -
 src/models/projectType.js              |  24 +++
 src/permissions/index.js               |   5 +
 src/routes/index.js                    |  31 ++-
 src/routes/projectTypes/create.js      |  55 +++++
 src/routes/projectTypes/create.spec.js | 163 ++++++++++++++
 src/routes/projectTypes/delete.js      |  54 +++++
 src/routes/projectTypes/delete.spec.js |  99 +++++++++
 src/routes/projectTypes/get.js         |  39 ++++
 src/routes/projectTypes/get.spec.js    | 117 ++++++++++
 src/routes/projectTypes/list.js        |  20 ++
 src/routes/projectTypes/list.spec.js   | 106 +++++++++
 src/routes/projectTypes/update.js      |  61 ++++++
 src/routes/projectTypes/update.spec.js | 145 +++++++++++++
 src/routes/projects/create.js          | 147 +++++++------
 src/routes/projects/create.spec.js     |  38 +++-
 src/routes/projects/update.js          |  39 +++-
 src/routes/projects/update.spec.js     |  59 +++--
 src/tests/seed.js                      |  89 +++++++-
 20 files changed, 1459 insertions(+), 123 deletions(-)
 create mode 100644 src/models/projectType.js
 create mode 100644 src/routes/projectTypes/create.js
 create mode 100644 src/routes/projectTypes/create.spec.js
 create mode 100644 src/routes/projectTypes/delete.js
 create mode 100644 src/routes/projectTypes/delete.spec.js
 create mode 100644 src/routes/projectTypes/get.js
 create mode 100644 src/routes/projectTypes/get.spec.js
 create mode 100644 src/routes/projectTypes/list.js
 create mode 100644 src/routes/projectTypes/list.spec.js
 create mode 100644 src/routes/projectTypes/update.js
 create mode 100644 src/routes/projectTypes/update.spec.js

diff --git a/postman.json b/postman.json
index 4447684b..5eb84b82 100644
--- a/postman.json
+++ b/postman.json
@@ -1,7 +1,7 @@
 {
 	"info": {
-		"_postman_id": "0d2b00c1-bd90-40ab-ba13-e730e4ddfcf4",
-		"name": "tc-project-service ",
+		"_postman_id": "1791b330-5331-4768-a265-f1cb5e6b4492",
+		"name": "tc-project-service",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
 	"item": [
@@ -2348,7 +2348,7 @@
 		},
 		{
 			"name": "Project Templates",
-			"description": "",
+			"description": null,
 			"item": [
 				{
 					"name": "Create project template",
@@ -2368,7 +2368,16 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/projectTemplates"
+						"url": {
+							"raw": "{{api-url}}/v4/projectTemplates",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTemplates"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2390,7 +2399,16 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/projectTemplates"
+						"url": {
+							"raw": "{{api-url}}/v4/projectTemplates",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTemplates"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2412,7 +2430,17 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/projectTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projectTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTemplates",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2434,7 +2462,17 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/projectTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projectTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTemplates",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2456,7 +2494,17 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/projectTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/projectTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTemplates",
+								"1"
+							]
+						}
 					},
 					"response": []
 				}
@@ -2464,7 +2512,7 @@
 		},
 		{
 			"name": "Product Templates",
-			"description": "",
+			"description": null,
 			"item": [
 				{
 					"name": "Create product template",
@@ -2484,7 +2532,16 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"productKey\":\"new productKey\",\r\n    \"icon\":\"http://example.com/icon-new.ico\",\r\n    \"brief\": \"new brief\",\r\n    \"details\": \"new details\",\r\n    \"aliases\":{\r\n      \"alias1\":\"alias 1\"\r\n    },\r\n    \"template\":{\r\n      \"template1\":\"template 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/productTemplates"
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2506,7 +2563,16 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/productTemplates"
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2528,7 +2594,17 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/productTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2550,7 +2626,17 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"productKey\":\"new productKey\",\r\n    \"icon\":\"http://example.com/icon-new.ico\",\r\n    \"brief\": \"new brief\",\r\n    \"details\": \"new details\",\r\n    \"aliases\":{\r\n      \"alias1\":\"scope 1\",\r\n      \"alias2\": [\"a\"]\r\n    },\r\n    \"template\":{\r\n      \"template1\":\"template 1\",\r\n      \"template2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/productTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2572,7 +2658,181 @@
 							"mode": "raw",
 							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
 						},
-						"url": "{{api-url}}/v4/productTemplates/1"
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Project Type",
+			"description": null,
+			"item": [
+				{
+					"name": "Create project type",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n        \"key\": \"new key\",\r\n        \"displayName\": \"new displayName\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projectTypes",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTypes"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List project types",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projectTypes",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTypes"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get project type",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projectTypes/generic",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTypes",
+								"generic"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update project type",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"displayName\": \"Chatbot-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projectTypes/chatbot",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTypes",
+								"chatbot"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete project type",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\",\r\n      \"scope2\": [\"a\"]\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\",\r\n      \"phase2\": {\r\n    \t\"another\": \"another\"\r\n      }\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projectTypes/chatbot",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projectTypes",
+								"chatbot"
+							]
+						}
 					},
 					"response": []
 				}
diff --git a/src/models/project.js b/src/models/project.js
index efdcca5f..27b3a8e6 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -23,9 +23,6 @@ module.exports = function defineProject(sequelize, DataTypes) {
     type: {
       type: DataTypes.STRING,
       allowNull: false,
-      validate: {
-        isIn: [_.values(PROJECT_TYPE)],
-      },
     },
     status: {
       type: DataTypes.STRING,
diff --git a/src/models/projectType.js b/src/models/projectType.js
new file mode 100644
index 00000000..ff8163ff
--- /dev/null
+++ b/src/models/projectType.js
@@ -0,0 +1,24 @@
+
+
+module.exports = function definePhaseProduct(sequelize, DataTypes) {
+  const ProjectType = sequelize.define('ProjectType', {
+    key: { type: DataTypes.STRING(45), primaryKey: true },
+    displayName: { type: DataTypes.STRING(255), allowNull: false },
+
+    deletedAt: { type: DataTypes.DATE, allowNull: true },
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: { type: DataTypes.INTEGER, allowNull: true },
+    createdBy: { type: DataTypes.INTEGER, allowNull: false },
+    updatedBy: { type: DataTypes.INTEGER, allowNull: false },
+  }, {
+    tableName: 'project_types',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+  });
+
+  return ProjectType;
+};
diff --git a/src/permissions/index.js b/src/permissions/index.js
index ea1adf72..6ea7a418 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -41,4 +41,9 @@ module.exports = () => {
   Authorizer.setPolicy('project.addPhaseProduct', projectEdit);
   Authorizer.setPolicy('project.updatePhaseProduct', projectEdit);
   Authorizer.setPolicy('project.deletePhaseProduct', projectEdit);
+
+  Authorizer.setPolicy('projectType.create', projectAdmin);
+  Authorizer.setPolicy('projectType.edit', projectAdmin);
+  Authorizer.setPolicy('projectType.delete', projectAdmin);
+  Authorizer.setPolicy('projectType.view', true); // anyone can view project types
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index 63250efe..b427b0c2 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -27,7 +27,7 @@ router.get(`/${apiVersion}/projects/health`, (req, res) => {
 const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
 
 router.all(
-  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates)(?!\\/health).*`),
+  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes)(?!\\/health).*`),
   jwtAuth());
 
 // Register all the routes
@@ -86,22 +86,31 @@ router.route('/v4/productTemplates/:templateId(\\d+)')
   .delete(require('./productTemplates/delete'));
 
 router.route('/v4/projects/:projectId(\\d+)/phases')
-    .get(require('./phases/list'))
-    .post(require('./phases/create'));
+  .get(require('./phases/list'))
+  .post(require('./phases/create'));
 
 router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)')
-    .get(require('./phases/get'))
-    .patch(require('./phases/update'))
-    .delete(require('./phases/delete'));
+  .get(require('./phases/get'))
+  .patch(require('./phases/update'))
+  .delete(require('./phases/delete'));
 
 router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)/products')
-    .get(require('./phaseProducts/list'))
-    .post(require('./phaseProducts/create'));
+  .get(require('./phaseProducts/list'))
+  .post(require('./phaseProducts/create'));
 
 router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)/products/:productId(\\d+)')
-    .get(require('./phaseProducts/get'))
-    .patch(require('./phaseProducts/update'))
-    .delete(require('./phaseProducts/delete'));
+  .get(require('./phaseProducts/get'))
+  .patch(require('./phaseProducts/update'))
+  .delete(require('./phaseProducts/delete'));
+
+router.route('/v4/projectTypes')
+  .post(require('./projectTypes/create'))
+  .get(require('./projectTypes/list'));
+
+router.route('/v4/projectTypes/:key')
+  .get(require('./projectTypes/get'))
+  .patch(require('./projectTypes/update'))
+  .delete(require('./projectTypes/delete'));
 
 // register error handler
 router.use((err, req, res, next) => { // eslint-disable-line no-unused-vars
diff --git a/src/routes/projectTypes/create.js b/src/routes/projectTypes/create.js
new file mode 100644
index 00000000..3cbcf579
--- /dev/null
+++ b/src/routes/projectTypes/create.js
@@ -0,0 +1,55 @@
+/**
+ * API to add a project type
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  body: {
+    param: Joi.object().keys({
+      key: Joi.string().max(45).required(),
+      displayName: Joi.string().max(255).required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectType.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    // Check if duplicated key
+    return models.ProjectType.findById(req.body.param.key)
+      .then((existing) => {
+        if (existing) {
+          const apiErr = new Error(`Project type already exists for key ${req.params.key}`);
+          apiErr.status = 422;
+          return Promise.reject(apiErr);
+        }
+
+        // Create
+        return models.ProjectType.create(entity);
+      }).then((createdEntity) => {
+        // Omit deletedAt, deletedBy
+        res.status(201).json(util.wrapResponse(
+          req.id, _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy'), 1, 201));
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/projectTypes/create.spec.js b/src/routes/projectTypes/create.spec.js
new file mode 100644
index 00000000..69b4b391
--- /dev/null
+++ b/src/routes/projectTypes/create.spec.js
@@ -0,0 +1,163 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import server from '../../app';
+import testUtil from '../../tests/util';
+import models from '../../models';
+
+const should = chai.should();
+
+describe('CREATE project type', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectType.create({
+      key: 'key1',
+      displayName: 'displayName 1',
+      createdBy: 1,
+      updatedBy: 1,
+    })).then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('POST /projectTypes', () => {
+    const body = {
+      param: {
+        key: 'app_dev',
+        displayName: 'Application Development',
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for manager', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 422 for missing key', (done) => {
+      const invalidBody = {
+        param: {
+          displayName: 'displayName',
+        },
+      };
+
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 for missing displayName', (done) => {
+      const invalidBody = {
+        param: {
+          key: 'key',
+        },
+      };
+
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 for duplicated key', (done) => {
+      const invalidBody = {
+        param: {
+          key: 'key1',
+          displayName: 'displayName',
+        },
+      };
+
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.key.should.be.eql(body.param.key);
+          resJson.displayName.should.be.eql(body.param.displayName);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/projectTypes/delete.js b/src/routes/projectTypes/delete.js
new file mode 100644
index 00000000..7592641c
--- /dev/null
+++ b/src/routes/projectTypes/delete.js
@@ -0,0 +1,54 @@
+/**
+ * API to delete a project type
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    key: Joi.string().max(45).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectType.delete'),
+  (req, res, next) => {
+    const where = {
+      deletedAt: { $eq: null },
+      key: req.params.key,
+    };
+
+    return models.sequelize.transaction(tx =>
+      // Update the deletedBy
+      models.ProjectType.update({ deletedBy: req.authUser.userId }, {
+        where,
+        returning: true,
+        raw: true,
+        transaction: tx,
+      })
+        .then((updatedResults) => {
+          // Not found
+          if (updatedResults[0] === 0) {
+            const apiErr = new Error(`Project type not found for key ${req.params.key}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Soft delete
+          return models.ProjectType.destroy({
+            where,
+            transaction: tx,
+          });
+        })
+        .then(() => {
+          res.status(204).end();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/projectTypes/delete.spec.js b/src/routes/projectTypes/delete.spec.js
new file mode 100644
index 00000000..4d38f666
--- /dev/null
+++ b/src/routes/projectTypes/delete.spec.js
@@ -0,0 +1,99 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+
+describe('DELETE project type', () => {
+  const key = 'key1';
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectType.create({
+      key: 'key1',
+      displayName: 'displayName 1',
+      createdBy: 1,
+      updatedBy: 1,
+    })).then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('DELETE /projectTypes/{key}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for manager', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed type', (done) => {
+      request(server)
+        .delete('/v4/projectTypes/not_existed')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted type', (done) => {
+      models.ProjectType.destroy({ where: { key } })
+        .then(() => {
+          request(server)
+            .delete(`/v4/projectTypes/${key}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 204, for admin, if type was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect admin, if type was successfully removed', (done) => {
+      request(server)
+        .delete(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/projectTypes/get.js b/src/routes/projectTypes/get.js
new file mode 100644
index 00000000..f7eb0b95
--- /dev/null
+++ b/src/routes/projectTypes/get.js
@@ -0,0 +1,39 @@
+/**
+ * API to get a project type
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    key: Joi.string().max(45).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectType.view'),
+  (req, res, next) => models.ProjectType.findOne({
+    where: {
+      key: req.params.key,
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+  })
+    .then((projectType) => {
+      // Not found
+      if (!projectType) {
+        const apiErr = new Error(`Project type not found for key ${req.params.key}`);
+        apiErr.status = 404;
+        return Promise.reject(apiErr);
+      }
+
+      res.json(util.wrapResponse(req.id, projectType));
+      return Promise.resolve();
+    })
+    .catch(next),
+];
diff --git a/src/routes/projectTypes/get.spec.js b/src/routes/projectTypes/get.spec.js
new file mode 100644
index 00000000..f85e61af
--- /dev/null
+++ b/src/routes/projectTypes/get.spec.js
@@ -0,0 +1,117 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('GET project type', () => {
+  const type = {
+    key: 'key1',
+    displayName: 'displayName 1',
+    createdBy: 1,
+    updatedBy: 1,
+  };
+
+  const key = type.key;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectType.create(type))
+    .then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /projectTypes/{key}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed type', (done) => {
+      request(server)
+        .get('/v4/projectTypes/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted type', (done) => {
+      models.ProjectType.destroy({ where: { key } })
+        .then(() => {
+          request(server)
+            .get(`/v4/projectTypes/${key}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.key.should.be.eql(type.key);
+          resJson.displayName.should.be.eql(type.displayName);
+          resJson.createdBy.should.be.eql(type.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(type.updatedBy);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/projectTypes/list.js b/src/routes/projectTypes/list.js
new file mode 100644
index 00000000..56bc2059
--- /dev/null
+++ b/src/routes/projectTypes/list.js
@@ -0,0 +1,20 @@
+/**
+ * API to list all project types
+ */
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+module.exports = [
+  permissions('projectType.view'),
+  (req, res, next) => models.ProjectType.findAll({
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((projectTypes) => {
+      res.json(util.wrapResponse(req.id, projectTypes));
+    })
+    .catch(next),
+];
diff --git a/src/routes/projectTypes/list.spec.js b/src/routes/projectTypes/list.spec.js
new file mode 100644
index 00000000..94497692
--- /dev/null
+++ b/src/routes/projectTypes/list.spec.js
@@ -0,0 +1,106 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('LIST project types', () => {
+  const types = [
+    {
+      key: 'key1',
+      displayName: 'displayName 1',
+      createdBy: 1,
+      updatedBy: 1,
+    },
+    {
+      key: 'key2',
+      displayName: 'displayName 1',
+      createdBy: 1,
+      updatedBy: 1,
+    },
+  ];
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectType.create(types[0]))
+    .then(() => models.ProjectType.create(types[1]))
+    .then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /projectTypes', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .expect(403, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const type = types[0];
+
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+          resJson[0].key.should.be.eql(type.key);
+          resJson[0].displayName.should.be.eql(type.displayName);
+          resJson[0].createdBy.should.be.eql(type.createdBy);
+          should.exist(resJson[0].createdAt);
+          resJson[0].updatedBy.should.be.eql(type.updatedBy);
+          should.exist(resJson[0].updatedAt);
+          should.not.exist(resJson[0].deletedBy);
+          should.not.exist(resJson[0].deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/projectTypes')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/projectTypes/update.js b/src/routes/projectTypes/update.js
new file mode 100644
index 00000000..4a0aa26b
--- /dev/null
+++ b/src/routes/projectTypes/update.js
@@ -0,0 +1,61 @@
+/**
+ * API to update a project type
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    key: Joi.string().max(45).required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      key: Joi.any().strip(),
+      displayName: Joi.string().max(255).required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('projectType.edit'),
+  (req, res, next) => {
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+    });
+
+    return models.ProjectType.findOne({
+      where: {
+        key: req.params.key,
+      },
+      attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    })
+      .then((projectType) => {
+        // Not found
+        if (!projectType) {
+          const apiErr = new Error(`Project type not found for key ${req.params.key}`);
+          apiErr.status = 404;
+          return Promise.reject(apiErr);
+        }
+
+        return projectType.update(entityToUpdate);
+      })
+      .then((projectType) => {
+        res.json(util.wrapResponse(req.id, projectType));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/projectTypes/update.spec.js b/src/routes/projectTypes/update.spec.js
new file mode 100644
index 00000000..ce3fcc79
--- /dev/null
+++ b/src/routes/projectTypes/update.spec.js
@@ -0,0 +1,145 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('UPDATE project type', () => {
+  const type = {
+    key: 'key1',
+    displayName: 'displayName 1',
+    createdBy: 1,
+    updatedBy: 1,
+  };
+  const key = type.key;
+
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProjectType.create(type))
+    .then(() => Promise.resolve()),
+  );
+  after(testUtil.clearDb);
+
+  describe('PATCH /projectTypes/{key}', () => {
+    const body = {
+      param: {
+        displayName: 'displayName 1 - update',
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for manager', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 422 for missing displayName', (done) => {
+      const invalidBody = {
+        param: {
+          displayName: null,
+        },
+      };
+
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 404 for non-existed type', (done) => {
+      request(server)
+        .patch('/v4/projectTypes/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted type', (done) => {
+      models.ProjectType.destroy({ where: { key } })
+        .then(() => {
+          request(server)
+            .patch(`/v4/projectTypes/${key}`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(body)
+            .expect(404, done);
+        });
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.key.should.be.eql(key);
+          resJson.displayName.should.be.eql(body.param.displayName);
+          resJson.createdBy.should.be.eql(type.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch(`/v4/projectTypes/${key}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 06e93405..48ccfce9 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -44,8 +44,7 @@ const createProjectValdiations = {
         type: Joi.any().valid('github', 'jira', 'asana', 'other'),
         data: Joi.string().max(300), // TODO - restrict length
       }).allow(null),
-      // TODO - add more types
-      type: Joi.any().valid(_.values(PROJECT_TYPE)).required(),
+      type: Joi.string().max(45).required(),
       details: Joi.any(),
       challengeEligibility: Joi.array().items(Joi.object().keys({
         role: Joi.string().valid('submitter', 'reviewer', 'copilot'),
@@ -70,8 +69,8 @@ module.exports = [
     const project = req.body.param;
     // by default connect admin and managers joins projects as manager
     const userRole = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.MANAGER])
-        ? PROJECT_MEMBER_ROLE.MANAGER
-        : PROJECT_MEMBER_ROLE.CUSTOMER;
+      ? PROJECT_MEMBER_ROLE.MANAGER
+      : PROJECT_MEMBER_ROLE.CUSTOMER;
     // set defaults
     _.defaults(project, {
       description: '',
@@ -100,69 +99,85 @@ module.exports = [
     });
     models.sequelize.transaction(() => {
       let newProject = null;
-      return models.Project
-          .create(project, {
-            include: [{
-              model: models.ProjectMember,
-              as: 'members',
-            }],
-          })
-          .then((_newProject) => {
-            newProject = _newProject;
-            req.log.debug('new project created (id# %d, name: %s)',
-                newProject.id, newProject.name);
-            // create direct project with name and description
-            const body = {
-              projectName: newProject.name,
-              projectDescription: newProject.description,
-            };
-            // billingAccountId is optional field
-            if (newProject.billingAccountId) {
-              body.billingAccountId = newProject.billingAccountId;
-            }
-            req.log.debug('creating project history for project %d', newProject.id);
-            // add to project history
-            models.ProjectHistory.create({
-              projectId: _newProject.id,
-              status: PROJECT_STATUS.DRAFT,
-              cancelReason: null,
-              updatedBy: req.authUser.userId,
-            }).then(() => req.log.debug('project history created for project %d', newProject.id))
+      // Validate the project type
+      return models.ProjectType.findOne({
+        where: {
+          key: project.type,
+        }
+      })
+        .then((projectType) => {
+          if (!projectType) {
+            // Not found
+            const apiErr = new Error(`Project type not found for key ${project.type}`);
+            apiErr.status = 422;
+            return Promise.reject(apiErr);
+          }
+
+          // Create project
+          return models.Project
+            .create(project, {
+              include: [{
+                model: models.ProjectMember,
+                as: 'members',
+              }],
+            });
+        })
+        .then((_newProject) => {
+          newProject = _newProject;
+          req.log.debug('new project created (id# %d, name: %s)',
+            newProject.id, newProject.name);
+          // create direct project with name and description
+          const body = {
+            projectName: newProject.name,
+            projectDescription: newProject.description,
+          };
+          // billingAccountId is optional field
+          if (newProject.billingAccountId) {
+            body.billingAccountId = newProject.billingAccountId;
+          }
+          req.log.debug('creating project history for project %d', newProject.id);
+          // add to project history
+          models.ProjectHistory.create({
+            projectId: _newProject.id,
+            status: PROJECT_STATUS.DRAFT,
+            cancelReason: null,
+            updatedBy: req.authUser.userId,
+          }).then(() => req.log.debug('project history created for project %d', newProject.id))
             .catch(() => req.log.error('project history failed for project %d', newProject.id));
-            req.log.debug('creating direct project for project %d', newProject.id);
-            return directProject.createDirectProject(req, body)
-              .then((resp) => {
-                newProject.directProjectId = resp.data.result.content.projectId;
-                return newProject.save();
-              })
-              .then(() => newProject.reload(newProject.id))
-              .catch((err) => {
-                // log the error and continue
-                req.log.error('Error creating direct project');
-                req.log.error(err);
-                return Promise.resolve();
-              });
-            // return Promise.resolve();
-          })
-          .then(() => {
-            newProject = newProject.get({ plain: true });
-            // remove utm details & deletedAt field
-            newProject = _.omit(newProject, ['deletedAt', 'utm']);
-            // add an empty attachments array
-            newProject.attachments = [];
-            req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
-            req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
-              newProject,
-              { correlationId: req.id },
-            );
-            req.log.debug('Sending event to Kafka bus for project %d', newProject.id);
-            // emit event
-            req.app.emit(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED, { req, project: newProject });
-            res.status(201).json(util.wrapResponse(req.id, newProject, 1, 201));
-          })
-          .catch((err) => {
-            util.handleError('Error creating project', err, req, next);
-          });
+          req.log.debug('creating direct project for project %d', newProject.id);
+          return directProject.createDirectProject(req, body)
+            .then((resp) => {
+              newProject.directProjectId = resp.data.result.content.projectId;
+              return newProject.save();
+            })
+            .then(() => newProject.reload(newProject.id))
+            .catch((err) => {
+              // log the error and continue
+              req.log.error('Error creating direct project');
+              req.log.error(err);
+              return Promise.resolve();
+            });
+          // return Promise.resolve();
+        })
+        .then(() => {
+          newProject = newProject.get({ plain: true });
+          // remove utm details & deletedAt field
+          newProject = _.omit(newProject, ['deletedAt', 'utm']);
+          // add an empty attachments array
+          newProject.attachments = [];
+          req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
+          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
+            newProject,
+            { correlationId: req.id },
+          );
+          req.log.debug('Sending event to Kafka bus for project %d', newProject.id);
+          // emit event
+          req.app.emit(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED, { req, project: newProject });
+          res.status(201).json(util.wrapResponse(req.id, newProject, 1, 201));
+        })
+        .catch((err) => {
+          util.handleError('Error creating project', err, req, next);
+        });
     });
   },
 ];
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index 9e9cb0dc..98a190f9 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -8,6 +8,7 @@ import util from '../../util';
 import server from '../../app';
 import testUtil from '../../tests/util';
 import RabbitMQService from '../../services/rabbitmq';
+import models from '../../models';
 
 const should = chai.should();
 
@@ -16,7 +17,16 @@ sinon.stub(RabbitMQService.prototype, 'publish', () => {});
 
 describe('Project create', () => {
   before((done) => {
-    testUtil.clearDb(done);
+    testUtil.clearDb()
+      .then(() => models.ProjectType.bulkCreate([
+        {
+          key: 'generic',
+          displayName: 'Generic',
+          createdBy: 1,
+          updatedBy: 1,
+        }
+      ]))
+      .then(() => done());
   });
 
   after((done) => {
@@ -66,6 +76,32 @@ describe('Project create', () => {
         .expect(422, done);
     });
 
+    it('should return 422 if project type is missing', (done) => {
+      const invalidBody = _.cloneDeep(body);
+      invalidBody.param.type = null;
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if project type does not exist', (done) => {
+      const invalidBody = _.cloneDeep(body);
+      invalidBody.param.type = 'not_exist';
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
     it('should return 201 if error to create direct project', (done) => {
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.reject(new Error('error message')),
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
index b02fc55d..d0efccd6 100644
--- a/src/routes/projects/update.js
+++ b/src/routes/projects/update.js
@@ -60,7 +60,7 @@ const updateProjectValdiations = {
         title: Joi.string(),
         address: Joi.string().regex(REGEX.URL),
       })).optional().allow(null),
-      type: Joi.any().valid(_.values(PROJECT_TYPE)),
+      type: Joi.string().max(45),
       details: Joi.any(),
       memers: Joi.any(),
       createdBy: Joi.any(),
@@ -91,15 +91,15 @@ const validateUpdates = (existingProject, updatedProps, req) => {
       break;
     default:
       break;
-      // disabling this check for now.
-      // case PROJECT_STATUS.DRAFT:
-      //   if (_.get(updatedProject, 'status', '') === 'active') {
-      //     // attempting to launch the project make sure certain
-      //     // properties are set
-      //     if (!updatedProject.billingAccountId && !existingProject.billingAccountId) {
-      //       errors.push('\'billingAccountId\' must be set before activating the project')
-      //     }
-      //   }
+    // disabling this check for now.
+    // case PROJECT_STATUS.DRAFT:
+    //   if (_.get(updatedProject, 'status', '') === 'active') {
+    //     // attempting to launch the project make sure certain
+    //     // properties are set
+    //     if (!updatedProject.billingAccountId && !existingProject.billingAccountId) {
+    //       errors.push('\'billingAccountId\' must be set before activating the project')
+    //     }
+    //   }
   }
   if (_.has(updatedProps, 'directProjectId') &&
     !util.hasRoles(req, [USER_ROLE.MANAGER, USER_ROLE.TOPCODER_ADMIN])) {
@@ -113,6 +113,25 @@ module.exports = [
   // handles request validations
   validate(updateProjectValdiations),
   permissions('project.edit'),
+  /**
+   * Validate project type to be existed.
+   */
+  (req, res, next) => {
+    if (req.body.param.type) {
+      models.ProjectType.findOne({ where: { key: req.body.param.type } })
+        .then((projectType) => {
+          if (projectType) {
+            next();
+          } else {
+            const err = new Error(`Project type not found for key ${req.body.param.type}`);
+            err.status = 422;
+            next(err);
+          }
+        })
+    } else {
+      next();
+    }
+  },
   /**
    * POST projects/
    * Create a project if the user has access
diff --git a/src/routes/projects/update.spec.js b/src/routes/projects/update.spec.js
index 520d93db..e7b9abf0 100644
--- a/src/routes/projects/update.spec.js
+++ b/src/routes/projects/update.spec.js
@@ -19,7 +19,16 @@ describe('Project', () => {
   let project2;
   let project3;
   beforeEach((done) => {
-    testUtil.clearDb(done);
+    testUtil.clearDb()
+      .then(() => models.ProjectType.bulkCreate([
+        {
+          key: 'generic',
+          displayName: 'Generic',
+          createdBy: 1,
+          updatedBy: 1,
+        }
+      ]))
+      .then(() => done());
   });
 
   after((done) => {
@@ -319,6 +328,22 @@ describe('Project', () => {
         });
     });
 
+    it('should return 422 if project type does not exist', (done) => {
+      const mbody = {
+        param: {
+          type: 'not_exist'
+        },
+      };
+      request(server)
+        .patch(`/v4/projects/${project1.id}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(mbody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
     it('should return 200 and project history should be updated for cancelled project', (done) => {
       const mbody = {
         param: {
@@ -369,10 +394,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-        where: {
-          id: project1.id,
-        },
-      })
+          where: {
+            id: project1.id,
+          },
+        })
         .then(() => {
           const mbody = {
             param: {
@@ -422,10 +447,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-        where: {
-          id: project1.id,
-        },
-      })
+          where: {
+            id: project1.id,
+          },
+        })
         .then(() => {
           const mbody = {
             param: {
@@ -475,10 +500,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-        where: {
-          id: project1.id,
-        },
-      })
+          where: {
+            id: project1.id,
+          },
+        })
         .then(() => {
           const mbody = {
             param: {
@@ -729,10 +754,10 @@ describe('Project', () => {
         models.Project.update({
           status: PROJECT_STATUS.CANCELLED,
         }, {
-          where: {
-            id: project1.id,
-          },
-        })
+            where: {
+              id: project1.id,
+            },
+          })
           .then(() => {
             const mbody = {
               param: {
diff --git a/src/tests/seed.js b/src/tests/seed.js
index bbd0aa08..2a66734f 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -107,6 +107,10 @@ models.sequelize.sync({ force: true })
       name: 'template 1',
       key: 'key 1',
       category: 'category 1',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
+      aliases: [],
       scope: {
         scope1: {
           subScope1A: 1,
@@ -137,8 +141,38 @@ models.sequelize.sync({ force: true })
       name: 'template 2',
       key: 'key 2',
       category: 'category 2',
+      icon: 'http://example.com/icon1.ico',
+      info: 'info 2',
+      aliases: [],
       scope: {},
       phases: {},
+      question: 'question 2',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'template 3',
+      key: 'key 3',
+      category: 'category 3',
+      icon: 'http://example.com/icon3.ico',
+      question: 'question 3',
+      info: 'info 3',
+      aliases: [],
+      scope: {},
+      phases: {
+        1: {
+          name: 'Design Stage',
+          products: [
+            { id: 21, productKey: 'visual_design_prod' },
+          ],
+        },
+        2: {
+          name: 'Development Stage',
+          products: [
+            { id: 23, productKey: 'website_development' },
+          ],
+        },
+      },
       createdBy: 1,
       updatedBy: 2,
     },
@@ -188,7 +222,60 @@ models.sequelize.sync({ force: true })
       updatedBy: 4,
     },
   ]))
+  .then(() => models.ProjectType.bulkCreate([
+    {
+      key: 'app_dev',
+      displayName: 'Application development',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'generic',
+      displayName: 'Generic',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'visual_prototype',
+      displayName: 'Visual Prototype',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'visual_design',
+      displayName: 'Visual Design',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'website',
+      displayName: 'Website',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'app',
+      displayName: 'Application',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'quality_assurance',
+      displayName: 'Quality Assurance',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      key: 'chatbot',
+      displayName: 'Chatbot',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+  ]))
   .then(() => {
     process.exit(0);
   })
-  .catch(() => process.exit(1));
+  .catch((err) => {
+    console.log(err); // eslint-disable-line no-console
+    process.exit(1);
+  });

From c2d1e7645277dff16bc9a26736d39a342cf675fc Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Thu, 31 May 2018 15:40:37 +0530
Subject: [PATCH 14/59] Added filtering on productKey for product templates

---
 src/routes/productTemplates/list.js      | 24 ++++---
 src/routes/productTemplates/list.spec.js | 87 +++++++++++++++++-------
 2 files changed, 77 insertions(+), 34 deletions(-)

diff --git a/src/routes/productTemplates/list.js b/src/routes/productTemplates/list.js
index 11a9e276..d34f7d3e 100644
--- a/src/routes/productTemplates/list.js
+++ b/src/routes/productTemplates/list.js
@@ -9,15 +9,23 @@ const permissions = tcMiddleware.permissions;
 
 module.exports = [
   permissions('productTemplate.view'),
-  (req, res, next) => models.ProductTemplate.findAll({
-    where: {
-      deletedAt: { $eq: null },
-    },
-    attributes: { exclude: ['deletedAt', 'deletedBy'] },
-    raw: true,
-  })
+  (req, res, next) => {
+    const filters = util.parseQueryFilter(req.query.filter);
+    if (!util.isValidFilter(filters, ['productKey'])) {
+      return util.handleError('Invalid filters', null, req, next);
+    }
+    const where = { deletedAt: { $eq: null } };
+    if (filters.productKey) {
+      where.productKey = { $eq: filters.productKey };
+    }
+    return models.ProductTemplate.findAll({
+      where,
+      attributes: { exclude: ['deletedAt', 'deletedBy'] },
+      raw: true,
+    })
     .then((productTemplates) => {
       res.json(util.wrapResponse(req.id, productTemplates));
     })
-    .catch(next),
+    .catch(next);
+  },
 ];
diff --git a/src/routes/productTemplates/list.spec.js b/src/routes/productTemplates/list.spec.js
index e487d777..f3ab7334 100644
--- a/src/routes/productTemplates/list.spec.js
+++ b/src/routes/productTemplates/list.spec.js
@@ -1,20 +1,38 @@
 /**
  * Tests for list.js
  */
-import chai from 'chai';
+// import chai from 'chai';
 import request from 'supertest';
 
 import models from '../../models';
 import server from '../../app';
 import testUtil from '../../tests/util';
 
-const should = chai.should();
+// const should = chai.should();
+
+const validateProductTemplates = (count, resJson, expectedTemplates) => {
+  resJson.should.have.length(count);
+  resJson.forEach((pt, idx) => {
+    pt.should.have.all.keys('id', 'name', 'productKey', 'icon', 'brief', 'details', 'aliases',
+    'template', 'createdBy', 'createdAt', 'updatedBy', 'updatedAt');
+    pt.should.not.have.all.keys('deletedAt', 'deletedBy');
+    pt.name.should.be.eql(expectedTemplates[idx].name);
+    pt.productKey.should.be.eql(expectedTemplates[idx].productKey);
+    pt.icon.should.be.eql(expectedTemplates[idx].icon);
+    pt.brief.should.be.eql(expectedTemplates[idx].brief);
+    pt.details.should.be.eql(expectedTemplates[idx].details);
+    pt.aliases.should.be.eql(expectedTemplates[idx].aliases);
+    pt.template.should.be.eql(expectedTemplates[idx].template);
+    pt.createdBy.should.be.eql(expectedTemplates[idx].createdBy);
+    pt.updatedBy.should.be.eql(expectedTemplates[idx].updatedBy);
+  });
+};
 
 describe('LIST product templates', () => {
   const templates = [
     {
       name: 'name 1',
-      productKey: 'productKey 1',
+      productKey: 'productKey-1',
       icon: 'http://example.com/icon1.ico',
       brief: 'brief 1',
       details: 'details 1',
@@ -46,7 +64,7 @@ describe('LIST product templates', () => {
     },
     {
       name: 'template 2',
-      productKey: 'productKey 2',
+      productKey: 'productKey-2',
       icon: 'http://example.com/icon2.ico',
       brief: 'brief 2',
       details: 'details 2',
@@ -83,26 +101,9 @@ describe('LIST product templates', () => {
         })
         .expect(200)
         .end((err, res) => {
-          const template = templates[0];
-
           const resJson = res.body.result.content;
-          resJson.should.have.length(2);
+          validateProductTemplates(2, resJson, templates);
           resJson[0].id.should.be.eql(templateId);
-          resJson[0].name.should.be.eql(template.name);
-          resJson[0].productKey.should.be.eql(template.productKey);
-          resJson[0].icon.should.be.eql(template.icon);
-          resJson[0].brief.should.be.eql(template.brief);
-          resJson[0].details.should.be.eql(template.details);
-          resJson[0].aliases.should.be.eql(template.aliases);
-          resJson[0].template.should.be.eql(template.template);
-
-          resJson[0].createdBy.should.be.eql(template.createdBy);
-          should.exist(resJson[0].createdAt);
-          resJson[0].updatedBy.should.be.eql(template.updatedBy);
-          should.exist(resJson[0].updatedAt);
-          should.not.exist(resJson[0].deletedBy);
-          should.not.exist(resJson[0].deletedAt);
-
           done();
         });
     });
@@ -114,7 +115,12 @@ describe('LIST product templates', () => {
           Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .expect(200)
-        .end(done);
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          validateProductTemplates(2, resJson, templates);
+          resJson[0].id.should.be.eql(templateId);
+          done();
+        });
     });
 
     it('should return 200 for connect manager', (done) => {
@@ -124,7 +130,12 @@ describe('LIST product templates', () => {
           Authorization: `Bearer ${testUtil.jwts.manager}`,
         })
         .expect(200)
-        .end(done);
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          validateProductTemplates(2, resJson, templates);
+          resJson[0].id.should.be.eql(templateId);
+          done();
+        });
     });
 
     it('should return 200 for member', (done) => {
@@ -133,7 +144,12 @@ describe('LIST product templates', () => {
         .set({
           Authorization: `Bearer ${testUtil.jwts.member}`,
         })
-        .expect(200, done);
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          validateProductTemplates(2, resJson, templates);
+          resJson[0].id.should.be.eql(templateId);
+          done();
+        });
     });
 
     it('should return 200 for copilot', (done) => {
@@ -142,7 +158,26 @@ describe('LIST product templates', () => {
         .set({
           Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
-        .expect(200, done);
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          validateProductTemplates(2, resJson, templates);
+          resJson[0].id.should.be.eql(templateId);
+          done();
+        });
+    });
+
+    it('should return filtered templates', (done) => {
+      request(server)
+        .get('/v4/productTemplates?filter=productKey%3DproductKey-2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          validateProductTemplates(1, resJson, [templates[1]]);
+          done();
+        });
     });
   });
 });

From 7c10f7ef631d14aa76d1aad0c0850f6e898606e6 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Fri, 1 Jun 2018 02:51:46 +0700
Subject: [PATCH 15/59] #86 - code, unit tests, updated Postman and Swagger #87
 - updated Swagger

---
 config/default.json                |   8 +-
 package-lock.json                  | 190 +++++++++++++++++++-
 postman.json                       |  68 ++++++++
 src/constants.js                   |  11 --
 src/models/project.js              |   3 +-
 src/routes/projects/create.js      |  93 ++++++++--
 src/routes/projects/create.spec.js | 170 +++++++++++++++++-
 src/routes/projects/update.js      |   6 +-
 src/routes/projects/update.spec.js |  37 ++--
 src/tests/seed.js                  |  24 ++-
 swagger.yaml                       | 269 ++++++++++++++++++++++++++++-
 11 files changed, 816 insertions(+), 63 deletions(-)

diff --git a/config/default.json b/config/default.json
index 05b3dfe5..857a6add 100644
--- a/config/default.json
+++ b/config/default.json
@@ -39,9 +39,9 @@
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1,
-  "AUTH0_CLIENT_ID": "",
-  "AUTH0_CLIENT_SECRET": "",
-  "AUTH0_AUDIENCE": "",
-  "AUTH0_URL": "",
+  "AUTH0_CLIENT_ID": "5fctfjaLJHdvM04kSrCcC8yn0I4t1JTd",
+  "AUTH0_CLIENT_SECRET": "GhvDENIrYXo-d8xQ10fxm9k7XSVg491vlpvolXyWNBmeBdhsA5BAq2mH4cAAYS0x",
+  "AUTH0_AUDIENCE": "https://www.topcoder.com",
+  "AUTH0_URL": "https://topcoder-newauth.auth0.com/oauth/token",
   "TOKEN_CACHE_TIME": ""
 }
diff --git a/package-lock.json b/package-lock.json
index 0eedd948..59e653b9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -388,6 +388,84 @@
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
+    "auth0-js": {
+      "version": "9.6.0",
+      "resolved": "https://registry.npmjs.org/auth0-js/-/auth0-js-9.6.0.tgz",
+      "integrity": "sha1-2a4wFIBzZtO0ecKtGKNTfz4Mlpk=",
+      "requires": {
+        "base64-js": "1.2.1",
+        "idtoken-verifier": "1.2.0",
+        "js-cookie": "2.2.0",
+        "qs": "6.5.1",
+        "superagent": "3.8.3",
+        "url-join": "1.1.0",
+        "winchan": "0.2.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "formidable": {
+          "version": "1.2.1",
+          "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz",
+          "integrity": "sha512-Fs9VRguL0gqGHkXS5GQiMCr1VhZBxz0JnJs4JmMp/2jL18Fmbzvv7vOFRU+U8TBkHEE/CX1qDXzJplVULgsLeg=="
+        },
+        "isarray": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+          "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
+        },
+        "process-nextick-args": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+          "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
+        },
+        "readable-stream": {
+          "version": "2.3.6",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+          "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+          "requires": {
+            "core-util-is": "1.0.2",
+            "inherits": "2.0.3",
+            "isarray": "1.0.0",
+            "process-nextick-args": "2.0.0",
+            "safe-buffer": "5.1.1",
+            "string_decoder": "1.1.1",
+            "util-deprecate": "1.0.2"
+          }
+        },
+        "string_decoder": {
+          "version": "1.1.1",
+          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+          "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+          "requires": {
+            "safe-buffer": "5.1.1"
+          }
+        },
+        "superagent": {
+          "version": "3.8.3",
+          "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz",
+          "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==",
+          "requires": {
+            "component-emitter": "1.2.1",
+            "cookiejar": "2.1.1",
+            "debug": "3.1.0",
+            "extend": "3.0.1",
+            "form-data": "2.3.1",
+            "formidable": "1.2.1",
+            "methods": "1.1.2",
+            "mime": "1.4.1",
+            "qs": "6.5.1",
+            "readable-stream": "2.3.6"
+          }
+        }
+      }
+    },
     "aws-sdk": {
       "version": "2.143.0",
       "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.143.0.tgz",
@@ -2247,6 +2325,11 @@
       "resolved": "https://registry.npmjs.org/crypto-browserify/-/crypto-browserify-1.0.9.tgz",
       "integrity": "sha1-zFRJaF37hesRyYKKzHy4erW7/MA="
     },
+    "crypto-js": {
+      "version": "3.1.9-1",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.1.9-1.tgz",
+      "integrity": "sha1-/aGedh/Ad+Af+/3G6f38WeiAbNg="
+    },
     "crypto-random-string": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-1.0.0.tgz",
@@ -3949,6 +4032,82 @@
       "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz",
       "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ=="
     },
+    "idtoken-verifier": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/idtoken-verifier/-/idtoken-verifier-1.2.0.tgz",
+      "integrity": "sha512-8jmmFHwdPz8L73zGNAXHHOV9yXNC+Z0TUBN5rafpoaFaLFltlIFr1JkQa3FYAETP23eSsulVw0sBiwrE8jqbUg==",
+      "requires": {
+        "base64-js": "1.2.1",
+        "crypto-js": "3.1.9-1",
+        "jsbn": "0.1.1",
+        "superagent": "3.8.3",
+        "url-join": "1.1.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "formidable": {
+          "version": "1.2.1",
+          "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz",
+          "integrity": "sha512-Fs9VRguL0gqGHkXS5GQiMCr1VhZBxz0JnJs4JmMp/2jL18Fmbzvv7vOFRU+U8TBkHEE/CX1qDXzJplVULgsLeg=="
+        },
+        "isarray": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+          "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
+        },
+        "process-nextick-args": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+          "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
+        },
+        "readable-stream": {
+          "version": "2.3.6",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+          "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+          "requires": {
+            "core-util-is": "1.0.2",
+            "inherits": "2.0.3",
+            "isarray": "1.0.0",
+            "process-nextick-args": "2.0.0",
+            "safe-buffer": "5.1.1",
+            "string_decoder": "1.1.1",
+            "util-deprecate": "1.0.2"
+          }
+        },
+        "string_decoder": {
+          "version": "1.1.1",
+          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+          "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+          "requires": {
+            "safe-buffer": "5.1.1"
+          }
+        },
+        "superagent": {
+          "version": "3.8.3",
+          "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz",
+          "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==",
+          "requires": {
+            "component-emitter": "1.2.1",
+            "cookiejar": "2.1.1",
+            "debug": "3.1.0",
+            "extend": "3.0.1",
+            "form-data": "2.3.1",
+            "formidable": "1.2.1",
+            "methods": "1.1.2",
+            "mime": "1.4.1",
+            "qs": "6.5.1",
+            "readable-stream": "2.3.6"
+          }
+        }
+      }
+    },
     "ieee754": {
       "version": "1.1.8",
       "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz",
@@ -4563,6 +4722,11 @@
         "nopt": "3.0.6"
       }
     },
+    "js-cookie": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.0.tgz",
+      "integrity": "sha1-Gywnmm7s44ChIWi5JIUmWzWx7/s="
+    },
     "js-string-escape": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/js-string-escape/-/js-string-escape-1.0.1.tgz",
@@ -4587,8 +4751,7 @@
     "jsbn": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
-      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
-      "optional": true
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM="
     },
     "jsesc": {
       "version": "1.3.0",
@@ -6991,11 +7154,6 @@
       "resolved": "https://registry.npmjs.org/stream-consume/-/stream-consume-0.1.0.tgz",
       "integrity": "sha1-pB6tGm1ggc63n2WwYZAbbY89HQ8="
     },
-    "string_decoder": {
-      "version": "0.10.31",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-      "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-    },
     "string-width": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
@@ -7007,6 +7165,11 @@
         "strip-ansi": "3.0.1"
       }
     },
+    "string_decoder": {
+      "version": "0.10.31",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
+      "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
+    },
     "stringstream": {
       "version": "0.0.5",
       "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz",
@@ -7221,8 +7384,9 @@
       }
     },
     "tc-core-library-js": {
-      "version": "github:appirio-tech/tc-core-library-js#4346c62b2c08d8f1d6b7a7642ef4c0c011c3f732",
+      "version": "github:appirio-tech/tc-core-library-js#df1f5c1a5578d3d1e475bfb4a7413d9dec25525a",
       "requires": {
+        "auth0-js": "9.6.0",
         "axios": "0.12.0",
         "bunyan": "1.8.12",
         "config": "1.27.0",
@@ -7621,6 +7785,11 @@
         "querystring": "0.2.0"
       }
     },
+    "url-join": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/url-join/-/url-join-1.1.0.tgz",
+      "integrity": "sha1-dBxsL0WWxIMNZxhGCSDQySIC3Hg="
+    },
     "url-parse-lax": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-1.0.0.tgz",
@@ -7838,6 +8007,11 @@
         "string-width": "1.0.2"
       }
     },
+    "winchan": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/winchan/-/winchan-0.2.0.tgz",
+      "integrity": "sha1-OGMCjn+XSw2hQS8oQXukJJcqvZQ="
+    },
     "window-size": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.1.0.tgz",
diff --git a/postman.json b/postman.json
index 5eb84b82..1a07fb9f 100644
--- a/postman.json
+++ b/postman.json
@@ -2837,6 +2837,74 @@
 					"response": []
 				}
 			]
+		},
+		{
+			"name": "issue86 (create project with projectTemplateId)",
+			"description": "",
+			"item": [
+				{
+					"name": "Create project with projectTemplateId",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project with projectTemplateId\",\n\t\t\"description\": \"Hello I am a test project with projectTemplateId\",\n\t\t\"type\": \"generic\",\n\t\t\"projectTemplateId\": 3\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create project with projectTemplateId (not existed)",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project with projectTemplateId\",\n\t\t\"description\": \"Hello I am a test project with projectTemplateId\",\n\t\t\"type\": \"generic\",\n\t\t\"projectTemplateId\": 3000\n\t}\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/projects",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects"
+							]
+						}
+					},
+					"response": []
+				}
+			]
 		}
 	]
 }
\ No newline at end of file
diff --git a/src/constants.js b/src/constants.js
index 85aac5f3..ed5f4ba6 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -1,15 +1,4 @@
 
-export const PROJECT_TYPE = {
-  APP_DEV: 'app_dev',
-  GENERIC: 'generic',
-  VISUAL_PROTOTYPE: 'visual_prototype',
-  VISUAL_DESIGN: 'visual_design',
-  WEBSITE: 'website',
-  APP: 'app',
-  QUALITY_ASSURANCE: 'quality_assurance',
-  CHATBOT: 'chatbot',
-};
-
 export const PROJECT_STATUS = {
   DRAFT: 'draft',
   IN_REVIEW: 'in_review',
diff --git a/src/models/project.js b/src/models/project.js
index 27b3a8e6..41da06ea 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -1,7 +1,7 @@
 /* eslint-disable valid-jsdoc */
 
 import _ from 'lodash';
-import { PROJECT_TYPE, PROJECT_STATUS, PROJECT_MEMBER_ROLE } from '../constants';
+import { PROJECT_STATUS, PROJECT_MEMBER_ROLE } from '../constants';
 
 module.exports = function defineProject(sequelize, DataTypes) {
   const Project = sequelize.define('Project', {
@@ -36,6 +36,7 @@ module.exports = function defineProject(sequelize, DataTypes) {
     cancelReason: DataTypes.STRING,
     version: DataTypes.STRING(15),
     templateId: DataTypes.BIGINT,
+    projectTemplateId: DataTypes.BIGINT,
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 48ccfce9..a6547b07 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -3,9 +3,10 @@
 import validate from 'express-validation';
 import _ from 'lodash';
 import Joi from 'joi';
+import config from 'config';
 
 import models from '../../models';
-import { PROJECT_TYPE, PROJECT_MEMBER_ROLE, PROJECT_STATUS, USER_ROLE, EVENT, REGEX } from '../../constants';
+import { PROJECT_MEMBER_ROLE, PROJECT_STATUS, USER_ROLE, EVENT, REGEX } from '../../constants';
 import util from '../../util';
 import directProject from '../../services/directProject';
 
@@ -52,6 +53,7 @@ const createProjectValdiations = {
         groups: Joi.array().items(Joi.number().positive()),
       })).allow(null),
       templateId: Joi.number().positive(),
+      projectTemplateId: Joi.number().integer().positive(),
       version: Joi.string(),
     }).required(),
   },
@@ -81,7 +83,7 @@ module.exports = [
       external: null,
       utm: null,
     });
-    traverse(project).forEach(function (x) {
+    traverse(project).forEach(function (x) { // eslint-disable-line func-names
       if (this.isLeaf && typeof x === 'string') this.update(req.sanitize(x));
     });
     // override values
@@ -99,12 +101,9 @@ module.exports = [
     });
     models.sequelize.transaction(() => {
       let newProject = null;
+      let projectTemplate;
       // Validate the project type
-      return models.ProjectType.findOne({
-        where: {
-          key: project.type,
-        }
-      })
+      return models.ProjectType.findOne({ where: { key: project.type } })
         .then((projectType) => {
           if (!projectType) {
             // Not found
@@ -113,15 +112,35 @@ module.exports = [
             return Promise.reject(apiErr);
           }
 
+          return Promise.resolve();
+        })
+        // Validate the projectTemplateId
+        .then(() => {
+          if (project.projectTemplateId) {
+            return models.ProjectTemplate.findById(project.projectTemplateId)
+              .then((existingProjectTemplate) => {
+                if (!existingProjectTemplate) {
+                  // Not found
+                  const apiErr = new Error(`Project template not found for id ${project.projectTemplateId}`);
+                  apiErr.status = 422;
+                  return Promise.reject(apiErr);
+                }
+
+                projectTemplate = existingProjectTemplate;
+                return Promise.resolve();
+              });
+          }
+          return Promise.resolve();
+        })
+        .then(() =>
           // Create project
-          return models.Project
+          models.Project
             .create(project, {
               include: [{
                 model: models.ProjectMember,
                 as: 'members',
               }],
-            });
-        })
+            }))
         .then((_newProject) => {
           newProject = _newProject;
           req.log.debug('new project created (id# %d, name: %s)',
@@ -165,6 +184,59 @@ module.exports = [
           newProject = _.omit(newProject, ['deletedAt', 'utm']);
           // add an empty attachments array
           newProject.attachments = [];
+          // add an empty phases array
+          newProject.phases = [];
+
+          // Create phases and products
+          if (!projectTemplate) {
+            return Promise.resolve();
+          }
+
+          const phases = _.values(projectTemplate.phases);
+          return Promise.all(_.map(phases, phase =>
+            // Create phase
+            models.ProjectPhase.create(
+              _.assign(
+                _.omit(phase, 'products'),
+                {
+                  projectId: newProject.id,
+                  updatedBy: req.authUser.userId,
+                  createdBy: req.authUser.userId,
+                },
+              ),
+            )
+              .then((newPhase) => {
+                // Make sure number of products of per phase <= max value
+                const productCount = _.isArray(phase.products) ? phase.products.length : 0;
+                if (productCount > config.maxPhaseProductCount) {
+                  const err = new Error('the number of products per phase cannot exceed ' +
+                    `${config.maxPhaseProductCount}`);
+                  err.status = 422;
+                  throw err;
+                }
+
+                // Create products
+                return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
+                  // productKey is just used for the JSON to be more human readable
+                  // id need to map to templateId
+                  _.assign(_.omit(product, ['id', 'productKey']), {
+                    phaseId: newPhase.id,
+                    projectId: newProject.id,
+                    templateId: product.id,
+                    updatedBy: req.authUser.userId,
+                    createdBy: req.authUser.userId,
+                  })), { returning: true })
+                  .then((products) => {
+                    // Add phases and products to the project JSON, so they can be stored to ES later
+                    const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
+                    newPhaseJson.products = _.map(products, product =>
+                      _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
+                    newProject.phases.push(newPhaseJson);
+                    return Promise.resolve();
+                  });
+              })));
+        })
+        .then(() => {
           req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
           req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
             newProject,
@@ -176,6 +248,7 @@ module.exports = [
           res.status(201).json(util.wrapResponse(req.id, newProject, 1, 201));
         })
         .catch((err) => {
+          req.log.error(err.message);
           util.handleError('Error creating project', err, req, next);
         });
     });
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index 98a190f9..d6dfa5f1 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -12,8 +12,8 @@ import models from '../../models';
 
 const should = chai.should();
 
-sinon.stub(RabbitMQService.prototype, 'init', () => {});
-sinon.stub(RabbitMQService.prototype, 'publish', () => {});
+sinon.stub(RabbitMQService.prototype, 'init', () => { });
+sinon.stub(RabbitMQService.prototype, 'publish', () => { });
 
 describe('Project create', () => {
   before((done) => {
@@ -24,7 +24,86 @@ describe('Project create', () => {
           displayName: 'Generic',
           createdBy: 1,
           updatedBy: 1,
-        }
+        },
+      ]))
+      .then(() => models.ProjectTemplate.bulkCreate([
+        {
+          id: 1,
+          name: 'template 1',
+          key: 'key 1',
+          category: 'category 1',
+          icon: 'http://example.com/icon1.ico',
+          question: 'question 1',
+          info: 'info 1',
+          aliases: [],
+          scope: {},
+          phases: {
+            phase1: {
+              name: 'phase 1',
+              products: [
+                {
+                  id: 21,
+                  name: 'product 1',
+                  productKey: 'visual_design_prod1',
+                },
+                {
+                  id: 22,
+                  name: 'product 2',
+                  productKey: 'visual_design_prod2',
+                },
+              ],
+            },
+          },
+          createdBy: 1,
+          updatedBy: 1,
+        },
+        {
+          id: 3,
+          name: 'template 3',
+          key: 'key 3',
+          category: 'category 3',
+          icon: 'http://example.com/icon3.ico',
+          question: 'question 3',
+          info: 'info 3',
+          aliases: [],
+          scope: {},
+          phases: {
+            1: {
+              name: 'Design Stage',
+              status: 'open',
+              details: {
+                description: 'detailed description',
+              },
+              products: [
+                {
+                  id: 21,
+                  name: 'product 1',
+                  productKey: 'visual_design_prod',
+                },
+              ],
+            },
+            2: {
+              name: 'Development Stage',
+              status: 'open',
+              products: [
+                {
+                  id: 23,
+                  name: 'product 2',
+                  details: {
+                    subDetails: 'subDetails 2',
+                  },
+                  productKey: 'website_development',
+                },
+              ],
+            },
+            3: {
+              name: 'QA Stage',
+              status: 'open',
+            },
+          },
+          createdBy: 1,
+          updatedBy: 2,
+        },
       ]))
       .then(() => done());
   });
@@ -102,6 +181,32 @@ describe('Project create', () => {
         .expect(422, done);
     });
 
+    it('should return 422 if projectTemplateId does not exist', (done) => {
+      const invalidBody = _.cloneDeep(body);
+      invalidBody.param.projectTemplateId = 3000;
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if phaseProduct count exceeds max value', (done) => {
+      const invalidBody = _.cloneDeep(body);
+      invalidBody.param.projectTemplateId = 1;
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
     it('should return 201 if error to create direct project', (done) => {
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.reject(new Error('error message')),
@@ -178,5 +283,64 @@ describe('Project create', () => {
           }
         });
     });
+
+    it('should return 201 if valid user and data (with projectTemplateId)', (done) => {
+      const mockHttpClient = _.merge(testUtil.mockHttpClient, {
+        post: () => Promise.resolve({
+          status: 200,
+          data: {
+            id: 'requesterId',
+            version: 'v3',
+            result: {
+              success: true,
+              status: 200,
+              content: {
+                projectId: 128,
+              },
+            },
+          },
+        }),
+      });
+      sandbox.stub(util, 'getHttpClient', () => mockHttpClient);
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(_.merge({ param: { projectTemplateId: 3 } }, body))
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            should.exist(resJson.billingAccountId);
+            should.exist(resJson.name);
+            resJson.directProjectId.should.be.eql(128);
+            resJson.status.should.be.eql('draft');
+            resJson.type.should.be.eql(body.param.type);
+            resJson.members.should.have.lengthOf(1);
+            resJson.members[0].role.should.be.eql('customer');
+            resJson.members[0].userId.should.be.eql(40051331);
+            resJson.members[0].projectId.should.be.eql(resJson.id);
+            resJson.members[0].isPrimary.should.be.truthy;
+            resJson.bookmarks.should.have.lengthOf(1);
+            resJson.bookmarks[0].title.should.be.eql('title1');
+            resJson.bookmarks[0].address.should.be.eql('http://www.address.com');
+            resJson.phases.should.have.lengthOf(3);
+            const phases = _.sortBy(resJson.phases, p => p.name);
+            phases[0].name.should.be.eql('Design Stage');
+            phases[0].status.should.be.eql('open');
+            phases[0].details.should.be.eql({ description: 'detailed description' });
+            phases[0].products.should.have.lengthOf(1);
+            phases[0].products[0].name.should.be.eql('product 1');
+            phases[0].products[0].templateId.should.be.eql(21);
+            server.services.pubsub.publish.calledWith('project.draft-created').should.be.true;
+            done();
+          }
+        });
+    });
   });
 });
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
index d0efccd6..8a9f4058 100644
--- a/src/routes/projects/update.js
+++ b/src/routes/projects/update.js
@@ -6,7 +6,6 @@ import {
 } from 'tc-core-library-js';
 import models from '../../models';
 import {
-  PROJECT_TYPE,
   PROJECT_STATUS,
   PROJECT_MEMBER_ROLE,
   EVENT,
@@ -63,6 +62,7 @@ const updateProjectValdiations = {
       type: Joi.string().max(45),
       details: Joi.any(),
       memers: Joi.any(),
+      projectTemplateId: Joi.any().strip(), // ignore the project template id
       createdBy: Joi.any(),
       createdAt: Joi.any(),
       updatedBy: Joi.any(),
@@ -127,7 +127,7 @@ module.exports = [
             err.status = 422;
             next(err);
           }
-        })
+        });
     } else {
       next();
     }
@@ -142,7 +142,7 @@ module.exports = [
     const projectId = _.parseInt(req.params.projectId);
     // prune any fields that cannot be updated directly
     updatedProps = _.omit(updatedProps, ['createdBy', 'createdAt', 'updatedBy', 'updatedAt', 'id']);
-    traverse(updatedProps).forEach(function (x) {
+    traverse(updatedProps).forEach(function (x) { // eslint-disable-line func-names
       if (x && this.isLeaf && typeof x === 'string') this.update(req.sanitize(x));
     });
     let previousValue;
diff --git a/src/routes/projects/update.spec.js b/src/routes/projects/update.spec.js
index e7b9abf0..4671e0c7 100644
--- a/src/routes/projects/update.spec.js
+++ b/src/routes/projects/update.spec.js
@@ -26,7 +26,7 @@ describe('Project', () => {
           displayName: 'Generic',
           createdBy: 1,
           updatedBy: 1,
-        }
+        },
       ]))
       .then(() => done());
   });
@@ -38,6 +38,7 @@ describe('Project', () => {
     const body = {
       param: {
         name: 'updatedProject name',
+        type: 'generic',
       },
     };
     let sandbox;
@@ -331,7 +332,7 @@ describe('Project', () => {
     it('should return 422 if project type does not exist', (done) => {
       const mbody = {
         param: {
-          type: 'not_exist'
+          type: 'not_exist',
         },
       };
       request(server)
@@ -394,10 +395,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-          where: {
-            id: project1.id,
-          },
-        })
+        where: {
+          id: project1.id,
+        },
+      })
         .then(() => {
           const mbody = {
             param: {
@@ -447,10 +448,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-          where: {
-            id: project1.id,
-          },
-        })
+        where: {
+          id: project1.id,
+        },
+      })
         .then(() => {
           const mbody = {
             param: {
@@ -500,10 +501,10 @@ describe('Project', () => {
       models.Project.update({
         status: PROJECT_STATUS.CANCELLED,
       }, {
-          where: {
-            id: project1.id,
-          },
-        })
+        where: {
+          id: project1.id,
+        },
+      })
         .then(() => {
           const mbody = {
             param: {
@@ -754,10 +755,10 @@ describe('Project', () => {
         models.Project.update({
           status: PROJECT_STATUS.CANCELLED,
         }, {
-            where: {
-              id: project1.id,
-            },
-          })
+          where: {
+            id: project1.id,
+          },
+        })
           .then(() => {
             const mbody = {
               param: {
diff --git a/src/tests/seed.js b/src/tests/seed.js
index 2a66734f..a745ead0 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -162,16 +162,36 @@ models.sequelize.sync({ force: true })
       phases: {
         1: {
           name: 'Design Stage',
+          status: 'open',
+          details: {
+            description: 'detailed description',
+          },
           products: [
-            { id: 21, productKey: 'visual_design_prod' },
+            {
+              id: 21,
+              name: 'product 1',
+              productKey: 'visual_design_prod',
+            },
           ],
         },
         2: {
           name: 'Development Stage',
+          status: 'open',
           products: [
-            { id: 23, productKey: 'website_development' },
+            {
+              id: 23,
+              name: 'product 2',
+              details: {
+                subDetails: 'subDetails 2',
+              },
+              productKey: 'website_development',
+            },
           ],
         },
+        3: {
+          name: 'QA Stage',
+          status: 'open',
+        },
       },
       createdBy: 1,
       updatedBy: 2,
diff --git a/swagger.yaml b/swagger.yaml
index 6df120e1..7efa7613 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -862,6 +862,133 @@ paths:
           description: Product template successfully removed
 
 
+  /projectTypes:
+    get:
+      tags:
+        - projectType
+      operationId: findProjectTypes
+      security:
+        - Bearer: []
+      description: Retreive all project types. All user roles can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of project types
+          schema:
+            $ref: "#/definitions/ProjectTypeListResponse"
+    post:
+      tags:
+        - projectType
+      operationId: addProjectType
+      security:
+        - Bearer: []
+      description: Create a project type. Only admin or connect admin can access this endpoint.
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/ProjectTypeCreateBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created project type
+          schema:
+            $ref: "#/definitions/ProjectTypeResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /projectTypes/{key}:
+    get:
+      tags:
+        - projectType
+      description: Retrieve project type by id. All user roles can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a project type
+          schema:
+            $ref: "#/definitions/ProjectTypeResponse"
+      parameters:
+        - $ref: "#/parameters/keyParam"
+      operationId: getProjectType
+
+    patch:
+      tags:
+        - projectType
+      operationId: updateProjectType
+      security:
+        - Bearer: []
+      description: Update a project type. Only admin or connect admin can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated project type.
+          schema:
+            $ref: "#/definitions/ProjectTypeResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/keyParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/ProjectTypeBodyParam"
+
+    delete:
+      tags:
+        - projectType
+      description: Remove an existing project type. Only admin or connect admin can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/keyParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: If project is not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Project type successfully removed
+
+
+
+
 parameters:
   projectIdParam:
     name: projectId
@@ -894,6 +1021,12 @@ parameters:
     type: integer
     format: int64
     minimum: 1
+  keyParam:
+    name: key
+    in: path
+    description: project type key
+    required: true
+    type: string
   offsetParam:
     name: offset
     description: "number of items to skip. Defaults to 0"
@@ -999,7 +1132,6 @@ definitions:
       type:
         type: string
         description: project type
-        enum: ["generic", "visual_design", "visual_prototype", "app_dev"]
       bookmarks:
         type: array
         items:
@@ -1021,6 +1153,10 @@ definitions:
             type: string
           source:
             type: string
+      projectTemplateId:
+        description: the project template identifier
+        type: number
+        format: long
 
 
   NewProjectBodyParam:
@@ -1110,7 +1246,6 @@ definitions:
       type:
         type: string
         description: project type
-        enum: ["app_dev", "generic", "visual_prototype", "visual_design"]
       status:
         type: string
         description: current state of the task
@@ -1143,6 +1278,10 @@ definitions:
           $ref: "#/definitions/ProjectAttachment"
       details:
         $ref: "#/definitions/ProjectDetails"
+      projectTemplateId:
+        description: the project template identifier
+        type: number
+        format: long
 
       createdAt:
         type: string
@@ -1975,4 +2114,128 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/PhaseProduct"
\ No newline at end of file
+              $ref: "#/definitions/PhaseProduct"
+              
+              
+              
+  ProjectTypeRequest:
+    title: Project type request object
+    type: object
+    required:
+      - displayName
+    properties:
+      displayName:
+        type: string
+        description: the project type display name
+
+  ProjectTypeBodyParam:
+    title: Project type body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectTypeRequest"
+
+  ProjectTypeCreateRequest:
+    title: Project type creation request object
+    type: object
+    allOf:
+      - type: object
+        required:
+          - key
+        properties:
+          key:
+            type: string
+            description: the project type key
+      - $ref: "#/definitions/ProjectTypeRequest"
+
+  ProjectTypeCreateBodyParam:
+    title: Project type creation body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectTypeCreateRequest"
+
+  ProjectType:
+    title: Project type object
+    allOf:
+      - type: object
+        required:
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          key:
+            type: string
+            description: the project type key
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProjectTypeCreateRequest"
+
+
+  ProjectTypeResponse:
+    title: Single project type response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/ProjectType"
+
+  ProjectTypeListResponse:
+    title: Project type list response object
+    type: object
+    properties:
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/ProjectType"
\ No newline at end of file

From 5a8ab3ce46cd5bd93fbfb79992afa55561712601 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Mon, 4 Jun 2018 16:18:36 +0700
Subject: [PATCH 16/59] Additiona fix for #86 #87 according to reviewer
 comments

---
 config/default.json                |   8 +--
 postman.json                       |  10 +--
 src/models/project.js              |   1 -
 src/routes/projects/create.js      | 102 +++++++++++++++--------------
 src/routes/projects/create.spec.js |  10 +--
 src/routes/projects/update.js      |   2 +-
 swagger.yaml                       |   4 +-
 7 files changed, 69 insertions(+), 68 deletions(-)

diff --git a/config/default.json b/config/default.json
index 857a6add..05b3dfe5 100644
--- a/config/default.json
+++ b/config/default.json
@@ -39,9 +39,9 @@
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1,
-  "AUTH0_CLIENT_ID": "5fctfjaLJHdvM04kSrCcC8yn0I4t1JTd",
-  "AUTH0_CLIENT_SECRET": "GhvDENIrYXo-d8xQ10fxm9k7XSVg491vlpvolXyWNBmeBdhsA5BAq2mH4cAAYS0x",
-  "AUTH0_AUDIENCE": "https://www.topcoder.com",
-  "AUTH0_URL": "https://topcoder-newauth.auth0.com/oauth/token",
+  "AUTH0_CLIENT_ID": "",
+  "AUTH0_CLIENT_SECRET": "",
+  "AUTH0_AUDIENCE": "",
+  "AUTH0_URL": "",
   "TOKEN_CACHE_TIME": ""
 }
diff --git a/postman.json b/postman.json
index 1a07fb9f..1d64ee62 100644
--- a/postman.json
+++ b/postman.json
@@ -2839,11 +2839,11 @@
 			]
 		},
 		{
-			"name": "issue86 (create project with projectTemplateId)",
+			"name": "issue86 (create project with templateId)",
 			"description": "",
 			"item": [
 				{
-					"name": "Create project with projectTemplateId",
+					"name": "Create project with templateId",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -2858,7 +2858,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project with projectTemplateId\",\n\t\t\"description\": \"Hello I am a test project with projectTemplateId\",\n\t\t\"type\": \"generic\",\n\t\t\"projectTemplateId\": 3\n\t}\n}"
+							"raw": "{\n  \"param\": {\n    \"name\": \"test project with templateId\",\n    \"description\": \"Hello I am a test project with templateId\",\n    \"type\": \"generic\",\n    \"templateId\": 3\n  }\n}"
 						},
 						"url": {
 							"raw": "{{api-url}}/v4/projects",
@@ -2874,7 +2874,7 @@
 					"response": []
 				},
 				{
-					"name": "Create project with projectTemplateId (not existed)",
+					"name": "Create project with templateId (not existed)",
 					"request": {
 						"method": "POST",
 						"header": [
@@ -2889,7 +2889,7 @@
 						],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project with projectTemplateId\",\n\t\t\"description\": \"Hello I am a test project with projectTemplateId\",\n\t\t\"type\": \"generic\",\n\t\t\"projectTemplateId\": 3000\n\t}\n}"
+							"raw": "{\n\t\"param\": {\n\t\t\"name\": \"test project with templateId\",\n\t\t\"description\": \"Hello I am a test project with templateId\",\n\t\t\"type\": \"generic\",\n\t\t\"templateId\": 3000\n\t}\n}"
 						},
 						"url": {
 							"raw": "{{api-url}}/v4/projects",
diff --git a/src/models/project.js b/src/models/project.js
index 41da06ea..319d0048 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -36,7 +36,6 @@ module.exports = function defineProject(sequelize, DataTypes) {
     cancelReason: DataTypes.STRING,
     version: DataTypes.STRING(15),
     templateId: DataTypes.BIGINT,
-    projectTemplateId: DataTypes.BIGINT,
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index a6547b07..b27fb4c4 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -52,8 +52,7 @@ const createProjectValdiations = {
         users: Joi.array().items(Joi.number().positive()),
         groups: Joi.array().items(Joi.number().positive()),
       })).allow(null),
-      templateId: Joi.number().positive(),
-      projectTemplateId: Joi.number().integer().positive(),
+      templateId: Joi.number().integer().positive(),
       version: Joi.string(),
     }).required(),
   },
@@ -102,6 +101,7 @@ module.exports = [
     models.sequelize.transaction(() => {
       let newProject = null;
       let projectTemplate;
+      const newPhases = [];
       // Validate the project type
       return models.ProjectType.findOne({ where: { key: project.type } })
         .then((projectType) => {
@@ -114,14 +114,14 @@ module.exports = [
 
           return Promise.resolve();
         })
-        // Validate the projectTemplateId
+        // Validate the templateId
         .then(() => {
-          if (project.projectTemplateId) {
-            return models.ProjectTemplate.findById(project.projectTemplateId)
+          if (project.templateId) {
+            return models.ProjectTemplate.findById(project.templateId)
               .then((existingProjectTemplate) => {
                 if (!existingProjectTemplate) {
                   // Not found
-                  const apiErr = new Error(`Project template not found for id ${project.projectTemplateId}`);
+                  const apiErr = new Error(`Project template not found for id ${project.templateId}`);
                   apiErr.status = 422;
                   return Promise.reject(apiErr);
                 }
@@ -143,51 +143,9 @@ module.exports = [
             }))
         .then((_newProject) => {
           newProject = _newProject;
-          req.log.debug('new project created (id# %d, name: %s)',
-            newProject.id, newProject.name);
-          // create direct project with name and description
-          const body = {
-            projectName: newProject.name,
-            projectDescription: newProject.description,
-          };
-          // billingAccountId is optional field
-          if (newProject.billingAccountId) {
-            body.billingAccountId = newProject.billingAccountId;
-          }
-          req.log.debug('creating project history for project %d', newProject.id);
-          // add to project history
-          models.ProjectHistory.create({
-            projectId: _newProject.id,
-            status: PROJECT_STATUS.DRAFT,
-            cancelReason: null,
-            updatedBy: req.authUser.userId,
-          }).then(() => req.log.debug('project history created for project %d', newProject.id))
-            .catch(() => req.log.error('project history failed for project %d', newProject.id));
-          req.log.debug('creating direct project for project %d', newProject.id);
-          return directProject.createDirectProject(req, body)
-            .then((resp) => {
-              newProject.directProjectId = resp.data.result.content.projectId;
-              return newProject.save();
-            })
-            .then(() => newProject.reload(newProject.id))
-            .catch((err) => {
-              // log the error and continue
-              req.log.error('Error creating direct project');
-              req.log.error(err);
-              return Promise.resolve();
-            });
-          // return Promise.resolve();
-        })
-        .then(() => {
-          newProject = newProject.get({ plain: true });
-          // remove utm details & deletedAt field
-          newProject = _.omit(newProject, ['deletedAt', 'utm']);
-          // add an empty attachments array
-          newProject.attachments = [];
-          // add an empty phases array
-          newProject.phases = [];
 
           // Create phases and products
+          // This needs to be done before creating direct project
           if (!projectTemplate) {
             return Promise.resolve();
           }
@@ -231,12 +189,56 @@ module.exports = [
                     const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
                     newPhaseJson.products = _.map(products, product =>
                       _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
-                    newProject.phases.push(newPhaseJson);
+                    newPhases.push(newPhaseJson);
                     return Promise.resolve();
                   });
               })));
         })
         .then(() => {
+          req.log.debug('new project created (id# %d, name: %s)',
+            newProject.id, newProject.name);
+          // create direct project with name and description
+          const body = {
+            projectName: newProject.name,
+            projectDescription: newProject.description,
+          };
+          // billingAccountId is optional field
+          if (newProject.billingAccountId) {
+            body.billingAccountId = newProject.billingAccountId;
+          }
+          req.log.debug('creating project history for project %d', newProject.id);
+          // add to project history
+          models.ProjectHistory.create({
+            projectId: newProject.id,
+            status: PROJECT_STATUS.DRAFT,
+            cancelReason: null,
+            updatedBy: req.authUser.userId,
+          }).then(() => req.log.debug('project history created for project %d', newProject.id))
+            .catch(() => req.log.error('project history failed for project %d', newProject.id));
+          req.log.debug('creating direct project for project %d', newProject.id);
+          return directProject.createDirectProject(req, body)
+            .then((resp) => {
+              newProject.directProjectId = resp.data.result.content.projectId;
+              return newProject.save();
+            })
+            .then(() => newProject.reload(newProject.id))
+            .catch((err) => {
+              // log the error and continue
+              req.log.error('Error creating direct project');
+              req.log.error(err);
+              return Promise.resolve();
+            });
+          // return Promise.resolve();
+        })
+        .then(() => {
+          newProject = newProject.get({ plain: true });
+          // remove utm details & deletedAt field
+          newProject = _.omit(newProject, ['deletedAt', 'utm']);
+          // add an empty attachments array
+          newProject.attachments = [];
+          // set phases array
+          newProject.phases = newPhases;
+
           req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
           req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
             newProject,
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index d6dfa5f1..c8f594dc 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -181,9 +181,9 @@ describe('Project create', () => {
         .expect(422, done);
     });
 
-    it('should return 422 if projectTemplateId does not exist', (done) => {
+    it('should return 422 if templateId does not exist', (done) => {
       const invalidBody = _.cloneDeep(body);
-      invalidBody.param.projectTemplateId = 3000;
+      invalidBody.param.templateId = 3000;
       request(server)
         .post('/v4/projects')
         .set({
@@ -196,7 +196,7 @@ describe('Project create', () => {
 
     it('should return 422 if phaseProduct count exceeds max value', (done) => {
       const invalidBody = _.cloneDeep(body);
-      invalidBody.param.projectTemplateId = 1;
+      invalidBody.param.templateId = 1;
       request(server)
         .post('/v4/projects')
         .set({
@@ -284,7 +284,7 @@ describe('Project create', () => {
         });
     });
 
-    it('should return 201 if valid user and data (with projectTemplateId)', (done) => {
+    it('should return 201 if valid user and data (with templateId)', (done) => {
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.resolve({
           status: 200,
@@ -307,7 +307,7 @@ describe('Project create', () => {
         .set({
           Authorization: `Bearer ${testUtil.jwts.member}`,
         })
-        .send(_.merge({ param: { projectTemplateId: 3 } }, body))
+        .send(_.merge({ param: { templateId: 3 } }, body))
         .expect('Content-Type', /json/)
         .expect(201)
         .end((err, res) => {
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
index 8a9f4058..fc17b451 100644
--- a/src/routes/projects/update.js
+++ b/src/routes/projects/update.js
@@ -62,7 +62,7 @@ const updateProjectValdiations = {
       type: Joi.string().max(45),
       details: Joi.any(),
       memers: Joi.any(),
-      projectTemplateId: Joi.any().strip(), // ignore the project template id
+      templateId: Joi.any().strip(), // ignore the template id
       createdBy: Joi.any(),
       createdAt: Joi.any(),
       updatedBy: Joi.any(),
diff --git a/swagger.yaml b/swagger.yaml
index 7efa7613..000f7285 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -1153,7 +1153,7 @@ definitions:
             type: string
           source:
             type: string
-      projectTemplateId:
+      templateId:
         description: the project template identifier
         type: number
         format: long
@@ -1278,7 +1278,7 @@ definitions:
           $ref: "#/definitions/ProjectAttachment"
       details:
         $ref: "#/definitions/ProjectDetails"
-      projectTemplateId:
+      templateId:
         description: the project template identifier
         type: number
         format: long

From baefcd010723b3d663ab5145c56a6d9793c27a55 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 4 Jun 2018 17:51:47 +0530
Subject: [PATCH 17/59] Added logic for creating/deleting a topic for a phase
 created/deleted for a project.

---
 config/custom-environment-variables.json |   1 +
 config/default.json                      |   1 +
 src/events/busApi.js                     |   1 +
 src/events/projectPhases/index.js        |  96 +++++++++++++-
 src/services/messageService.js           | 153 +++++++++++++++++++++++
 5 files changed, 246 insertions(+), 6 deletions(-)
 create mode 100644 src/services/messageService.js

diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index 07c7936f..6b5731a7 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -31,6 +31,7 @@
   "VALID_ISSUERS": "VALID_ISSUERS",
   "jwksUri": "JWKS_URI",
   "busApiUrl": "BUS_API_URL",
+  "messageApiUrl": "MESSAGE_SERVICE_URL",
   "AUTH0_URL" : "AUTH0_URL",
   "AUTH0_CLIENT_ID": "AUTH0_CLIENT_ID",
   "AUTH0_CLIENT_SECRET": "AUTH0_CLIENT_SECRET",
diff --git a/config/default.json b/config/default.json
index 05b3dfe5..053f0c35 100644
--- a/config/default.json
+++ b/config/default.json
@@ -36,6 +36,7 @@
   "validIssuers": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]",
   "jwksUri": "",
   "busApiUrl": "http://api.topcoder-dev.com/v5",
+  "messageApiUrl": "http://api.topcoder-dev.com/v5",
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1,
diff --git a/src/events/busApi.js b/src/events/busApi.js
index ae693f02..afb1b432 100644
--- a/src/events/busApi.js
+++ b/src/events/busApi.js
@@ -257,6 +257,7 @@ module.exports = (app, logger) => {
           projectName: project.name,
           userId: req.authUser.userId,
           initiatorUserId: req.authUser.userId,
+          phase: created,
         }, logger);
       }).catch(err => null);    // eslint-disable-line no-unused-vars
   });
diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index 7543bdae..6995eb13 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -7,6 +7,7 @@ import config from 'config';
 import _ from 'lodash';
 import Promise from 'bluebird';
 import util from '../../util';
+import messageService from '../../services/messageService';
 
 const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
 const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
@@ -14,13 +15,13 @@ const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
 const eClient = util.getElasticSearchClient();
 
 /**
- * Handler for project phase creation event
+ * Indexes the project phase in the elastic search.
+ *
  * @param  {Object} logger  logger to log along with trace id
  * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
  * @returns {undefined}
  */
-const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+const indexProjectPhase = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
   try {
     const data = JSON.parse(msg.content.toString());
     const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
@@ -29,6 +30,50 @@ const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, chann
     const merged = _.assign(doc._source, { phases }); // eslint-disable-line no-underscore-dangle
     yield eClient.update({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId, body: { doc: merged } });
     logger.debug('project phase added to project document successfully');
+  } catch (error) {
+    logger.error('Error handling indexing the project phase', error);
+    // throw the error back to nack the bus
+    throw error;
+  }
+});
+
+/**
+ * Creates a new phase topic in message api.
+ *
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @returns {undefined}
+ */
+const createPhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
+  try {
+    const phase = JSON.parse(msg.content.toString());
+    const topic = yield messageService.createTopic({
+      reference: 'project',
+      referenceId: `${phase.projectId}`,
+      tag: `phase#${phase.id}`,
+      title: phase.name,
+      body: 'Welcome!!! Please use this channel for communication around the phase.',
+    }, logger);
+    logger.debug('topic for the phase created successfully');
+    logger.debug(topic);
+  } catch (error) {
+    logger.error('Error in creating topic for the project phase', error);
+    // don't throw the error back to nack the bus, because we don't want to get multiple topics per phase
+    // we can create topic for a phase manually, if somehow it fails
+  }
+});
+
+/**
+ * Handler for project phase creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    yield indexProjectPhase(logger, msg, channel);
+    yield createPhaseTopic(logger, msg);
     channel.ack(msg);
   } catch (error) {
     logger.error('Error handling project.phase.added event', error);
@@ -73,13 +118,13 @@ const projectPhaseUpdatedHandler = Promise.coroutine(function* (logger, msg, cha
 });
 
 /**
- * Handler for project phase deleted event
+ * Removes the project phase from the elastic search.
+ *
  * @param  {Object} logger  logger to log along with trace id
  * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
  * @returns {undefined}
  */
-const projectPhaseRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+const removePhaseFromIndex = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
   try {
     const data = JSON.parse(msg.content.toString());
     const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
@@ -94,6 +139,45 @@ const projectPhaseRemovedHandler = Promise.coroutine(function* (logger, msg, cha
       },
     });
     logger.debug('project phase removed from project document successfully');
+  } catch (error) {
+    logger.error('Error in removing project phase from index', error);
+    // throw the error back to nack the bus
+    throw error;
+  }
+});
+
+/**
+ * Removes the phase topic from the message api.
+ *
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @returns {undefined}
+ */
+const removePhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
+  try {
+    const phase = JSON.parse(msg.content.toString());
+    const phaseTopic = yield messageService.getPhaseTopic(phase.projectId, phase.id, logger);
+    yield messageService.deletePosts(phaseTopic.id, phaseTopic.postIds, logger);
+    yield messageService.deleteTopic(phaseTopic.id, logger);
+    logger.debug('topic for the phase removed successfully');
+  } catch (error) {
+    logger.error('Error in removing topic for the project phase', error);
+    // don't throw the error back to nack the bus
+    // we can delete topic for a phase manually, if somehow it fails
+  }
+});
+
+/**
+ * Handler for project phase deleted event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectPhaseRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    yield removePhaseFromIndex(logger, msg, channel);
+    yield removePhaseTopic(logger, msg);
     channel.ack(msg);
   } catch (error) {
     logger.error('Error fetching project document from elasticsearch', error);
diff --git a/src/services/messageService.js b/src/services/messageService.js
new file mode 100644
index 00000000..ce03ff45
--- /dev/null
+++ b/src/services/messageService.js
@@ -0,0 +1,153 @@
+import config from 'config';
+import _ from 'lodash';
+
+const Promise = require('bluebird');
+const axios = require('axios');
+const tcCoreLibAuth = require('tc-core-library-js').auth;
+
+const m2m = tcCoreLibAuth.m2m(config);
+
+let client = null;
+
+/**
+ * Get Http client to bus api
+ * @param {Object} logger object
+ * @return {Object} Http Client to bus api
+ */
+async function getClient(logger) {
+  if (client) return client;
+  const msgApiUrl = config.get('messageApiUrl');
+  try {
+    const token = await m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET);
+    client = axios.create({ baseURL: msgApiUrl });
+
+    // Alter defaults after instance has been created
+    client.defaults.headers.common.Authorization = `Bearer ${token}`;
+
+    // Add a response interceptor
+    client.interceptors.response.use(function (res) { // eslint-disable-line
+      return res;
+    }, function (error) { // eslint-disable-line
+      if (error.response) {
+        // The request was made and the server responded with a status code
+        // that falls out of the range of 2xx
+        logger.debug(error.response.data);
+        logger.debug(error.response.status);
+        logger.debug(error.response.headers);
+      } else if (error.request) {
+        // The request was made but no response was received
+        // `error.request` is an instance of XMLHttpRequest in the browser and an instance of
+        // http.ClientRequest in node.js
+        logger.debug(error.request);
+      } else {
+        // Something happened in setting up the request that triggered an Error
+        logger.debug(error.message);
+      }
+      logger.debug(error.config);
+      // Ingore response errors
+      return Promise.reject(error);
+    });
+
+    return client;
+  } catch (err) {
+    return Promise.reject(`Bus api calling - Error in genearting m2m token : ${err.message}`);
+  }
+}
+
+/**
+ * Creates a new topic in message api
+ *
+ * @param {Object} topic the topic, should be a JSON object
+ * @param {Object} logger object
+ * @return {Promise} new topic promise
+ */
+function createTopic(topic, logger) {
+  logger.debug(`createTopic for topic: ${JSON.stringify(topic)}`);
+  return getClient(logger).then((msgClient) => {
+    logger.debug('calling message service');
+    return msgClient.post('/topics/create', topic)
+      .then((resp) => {
+        logger.debug('Topic created successfully');
+        logger.debug(`Topic created successfully [status]: ${resp.status}`);
+        logger.debug(`Topic created successfully [data]: ${resp.data}`);
+      })
+      .catch((error) => {
+        logger.debug('Error creating topic');
+        logger.error(error);
+         // eslint-disable-line
+      });
+  }).catch((errMessage) => {
+    logger.debug(errMessage);
+  });
+}
+
+/**
+ * Deletes the given posts for the given topic.
+ *
+ * @param {Integer} topicId id of the topic
+ * @param {Array} postIds array of post ids to be deleted, array of integers
+ * @param {Object} logger object
+ * @return {Promise} delete posts promise
+ */
+function deletePosts(topicId, postIds, logger) {
+  logger.debug(`deletePosts for topicId: ${topicId} and postIds: ${postIds}`);
+  const promises = [];
+  if (postIds && postIds.length > 0) {
+    postIds.forEach((postId) => {
+      promises.push(getClient(logger).then((msgClient) => {
+        logger.debug(`calling message service for deleting post#${postId}`);
+        return msgClient.delete(`/topics/${topicId}/posts/${postId}/remove`);
+      }));
+    });
+  }
+  if (promises.length > 0) {
+    return Promise.all(promises).then(() => logger.debug(`All posts deleted for topic ${topicId}`));
+  }
+  return Promise.resolve();
+}
+
+/**
+ * Fetches the topic of given phase of the project.
+ *
+ * @param {Integer} projectId id of the project
+ * @param {Integer} phaseId id of the phase of the project
+ * @param {Object} logger object
+ * @return {Promise} topic promise
+ */
+function getPhaseTopic(projectId, phaseId, logger) {
+  logger.debug(`getPhaseTopic for phaseId: ${phaseId}`);
+  return getClient(logger).then((msgClient) => {
+    logger.debug(`calling message service for fetching phaseId#${phaseId}`);
+    return msgClient.get('/topics/list', {
+      params: { filter: `reference=project&referenceId=${projectId}&tag=phase#${phaseId}` },
+    }).then((resp) => {
+      const topics = _.get(resp.data, 'result.content', []);
+      if (topics && topics.length > 0) {
+        return topics[0];
+      }
+      return null;
+    });
+  });
+}
+
+/**
+ * Deletes the given topic.
+ *
+ * @param {Integer} topicId id of the topic
+ * @param {Object} logger object
+ * @return {Promise} delete topic promise
+ */
+function deleteTopic(topicId, logger) {
+  logger.debug(`deleteTopic for topicId: ${topicId}`);
+  return getClient(logger).then((msgClient) => {
+    logger.debug(`calling message service for deleting topic#${topicId}`);
+    return msgClient.delete(`/topics/${topicId}/remove`);
+  });
+}
+
+module.exports = {
+  createTopic,
+  deletePosts,
+  getPhaseTopic,
+  deleteTopic,
+};

From 4203102174bca522090cfa9c43571b67ecb3f2a2 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Mon, 4 Jun 2018 23:11:55 +0700
Subject: [PATCH 18/59] #86 #87 - wrap a single method which creates phases and
 products

---
 src/routes/projects/create.js | 117 +++++++++++++++++++---------------
 1 file changed, 65 insertions(+), 52 deletions(-)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index b27fb4c4..6d7e67c3 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -58,6 +58,66 @@ const createProjectValdiations = {
   },
 };
 
+/**
+ * Create project phases and products. This needs to be done before creating direct project.
+ * @param {Object} req the request
+ * @param {Object} project the project
+ * @param {Object} projectTemplate the project template
+ * @returns {Promise} the promise that resolves to the created phases
+ */
+function createPhases(req, project, projectTemplate) {
+  const newPhases = [];
+
+  if (!projectTemplate) {
+    return Promise.resolve(newPhases);
+  }
+
+  const phases = _.values(projectTemplate.phases);
+  return Promise.all(_.map(phases, phase =>
+    // Create phase
+    models.ProjectPhase.create(
+      _.assign(
+        _.omit(phase, 'products'),
+        {
+          projectId: project.id,
+          updatedBy: req.authUser.userId,
+          createdBy: req.authUser.userId,
+        },
+      ),
+    )
+      .then((newPhase) => {
+        // Make sure number of products of per phase <= max value
+        const productCount = _.isArray(phase.products) ? phase.products.length : 0;
+        if (productCount > config.maxPhaseProductCount) {
+          const err = new Error('the number of products per phase cannot exceed ' +
+            `${config.maxPhaseProductCount}`);
+          err.status = 422;
+          throw err;
+        }
+
+        // Create products
+        return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
+          // productKey is just used for the JSON to be more human readable
+          // id need to map to templateId
+          _.assign(_.omit(product, ['id', 'productKey']), {
+            phaseId: newPhase.id,
+            projectId: project.id,
+            templateId: product.id,
+            updatedBy: req.authUser.userId,
+            createdBy: req.authUser.userId,
+          })), { returning: true })
+          .then((products) => {
+            // Add phases and products to the project JSON, so they can be stored to ES later
+            const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
+            newPhaseJson.products = _.map(products, product =>
+              _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
+            newPhases.push(newPhaseJson);
+            return Promise.resolve();
+          });
+      })))
+    .then(() => Promise.resolve(newPhases));
+}
+
 module.exports = [
   // handles request validations
   validate(createProjectValdiations),
@@ -101,7 +161,7 @@ module.exports = [
     models.sequelize.transaction(() => {
       let newProject = null;
       let projectTemplate;
-      const newPhases = [];
+      let newPhases;
       // Validate the project type
       return models.ProjectType.findOne({ where: { key: project.type } })
         .then((projectType) => {
@@ -143,58 +203,11 @@ module.exports = [
             }))
         .then((_newProject) => {
           newProject = _newProject;
-
-          // Create phases and products
-          // This needs to be done before creating direct project
-          if (!projectTemplate) {
-            return Promise.resolve();
-          }
-
-          const phases = _.values(projectTemplate.phases);
-          return Promise.all(_.map(phases, phase =>
-            // Create phase
-            models.ProjectPhase.create(
-              _.assign(
-                _.omit(phase, 'products'),
-                {
-                  projectId: newProject.id,
-                  updatedBy: req.authUser.userId,
-                  createdBy: req.authUser.userId,
-                },
-              ),
-            )
-              .then((newPhase) => {
-                // Make sure number of products of per phase <= max value
-                const productCount = _.isArray(phase.products) ? phase.products.length : 0;
-                if (productCount > config.maxPhaseProductCount) {
-                  const err = new Error('the number of products per phase cannot exceed ' +
-                    `${config.maxPhaseProductCount}`);
-                  err.status = 422;
-                  throw err;
-                }
-
-                // Create products
-                return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
-                  // productKey is just used for the JSON to be more human readable
-                  // id need to map to templateId
-                  _.assign(_.omit(product, ['id', 'productKey']), {
-                    phaseId: newPhase.id,
-                    projectId: newProject.id,
-                    templateId: product.id,
-                    updatedBy: req.authUser.userId,
-                    createdBy: req.authUser.userId,
-                  })), { returning: true })
-                  .then((products) => {
-                    // Add phases and products to the project JSON, so they can be stored to ES later
-                    const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
-                    newPhaseJson.products = _.map(products, product =>
-                      _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
-                    newPhases.push(newPhaseJson);
-                    return Promise.resolve();
-                  });
-              })));
+          return createPhases(req, newProject, projectTemplate);
         })
-        .then(() => {
+        .then((phases) => {
+          newPhases = phases;
+
           req.log.debug('new project created (id# %d, name: %s)',
             newProject.id, newProject.name);
           // create direct project with name and description

From 2fc571c1c7c856062e7d7be45ab8eda79da56d5f Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Wed, 6 Jun 2018 09:03:30 +0700
Subject: [PATCH 19/59] Wrap creating project, phases, and products in a single
 method

---
 src/routes/projects/create.js | 134 +++++++++++++++++-----------------
 1 file changed, 69 insertions(+), 65 deletions(-)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 6d7e67c3..96e830ec 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -59,63 +59,77 @@ const createProjectValdiations = {
 };
 
 /**
- * Create project phases and products. This needs to be done before creating direct project.
+ * Create the project, project phases and products. This needs to be done before creating direct project.
  * @param {Object} req the request
  * @param {Object} project the project
  * @param {Object} projectTemplate the project template
- * @returns {Promise} the promise that resolves to the created phases
+ * @returns {Promise} the promise that resolves to the created project and phases
  */
-function createPhases(req, project, projectTemplate) {
-  const newPhases = [];
+function createProjectAndPhases(req, project, projectTemplate) {
+  const result = {
+    newProject: null,
+    newPhases: [],
+  };
 
-  if (!projectTemplate) {
-    return Promise.resolve(newPhases);
-  }
+  // Create project
+  return models.Project.create(project, {
+    include: [{
+      model: models.ProjectMember,
+      as: 'members',
+    }],
+  })
+    .then((newProject) => {
+      result.newProject = newProject;
 
-  const phases = _.values(projectTemplate.phases);
-  return Promise.all(_.map(phases, phase =>
-    // Create phase
-    models.ProjectPhase.create(
-      _.assign(
-        _.omit(phase, 'products'),
-        {
-          projectId: project.id,
-          updatedBy: req.authUser.userId,
-          createdBy: req.authUser.userId,
-        },
-      ),
-    )
-      .then((newPhase) => {
-        // Make sure number of products of per phase <= max value
-        const productCount = _.isArray(phase.products) ? phase.products.length : 0;
-        if (productCount > config.maxPhaseProductCount) {
-          const err = new Error('the number of products per phase cannot exceed ' +
-            `${config.maxPhaseProductCount}`);
-          err.status = 422;
-          throw err;
-        }
+      if (!projectTemplate) {
+        return Promise.resolve(result);
+      }
 
-        // Create products
-        return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
-          // productKey is just used for the JSON to be more human readable
-          // id need to map to templateId
-          _.assign(_.omit(product, ['id', 'productKey']), {
-            phaseId: newPhase.id,
-            projectId: project.id,
-            templateId: product.id,
-            updatedBy: req.authUser.userId,
-            createdBy: req.authUser.userId,
-          })), { returning: true })
-          .then((products) => {
-            // Add phases and products to the project JSON, so they can be stored to ES later
-            const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
-            newPhaseJson.products = _.map(products, product =>
-              _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
-            newPhases.push(newPhaseJson);
-            return Promise.resolve();
-          });
-      })))
-    .then(() => Promise.resolve(newPhases));
+      const phases = _.values(projectTemplate.phases);
+      return Promise.all(_.map(phases, phase =>
+        // Create phase
+        models.ProjectPhase.create(
+          _.assign(
+            _.omit(phase, 'products'),
+            {
+              projectId: project.id,
+              updatedBy: req.authUser.userId,
+              createdBy: req.authUser.userId,
+            },
+          ),
+        )
+          .then((newPhase) => {
+            // Make sure number of products of per phase <= max value
+            const productCount = _.isArray(phase.products) ? phase.products.length : 0;
+            if (productCount > config.maxPhaseProductCount) {
+              const err = new Error('the number of products per phase cannot exceed ' +
+                `${config.maxPhaseProductCount}`);
+              err.status = 422;
+              throw err;
+            }
+
+            // Create products
+            return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
+              // productKey is just used for the JSON to be more human readable
+              // id need to map to templateId
+              _.assign(_.omit(product, ['id', 'productKey']), {
+                phaseId: newPhase.id,
+                projectId: project.id,
+                templateId: product.id,
+                updatedBy: req.authUser.userId,
+                createdBy: req.authUser.userId,
+              })), { returning: true })
+              .then((products) => {
+                // Add phases and products to the project JSON, so they can be stored to ES later
+                const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
+                newPhaseJson.products = _.map(products, product =>
+                  _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
+                result.newPhases.push(newPhaseJson);
+                return Promise.resolve();
+              });
+          })));
+    })
+    .then(() => Promise.resolve(result));
 }
 
 module.exports = [
@@ -192,21 +206,11 @@ module.exports = [
           }
           return Promise.resolve();
         })
-        .then(() =>
-          // Create project
-          models.Project
-            .create(project, {
-              include: [{
-                model: models.ProjectMember,
-                as: 'members',
-              }],
-            }))
-        .then((_newProject) => {
-          newProject = _newProject;
-          return createPhases(req, newProject, projectTemplate);
-        })
-        .then((phases) => {
-          newPhases = phases;
+        // Create project and phases
+        .then(() => createProjectAndPhases(req, project, projectTemplate))
+        .then((createdProjectAndPhases) => {
+          newProject = createdProjectAndPhases.newProject;
+          newPhases = createdProjectAndPhases.newPhases;
 
           req.log.debug('new project created (id# %d, name: %s)',
             newProject.id, newProject.name);

From b78f9c36640e6a2bfcb3eb2e98a62628035db889 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho da Silva <pvmagacho@gmail.com>
Date: Thu, 31 May 2018 13:19:59 -0300
Subject: [PATCH 20/59] Project migration challenge

---
 .babelrc                                  |  10 +-
 migrations/project_add_version_column.sql |   4 +
 package.json                              |  12 +-
 postman.json                              | 100 ++++++-
 src/models/project.js                     |   1 +
 src/routes/index.js                       |   3 +
 src/routes/projectUpgrade/create.js       | 241 +++++++++++++++
 src/routes/projectUpgrade/create.spec.js  | 342 ++++++++++++++++++++++
 src/routes/projects/create.spec.js        |  98 +------
 src/tests/seed.js                         | 180 ++++++++++++
 src/util.js                               |  11 +
 swagger.yaml                              |  82 +++++-
 12 files changed, 978 insertions(+), 106 deletions(-)
 create mode 100644 migrations/project_add_version_column.sql
 create mode 100644 src/routes/projectUpgrade/create.js
 create mode 100644 src/routes/projectUpgrade/create.spec.js

diff --git a/.babelrc b/.babelrc
index 47ef3de1..aec1179c 100644
--- a/.babelrc
+++ b/.babelrc
@@ -1,9 +1,9 @@
 {
-  "presets": ["es2015"],
-  "plugins": [
-    ["transform-runtime", {
-      "polyfill": false,
-      "regenerator": true
+  "presets": [
+    ["env", {
+      "targets": {
+        "node": "current"
+      }
     }]
   ]
 }
diff --git a/migrations/project_add_version_column.sql b/migrations/project_add_version_column.sql
new file mode 100644
index 00000000..055d8598
--- /dev/null
+++ b/migrations/project_add_version_column.sql
@@ -0,0 +1,4 @@
+-- make sure to update existing projects to have this field set to "v2"
+ALTER TABLE projects ADD COLUMN "version" varchar(3) NOT NULL DEFAULT 'v2';
+-- make sure new projects from now on have "v3" as default value
+ALTER TABLE projects ALTER COLUMN "version" SET DEFAULT 'v3'
diff --git a/package.json b/package.json
index 39665962..f17e60fe 100644
--- a/package.json
+++ b/package.json
@@ -9,16 +9,16 @@
   "scripts": {
     "lint": "./node_modules/.bin/eslint .",
     "lint:fix": "./node_modules/.bin/eslint . --fix || true",
-    "build": "babel src -d dist --presets es2015",
+    "build": "babel src -d dist",
     "sync:db": "./node_modules/.bin/babel-node migrations/sync.js",
     "sync:es": "./node_modules/.bin/babel-node migrations/elasticsearch_sync.js",
     "migrate:es": "./node_modules/.bin/babel-node migrations/seedElasticsearchIndex.js",
     "prestart": "npm run -s build",
     "start": "node dist",
-    "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
+    "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src\" | ./node_modules/.bin/bunyan",
     "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
-    "seed": "babel-node src/tests/seed.js --presets es2015"
+    "seed": "babel-node src/tests/seed.js"
   },
   "repository": {
     "type": "git",
@@ -53,7 +53,7 @@
     "lodash": "^4.16.4",
     "method-override": "^2.3.9",
     "pg": "^4.5.5",
-    "pg-native": "^1.10.0",
+    "pg-native": "^1.10.1",
     "sequelize": "^3.23.0",
     "tc-core-library-js": "appirio-tech/tc-core-library-js.git#v2.3",
     "traverse": "^0.6.6",
@@ -63,9 +63,7 @@
     "babel-cli": "^6.9.0",
     "babel-core": "^6.11.4",
     "babel-eslint": "^7.1.1",
-    "babel-plugin-add-module-exports": "^0.2.1",
-    "babel-plugin-transform-runtime": "^6.23.0",
-    "babel-preset-es2015": "^6.9.0",
+    "babel-preset-env": "^1.7.0",
     "bunyan": "^1.8.1",
     "chai": "^3.5.0",
     "eslint": "^3.16.1",
diff --git a/postman.json b/postman.json
index 1d64ee62..d9cb23a4 100644
--- a/postman.json
+++ b/postman.json
@@ -2905,6 +2905,104 @@
 					"response": []
 				}
 			]
+		},
+		{
+			"name": "Project upgrade",
+			"description": "Request to migrate projects.",
+			"item": [
+				{
+					"name": "Migrate project",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
+						},
+						"url": "{{api-url}}/v4/projects/6/upgrade",
+						"description": ""
+					},
+					"response": []
+				},
+				{
+					"name": "Migrate project (completed)",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
+						},
+						"url": "{{api-url}}/v4/projects/7/upgrade",
+						"description": ""
+					},
+					"response": []
+				},
+				{
+					"name": "Migrate project with phase name",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
+						},
+						"url": "{{api-url}}/v4/projects/6/upgrade",
+						"description": ""
+					},
+					"response": []
+				},
+				{
+					"name": "Migrate project with phase name (completed)",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							},
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
+						},
+						"url": "{{api-url}}/v4/projects/7/upgrade",
+						"description": ""
+					},
+					"response": []
+				}
+			]
 		}
 	]
-}
\ No newline at end of file
+}
diff --git a/src/models/project.js b/src/models/project.js
index 319d0048..8866ffc9 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -41,6 +41,7 @@ module.exports = function defineProject(sequelize, DataTypes) {
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     createdBy: { type: DataTypes.INTEGER, allowNull: false },
     updatedBy: { type: DataTypes.INTEGER, allowNull: false },
+    version: { type: DataTypes.STRING(3), allowNull: false, defaultValue: 'v3' },
   }, {
     tableName: 'projects',
     timestamps: true,
diff --git a/src/routes/index.js b/src/routes/index.js
index b427b0c2..289f47c6 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -67,6 +67,9 @@ router.route('/v4/projects/:projectId(\\d+)/attachments/:id(\\d+)')
   .patch(require('./attachments/update'))
   .delete(require('./attachments/delete'));
 
+router.route('/v4/projects/:projectId(\\d+)/upgrade')
+  .post(require('./projectUpgrade/create'));
+
 router.route('/v4/projectTemplates')
   .post(require('./projectTemplates/create'))
   .get(require('./projectTemplates/list'));
diff --git a/src/routes/projectUpgrade/create.js b/src/routes/projectUpgrade/create.js
new file mode 100644
index 00000000..df16475b
--- /dev/null
+++ b/src/routes/projectUpgrade/create.js
@@ -0,0 +1,241 @@
+/* eslint-disable no-await-in-loop */
+
+/**
+ * API to upgrade projects
+ */
+import _ from 'lodash';
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+import util from '../../util';
+import {
+  PROJECT_STATUS,
+  EVENT,
+} from '../../constants';
+
+const permissions = tcMiddleware.permissions;
+
+/**
+ * Given a completed project id, find the latest completed status' creation date.
+ *
+ * @param {number} projectId the project id
+ * @param {Transaction} [transaction] the transaction
+ * @returns {Promise<date>} the latest completed status' creation date, or undefined if not found
+ */
+async function findCompletedProjectEndDate(projectId, transaction) {
+  const projectHistoryRecord = await models.ProjectHistory.find({
+    where: { projectId, status: PROJECT_STATUS.COMPLETED },
+    order: [['createdAt', 'DESC']],
+    attributes: ['createdAt'],
+    raw: true,
+    transaction,
+  });
+  return projectHistoryRecord && projectHistoryRecord.createdAt;
+}
+
+/**
+ * Applies a given template to the destination object by taking data from the source object.
+ * @param {object} template the template object
+ * @param {object} source the source object
+ * @param {object} destination the destination object
+ * @returns {void}
+ */
+function applyTemplate(template, source, destination) {
+  if (!template || typeof template !== 'object') { return; }
+  Object.keys(template).forEach((key) => {
+    const templateValue = template[key];
+    if (typeof templateValue === 'object') {
+      // eslint-disable-next-line no-param-reassign
+      destination[key] = {};
+      applyTemplate(templateValue, source[key], destination[key]);
+    } else if (source && typeof source === 'object') {
+      // eslint-disable-next-line no-param-reassign
+      destination[key] = source[key];
+    }
+  });
+}
+
+/**
+ * Migrates a given project record from v2 to v3.
+ *
+ * @param {express.Request} req the request
+ * @param {object} project the project record
+ * @param {number} defaultProductTemplateId the default product template id
+ * @param {string|undefined} phaseName the phase name (optional)
+ * @returns {Promise<void>} promise
+ */
+async function migrateFromV2ToV3(req, project, defaultProductTemplateId, phaseName) {
+  if (!project.details || !project.details.products || !project.details.products.length) {
+    throw util.buildApiError(`could not locate product id for project ${project.id}`, 500);
+  }
+  /** @type {{ phase: {}, products: {}[] }[]} */
+  const newPhasesAndProducts = [];
+  const previousValue = _.clone(project.get({ plain: true }));
+  await models.sequelize.transaction(async (transaction) => {
+    const products = project.details.products;
+    const projectTemplate = await models.ProjectTemplate.find({
+      where: { key: project.type },
+      attributes: ['phases'],
+      raw: true,
+      transaction,
+    });
+    const phaseKeys = projectTemplate && projectTemplate.phases && Object.keys(projectTemplate.phases);
+    // eslint-disable-next-line no-restricted-syntax
+    for (const phaseKey of (phaseKeys || [])) {
+      const phaseObject = projectTemplate.phases[phaseKey];
+      const projectCompleted = project.status === PROJECT_STATUS.COMPLETED;
+      const endDate = projectCompleted
+        ? (await findCompletedProjectEndDate(project.id, transaction)) || project.updatedAt
+        : null;
+      const projectPhase = await models.ProjectPhase.create({
+        projectId: project.id,
+        // TODO: there should be a clear requirement about how to set the phase's name without relying on its
+        // products, as they are multiple, and this needs a single value
+        // setting the name that was on the original phase's object, as is the most promising/obvious way of doing
+        // this
+        name: phaseName || phaseObject.name || '',
+        status: project.status,
+        startDate: project.createdAt,
+        endDate,
+        budget: project.details && project.details.appDefinition && project.details.appDefinition.budget,
+        progress: projectCompleted ? 100 : 0,
+        details: null,
+        createdBy: req.authUser.userId,
+        updatedBy: req.authUser.userId,
+      }, { transaction });
+      const phaseAndProducts = {
+        phase: projectPhase,
+        products: [],
+      };
+      newPhasesAndProducts.push(phaseAndProducts);
+      // eslint-disable-next-line no-restricted-syntax
+      for (const phaseProduct of (phaseObject.products || [])) {
+        const useDefaultProductTemplateId = products.indexOf(phaseProduct.productKey) === -1;
+        let query;
+        if (useDefaultProductTemplateId) {
+          // default strategy is to use the passed default product template id
+          query = { id: defaultProductTemplateId };
+        } else {
+          query = { productKey: phaseProduct.productKey };
+        }
+        const productTemplate = await models.ProductTemplate.find({
+          where: query,
+          attributes: ['id', 'name', 'productKey', 'template'],
+          raw: true,
+          transaction,
+        });
+        if (!productTemplate) {
+          throw util.buildApiError(`could not locate product template for project ${project.id}`, 500);
+        }
+        let detailsObject;
+        if (productTemplate.template) {
+          detailsObject = {};
+          applyTemplate(productTemplate.template, project.details, detailsObject);
+        }
+        phaseAndProducts.products.push(
+          await models.PhaseProduct.create({
+            phaseId: projectPhase.id,
+            projectId: project.id,
+            templateId: productTemplate.id,
+            directProjectId: project.directProjectId,
+            billingAccountId: project.billingAccountId,
+            name: productTemplate.name,
+            type: productTemplate.productKey,
+            estimatedPrice: project.estimatedPrice,
+            actualPrice: project.actualPrice,
+            details: detailsObject,
+            createdBy: req.authUser.userId,
+            updatedBy: req.authUser.userId,
+          }, { transaction }));
+      }
+    }
+    await project.update({ version: 'v3' }, { transaction });
+  });
+  newPhasesAndProducts.forEach(({ phase, products }) => {
+    // Send events to buses (ProjectPhase)
+    req.log.debug('Sending event to RabbitMQ bus for project phase %d', phase.id);
+    req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED,
+      phase,
+      { correlationId: req.id },
+    );
+    req.log.debug('Sending event to Kafka bus for project phase %d', phase.id);
+    req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_ADDED, { req, created: phase });
+
+    products.forEach((newPhaseProduct) => {
+      // Send events to buses (PhaseProduct)
+      req.log.debug('Sending event to RabbitMQ bus for phase product %d', newPhaseProduct.id);
+      req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED,
+        newPhaseProduct,
+        { correlationId: req.id },
+      );
+      req.log.debug('Sending event to Kafka bus for phase product %d', newPhaseProduct.id);
+      req.app.emit(EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED, { req, created: newPhaseProduct });
+    });
+  });
+
+  // Send events to buses (Project)
+  req.log.debug('updated project', project);
+
+  // publish original and updated project data
+  req.app.services.pubsub.publish(
+    EVENT.ROUTING_KEY.PROJECT_UPDATED, {
+      original: previousValue,
+      updated: project,
+    }, {
+      correlationId: req.id,
+    },
+  );
+  req.app.emit(EVENT.ROUTING_KEY.PROJECT_UPDATED, {
+    req,
+    original: previousValue,
+    updated: project,
+  });
+}
+
+const allowedMigrations = {
+  v3: {
+    v2: migrateFromV2ToV3,
+  },
+};
+
+const schema = {
+  body: {
+    param: Joi.object().keys({
+      targetVersion: Joi.string().valid(Object.keys(allowedMigrations)).required(),
+      defaultProductTemplateId: Joi.number().integer().positive().required(),
+      phaseName: Joi.string(),
+    }).required(),
+  },
+  options: {
+    status: 400,
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('project.admin'),
+  async (req, res, next) => {
+    try {
+      const projectId = Number(req.params.projectId);
+      const targetVersion = req.body.param.targetVersion;
+      const targetVersionMigrationData = allowedMigrations[targetVersion];
+      const project = await models.Project.find({ where: { id: projectId } });
+      if (!project) {
+        // returning 404
+        throw util.buildApiError(`project not found for id ${projectId}`, 404);
+      }
+      const handler = targetVersionMigrationData[project.version];
+      if (!handler) {
+        // returning 400
+        throw util.buildApiError(`current project version ${project.version} is not supported to be upgraded to ${
+          targetVersion}`, 400);
+      }
+      // we have a valid project to be migrated
+      await handler(req, project, req.body.param.defaultProductTemplateId, req.body.param.phaseName);
+      res.status(200).json(util.wrapResponse(req.id, { message: 'Project successfully migrated' }));
+    } catch (err) {
+      next(err);
+    }
+  },
+];
diff --git a/src/routes/projectUpgrade/create.spec.js b/src/routes/projectUpgrade/create.spec.js
new file mode 100644
index 00000000..e01778f5
--- /dev/null
+++ b/src/routes/projectUpgrade/create.spec.js
@@ -0,0 +1,342 @@
+/* eslint-disable no-unused-expressions, no-await-in-loop, no-restricted-syntax */
+
+import { expect } from 'chai';
+import sinon from 'sinon';
+import request from 'supertest';
+import server from '../../app';
+import { PROJECT_STATUS } from '../../constants';
+import models from '../../models';
+import testUtil from '../../tests/util';
+import RabbitMQService from '../../services/rabbitmq';
+
+describe('Project upgrade', () => {
+  describe('POST /projects/:id/upgrade', () => {
+    // v2 by default
+    let project;
+    let projectTemplate;
+    let defaultProductTemplate;
+    let matchingProductTemplate;
+    let validBody;
+
+    beforeEach(async () => {
+      // mocks
+      await testUtil.clearDb();
+      const productId = 'application_development';
+      project = await models.Project.create({
+        type: 'generic',
+        billingAccountId: 1,
+        name: 'test1',
+        description: 'test project1',
+        status: 'draft',
+        details: {
+          name: 'a specific name',
+          products: [productId],
+          appDefinition: { budget: 10000 },
+          sampleKey1: {
+            sampleSubKey1: 'a specific value',
+          },
+          sampleKey2: {
+            sampleSubKey2: 'a specific value',
+          },
+        },
+        createdBy: 1,
+        updatedBy: 1,
+        version: 'v2',
+        directProjectId: 123,
+        estimatedPrice: 15000,
+        actualPrice: 18000,
+      });
+      projectTemplate = await models.ProjectTemplate.create({
+        name: 'template 1',
+        key: project.type,
+        category: 'category 1',
+        scope: {
+          scope1: {
+            subScope1A: 1,
+            subScope1B: 2,
+          },
+          scope2: [1, 2, 3],
+        },
+        phases: {
+          // for all tests, use a project template that maps to a product template by productKey
+          phase1: {
+            name: 'phase 1',
+            products: [{
+              productKey: productId,
+            }],
+            details: {
+              anyDetails: 'any details 1',
+            },
+            others: ['others 11', 'others 12'],
+          },
+          phase2: {
+            name: 'phase 2',
+            products: [{
+              productKey: productId,
+            }],
+            details: {
+              anyDetails: 'any details 2',
+            },
+            others: ['others 21', 'others 22'],
+          },
+        },
+        createdBy: 1,
+        updatedBy: 1,
+      });
+      [defaultProductTemplate, matchingProductTemplate] = await Promise.all([
+        {},
+        { productKey: productId },
+      ].map(specific => models.ProductTemplate.create(Object.assign({
+        name: 'name 1',
+        productKey: 'a product key',
+        icon: 'http://example.com/icon1.ico',
+        brief: 'brief 1',
+        details: 'details 1',
+        aliases: {
+          alias1: {
+            subAlias1A: 1,
+            subAlias1B: 2,
+          },
+          alias2: [1, 2, 3],
+        },
+        template: {
+          name: 'a template name',
+          sampleKey1: {
+            sampleSubKey1: 'a value',
+          },
+          sampleKey2: {
+            sampleSubKey2: 'a value',
+          },
+        },
+        createdBy: 1,
+        updatedBy: 2,
+      }, specific))));
+      validBody = {
+        param: {
+          targetVersion: 'v3',
+          defaultProductTemplateId: defaultProductTemplate.id,
+        },
+      };
+      sinon.stub(RabbitMQService.prototype, 'init', () => {});
+      sinon.stub(RabbitMQService.prototype, 'publish', () => {});
+    });
+
+    afterEach(async () => {
+      RabbitMQService.prototype.init.restore();
+      RabbitMQService.prototype.publish.restore();
+      await testUtil.clearDb();
+    });
+
+    it('should return 403 if user is not authenticated', async () => {
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .send(validBody)
+        .expect(403);
+    });
+
+    it('should return 403 for non admin', async () => {
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(validBody)
+        .expect(403);
+    });
+
+    it('should return 500 when a project doesn\'t have a valid product id', async () => {
+      // since the product id is extracted from 'details.products', clearing that should trigger this error
+      await project.update({ details: {} });
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(500);
+    });
+
+    it('should return 500 when a product template couldn\'t be found by productKey', async () => {
+      // by changing this we cause no matching product template to be found
+      await matchingProductTemplate.update({ productKey: 'non matching product key' });
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(500);
+    });
+
+    it('should return 500 when a product template couldn\'t be found by defaultProductTemplateId', async () => {
+      // by changing this the default product template id will be used
+      await projectTemplate.update({ phases: { nonMatchingPhase1: { products: ['non existing product'] } } });
+      // and we simulate a non existing one
+      validBody.param.defaultProductTemplateId += 1000;
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(500);
+    });
+
+    it('should return 400 if the project was already migrated', async () => {
+      // simulate an already migrated project
+      await project.update({ version: 'v3' });
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(400);
+    });
+
+    it('should return 400 if there\'s no migration handler for the sent target version', async () => {
+      validBody.param.targetVersion = 'v4';
+      await request(server)
+        .post(`/v4/projects/${project.id}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(400);
+    });
+
+    it('should return 404 if the project does not exist', async () => {
+      // simulate an already migrated project
+      await project.update({ version: 'v3' });
+      await request(server)
+        .post(`/v4/projects/${project.id + 1}/upgrade`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(validBody)
+        .expect(404);
+    });
+
+    [true, false].forEach((useDefault) => {
+      describe(useDefault ? 'when using the default product template id' :
+        'when using the matching product template by productKey', () => {
+        let productTemplate;
+
+        beforeEach(async () => {
+          productTemplate = matchingProductTemplate;
+          if (useDefault) {
+            // by changing this the default product template id will be used
+            await projectTemplate.update({
+              phases: {
+                nonMatchingPhase1: { name: 'phase 1', products: ['non_existing'] },
+                nonMatchingPhase2: { name: 'phase 2', products: ['non_existing'] },
+              },
+            });
+            productTemplate = defaultProductTemplate;
+          }
+        });
+
+        const commonTest = async (testCompleted, completedOnDate, additionalPhaseName) => {
+          const migratedProject = await models.Project.find({ id: project.id });
+          expect(migratedProject.version).to.equal('v3');
+          const newProjectPhases = await models.ProjectPhase.findAll({ projectId: project.id });
+          for (const newProjectPhase of newProjectPhases) {
+            expect(newProjectPhase).to.exist;
+            expect(newProjectPhase.name).to.be.oneOf(['phase 1', 'phase 2'].concat(additionalPhaseName || []));
+            expect(newProjectPhase.status).to.equal(project.status);
+            expect(newProjectPhase.startDate).to.deep.equal(project.createdAt);
+            expect(newProjectPhase.budget).to.equal(project.details.appDefinition.budget);
+            expect(newProjectPhase.details).to.equal(null);
+            if (testCompleted) {
+              expect(newProjectPhase.status).to.equal(PROJECT_STATUS.COMPLETED);
+              expect(newProjectPhase.progress).to.equal(100);
+              expect(newProjectPhase.endDate).to.deep.equal(completedOnDate);
+            } else {
+              expect(newProjectPhase.progress).to.equal(0);
+              expect(newProjectPhase.endDate).to.equal(null);
+            }
+            const newPhaseProducts = await models.PhaseProduct.findAll({ phaseId: newProjectPhase.id });
+            for (const newPhaseProduct of newPhaseProducts) {
+              expect(newPhaseProduct).to.exist;
+              expect(newPhaseProduct.projectId).to.equal(project.id);
+              expect(newPhaseProduct.templateId).to.equal(productTemplate.id);
+              expect(newPhaseProduct.directProjectId).to.equal(project.directProjectId);
+              expect(newPhaseProduct.billingAccountId).to.equal(project.billingAccountId);
+              expect(newPhaseProduct.name).to.equal(productTemplate.name);
+              expect(newPhaseProduct.type).to.equal(productTemplate.productKey);
+              expect(newPhaseProduct.estimatedPrice).to.equal(parseInt(project.estimatedPrice, 10));
+              expect(newPhaseProduct.actualPrice).to.equal(parseInt(project.actualPrice, 10));
+              expect(newPhaseProduct.details).to.deep.equal({
+                name: 'a specific name',
+                sampleKey1: {
+                  sampleSubKey1: 'a specific value',
+                },
+                sampleKey2: {
+                  sampleSubKey2: 'a specific value',
+                },
+              });
+            }
+          }
+
+          server.services.pubsub.publish.calledWith('project.phase.added').should.be.true;
+          server.services.pubsub.publish.calledWith('project.phase.product.added').should.be.true;
+          server.services.pubsub.publish.calledWith('project.updated').should.be.true;
+        };
+
+        it('should migrate a non completed project to the expected state', async () => {
+          await request(server)
+            .post(`/v4/projects/${project.id}/upgrade`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(validBody)
+            .expect(200);
+          await commonTest();
+        });
+
+        it('should migrate a completed project to the expected state', async () => {
+          await project.update({ status: PROJECT_STATUS.COMPLETED });
+          const millisInADay = 1000 * 60 * 60 * 24;
+          const dbNow = Math.floor(Date.now() / 1000) * 1000;
+
+          // simulate multiple completed statuses so we can test the set endDate is the latest
+          await models.ProjectHistory.create({
+            projectId: project.id,
+            status: PROJECT_STATUS.COMPLETED,
+            updatedBy: 1,
+            // 10 days ago
+            createdAt: new Date(dbNow - (millisInADay * 10)),
+          });
+          const yesterday = new Date(dbNow - millisInADay);
+          await models.ProjectHistory.create({
+            projectId: project.id,
+            status: PROJECT_STATUS.COMPLETED,
+            updatedBy: 1,
+            // yesterday
+            createdAt: yesterday,
+          });
+          await request(server)
+            .post(`/v4/projects/${project.id}/upgrade`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(validBody)
+            .expect(200);
+          await commonTest(true, yesterday);
+        });
+
+        it('should migrate a project and assign the phase name passed in the parameters', async () => {
+          validBody.param.phaseName = 'A custom phase name';
+          await request(server)
+            .post(`/v4/projects/${project.id}/upgrade`)
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send(validBody)
+            .expect(200);
+          await commonTest(false, null, 'A custom phase name');
+        });
+      });
+    });
+  });
+});
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index c8f594dc..87bc973a 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -12,103 +12,16 @@ import models from '../../models';
 
 const should = chai.should();
 
-sinon.stub(RabbitMQService.prototype, 'init', () => { });
-sinon.stub(RabbitMQService.prototype, 'publish', () => { });
-
 describe('Project create', () => {
   before((done) => {
-    testUtil.clearDb()
-      .then(() => models.ProjectType.bulkCreate([
-        {
-          key: 'generic',
-          displayName: 'Generic',
-          createdBy: 1,
-          updatedBy: 1,
-        },
-      ]))
-      .then(() => models.ProjectTemplate.bulkCreate([
-        {
-          id: 1,
-          name: 'template 1',
-          key: 'key 1',
-          category: 'category 1',
-          icon: 'http://example.com/icon1.ico',
-          question: 'question 1',
-          info: 'info 1',
-          aliases: [],
-          scope: {},
-          phases: {
-            phase1: {
-              name: 'phase 1',
-              products: [
-                {
-                  id: 21,
-                  name: 'product 1',
-                  productKey: 'visual_design_prod1',
-                },
-                {
-                  id: 22,
-                  name: 'product 2',
-                  productKey: 'visual_design_prod2',
-                },
-              ],
-            },
-          },
-          createdBy: 1,
-          updatedBy: 1,
-        },
-        {
-          id: 3,
-          name: 'template 3',
-          key: 'key 3',
-          category: 'category 3',
-          icon: 'http://example.com/icon3.ico',
-          question: 'question 3',
-          info: 'info 3',
-          aliases: [],
-          scope: {},
-          phases: {
-            1: {
-              name: 'Design Stage',
-              status: 'open',
-              details: {
-                description: 'detailed description',
-              },
-              products: [
-                {
-                  id: 21,
-                  name: 'product 1',
-                  productKey: 'visual_design_prod',
-                },
-              ],
-            },
-            2: {
-              name: 'Development Stage',
-              status: 'open',
-              products: [
-                {
-                  id: 23,
-                  name: 'product 2',
-                  details: {
-                    subDetails: 'subDetails 2',
-                  },
-                  productKey: 'website_development',
-                },
-              ],
-            },
-            3: {
-              name: 'QA Stage',
-              status: 'open',
-            },
-          },
-          createdBy: 1,
-          updatedBy: 2,
-        },
-      ]))
-      .then(() => done());
+    sinon.stub(RabbitMQService.prototype, 'init', () => {});
+    sinon.stub(RabbitMQService.prototype, 'publish', () => {});
+    testUtil.clearDb(done);
   });
 
   after((done) => {
+    RabbitMQService.prototype.init.restore();
+    RabbitMQService.prototype.publish.restore();
     testUtil.clearDb(done);
   });
 
@@ -270,6 +183,7 @@ describe('Project create', () => {
             resJson.directProjectId.should.be.eql(128);
             resJson.status.should.be.eql('draft');
             resJson.type.should.be.eql(body.param.type);
+            resJson.version.should.be.eql('v3');
             resJson.members.should.have.lengthOf(1);
             resJson.members[0].role.should.be.eql('customer');
             resJson.members[0].userId.should.be.eql(40051331);
diff --git a/src/tests/seed.js b/src/tests/seed.js
index a745ead0..f099d656 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -49,11 +49,58 @@ models.sequelize.sync({ force: true })
       details: {},
       createdBy: 1,
       updatedBy: 1,
+    }, {
+      type: 'generic',
+      billingAccountId: 5,
+      name: 'test2',
+      description: 'Ongoing project',
+      status: 'active',
+      details: {
+        name: 'a specific name',
+        products: ['application_development', 'website_development'],
+        appDefinition: { budget: 10000 },
+        sampleKey1: {
+          sampleSubKey1: 'a specific value',
+        },
+        sampleKey2: {
+          sampleSubKey2: 'a specific value',
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+      version: 'v2',
+      directProjectId: 123,
+      estimatedPrice: 15000,
+      actualPrice: 18000,
+    }, {
+      type: 'generic',
+      billingAccountId: 5,
+      name: 'test2',
+      description: 'Completed project',
+      status: 'completed',
+      details: {
+        name: 'a specific name',
+        products: ['application_development', 'website_development'],
+        appDefinition: { budget: 10000 },
+        sampleKey1: {
+          sampleSubKey1: 'a specific value',
+        },
+        sampleKey2: {
+          sampleSubKey2: 'a specific value',
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+      version: 'v2',
+      directProjectId: 123,
+      estimatedPrice: 15000,
+      actualPrice: 18000,
     }]))
   .then(() => models.Project.findAll())
   .then((projects) => {
     const project1 = projects[0];
     const project2 = projects[1];
+    const project7 = projects[6];
     const operations = [];
     operations.push(models.ProjectMember.bulkCreate([{
       userId: 40051331,
@@ -100,6 +147,23 @@ models.sequelize.sync({ force: true })
       createdBy: 1,
       updatedBy: 1,
     }));
+    const dbNow = Math.floor(Date.now() / 1000) * 1000;
+    const millisInADay = 1000 * 60 * 60 * 24;
+    const yesterday = new Date(dbNow - millisInADay);
+    operations.push(models.ProjectHistory.bulkCreate([{
+      projectId: project7.id,
+      status: 'completed',
+      createdAt: yesterday,
+      createdBy: 1,
+      updatedBy: 1,
+    }, {
+      projectId: project7.id,
+      status: 'completed',
+      // 10 days ago
+      createdAt: new Date(dbNow - (millisInADay * 10)),
+      createdBy: 1,
+      updatedBy: 1,
+    }]));
     return Promise.all(operations);
   })
   .then(() => models.ProjectTemplate.bulkCreate([
@@ -196,6 +260,47 @@ models.sequelize.sync({ force: true })
       createdBy: 1,
       updatedBy: 2,
     },
+    {
+      name: 'template 1',
+      key: 'generic',
+      category: 'category 1',
+      scope: {
+        scope1: {
+          subScope1A: 1,
+          subScope1B: 2,
+        },
+        scope2: [1, 2, 3],
+      },
+      phases: {
+        // for all tests, use a project template that maps to a product template by productKey
+        phase1: {
+          name: 'phase 1',
+          products: [{
+            productKey: 'application_development',
+          }, {
+            productKey: 'product_key_2',
+          }],
+          details: {
+            anyDetails: 'any details 1',
+          },
+          others: ['others 11', 'others 12'],
+        },
+        phase2: {
+          name: 'phase 2',
+          products: [{
+            productKey: 'website_development',
+          }, {
+            productKey: 'product_key_4',
+          }],
+          details: {
+            anyDetails: 'any details 2',
+          },
+          others: ['others 21', 'others 22'],
+        },
+      },
+      createdBy: 1,
+      updatedBy: 1,
+    },
   ]))
   .then(() => models.ProductTemplate.bulkCreate([
     {
@@ -241,6 +346,81 @@ models.sequelize.sync({ force: true })
       createdBy: 3,
       updatedBy: 4,
     },
+    {
+      name: 'Generic work',
+      productKey: 'generic_work',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        name: 'a template name',
+        sampleKey1: {
+          sampleSubKey1: 'a value',
+        },
+        sampleKey2: {
+          sampleSubKey2: 'a value',
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'Website product',
+      productKey: 'website_development',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        name: 'a template name',
+        sampleKey1: {
+          sampleSubKey1: 'a value',
+        },
+        sampleKey2: {
+          sampleSubKey2: 'a value',
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'Application product',
+      productKey: 'application_development',
+      icon: 'http://example.com/icon1.ico',
+      brief: 'brief 1',
+      details: 'details 1',
+      aliases: {
+        alias1: {
+          subAlias1A: 1,
+          subAlias1B: 2,
+        },
+        alias2: [1, 2, 3],
+      },
+      template: {
+        name: 'a template name',
+        sampleKey1: {
+          sampleSubKey1: 'a value',
+        },
+        sampleKey2: {
+          sampleSubKey2: 'a value',
+        },
+      },
+      createdBy: 1,
+      updatedBy: 2,
+    },
   ]))
   .then(() => models.ProjectType.bulkCreate([
     {
diff --git a/src/util.js b/src/util.js
index 5a468d6e..add05eb6 100644
--- a/src/util.js
+++ b/src/util.js
@@ -28,6 +28,17 @@ const util = _.cloneDeep(require('tc-core-library-js').util(config));
 let esClient = null;
 
 _.assignIn(util, {
+  /**
+   * Build API error
+   * @param {string} message the API error message
+   * @param {number} status the API status code
+   * @returns {Error} the built API error
+   */
+  buildApiError: (message, status) => {
+    const apiErr = new Error(message);
+    apiErr.status = status || 500;
+    return apiErr;
+  },
   /**
    * Handle error
    * @param   {String}    msg               the default error message
diff --git a/swagger.yaml b/swagger.yaml
index 000f7285..39bad0d3 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -610,6 +610,44 @@ paths:
         '204':
           description: Project phase successfully removed
 
+  /projects/{projectId}/upgrade:
+    post:
+      tags:
+        - project
+      operationId: upgradeProject
+      security:
+        - Bearer: []
+      description: Migrates a project to a target version. Only users with "administrator" or "Connect admin" roles can access to this endpoint
+      parameters:
+        - $ref: "#/parameters/projectIdParam"
+        - name: body
+          in: body
+          required: true
+          description: Project upgrade body
+          schema:
+            $ref: "#/definitions/ProjectUpgradeBodyParam"
+      responses:
+        '400':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Project not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '500':
+          description: Invalid server state or unknown error
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Project migrated successfully
+          schema:
+            $ref: "#/definitions/ProjectUpgradeResponse"
+
   /projectTemplates:
     get:
       tags:
@@ -1089,6 +1127,12 @@ definitions:
       param:
         $ref: "#/definitions/Project"
 
+  ProjectUpgradeBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/ProjectUpgrade"
+
   NewProject:
     type: object
     required:
@@ -1324,6 +1368,23 @@ definitions:
           isCustom:
             type: boolean
 
+  ProjectUpgrade:
+    title: Project Upgrade object
+    type: object
+    required:
+      - targetVersion
+      - defaultProductTemplateId
+    properties:
+      targetVersion:
+        type: string
+        description: Version identifier
+      defaultProductTemplateId:
+        type: number
+        format: int64
+        description: Default product template id, used when the associated project template is not found, or there's no matching phase with the project's product id
+      phaseName:
+        type: string
+        description: This value will be used instead of the product template's name for the created ProjectPhase
 
   NewProjectMember:
     title: Project Member object
@@ -1821,6 +1882,25 @@ definitions:
             readOnly: true
       - $ref: "#/definitions/ProductTemplateRequest"
 
+  ProjectUpgradeResponse:
+    title: Project upgrade response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
 
   ProductTemplateResponse:
     title: Single product template response object
@@ -2238,4 +2318,4 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectType"
\ No newline at end of file
+              $ref: "#/definitions/ProjectType"

From 1d0a54a449b9cf30f0cb99bddebc2651bf56127a Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho da Silva <pvmagacho@gmail.com>
Date: Wed, 6 Jun 2018 02:21:44 -0300
Subject: [PATCH 21/59] Revert some changes from migration challenge

---
 .babelrc     | 10 +++++-----
 package.json | 10 ++++++----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/.babelrc b/.babelrc
index aec1179c..47ef3de1 100644
--- a/.babelrc
+++ b/.babelrc
@@ -1,9 +1,9 @@
 {
-  "presets": [
-    ["env", {
-      "targets": {
-        "node": "current"
-      }
+  "presets": ["es2015"],
+  "plugins": [
+    ["transform-runtime", {
+      "polyfill": false,
+      "regenerator": true
     }]
   ]
 }
diff --git a/package.json b/package.json
index f17e60fe..e87622ab 100644
--- a/package.json
+++ b/package.json
@@ -9,16 +9,16 @@
   "scripts": {
     "lint": "./node_modules/.bin/eslint .",
     "lint:fix": "./node_modules/.bin/eslint . --fix || true",
-    "build": "babel src -d dist",
+    "build": "babel src -d dist --presets es2015",
     "sync:db": "./node_modules/.bin/babel-node migrations/sync.js",
     "sync:es": "./node_modules/.bin/babel-node migrations/elasticsearch_sync.js",
     "migrate:es": "./node_modules/.bin/babel-node migrations/seedElasticsearchIndex.js",
     "prestart": "npm run -s build",
     "start": "node dist",
-    "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src\" | ./node_modules/.bin/bunyan",
+    "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
     "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
-    "seed": "babel-node src/tests/seed.js"
+    "seed": "babel-node src/tests/seed.js --presets es2015"
   },
   "repository": {
     "type": "git",
@@ -63,7 +63,9 @@
     "babel-cli": "^6.9.0",
     "babel-core": "^6.11.4",
     "babel-eslint": "^7.1.1",
-    "babel-preset-env": "^1.7.0",
+    "babel-plugin-add-module-exports": "^0.2.1",
+    "babel-plugin-transform-runtime": "^6.23.0",
+    "babel-preset-es2015": "^6.9.0",
     "bunyan": "^1.8.1",
     "chai": "^3.5.0",
     "eslint": "^3.16.1",

From b159a9b16a88a5ea21d67cba0248a3c35a92019b Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho da Silva <pvmagacho@gmail.com>
Date: Wed, 6 Jun 2018 02:24:19 -0300
Subject: [PATCH 22/59] Revert some changes from migration challenge -
 create.spec.js

---
 src/routes/projects/create.spec.js | 90 +++++++++++++++++++++++++++++-
 1 file changed, 89 insertions(+), 1 deletion(-)

diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index 87bc973a..802a6e7e 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -16,7 +16,95 @@ describe('Project create', () => {
   before((done) => {
     sinon.stub(RabbitMQService.prototype, 'init', () => {});
     sinon.stub(RabbitMQService.prototype, 'publish', () => {});
-    testUtil.clearDb(done);
+    testUtil.clearDb()
+      .then(() => models.ProjectType.bulkCreate([
+        {
+          key: 'generic',
+          displayName: 'Generic',
+          createdBy: 1,
+          updatedBy: 1,
+        },
+      ]))
+      .then(() => models.ProjectTemplate.bulkCreate([
+        {
+          id: 1,
+          name: 'template 1',
+          key: 'key 1',
+          category: 'category 1',
+          icon: 'http://example.com/icon1.ico',
+          question: 'question 1',
+          info: 'info 1',
+          aliases: [],
+          scope: {},
+          phases: {
+            phase1: {
+              name: 'phase 1',
+              products: [
+                {
+                  id: 21,
+                  name: 'product 1',
+                  productKey: 'visual_design_prod1',
+                },
+                {
+                  id: 22,
+                  name: 'product 2',
+                  productKey: 'visual_design_prod2',
+                },
+              ],
+            },
+          },
+          createdBy: 1,
+          updatedBy: 1,
+        },
+        {
+          id: 3,
+          name: 'template 3',
+          key: 'key 3',
+          category: 'category 3',
+          icon: 'http://example.com/icon3.ico',
+          question: 'question 3',
+          info: 'info 3',
+          aliases: [],
+          scope: {},
+          phases: {
+            1: {
+              name: 'Design Stage',
+              status: 'open',
+              details: {
+                description: 'detailed description',
+              },
+              products: [
+                {
+                  id: 21,
+                  name: 'product 1',
+                  productKey: 'visual_design_prod',
+                },
+              ],
+            },
+            2: {
+              name: 'Development Stage',
+              status: 'open',
+              products: [
+                {
+                  id: 23,
+                  name: 'product 2',
+                  details: {
+                    subDetails: 'subDetails 2',
+                  },
+                  productKey: 'website_development',
+                },
+              ],
+            },
+            3: {
+              name: 'QA Stage',
+              status: 'open',
+            },
+          },
+          createdBy: 1,
+          updatedBy: 2,
+        },
+      ]))
+      .then(() => done());
   });
 
   after((done) => {

From 21582b238ea7d6232c8fc6e87d5221b0aa87c03c Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho da Silva <pvmagacho@gmail.com>
Date: Wed, 6 Jun 2018 04:03:24 -0300
Subject: [PATCH 23/59] Fix tests issues

---
 src/models/project.js                    |  1 -
 src/routes/projectUpgrade/create.spec.js | 22 +++++++++++++++++-----
 src/tests/seed.js                        | 16 ++++++++++++++--
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/models/project.js b/src/models/project.js
index 8866ffc9..48dd8615 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -34,7 +34,6 @@ module.exports = function defineProject(sequelize, DataTypes) {
     details: { type: DataTypes.JSON },
     challengeEligibility: DataTypes.JSON,
     cancelReason: DataTypes.STRING,
-    version: DataTypes.STRING(15),
     templateId: DataTypes.BIGINT,
     deletedAt: { type: DataTypes.DATE, allowNull: true },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/projectUpgrade/create.spec.js b/src/routes/projectUpgrade/create.spec.js
index e01778f5..d8401b08 100644
--- a/src/routes/projectUpgrade/create.spec.js
+++ b/src/routes/projectUpgrade/create.spec.js
@@ -27,6 +27,10 @@ describe('Project upgrade', () => {
         billingAccountId: 1,
         name: 'test1',
         description: 'test project1',
+        icon: 'http://example.com/icon1.ico',
+        question: 'question 1',
+        info: 'info 1',
+        aliases: [],
         status: 'draft',
         details: {
           name: 'a specific name',
@@ -50,6 +54,10 @@ describe('Project upgrade', () => {
         name: 'template 1',
         key: project.type,
         category: 'category 1',
+        icon: 'http://example.com/icon1.ico',
+        question: 'question 1',
+        info: 'info 1',
+        aliases: [],
         scope: {
           scope1: {
             subScope1A: 1,
@@ -239,7 +247,9 @@ describe('Project upgrade', () => {
         const commonTest = async (testCompleted, completedOnDate, additionalPhaseName) => {
           const migratedProject = await models.Project.find({ id: project.id });
           expect(migratedProject.version).to.equal('v3');
-          const newProjectPhases = await models.ProjectPhase.findAll({ projectId: project.id });
+          const newProjectPhases = await models.ProjectPhase.findAll({
+            where: { projectId: project.id },
+          });
           for (const newProjectPhase of newProjectPhases) {
             expect(newProjectPhase).to.exist;
             expect(newProjectPhase.name).to.be.oneOf(['phase 1', 'phase 2'].concat(additionalPhaseName || []));
@@ -255,7 +265,9 @@ describe('Project upgrade', () => {
               expect(newProjectPhase.progress).to.equal(0);
               expect(newProjectPhase.endDate).to.equal(null);
             }
-            const newPhaseProducts = await models.PhaseProduct.findAll({ phaseId: newProjectPhase.id });
+            const newPhaseProducts = await models.PhaseProduct.findAll({ where:
+              { phaseId: newProjectPhase.id },
+            });
             for (const newPhaseProduct of newPhaseProducts) {
               expect(newPhaseProduct).to.exist;
               expect(newPhaseProduct.projectId).to.equal(project.id);
@@ -278,9 +290,9 @@ describe('Project upgrade', () => {
             }
           }
 
-          server.services.pubsub.publish.calledWith('project.phase.added').should.be.true;
-          server.services.pubsub.publish.calledWith('project.phase.product.added').should.be.true;
-          server.services.pubsub.publish.calledWith('project.updated').should.be.true;
+          expect(server.services.pubsub.publish.calledWith('project.phase.added')).to.be.true;
+          expect(server.services.pubsub.publish.calledWith('project.phase.product.added')).to.be.true;
+          expect(server.services.pubsub.publish.calledWith('project.updated')).to.be.true;
         };
 
         it('should migrate a non completed project to the expected state', async () => {
diff --git a/src/tests/seed.js b/src/tests/seed.js
index f099d656..350480c4 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -264,6 +264,10 @@ models.sequelize.sync({ force: true })
       name: 'template 1',
       key: 'generic',
       category: 'category 1',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
+      aliases: [],
       scope: {
         scope1: {
           subScope1A: 1,
@@ -307,6 +311,8 @@ models.sequelize.sync({ force: true })
       name: 'name 1',
       productKey: 'productKey 1',
       icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
       brief: 'brief 1',
       details: 'details 1',
       aliases: {
@@ -338,10 +344,12 @@ models.sequelize.sync({ force: true })
     {
       name: 'template 2',
       productKey: 'productKey 2',
-      icon: 'http://example.com/icon2.ico',
+      icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
       brief: 'brief 2',
       details: 'details 2',
-      aliases: {},
+      aliases: [],
       template: {},
       createdBy: 3,
       updatedBy: 4,
@@ -350,6 +358,8 @@ models.sequelize.sync({ force: true })
       name: 'Generic work',
       productKey: 'generic_work',
       icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
       brief: 'brief 1',
       details: 'details 1',
       aliases: {
@@ -375,6 +385,8 @@ models.sequelize.sync({ force: true })
       name: 'Website product',
       productKey: 'website_development',
       icon: 'http://example.com/icon1.ico',
+      question: 'question 1',
+      info: 'info 1',
       brief: 'brief 1',
       details: 'details 1',
       aliases: {

From 9c021356d4fa5c771552c99dedf29933ece295ce Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 6 Jun 2018 16:25:16 +0530
Subject: [PATCH 24/59] fixed bug which was causing null values in project id

---
 src/routes/projects/create.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 96e830ec..6f0076db 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -92,7 +92,7 @@ function createProjectAndPhases(req, project, projectTemplate) {
           _.assign(
             _.omit(phase, 'products'),
             {
-              projectId: project.id,
+              projectId: newProject.id,
               updatedBy: req.authUser.userId,
               createdBy: req.authUser.userId,
             },
@@ -114,7 +114,7 @@ function createProjectAndPhases(req, project, projectTemplate) {
               // id need to map to templateId
               _.assign(_.omit(product, ['id', 'productKey']), {
                 phaseId: newPhase.id,
-                projectId: project.id,
+                projectId: newProject.id,
                 templateId: product.id,
                 updatedBy: req.authUser.userId,
                 createdBy: req.authUser.userId,

From aca030cde7690a1735dc7cb14c215787a7fd3058 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 6 Jun 2018 17:22:01 +0530
Subject: [PATCH 25/59] Creating default topic for phase when phase is created
 via new project Fixed data type for template id when indexing in ES

---
 src/events/projectPhases/index.js |  1 +
 src/events/projects/index.js      | 32 ++++++++++++++++++++++---------
 src/routes/projects/create.js     |  2 +-
 3 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index 6995eb13..74aa40fb 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -191,4 +191,5 @@ module.exports = {
   projectPhaseAddedHandler,
   projectPhaseRemovedHandler,
   projectPhaseUpdatedHandler,
+  createPhaseTopic,
 };
diff --git a/src/events/projects/index.js b/src/events/projects/index.js
index 2f8afa2d..801acba0 100644
--- a/src/events/projects/index.js
+++ b/src/events/projects/index.js
@@ -5,19 +5,16 @@ import _ from 'lodash';
 import Promise from 'bluebird';
 import config from 'config';
 import util from '../../util';
+import { createPhaseTopic } from '../projectPhases';
 
 const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
 const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
 const eClient = util.getElasticSearchClient();
 
-/**
- * Handler for project creation event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- * @returns {undefined}
- */
-const projectCreatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+
+
+
+const indexProject = Promise.coroutine(function* (logger, msg) {
   const data = JSON.parse(msg.content.toString());
   const userIds = data.members ? data.members.map(single => `userId:${single.userId}`) : [];
   try {
@@ -42,9 +39,26 @@ const projectCreatedHandler = Promise.coroutine(function* (logger, msg, channel)
       body: data,
     });
     logger.debug(`project indexed successfully (projectId: ${data.id})`, result);
-    channel.ack(msg);
     return undefined;
   } catch (error) {
+    logger.error(`Error indexing project (projectId: ${data.id})`, error);
+    throw error;
+  }
+});
+
+/**
+ * Handler for project creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const projectCreatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  try {
+    indexProject(logger, msg);
+    createPhaseTopic(logger, msg);
+    channel.ack(msg);
+  } catch(error) {
     logger.error(`Error processing event (projectId: ${data.id})`, error);
     channel.nack(msg, false, !msg.fields.redelivered);
     return undefined;
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 6f0076db..19a17b61 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -115,7 +115,7 @@ function createProjectAndPhases(req, project, projectTemplate) {
               _.assign(_.omit(product, ['id', 'productKey']), {
                 phaseId: newPhase.id,
                 projectId: newProject.id,
-                templateId: product.id,
+                templateId: Integer.parseInt(product.id),
                 updatedBy: req.authUser.userId,
                 createdBy: req.authUser.userId,
               })), { returning: true })

From da3da627a7501a413110265e103432cf5ebf80f1 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 6 Jun 2018 17:35:29 +0530
Subject: [PATCH 26/59] lint fixes

---
 src/events/projects/index.js  | 26 ++++++++++++++------------
 src/routes/projects/create.js |  2 +-
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/events/projects/index.js b/src/events/projects/index.js
index 801acba0..24890633 100644
--- a/src/events/projects/index.js
+++ b/src/events/projects/index.js
@@ -11,10 +11,14 @@ const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
 const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
 const eClient = util.getElasticSearchClient();
 
-
-
-
-const indexProject = Promise.coroutine(function* (logger, msg) {
+/**
+ * Indexes the project in the elastic search.
+ *
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload which is essentially a project in JSON format
+ * @returns {undefined}
+ */
+const indexProject = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
   const data = JSON.parse(msg.content.toString());
   const userIds = data.members ? data.members.map(single => `userId:${single.userId}`) : [];
   try {
@@ -23,8 +27,7 @@ const indexProject = Promise.coroutine(function* (logger, msg) {
     // if no members are returned than this should result in nack
     if (!_.isArray(memberDetails) || memberDetails.length === 0) {
       logger.error(`Empty member details for userIds ${userIds.join(',')} requeing the message`);
-      channel.nack(msg, false, !msg.fields.redelivered);
-      return undefined;
+      throw new Error(`Empty member details for userIds ${userIds.join(',')} requeing the message`);
     }
     // update project member record with details
     data.members = data.members.map((single) => {
@@ -39,7 +42,6 @@ const indexProject = Promise.coroutine(function* (logger, msg) {
       body: data,
     });
     logger.debug(`project indexed successfully (projectId: ${data.id})`, result);
-    return undefined;
   } catch (error) {
     logger.error(`Error indexing project (projectId: ${data.id})`, error);
     throw error;
@@ -54,14 +56,14 @@ const indexProject = Promise.coroutine(function* (logger, msg) {
  * @returns {undefined}
  */
 const projectCreatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const project = JSON.parse(msg.content.toString());
   try {
-    indexProject(logger, msg);
-    createPhaseTopic(logger, msg);
+    yield indexProject(logger, msg);
+    yield createPhaseTopic(logger, msg);
     channel.ack(msg);
-  } catch(error) {
-    logger.error(`Error processing event (projectId: ${data.id})`, error);
+  } catch (error) {
+    logger.error(`Error processing event (projectId: ${project.id})`, error);
     channel.nack(msg, false, !msg.fields.redelivered);
-    return undefined;
   }
 });
 
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 19a17b61..af0dee30 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -115,7 +115,7 @@ function createProjectAndPhases(req, project, projectTemplate) {
               _.assign(_.omit(product, ['id', 'productKey']), {
                 phaseId: newPhase.id,
                 projectId: newProject.id,
-                templateId: Integer.parseInt(product.id),
+                templateId: parseInt(product.id, 10),
                 updatedBy: req.authUser.userId,
                 createdBy: req.authUser.userId,
               })), { returning: true })

From aa39c278c9eb1d5bda961c5bce8ef1189fb2a2b9 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Thu, 7 Jun 2018 00:07:25 +0700
Subject: [PATCH 27/59] =?UTF-8?q?-=20Merge=20the=20code=20with=20"topcoder?=
 =?UTF-8?q?=20Connect=20-=20Timeline=20and=20Milestone=20REST=20API"=20cha?=
 =?UTF-8?q?llenge=20(30065695)=20-=20(Review)=20Milestone:=20startDate,=20?=
 =?UTF-8?q?status=20should=20be=20required=20fields=20-=20(Review)=20When?=
 =?UTF-8?q?=20deleting=20a=20timeline,=20it=20should=20be=20cascaded=20to?=
 =?UTF-8?q?=20it's=20milestone=20as=20well=20-=20(Review)=20Milestone=20co?=
 =?UTF-8?q?mpletionDate=20must=20not=20be=20before=20startDate=20-=20(Revi?=
 =?UTF-8?q?ew)=20Postman:=20DELETE=20should=20not=20have=20request=20body?=
 =?UTF-8?q?=20-=20(Review)=20Postman:=20add=20at=20least=201=20negative=20?=
 =?UTF-8?q?test=20case=20for=20the=20POST=20end=20points=20-=20(Paulo)=20D?=
 =?UTF-8?q?on=E2=80=99t=20allow=20startDate=20and=20endDate=20of=20milesto?=
 =?UTF-8?q?nes=20out=20of=20bound=20of=20it=E2=80=99s=20parent=20timeline.?=
 =?UTF-8?q?=20=20=20If=20startDate=20or=20endDate=20for=20timeline=20is=20?=
 =?UTF-8?q?updated,=20children=20must=20validated=20and=20changed=20accord?=
 =?UTF-8?q?ingly=20-=20(Paulo)=20GET=20/timelines,=20/timelines/{id}=20sho?=
 =?UTF-8?q?uld=20return=20the=20associated=20milestones=20-=20(Paulo)=20Up?=
 =?UTF-8?q?date=20milestone=20order=20for=20PATCH=20endpoint?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                    |    2 +-
 config/custom-environment-variables.json     |    4 +-
 config/default.json                          |   13 +-
 config/test.json                             |    4 +-
 migrations/elasticsearch_sync.js             |    7 +-
 migrations/seedElasticsearchIndex.js         |   50 +
 postman.json                                 | 1196 ++++++++++++-
 postman_environment.json                     |   42 +
 src/constants.js                             |   13 +
 src/events/index.js                          |   11 +
 src/events/milestones/index.js               |  150 ++
 src/events/timelines/index.js                |   90 +
 src/models/milestone.js                      |   39 +
 src/models/productMilestoneTemplate.js       |   30 +
 src/models/productTemplate.js                |    9 +
 src/models/timeline.js                       |   36 +
 src/permissions/index.js                     |   15 +
 src/routes/index.js                          |   29 +-
 src/routes/milestoneTemplates/create.js      |   85 +
 src/routes/milestoneTemplates/create.spec.js |  282 ++++
 src/routes/milestoneTemplates/delete.js      |   57 +
 src/routes/milestoneTemplates/delete.spec.js |  187 +++
 src/routes/milestoneTemplates/get.js         |   43 +
 src/routes/milestoneTemplates/get.spec.js    |  189 +++
 src/routes/milestoneTemplates/list.js        |   52 +
 src/routes/milestoneTemplates/list.spec.js   |  217 +++
 src/routes/milestoneTemplates/update.js      |  121 ++
 src/routes/milestoneTemplates/update.spec.js |  428 +++++
 src/routes/milestones/create.js              |  110 ++
 src/routes/milestones/create.spec.js         |  606 +++++++
 src/routes/milestones/delete.js              |   65 +
 src/routes/milestones/delete.spec.js         |  325 ++++
 src/routes/milestones/get.js                 |   48 +
 src/routes/milestones/get.spec.js            |  342 ++++
 src/routes/milestones/list.js                |   68 +
 src/routes/milestones/list.spec.js           |  324 ++++
 src/routes/milestones/update.js              |  161 ++
 src/routes/milestones/update.spec.js         |  791 +++++++++
 src/routes/timelines/create.js               |   65 +
 src/routes/timelines/create.spec.js          |  468 ++++++
 src/routes/timelines/delete.js               |   52 +
 src/routes/timelines/delete.spec.js          |  306 ++++
 src/routes/timelines/get.js                  |   36 +
 src/routes/timelines/get.spec.js             |  304 ++++
 src/routes/timelines/list.js                 |   94 ++
 src/routes/timelines/list.spec.js            |  397 +++++
 src/routes/timelines/update.js               |  109 ++
 src/routes/timelines/update.spec.js          |  626 +++++++
 src/tests/seed.js                            |  127 ++
 src/util.js                                  |   98 +-
 swagger.yaml                                 | 1574 ++++++++++++++----
 51 files changed, 10120 insertions(+), 377 deletions(-)
 create mode 100644 src/events/milestones/index.js
 create mode 100644 src/events/timelines/index.js
 create mode 100644 src/models/milestone.js
 create mode 100644 src/models/productMilestoneTemplate.js
 create mode 100644 src/models/timeline.js
 create mode 100644 src/routes/milestoneTemplates/create.js
 create mode 100644 src/routes/milestoneTemplates/create.spec.js
 create mode 100644 src/routes/milestoneTemplates/delete.js
 create mode 100644 src/routes/milestoneTemplates/delete.spec.js
 create mode 100644 src/routes/milestoneTemplates/get.js
 create mode 100644 src/routes/milestoneTemplates/get.spec.js
 create mode 100644 src/routes/milestoneTemplates/list.js
 create mode 100644 src/routes/milestoneTemplates/list.spec.js
 create mode 100644 src/routes/milestoneTemplates/update.js
 create mode 100644 src/routes/milestoneTemplates/update.spec.js
 create mode 100644 src/routes/milestones/create.js
 create mode 100644 src/routes/milestones/create.spec.js
 create mode 100644 src/routes/milestones/delete.js
 create mode 100644 src/routes/milestones/delete.spec.js
 create mode 100644 src/routes/milestones/get.js
 create mode 100644 src/routes/milestones/get.spec.js
 create mode 100644 src/routes/milestones/list.js
 create mode 100644 src/routes/milestones/list.spec.js
 create mode 100644 src/routes/milestones/update.js
 create mode 100644 src/routes/milestones/update.spec.js
 create mode 100644 src/routes/timelines/create.js
 create mode 100644 src/routes/timelines/create.spec.js
 create mode 100644 src/routes/timelines/delete.js
 create mode 100644 src/routes/timelines/delete.spec.js
 create mode 100644 src/routes/timelines/get.js
 create mode 100644 src/routes/timelines/get.spec.js
 create mode 100644 src/routes/timelines/list.js
 create mode 100644 src/routes/timelines/list.spec.js
 create mode 100644 src/routes/timelines/update.js
 create mode 100644 src/routes/timelines/update.spec.js

diff --git a/README.md b/README.md
index e2e5a707..c487aab6 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ Authentication is handled via Authorization (Bearer) token header field. Token i
 ```
 eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbmlzdHJhdG9yIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJwc2hhaDEiLCJleHAiOjI0NjI0OTQ2MTgsInVzZXJJZCI6IjQwMTM1OTc4IiwiaWF0IjoxNDYyNDk0MDE4LCJlbWFpbCI6InBzaGFoMUB0ZXN0LmNvbSIsImp0aSI6ImY0ZTFhNTE0LTg5ODAtNDY0MC04ZWM1LWUzNmUzMWE3ZTg0OSJ9.XuNN7tpMOXvBG1QwWRQROj7NfuUbqhkjwn39Vy4tR5I
 ```
-It's been signed with the secret 'secret'. This secret should match your entry in config/local.json. You can generate your own token using https://jwt.io
+It's been signed with the secret 'secret'. This secret should match your entry in config/local.js. You can generate your own token using https://jwt.io
 
 ### Local Deployment
 Build image:
diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index 6b5731a7..3e0b0287 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -9,7 +9,9 @@
     "host": "PROJECTS_ES_URL",
     "apiVersion": "2.3",
     "indexName": "PROJECTS_ES_INDEX_NAME",
-    "docType": "projectV4"
+    "docType": "projectV4",
+    "timelineIndexName": "TIMELINES_ES_INDEX_NAME",
+    "timelineDocType": "TIMELINES_ES_DOC_TYPE"
   },
   "rabbitmqURL": "RABBITMQ_URL",
   "pubsubQueueName": "PUBSUB_QUEUE_NAME",
diff --git a/config/default.json b/config/default.json
index 053f0c35..29a87f18 100644
--- a/config/default.json
+++ b/config/default.json
@@ -20,7 +20,9 @@
     "host": "",
     "apiVersion": "2.3",
     "indexName": "projects",
-    "docType": "projectV4"
+    "docType": "projectV4",
+    "timelineIndexName": "timelines",
+    "timelineDocType": "timelineV4"
   },
   "systemUserClientId": "",
   "systemUserClientSecret": "",
@@ -36,13 +38,12 @@
   "validIssuers": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]",
   "jwksUri": "",
   "busApiUrl": "http://api.topcoder-dev.com/v5",
-  "messageApiUrl": "http://api.topcoder-dev.com/v5",
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1,
-  "AUTH0_CLIENT_ID": "",
-  "AUTH0_CLIENT_SECRET": "",
-  "AUTH0_AUDIENCE": "",
-  "AUTH0_URL": "",
+  "AUTH0_CLIENT_ID": "5fctfjaLJHdvM04kSrCcC8yn0I4t1JTd",
+  "AUTH0_CLIENT_SECRET": "GhvDENIrYXo-d8xQ10fxm9k7XSVg491vlpvolXyWNBmeBdhsA5BAq2mH4cAAYS0x",
+  "AUTH0_AUDIENCE": "https://www.topcoder.com",
+  "AUTH0_URL": "https://topcoder-newauth.auth0.com/oauth/token",
   "TOKEN_CACHE_TIME": ""
 }
diff --git a/config/test.json b/config/test.json
index 26d22a7a..8668be6e 100644
--- a/config/test.json
+++ b/config/test.json
@@ -7,7 +7,9 @@
       "host": "http://localhost:9200",
       "apiVersion": "2.3",
       "indexName": "projects_test",
-      "docType": "projectV4"
+      "docType": "projectV4",
+      "timelineIndexName": "timelines_test",
+      "timelineDocType": "timelineV4"
     },
     "rabbitmqUrl": "amqp://localhost:5672",
     "dbConfig": {
diff --git a/migrations/elasticsearch_sync.js b/migrations/elasticsearch_sync.js
index 321f86cb..eac45e5f 100644
--- a/migrations/elasticsearch_sync.js
+++ b/migrations/elasticsearch_sync.js
@@ -16,6 +16,7 @@ import util from '../src/util';
 
 const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
 const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
 
 // create new elasticsearch client
 // the client modifies the config object, so always passed the cloned object
@@ -323,10 +324,14 @@ esClient.indices.delete({
   ignore: [404],
 })
 .then(() => esClient.indices.create(getRequestBody(ES_PROJECT_INDEX)))
+// Re-create timeline index
+.then(() => esClient.indices.delete({ index: ES_TIMELINE_INDEX, ignore: [404] }))
+.then(() => esClient.indices.create({ index: ES_TIMELINE_INDEX }))
 .then(() => {
   console.log('elasticsearch indices synced successfully');
   process.exit();
-}).catch((err) => {
+})
+.catch((err) => {
   console.error('elasticsearch indices sync failed', err);
   process.exit();
 });
diff --git a/migrations/seedElasticsearchIndex.js b/migrations/seedElasticsearchIndex.js
index 4a10ec48..cf353f8f 100644
--- a/migrations/seedElasticsearchIndex.js
+++ b/migrations/seedElasticsearchIndex.js
@@ -6,6 +6,7 @@ import config from 'config';
 import Promise from 'bluebird';
 import models from '../src/models';
 import RabbitMQService from '../src/services/rabbitmq';
+import { TIMELINE_REFERENCES } from '../src/constants';
 
 const logger = bunyan.createLogger({ name: 'init-es', level: config.get('logLevel') });
 
@@ -23,6 +24,19 @@ function getProjectIds() {
   return [];
 }
 
+/**
+ * Retrieve timeline ids from cli if provided
+ * @return {Array} list of timelineIds
+ */
+function getTimelineIds() {
+  let timelineIdArg = _.find(process.argv, a => a.indexOf('timelineIds') > -1);
+  if (timelineIdArg) {
+    timelineIdArg = timelineIdArg.split('=');
+    return timelineIdArg[1].split(',').map(i => parseInt(i, 10));
+  }
+  return [];
+}
+
 Promise.coroutine(function* wrapped() {
   try {
     const rabbit = new RabbitMQService(logger);
@@ -58,12 +72,48 @@ Promise.coroutine(function* wrapped() {
     logger.info(`Retrieved #${members.length} members`);
     members = _.groupBy(members, 'projectId');
 
+    // Get timelines
+    const timelineIds = getTimelineIds();
+    const timelineWhereClause = (timelineIds.length > 0) ? { id: { $in: timelineIds } } : {};
+    let timelines = yield models.Timeline.findAll({
+      where: timelineWhereClause,
+      include: [{ model: models.Milestone, as: 'milestones' }],
+    });
+    logger.info(`Retrieved #${projects.length} timelines`);
+
+    // Convert to raw json and remove unnecessary fields
+    timelines = _.map(timelines, (timeline) => {
+      const entity = _.omit(timeline.toJSON(), ['deletedBy', 'deletedAt']);
+      entity.milestones = _.map(entity.milestones, milestone => _.omit(milestone, ['deletedBy', 'deletedAt']));
+      return entity;
+    });
+
+    // Get projectId for each timeline
+    yield Promise.all(
+      _.map(timelines, (timeline) => {
+        if (timeline.reference === TIMELINE_REFERENCES.PROJECT) {
+          timeline.projectId = timeline.referenceId;
+          return Promise.resolve(timeline);
+        }
+
+        return models.ProjectPhase.findById(timeline.referenceId)
+          .then((phase) => {
+            timeline.projectId = phase.projectId;
+            return Promise.resolve(timeline);
+          });
+      }),
+    );
+
     const promises = [];
     _.forEach(projects, (p) => {
       p.members = members[p.id];
       logger.debug(`Processing Project #${p.id}`);
       promises.push(rabbit.publish('project.initial', p, {}));
     });
+    _.forEach(timelines, (t) => {
+      logger.debug(`Processing Timeline #${t.id}`);
+      promises.push(rabbit.publish('timeline.initial', t, {}));
+    });
     Promise.all(promises)
       .then(() => {
         logger.info(`Published ${promises.length} msgs`);
diff --git a/postman.json b/postman.json
index d9cb23a4..048cea72 100644
--- a/postman.json
+++ b/postman.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "1791b330-5331-4768-a265-f1cb5e6b4492",
+		"_postman_id": "440ee43d-66ca-4c9b-858d-22db97ea4cea",
 		"name": "tc-project-service",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
@@ -2840,7 +2840,7 @@
 		},
 		{
 			"name": "issue86 (create project with templateId)",
-			"description": "",
+			"description": null,
 			"item": [
 				{
 					"name": "Create project with templateId",
@@ -2928,8 +2928,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/6/upgrade",
-						"description": ""
+						"url": {
+							"raw": "{{api-url}}/v4/projects/6/upgrade",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"6",
+								"upgrade"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2951,8 +2961,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/upgrade",
-						"description": ""
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/upgrade",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"upgrade"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2974,8 +2994,18 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/6/upgrade",
-						"description": ""
+						"url": {
+							"raw": "{{api-url}}/v4/projects/6/upgrade",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"6",
+								"upgrade"
+							]
+						}
 					},
 					"response": []
 				},
@@ -2997,12 +3027,1156 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
 						},
-						"url": "{{api-url}}/v4/projects/7/upgrade",
-						"description": ""
+						"url": {
+							"raw": "{{api-url}}/v4/projects/7/upgrade",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"projects",
+								"7",
+								"upgrade"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Timeline",
+			"description": null,
+			"item": [
+				{
+					"name": "Create timeline",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-connectAdmin-40051336}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"description\":\"new description\",\r\n    \"startDate\":\"2018-05-29T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-30T00:00:00.000Z\",\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create timeline with invalid data",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-connectAdmin-40051336}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"startDate\":\"2018-05-29T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-28T00:00:00.000Z\",\r\n    \"reference\": \"invalid\",\r\n    \"referenceId\": 0\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List timelines",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List timelines (filter by reference)",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines?filter=reference%3Dproject",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							],
+							"query": [
+								{
+									"key": "filter",
+									"value": "reference%3Dproject"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List timelines (filter by referenceId)",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines?filter=referenceId%3D1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							],
+							"query": [
+								{
+									"key": "filter",
+									"value": "referenceId%3D1"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List timelines (filter by reference and referenceId)",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines?filter=reference%3Dphase%26referenceId%3D1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines"
+							],
+							"query": [
+								{
+									"key": "filter",
+									"value": "reference%3Dphase%26referenceId%3D1"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get timeline",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update timeline",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-01T00:00:00.000Z\",\r\n    \"endDate\": null,\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update timeline (startDate)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": null,\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update timeline (endDate)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete timeline",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/4",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"4"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Milestone",
+			"description": null,
+			"item": [
+				{
+					"name": "Create milestone",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-member-40051331}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 3\",\r\n    \"description\": \"description 3\",\r\n    \"duration\": 4,\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-08T00:00:00.000Z\",\r\n    \"status\": \"open\",\r\n    \"type\": \"type3\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            2,\r\n            3,\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 3\",\r\n    \"activeText\": \"activeText 3\",\r\n    \"completedText\": \"completedText 3\",\r\n    \"blockedText\": \"blockedText 3\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create milestone with invalid data",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-member-40051331}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-04T00:00:00.000Z\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List milestones",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List milestones (sort)",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones?sort=order desc",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones"
+							],
+							"query": [
+								{
+									"key": "sort",
+									"value": "order desc"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get milestone",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 1 => 2)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 2,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 2 => 1)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 1 => 3)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 3,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 3 => 1)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete milestone",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/timelines/1/milestones/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"timelines",
+								"1",
+								"milestones",
+								"2"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Milestone Template",
+			"description": null,
+			"item": [
+				{
+					"name": "Create milestone template",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-admin-40051333}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestoneTemplate 3\",\r\n    \"description\": \"description 3\",\r\n    \"duration\": 33,\r\n    \"type\": \"type3\",\r\n    \"order\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create milestone template with invalid data",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-admin-40051333}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List milestone templates",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "List milestone templates (sort)",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token-copilot-40051332}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones?sort=order desc",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones"
+							],
+							"query": [
+								{
+									"key": "sort",
+									"value": "order desc"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get milestone template",
+					"request": {
+						"method": "GET",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n\t\"name\": \"milestoneTemplate 1-updated\",\r\n\t\"description\": \"description 1-updated\",\r\n\t\"duration\": 34,\r\n\t\"type\": \"type1-updated\",\r\n\t\"order\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 1 => 2)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 2\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 2 => 1)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n\t\"name\": \"milestoneTemplate 1-updated\",\r\n\t\"description\": \"description 1-updated\",\r\n\t\"duration\": 34,\r\n\t\"type\": \"type1-updated\",\r\n\t\"order\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 1 => 3)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 3\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update milestone (order 3 => 1)",
+					"request": {
+						"method": "PATCH",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 1\r\n  }\r\n}"
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"1"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete milestone",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Content-Type",
+								"value": "application/json"
+							},
+							{
+								"key": "Authorization",
+								"value": "Bearer {{jwt-token}}"
+							}
+						],
+						"body": {
+							"mode": "raw",
+							"raw": ""
+						},
+						"url": {
+							"raw": "{{api-url}}/v4/productTemplates/1/milestones/2",
+							"host": [
+								"{{api-url}}"
+							],
+							"path": [
+								"v4",
+								"productTemplates",
+								"1",
+								"milestones",
+								"2"
+							]
+						}
 					},
 					"response": []
 				}
 			]
 		}
 	]
-}
+}
\ No newline at end of file
diff --git a/postman_environment.json b/postman_environment.json
index 12fab912..84968c61 100644
--- a/postman_environment.json
+++ b/postman_environment.json
@@ -15,6 +15,48 @@
       "description": "",
       "type": "text",
       "enabled": true
+    },
+    {
+      "key": "jwt-token-admin-40051333",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiYWRtaW5pc3RyYXRvciJdLCJpc3MiOiJodHRwczovL2FwaS50b3Bjb2Rlci1kZXYuY29tIiwiaGFuZGxlIjoidGVzdDEiLCJleHAiOjI1NjMwNzY2ODksInVzZXJJZCI6IjQwMDUxMzMzIiwiaWF0IjoxNDYzMDc2MDg5LCJlbWFpbCI6InRlc3RAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.wKWUe0-SaiFVN-VR_-GwgFlvWaDkSbc8H55ktb9LAVw",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token-member-40051331",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzEiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoidGVzdEB0b3Bjb2Rlci5jb20iLCJqdGkiOiJiMzNiNzdjZC1iNTJlLTQwZmUtODM3ZS1iZWI4ZTBhZTZhNGEifQ.pDtRzcGQjgCBD6aLsW-1OFhzmrv5mXhb8YLDWbGAnKo",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token-copilot-40051332",
+      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiQ29ubmVjdCBDb3BpbG90Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjo0MDA1MTMzMiwiZW1haWwiOiJ0ZXN0QHRvcGNvZGVyLmNvbSIsImlhdCI6MTQ3MDYyMDA0NH0.DnX17gBaVF2JTuRai-C2BDSdEjij9da_s4eYcMIjP0c",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token-manager-40051334",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiQ29ubmVjdCBNYW5hZ2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzQiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoidGVzdEB0b3Bjb2Rlci5jb20iLCJqdGkiOiJiMzNiNzdjZC1iNTJlLTQwZmUtODM3ZS1iZWI4ZTBhZTZhNGEifQ.J5VtOEQVph5jfe2Ji-NH7txEDcx_5gthhFeD-MzX9ck",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token-member2-40051335",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJtZW1iZXIyIiwiZXhwIjoyNTYzMDc2Njg5LCJ1c2VySWQiOiI0MDA1MTMzNSIsImlhdCI6MTQ2MzA3NjA4OSwiZW1haWwiOiJ0ZXN0QHRvcGNvZGVyLmNvbSIsImp0aSI6ImIzM2I3N2NkLWI1MmUtNDBmZS04MzdlLWJlYjhlMGFlNmE0YSJ9.Mh4bw3wm-cn5Kcf96gLFVlD0kySOqqk4xN3qnreAKL4",
+      "description": "",
+      "type": "text",
+      "enabled": true
+    },
+    {
+      "key": "jwt-token-connectAdmin-40051336",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJDb25uZWN0IEFkbWluIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJjb25uZWN0X2FkbWluMSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzYiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoiY29ubmVjdF9hZG1pbjFAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.nSGfXMl02NZ90ZKLiEKPg75iAjU92mfteaY6xgqkM30",
+      "description": "",
+      "type": "text",
+      "enabled": true
     }
   ],
   "_postman_variable_scope": "environment",
diff --git a/src/constants.js b/src/constants.js
index ed5f4ba6..1b48b8bd 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -47,6 +47,14 @@ export const EVENT = {
     PROJECT_PHASE_PRODUCT_ADDED: 'project.phase.product.added',
     PROJECT_PHASE_PRODUCT_UPDATED: 'project.phase.product.updated',
     PROJECT_PHASE_PRODUCT_REMOVED: 'project.phase.product.removed',
+
+    TIMELINE_ADDED: 'timeline.added',
+    TIMELINE_UPDATED: 'timeline.updated',
+    TIMELINE_REMOVED: 'timeline.removed',
+
+    MILESTONE_ADDED: 'milestone.added',
+    MILESTONE_UPDATED: 'milestone.updated',
+    MILESTONE_REMOVED: 'milestone.removed',
   },
 };
 
@@ -86,3 +94,8 @@ export const REGEX = {
 export const TOKEN_SCOPES = {
   CONNECT_PROJECT_ADMIN: 'all:connect_project',
 };
+
+export const TIMELINE_REFERENCES = {
+  PROJECT: 'project',
+  PHASE: 'phase',
+};
diff --git a/src/events/index.js b/src/events/index.js
index cf6decf8..fac17d8d 100644
--- a/src/events/index.js
+++ b/src/events/index.js
@@ -9,6 +9,8 @@ import { projectPhaseAddedHandler, projectPhaseRemovedHandler,
   projectPhaseUpdatedHandler } from './projectPhases';
 import { phaseProductAddedHandler, phaseProductRemovedHandler,
   phaseProductUpdatedHandler } from './phaseProducts';
+import { timelineAddedHandler, timelineUpdatedHandler, timelineRemovedHandler } from './timelines';
+import { milestoneAddedHandler, milestoneUpdatedHandler, milestoneRemovedHandler } from './milestones';
 
 export default {
   'project.initial': projectCreatedHandler,
@@ -30,4 +32,13 @@ export default {
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED]: phaseProductAddedHandler,
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED]: phaseProductRemovedHandler,
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED]: phaseProductUpdatedHandler,
+
+  // Timeline and milestone
+  'timeline.initial': timelineAddedHandler,
+  [EVENT.ROUTING_KEY.TIMELINE_ADDED]: timelineAddedHandler,
+  [EVENT.ROUTING_KEY.TIMELINE_REMOVED]: timelineRemovedHandler,
+  [EVENT.ROUTING_KEY.TIMELINE_UPDATED]: timelineUpdatedHandler,
+  [EVENT.ROUTING_KEY.MILESTONE_ADDED]: milestoneAddedHandler,
+  [EVENT.ROUTING_KEY.MILESTONE_REMOVED]: milestoneRemovedHandler,
+  [EVENT.ROUTING_KEY.MILESTONE_UPDATED]: milestoneUpdatedHandler,
 };
diff --git a/src/events/milestones/index.js b/src/events/milestones/index.js
new file mode 100644
index 00000000..3ebd578a
--- /dev/null
+++ b/src/events/milestones/index.js
@@ -0,0 +1,150 @@
+/**
+ * Event handlers for milestone create, update and delete.
+ */
+import config from 'config';
+import _ from 'lodash';
+import Promise from 'bluebird';
+import util from '../../util';
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+
+const eClient = util.getElasticSearchClient();
+
+/**
+ * Handler for milestone creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ */
+const milestoneAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.timelineId });
+    const milestones = _.isArray(doc._source.milestones) ? doc._source.milestones : []; // eslint-disable-line no-underscore-dangle
+
+    // Increase the order of the other milestones in the same timeline,
+    // which have `order` >= this milestone order
+    _.each(milestones, (milestone) => {
+      if (milestone.order >= data.order) {
+        milestone.order += 1; // eslint-disable-line no-param-reassign
+      }
+    });
+
+    milestones.push(data);
+    const merged = _.assign(doc._source, { milestones }); // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: data.timelineId,
+      body: { doc: merged },
+    });
+    logger.debug('milestone added to timeline document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`Error processing event (milestoneId: ${data.id})`, error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for milestone updated event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const milestoneUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.original.timelineId });
+    const milestones = _.map(doc._source.milestones, (single) => { // eslint-disable-line no-underscore-dangle
+      if (single.id === data.original.id) {
+        return _.assign(single, data.updated);
+      }
+      return single;
+    });
+
+    if (data.original.order !== data.updated.order) {
+      const milestoneWithSameOrder =
+        _.find(milestones, milestone => milestone.id !== data.updated.id && milestone.order === data.updated.order);
+      if (milestoneWithSameOrder) {
+        // Increase the order from M to K: if there is an item with order K,
+        // orders from M+1 to K should be made M to K-1
+        if (data.original.order < data.updated.order) {
+          _.each(milestones, (single) => {
+            if (single.id !== data.updated.id
+              && (data.original.order + 1) <= single.order
+              && single.order <= data.updated.order) {
+              single.order -= 1; // eslint-disable-line no-param-reassign
+            }
+          });
+        } else {
+          // Decrease the order from M to K: if there is an item with order K,
+          // orders from K to M-1 should be made K+1 to M
+          _.each(milestones, (single) => {
+            if (single.id !== data.updated.id
+              && data.updated.order <= single.order
+              && single.order <= (data.original.order - 1)) {
+              single.order += 1; // eslint-disable-line no-param-reassign
+            }
+          });
+        }
+      }
+    }
+
+    const merged = _.assign(doc._source, { milestones }); // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: data.original.timelineId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('elasticsearch index updated, milestone updated successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`Error processing event (milestoneId: ${data.original.id})`, error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for milestone deleted event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ * @returns {undefined}
+ */
+const milestoneRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.timelineId });
+    const milestones = _.filter(doc._source.milestones, single => single.id !== data.id); // eslint-disable-line no-underscore-dangle
+    const merged = _.assign(doc._source, { milestones });       // eslint-disable-line no-underscore-dangle
+    yield eClient.update({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: data.timelineId,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug('milestone removed from timeline document successfully');
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`Error processing event (milestoneId: ${data.id})`, error);
+    // if the message has been redelivered dont attempt to reprocess it
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+
+module.exports = {
+  milestoneAddedHandler,
+  milestoneRemovedHandler,
+  milestoneUpdatedHandler,
+};
diff --git a/src/events/timelines/index.js b/src/events/timelines/index.js
new file mode 100644
index 00000000..0de36410
--- /dev/null
+++ b/src/events/timelines/index.js
@@ -0,0 +1,90 @@
+/**
+ * Event handlers for timeline create, update and delete
+ */
+import _ from 'lodash';
+import Promise from 'bluebird';
+import config from 'config';
+import util from '../../util';
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+const eClient = util.getElasticSearchClient();
+
+/**
+ * Handler for timeline creation event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ */
+const timelineAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    // add the record to the index
+    const result = yield eClient.index({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: data.id,
+      body: data,
+    });
+    logger.debug(`timeline indexed successfully (timelineId: ${data.id})`, result);
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`Error processing event (timelineId: ${data.id})`, error);
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for timeline updated event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ */
+const timelineUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    // first get the existing document and than merge the updated changes and save the new document
+    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.original.id });
+    const merged = _.merge(doc._source, data.updated);        // eslint-disable-line no-underscore-dangle
+    merged.milestones = data.updated.milestones;
+    // update the merged document
+    yield eClient.update({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: data.original.id,
+      body: {
+        doc: merged,
+      },
+    });
+    logger.debug(`timeline updated successfully in elasticsearh index, (timelineId: ${data.original.id})`);
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`failed to get timeline document, (timelineId: ${data.original.id})`, error);
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+/**
+ * Handler for timeline deleted event
+ * @param  {Object} logger  logger to log along with trace id
+ * @param  {Object} msg     event payload
+ * @param  {Object} channel channel to ack, nack
+ */
+const timelineRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const data = JSON.parse(msg.content.toString());
+  try {
+    yield eClient.delete({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.id });
+    logger.debug(`timeline deleted successfully from elasticsearh index (timelineId: ${data.id})`);
+    channel.ack(msg);
+  } catch (error) {
+    logger.error(`failed to delete timeline document (timelineId: ${data.id})`, error);
+    channel.nack(msg, false, !msg.fields.redelivered);
+  }
+});
+
+
+module.exports = {
+  timelineAddedHandler,
+  timelineUpdatedHandler,
+  timelineRemovedHandler,
+};
diff --git a/src/models/milestone.js b/src/models/milestone.js
new file mode 100644
index 00000000..cb3e0306
--- /dev/null
+++ b/src/models/milestone.js
@@ -0,0 +1,39 @@
+/* eslint-disable valid-jsdoc */
+
+/**
+ * The Milestone model
+ */
+module.exports = (sequelize, DataTypes) => {
+  const Milestone = sequelize.define('Milestone', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING(255), allowNull: false },
+    description: DataTypes.STRING(255),
+    duration: { type: DataTypes.INTEGER, allowNull: false },
+    startDate: { type: DataTypes.DATE, allowNull: false },
+    endDate: DataTypes.DATE,
+    completionDate: DataTypes.DATE,
+    status: { type: DataTypes.STRING(45), allowNull: false },
+    type: { type: DataTypes.STRING(45), allowNull: false },
+    details: DataTypes.JSON,
+    order: { type: DataTypes.INTEGER, allowNull: false },
+    plannedText: { type: DataTypes.STRING(512), allowNull: false },
+    activeText: { type: DataTypes.STRING(512), allowNull: false },
+    completedText: { type: DataTypes.STRING(512), allowNull: false },
+    blockedText: { type: DataTypes.STRING(512), allowNull: false },
+    deletedAt: DataTypes.DATE,
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: DataTypes.BIGINT,
+    createdBy: { type: DataTypes.BIGINT, allowNull: false },
+    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
+  }, {
+    tableName: 'milestones',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+  });
+
+  return Milestone;
+};
diff --git a/src/models/productMilestoneTemplate.js b/src/models/productMilestoneTemplate.js
new file mode 100644
index 00000000..acd40c11
--- /dev/null
+++ b/src/models/productMilestoneTemplate.js
@@ -0,0 +1,30 @@
+/* eslint-disable valid-jsdoc */
+
+/**
+ * The Product Milestone Template model
+ */
+module.exports = (sequelize, DataTypes) => {
+  const ProductMilestoneTemplate = sequelize.define('ProductMilestoneTemplate', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING(255), allowNull: false },
+    description: DataTypes.STRING(255),
+    duration: { type: DataTypes.INTEGER, allowNull: false },
+    type: { type: DataTypes.STRING(45), allowNull: false },
+    order: { type: DataTypes.INTEGER, allowNull: false },
+    deletedAt: DataTypes.DATE,
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: DataTypes.BIGINT,
+    createdBy: { type: DataTypes.BIGINT, allowNull: false },
+    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
+  }, {
+    tableName: 'product_milestone_templates',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+  });
+
+  return ProductMilestoneTemplate;
+};
diff --git a/src/models/productTemplate.js b/src/models/productTemplate.js
index 72d7bc30..2671d98e 100644
--- a/src/models/productTemplate.js
+++ b/src/models/productTemplate.js
@@ -26,6 +26,15 @@ module.exports = (sequelize, DataTypes) => {
     updatedAt: 'updatedAt',
     createdAt: 'createdAt',
     deletedAt: 'deletedAt',
+    classMethods: {
+      associate: (models) => {
+        ProductTemplate.hasMany(models.ProductMilestoneTemplate, {
+          as: 'milestones',
+          foreignKey: 'productTemplateId',
+          onDelete: 'cascade',
+        });
+      },
+    },
   });
 
   return ProductTemplate;
diff --git a/src/models/timeline.js b/src/models/timeline.js
new file mode 100644
index 00000000..5b9d6247
--- /dev/null
+++ b/src/models/timeline.js
@@ -0,0 +1,36 @@
+/* eslint-disable valid-jsdoc */
+
+/**
+ * The Timeline model
+ */
+module.exports = (sequelize, DataTypes) => {
+  const Timeline = sequelize.define('Timeline', {
+    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
+    name: { type: DataTypes.STRING(255), allowNull: false },
+    description: DataTypes.STRING(255),
+    startDate: { type: DataTypes.DATE, allowNull: false },
+    endDate: DataTypes.DATE,
+    reference: { type: DataTypes.STRING(45), allowNull: false },
+    referenceId: { type: DataTypes.BIGINT, allowNull: false },
+    deletedAt: DataTypes.DATE,
+    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
+    deletedBy: DataTypes.BIGINT,
+    createdBy: { type: DataTypes.BIGINT, allowNull: false },
+    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
+  }, {
+    tableName: 'timelines',
+    paranoid: true,
+    timestamps: true,
+    updatedAt: 'updatedAt',
+    createdAt: 'createdAt',
+    deletedAt: 'deletedAt',
+    classMethods: {
+      associate: (models) => {
+        Timeline.hasMany(models.Milestone, { as: 'milestones', foreignKey: 'timelineId', onDelete: 'cascade' });
+      },
+    },
+  });
+
+  return Timeline;
+};
diff --git a/src/permissions/index.js b/src/permissions/index.js
index 6ea7a418..f0d3af2a 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -35,6 +35,11 @@ module.exports = () => {
   Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
   Authorizer.setPolicy('productTemplate.view', true);
 
+  Authorizer.setPolicy('milestoneTemplate.create', connectManagerOrAdmin);
+  Authorizer.setPolicy('milestoneTemplate.edit', connectManagerOrAdmin);
+  Authorizer.setPolicy('milestoneTemplate.delete', connectManagerOrAdmin);
+  Authorizer.setPolicy('milestoneTemplate.view', true);
+
   Authorizer.setPolicy('project.addProjectPhase', projectEdit);
   Authorizer.setPolicy('project.updateProjectPhase', projectEdit);
   Authorizer.setPolicy('project.deleteProjectPhase', projectEdit);
@@ -46,4 +51,14 @@ module.exports = () => {
   Authorizer.setPolicy('projectType.edit', projectAdmin);
   Authorizer.setPolicy('projectType.delete', projectAdmin);
   Authorizer.setPolicy('projectType.view', true); // anyone can view project types
+
+  Authorizer.setPolicy('timeline.create', projectEdit);
+  Authorizer.setPolicy('timeline.edit', projectEdit);
+  Authorizer.setPolicy('timeline.delete', projectEdit);
+  Authorizer.setPolicy('timeline.view', projectView);
+
+  Authorizer.setPolicy('milestone.create', projectEdit);
+  Authorizer.setPolicy('milestone.edit', projectEdit);
+  Authorizer.setPolicy('milestone.delete', projectEdit);
+  Authorizer.setPolicy('milestone.view', projectView);
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index 289f47c6..d9b46645 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -27,7 +27,7 @@ router.get(`/${apiVersion}/projects/health`, (req, res) => {
 const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
 
 router.all(
-  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes)(?!\\/health).*`),
+  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes|timelines)(?!\\/health).*`),
   jwtAuth());
 
 // Register all the routes
@@ -88,6 +88,15 @@ router.route('/v4/productTemplates/:templateId(\\d+)')
   .patch(require('./productTemplates/update'))
   .delete(require('./productTemplates/delete'));
 
+router.route('/v4/productTemplates/:productTemplateId(\\d+)/milestones')
+  .post(require('./milestoneTemplates/create'))
+  .get(require('./milestoneTemplates/list'));
+
+router.route('/v4/productTemplates/:productTemplateId(\\d+)/milestones/:milestoneTemplateId(\\d+)')
+  .get(require('./milestoneTemplates/get'))
+  .patch(require('./milestoneTemplates/update'))
+  .delete(require('./milestoneTemplates/delete'));
+
 router.route('/v4/projects/:projectId(\\d+)/phases')
   .get(require('./phases/list'))
   .post(require('./phases/create'));
@@ -115,6 +124,24 @@ router.route('/v4/projectTypes/:key')
   .patch(require('./projectTypes/update'))
   .delete(require('./projectTypes/delete'));
 
+router.route('/v4/timelines')
+  .post(require('./timelines/create'))
+  .get(require('./timelines/list'));
+
+router.route('/v4/timelines/:timelineId(\\d+)')
+  .get(require('./timelines/get'))
+  .patch(require('./timelines/update'))
+  .delete(require('./timelines/delete'));
+
+router.route('/v4/timelines/:timelineId(\\d+)/milestones')
+  .post(require('./milestones/create'))
+  .get(require('./milestones/list'));
+
+router.route('/v4/timelines/:timelineId(\\d+)/milestones/:milestoneId(\\d+)')
+  .get(require('./milestones/get'))
+  .patch(require('./milestones/update'))
+  .delete(require('./milestones/delete'));
+
 // register error handler
 router.use((err, req, res, next) => { // eslint-disable-line no-unused-vars
   // DO NOT REMOVE next arg.. even though eslint
diff --git a/src/routes/milestoneTemplates/create.js b/src/routes/milestoneTemplates/create.js
new file mode 100644
index 00000000..55ea5c12
--- /dev/null
+++ b/src/routes/milestoneTemplates/create.js
@@ -0,0 +1,85 @@
+/**
+ * API to add a milestone template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import Sequelize from 'sequelize';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    productTemplateId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      duration: Joi.number().integer().required(),
+      type: Joi.string().max(45).required(),
+      order: Joi.number().integer().required(),
+      productTemplateId: Joi.any().strip(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('milestoneTemplate.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+      productTemplateId: req.params.productTemplateId,
+    });
+    let result;
+
+    return models.sequelize.transaction(tx =>
+      // Find the product template
+      models.ProductTemplate.findById(req.params.productTemplateId, { transaction: tx })
+        .then((productTemplate) => {
+          // Not found
+          if (!productTemplate) {
+            const apiErr = new Error(
+              `Product template not found for product template id ${req.params.productTemplateId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Create the milestone template
+          return models.ProductMilestoneTemplate.create(entity, { transaction: tx });
+        })
+        .then((createdEntity) => {
+          // Omit deletedAt and deletedBy
+          result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
+
+          // Increase the order of the other milestone templates in the same product template,
+          // which have `order` >= this milestone template order
+          return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" + 1') }, {
+            where: {
+              productTemplateId: req.params.productTemplateId,
+              id: { $ne: result.id },
+              order: { $gte: result.order },
+            },
+            transaction: tx,
+          });
+        })
+        .then(() => {
+          // Write to response
+          res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestoneTemplates/create.spec.js b/src/routes/milestoneTemplates/create.spec.js
new file mode 100644
index 00000000..6fe6c128
--- /dev/null
+++ b/src/routes/milestoneTemplates/create.spec.js
@@ -0,0 +1,282 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import models from '../../models';
+
+const should = chai.should();
+
+const productTemplates = [
+  {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'template 2',
+    productKey: 'productKey 2',
+    icon: 'http://example.com/icon2.ico',
+    brief: 'brief 2',
+    details: 'details 2',
+    aliases: {},
+    template: {},
+    createdBy: 3,
+    updatedBy: 4,
+    deletedAt: new Date(),
+  },
+];
+const milestoneTemplates = [
+  {
+    name: 'milestoneTemplate 1',
+    duration: 3,
+    type: 'type1',
+    order: 1,
+    productTemplateId: 1,
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'milestoneTemplate 2',
+    duration: 4,
+    type: 'type2',
+    order: 2,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+  },
+];
+
+describe('CREATE milestone template', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
+    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
+  );
+  after(testUtil.clearDb);
+
+  describe('POST /productTemplates/{productTemplateId}/milestones', () => {
+    const body = {
+      param: {
+        name: 'milestoneTemplate 3',
+        description: 'description 3',
+        duration: 33,
+        type: 'type3',
+        order: 1,
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed product template', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1000/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 422 if missing name', (done) => {
+      const invalidBody = {
+        param: {
+          name: undefined,
+        },
+      };
+
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing duration', (done) => {
+      const invalidBody = {
+        param: {
+          duration: undefined,
+        },
+      };
+
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing type', (done) => {
+      const invalidBody = {
+        param: {
+          type: undefined,
+        },
+      };
+
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing order', (done) => {
+      const invalidBody = {
+        param: {
+          order: undefined,
+        },
+      };
+
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.duration.should.be.eql(body.param.duration);
+          resJson.type.should.be.eql(body.param.type);
+          resJson.order.should.be.eql(body.param.order);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          // Verify 'order' of the other milestones
+          models.ProductMilestoneTemplate.findAll({
+            where: {
+              productTemplateId: 1,
+            },
+          })
+            .then((milestones) => {
+              _.each(milestones, (milestone) => {
+                if (milestone.id === 1) {
+                  milestone.order.should.be.eql(1 + 1);
+                } else if (milestone.id === 2) {
+                  milestone.order.should.be.eql(2 + 1);
+                }
+              });
+
+              done();
+            });
+        });
+    });
+
+    it('should return 201 for connect manager', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051334); // manager
+          resJson.updatedBy.should.be.eql(40051334); // manager
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/milestoneTemplates/delete.js b/src/routes/milestoneTemplates/delete.js
new file mode 100644
index 00000000..bacb3e36
--- /dev/null
+++ b/src/routes/milestoneTemplates/delete.js
@@ -0,0 +1,57 @@
+/**
+ * API to delete a milestone template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    productTemplateId: Joi.number().integer().positive().required(),
+    milestoneTemplateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('milestoneTemplate.delete'),
+  (req, res, next) => {
+    const where = {
+      id: req.params.milestoneTemplateId,
+      deletedAt: { $eq: null },
+      productTemplateId: req.params.productTemplateId,
+    };
+
+    return models.sequelize.transaction(tx =>
+      // Update the deletedBy
+      models.ProductMilestoneTemplate.update({ deletedBy: req.authUser.userId }, {
+        where,
+        returning: true,
+        raw: true,
+        transaction: tx,
+      })
+        .then((updatedResults) => {
+          // Not found
+          if (updatedResults[0] === 0) {
+            const apiErr = new Error(
+              `Milestone template not found for milestone template id ${req.params.milestoneTemplateId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Soft delete
+          return models.ProductMilestoneTemplate.destroy({
+            where,
+            transaction: tx,
+          });
+        })
+        .then(() => {
+          res.status(204).end();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestoneTemplates/delete.spec.js b/src/routes/milestoneTemplates/delete.spec.js
new file mode 100644
index 00000000..02fd111c
--- /dev/null
+++ b/src/routes/milestoneTemplates/delete.spec.js
@@ -0,0 +1,187 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const productTemplates = [
+  {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'template 2',
+    productKey: 'productKey 2',
+    icon: 'http://example.com/icon2.ico',
+    brief: 'brief 2',
+    details: 'details 2',
+    aliases: {},
+    template: {},
+    createdBy: 3,
+    updatedBy: 4,
+    deletedAt: new Date(),
+  },
+];
+const milestoneTemplates = [
+  {
+    id: 1,
+    name: 'milestoneTemplate 1',
+    duration: 3,
+    type: 'type1',
+    order: 1,
+    productTemplateId: 1,
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    id: 2,
+    name: 'milestoneTemplate 2',
+    duration: 4,
+    type: 'type2',
+    order: 2,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+    deletedAt: new Date(),
+  },
+];
+
+describe('DELETE milestone template', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
+    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
+  );
+  after(testUtil.clearDb);
+
+  describe('DELETE /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed product template', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1234/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed milestone template', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/444')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted milestone template', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid productTemplateId param', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/0/milestones/2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid milestoneTemplateId param', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 204, for admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect admin, if template was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect manager, if template was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/milestoneTemplates/get.js b/src/routes/milestoneTemplates/get.js
new file mode 100644
index 00000000..1c1fa3f0
--- /dev/null
+++ b/src/routes/milestoneTemplates/get.js
@@ -0,0 +1,43 @@
+/**
+ * API to get a milestone template
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    productTemplateId: Joi.number().integer().positive().required(),
+    milestoneTemplateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('milestoneTemplate.view'),
+  (req, res, next) => models.ProductMilestoneTemplate.findOne({
+    where: {
+      id: req.params.milestoneTemplateId,
+      productTemplateId: req.params.productTemplateId,
+    },
+    attributes: { exclude: ['deletedAt', 'deletedBy'] },
+    raw: true,
+  })
+    .then((milestoneTemplate) => {
+      // Not found
+      if (!milestoneTemplate) {
+        const apiErr = new Error(
+          `Milestone template not found for milestone template id ${req.params.milestoneTemplateId}`);
+        apiErr.status = 404;
+        return Promise.reject(apiErr);
+      }
+
+      res.json(util.wrapResponse(req.id, milestoneTemplate));
+      return Promise.resolve();
+    })
+    .catch(next),
+];
diff --git a/src/routes/milestoneTemplates/get.spec.js b/src/routes/milestoneTemplates/get.spec.js
new file mode 100644
index 00000000..c2b144e3
--- /dev/null
+++ b/src/routes/milestoneTemplates/get.spec.js
@@ -0,0 +1,189 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const productTemplates = [
+  {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'template 2',
+    productKey: 'productKey 2',
+    icon: 'http://example.com/icon2.ico',
+    brief: 'brief 2',
+    details: 'details 2',
+    aliases: {},
+    template: {},
+    createdBy: 3,
+    updatedBy: 4,
+    deletedAt: new Date(),
+  },
+];
+const milestoneTemplates = [
+  {
+    id: 1,
+    name: 'milestoneTemplate 1',
+    duration: 3,
+    type: 'type1',
+    order: 1,
+    productTemplateId: 1,
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    id: 2,
+    name: 'milestoneTemplate 2',
+    duration: 4,
+    type: 'type2',
+    order: 2,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+    deletedAt: new Date(),
+  },
+];
+
+describe('GET milestone template', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
+    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed product template', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1234/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed milestone template', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1111')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted milestone template', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(milestoneTemplates[0].id);
+          resJson.name.should.be.eql(milestoneTemplates[0].name);
+          resJson.duration.should.be.eql(milestoneTemplates[0].duration);
+          resJson.type.should.be.eql(milestoneTemplates[0].type);
+          resJson.order.should.be.eql(milestoneTemplates[0].order);
+          resJson.productTemplateId.should.be.eql(milestoneTemplates[0].productTemplateId);
+
+          resJson.createdBy.should.be.eql(milestoneTemplates[0].createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(milestoneTemplates[0].updatedBy);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/milestoneTemplates/list.js b/src/routes/milestoneTemplates/list.js
new file mode 100644
index 00000000..40b6ae19
--- /dev/null
+++ b/src/routes/milestoneTemplates/list.js
@@ -0,0 +1,52 @@
+/**
+ * API to list all milestone templates
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    productTemplateId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('milestoneTemplate.view'),
+  (req, res, next) => {
+    // Parse the sort query
+    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'order';
+    if (sort && sort.indexOf(' ') === -1) {
+      sort += ' asc';
+    }
+    const sortableProps = [
+      'order asc', 'order desc',
+    ];
+    if (sort && _.indexOf(sortableProps, sort) < 0) {
+      const apiErr = new Error('Invalid sort criteria');
+      apiErr.status = 422;
+      return next(apiErr);
+    }
+    const sortColumnAndOrder = sort.split(' ');
+
+    // Get all milestone templates
+    return models.ProductMilestoneTemplate.findAll({
+      where: {
+        productTemplateId: req.params.productTemplateId,
+      },
+      order: [sortColumnAndOrder],
+      attributes: { exclude: ['deletedAt', 'deletedBy'] },
+      raw: true,
+    })
+      .then((milestoneTemplates) => {
+        res.json(util.wrapResponse(req.id, milestoneTemplates));
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/milestoneTemplates/list.spec.js b/src/routes/milestoneTemplates/list.spec.js
new file mode 100644
index 00000000..87fb3228
--- /dev/null
+++ b/src/routes/milestoneTemplates/list.spec.js
@@ -0,0 +1,217 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const productTemplates = [
+  {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'template 2',
+    productKey: 'productKey 2',
+    icon: 'http://example.com/icon2.ico',
+    brief: 'brief 2',
+    details: 'details 2',
+    aliases: {},
+    template: {},
+    createdBy: 3,
+    updatedBy: 4,
+    deletedAt: new Date(),
+  },
+];
+const milestoneTemplates = [
+  {
+    id: 1,
+    name: 'milestoneTemplate 1',
+    duration: 3,
+    type: 'type1',
+    order: 1,
+    productTemplateId: 1,
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    id: 2,
+    name: 'milestoneTemplate 2',
+    duration: 4,
+    type: 'type2',
+    order: 2,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+  },
+  {
+    id: 3,
+    name: 'milestoneTemplate 3',
+    duration: 5,
+    type: 'type3',
+    order: 3,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+    deletedAt: new Date(),
+  },
+];
+
+describe('LIST milestone template', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
+    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
+  );
+  after(testUtil.clearDb);
+
+  describe('GET /productTemplates/{productTemplateId}/milestones', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .expect(403, done);
+    });
+
+    it('should return 422 for invalid productTemplateId param', (done) => {
+      request(server)
+        .get('/v4/productTemplates/0/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid sort column', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones?sort=id')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid sort order', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones?sort=order%20invalid')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+          resJson[0].id.should.be.eql(milestoneTemplates[0].id);
+          resJson[0].name.should.be.eql(milestoneTemplates[0].name);
+          resJson[0].duration.should.be.eql(milestoneTemplates[0].duration);
+          resJson[0].type.should.be.eql(milestoneTemplates[0].type);
+          resJson[0].order.should.be.eql(milestoneTemplates[0].order);
+          resJson[0].productTemplateId.should.be.eql(milestoneTemplates[0].productTemplateId);
+
+          resJson[0].createdBy.should.be.eql(milestoneTemplates[0].createdBy);
+          should.exist(resJson[0].createdAt);
+          resJson[0].updatedBy.should.be.eql(milestoneTemplates[0].updatedBy);
+          should.exist(resJson[0].updatedAt);
+          should.not.exist(resJson[0].deletedBy);
+          should.not.exist(resJson[0].deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 with sort desc', (done) => {
+      request(server)
+        .get('/v4/productTemplates/1/milestones?sort=order%20desc')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+          resJson[0].id.should.be.eql(2);
+          resJson[1].id.should.be.eql(1);
+
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/milestoneTemplates/update.js b/src/routes/milestoneTemplates/update.js
new file mode 100644
index 00000000..65da9e9f
--- /dev/null
+++ b/src/routes/milestoneTemplates/update.js
@@ -0,0 +1,121 @@
+/**
+ * API to update a milestone template
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import Sequelize from 'sequelize';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    productTemplateId: Joi.number().integer().positive().required(),
+    milestoneTemplateId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      duration: Joi.number().integer().required(),
+      type: Joi.string().max(45).required(),
+      order: Joi.number().integer().required(),
+      productTemplateId: Joi.any().strip(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  permissions('milestoneTemplate.edit'),
+  (req, res, next) => {
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+    });
+
+    let original;
+    let updated;
+
+    return models.sequelize.transaction(() =>
+      // Get the milestone template
+      models.ProductMilestoneTemplate.findOne({
+        where: {
+          id: req.params.milestoneTemplateId,
+          productTemplateId: req.params.productTemplateId,
+        },
+        attributes: { exclude: ['deletedAt', 'deletedBy'] },
+      })
+        .then((milestoneTemplate) => {
+          // Not found
+          if (!milestoneTemplate) {
+            const apiErr = new Error(`Milestone template not found for template id ${req.params.milestoneTemplateId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          original = _.omit(milestoneTemplate.toJSON(), ['deletedAt', 'deletedBy']);
+
+          // Update
+          return milestoneTemplate.update(entityToUpdate);
+        })
+        .then((milestoneTemplate) => {
+          updated = _.omit(milestoneTemplate.toJSON(), ['deletedAt', 'deletedBy']);
+
+          // Update order of the other milestones only if the order was changed
+          if (original.order === updated.order) {
+            return Promise.resolve();
+          }
+
+          return models.ProductMilestoneTemplate.count({
+            where: {
+              productTemplateId: updated.productTemplateId,
+              id: { $ne: updated.id },
+              order: updated.order,
+            },
+          })
+            .then((count) => {
+              if (count === 0) {
+                return Promise.resolve();
+              }
+
+              // Increase the order from M to K: if there is an item with order K,
+              // orders from M+1 to K should be made M to K-1
+              if (original.order < updated.order) {
+                return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" - 1') }, {
+                  where: {
+                    productTemplateId: updated.productTemplateId,
+                    id: { $ne: updated.id },
+                    order: { $between: [original.order + 1, updated.order] },
+                  },
+                });
+              }
+
+              // Decrease the order from M to K: if there is an item with order K,
+              // orders from K to M-1 should be made K+1 to M
+              return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" + 1') }, {
+                where: {
+                  productTemplateId: updated.productTemplateId,
+                  id: { $ne: updated.id },
+                  order: { $between: [updated.order, original.order - 1] },
+                },
+              });
+            });
+        })
+        .then(() => {
+          res.json(util.wrapResponse(req.id, updated));
+          return Promise.resolve();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestoneTemplates/update.spec.js b/src/routes/milestoneTemplates/update.spec.js
new file mode 100644
index 00000000..297f6ea9
--- /dev/null
+++ b/src/routes/milestoneTemplates/update.spec.js
@@ -0,0 +1,428 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const productTemplates = [
+  {
+    name: 'name 1',
+    productKey: 'productKey 1',
+    icon: 'http://example.com/icon1.ico',
+    brief: 'brief 1',
+    details: 'details 1',
+    aliases: {
+      alias1: {
+        subAlias1A: 1,
+        subAlias1B: 2,
+      },
+      alias2: [1, 2, 3],
+    },
+    template: {
+      template1: {
+        name: 'template 1',
+        details: {
+          anyDetails: 'any details 1',
+        },
+        others: ['others 11', 'others 12'],
+      },
+      template2: {
+        name: 'template 2',
+        details: {
+          anyDetails: 'any details 2',
+        },
+        others: ['others 21', 'others 22'],
+      },
+    },
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    name: 'template 2',
+    productKey: 'productKey 2',
+    icon: 'http://example.com/icon2.ico',
+    brief: 'brief 2',
+    details: 'details 2',
+    aliases: {},
+    template: {},
+    createdBy: 3,
+    updatedBy: 4,
+    deletedAt: new Date(),
+  },
+];
+const milestoneTemplates = [
+  {
+    id: 1,
+    name: 'milestoneTemplate 1',
+    duration: 3,
+    type: 'type1',
+    order: 1,
+    productTemplateId: 1,
+    createdBy: 1,
+    updatedBy: 2,
+  },
+  {
+    id: 2,
+    name: 'milestoneTemplate 2',
+    duration: 4,
+    type: 'type2',
+    order: 2,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+  },
+  {
+    id: 3,
+    name: 'milestoneTemplate 3',
+    duration: 5,
+    type: 'type3',
+    order: 3,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+  },
+  {
+    id: 4,
+    name: 'milestoneTemplate 4',
+    duration: 5,
+    type: 'type4',
+    order: 4,
+    productTemplateId: 1,
+    createdBy: 2,
+    updatedBy: 3,
+    deletedAt: new Date(),
+  },
+];
+
+describe('UPDATE milestone template', () => {
+  beforeEach(() => testUtil.clearDb()
+    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
+    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
+  );
+  after(testUtil.clearDb);
+
+  describe('PATCH /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
+    const body = {
+      param: {
+        name: 'milestoneTemplate 1-updated',
+        description: 'description-updated',
+        duration: 6,
+        type: 'type1-updated',
+        order: 5,
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for copilot', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 422 for missing name', (done) => {
+      const invalidBody = {
+        param: {
+          name: undefined,
+        },
+      };
+
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 422 for missing type', (done) => {
+      const invalidBody = {
+        param: {
+          type: undefined,
+        },
+      };
+
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 422 for missing duration', (done) => {
+      const invalidBody = {
+        param: {
+          duration: undefined,
+        },
+      };
+
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 422 for missing order', (done) => {
+      const invalidBody = {
+        param: {
+          order: undefined,
+        },
+      };
+
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect(422, done);
+    });
+
+    it('should return 404 for non-existed product template', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/122/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed milestone template', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/111')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted milestone template', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/4')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(1);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.duration.should.be.eql(body.param.duration);
+          resJson.type.should.be.eql(body.param.type);
+          resJson.order.should.be.eql(body.param.order);
+
+          should.exist(resJson.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order increases and replaces another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 3 }) }) // 1 to 3
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 3
+          // Milestone 2: order 2 - 1 = 1
+          // Milestone 3: order 3 - 1 = 2
+          setTimeout(() => {
+            models.ProductMilestoneTemplate.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order increases and doesnot replace another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+      .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 4 }) }) // 1 to 4
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 4
+          // Milestone 2: order 2
+          // Milestone 3: order 3
+          setTimeout(() => {
+            models.ProductMilestoneTemplate.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(4);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order decreases and replaces another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+      .patch('/v4/productTemplates/1/milestones/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 1 }) }) // 3 to 1
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 2
+          // Milestone 2: order 3
+          // Milestone 3: order 1
+          setTimeout(() => {
+            models.ProductMilestoneTemplate.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order decreases and doesnot replace another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+      .patch('/v4/productTemplates/1/milestones/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 3 to 0
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 1
+          // Milestone 2: order 2
+          // Milestone 3: order 0
+          setTimeout(() => {
+            models.ProductMilestoneTemplate.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.ProductMilestoneTemplate.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(0);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .patch('/v4/productTemplates/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/milestones/create.js b/src/routes/milestones/create.js
new file mode 100644
index 00000000..f653d685
--- /dev/null
+++ b/src/routes/milestones/create.js
@@ -0,0 +1,110 @@
+/**
+ * API to add a milestone
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import Sequelize from 'sequelize';
+import util from '../../util';
+import models from '../../models';
+import { EVENT } from '../../constants';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      duration: Joi.number().integer().required(),
+      startDate: Joi.date().required(),
+      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      completionDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      status: Joi.string().max(45).required(),
+      type: Joi.string().max(45).required(),
+      details: Joi.object(),
+      order: Joi.number().integer().required(),
+      plannedText: Joi.string().max(512).required(),
+      activeText: Joi.string().max(512).required(),
+      completedText: Joi.string().max(512).required(),
+      blockedText: Joi.string().max(512).required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params
+  // for checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('milestone.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+      timelineId: req.params.timelineId,
+    });
+    let result;
+
+    // Validate startDate and endDate to be within the timeline startDate and endDate
+    let error;
+    if (req.body.param.startDate < req.timeline.startDate) {
+      error = 'Milestone startDate must not be before the timeline startDate';
+    } else if (req.body.param.endDate && req.timeline.endDate && req.body.param.endDate > req.timeline.endDate) {
+      error = 'Milestone endDate must not be after the timeline endDate';
+    }
+    if (error) {
+      const apiErr = new Error(error);
+      apiErr.status = 422;
+      return next(apiErr);
+    }
+
+    return models.sequelize.transaction(tx =>
+      // Save to DB
+      models.Milestone.create(entity, { transaction: tx })
+        .then((createdEntity) => {
+          // Omit deletedAt, deletedBy
+          result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
+
+          // Send event to bus
+          req.log.debug('Sending event to RabbitMQ bus for milestone %d', result.id);
+          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_ADDED,
+            result,
+            { correlationId: req.id },
+          );
+
+          // Increase the order of the other milestones in the same timeline,
+          // which have `order` >= this milestone order
+          return models.Milestone.update({ order: Sequelize.literal('"order" + 1') }, {
+            where: {
+              timelineId: result.timelineId,
+              id: { $ne: result.id },
+              order: { $gte: result.order },
+            },
+            transaction: tx,
+          });
+        })
+        .then(() => {
+          // Do not send events for the updated milestones here,
+          // because it will make 'version conflict' error in ES.
+          // The order of the other milestones need to be updated in the MILESTONE_ADDED event handler
+
+          // Write to the response
+          res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
+          return Promise.resolve();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestones/create.spec.js b/src/routes/milestones/create.spec.js
new file mode 100644
index 00000000..98e72001
--- /dev/null
+++ b/src/routes/milestones/create.spec.js
@@ -0,0 +1,606 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import models from '../../models';
+import { EVENT } from '../../constants';
+
+const should = chai.should();
+
+describe('CREATE milestone', () => {
+  let projectId1;
+  let projectId2;
+
+  beforeEach((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ], { returning: true })
+          .then((projects) => {
+            projectId1 = projects[0].id;
+            projectId2 = projects[1].id;
+
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: projectId1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: projectId1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+               models.ProjectPhase.bulkCreate([
+                 {
+                   projectId: projectId1,
+                   name: 'test project phase 1',
+                   status: 'active',
+                   startDate: '2018-05-15T00:00:00Z',
+                   endDate: '2018-05-15T12:00:00Z',
+                   budget: 20.0,
+                   progress: 1.23456,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 1,
+                   updatedBy: 1,
+                 },
+                 {
+                   projectId: projectId2,
+                   name: 'test project phase 2',
+                   status: 'active',
+                   startDate: '2018-05-16T00:00:00Z',
+                   endDate: '2018-05-16T12:00:00Z',
+                   budget: 21.0,
+                   progress: 1.234567,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 2,
+                   updatedBy: 2,
+                   deletedAt: '2018-05-15T00:00:00Z',
+                 },
+               ]))
+              .then(() =>
+                // Create timelines
+                 models.Timeline.bulkCreate([
+                   {
+                     name: 'name 1',
+                     description: 'description 1',
+                     startDate: '2018-05-02T00:00:00.000Z',
+                     endDate: '2018-06-12T00:00:00.000Z',
+                     reference: 'project',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 2',
+                     description: 'description 2',
+                     startDate: '2018-05-12T00:00:00.000Z',
+                     endDate: '2018-06-13T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 3',
+                     description: 'description 3',
+                     startDate: '2018-05-13T00:00:00.000Z',
+                     endDate: '2018-06-14T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                     deletedAt: '2018-05-14T00:00:00.000Z',
+                   },
+                 ]))
+              .then(() => {
+                // Create milestones
+                models.Milestone.bulkCreate([
+                  {
+                    timelineId: 1,
+                    name: 'milestone 1',
+                    duration: 2,
+                    startDate: '2018-05-03T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 2',
+                    duration: 3,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type2',
+                    order: 2,
+                    plannedText: 'plannedText 2',
+                    activeText: 'activeText 2',
+                    completedText: 'completedText 2',
+                    blockedText: 'blockedText 2',
+                    createdBy: 2,
+                    updatedBy: 3,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 3',
+                    duration: 4,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type3',
+                    order: 3,
+                    plannedText: 'plannedText 3',
+                    activeText: 'activeText 3',
+                    completedText: 'completedText 3',
+                    blockedText: 'blockedText 3',
+                    createdBy: 3,
+                    updatedBy: 4,
+                  },
+                ])
+                  .then(() => done());
+              });
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('POST /timelines/{timelineId}/milestones', () => {
+    const body = {
+      param: {
+        name: 'milestone 4',
+        description: 'description 4',
+        duration: 4,
+        startDate: '2018-05-05T00:00:00.000Z',
+        endDate: '2018-05-07T00:00:00.000Z',
+        completionDate: '2018-05-08T00:00:00.000Z',
+        status: 'open',
+        type: 'type4',
+        details: {
+          detail1: {
+            subDetail1C: 4,
+          },
+          detail2: [
+            3,
+            4,
+            5,
+          ],
+        },
+        order: 2,
+        plannedText: 'plannedText 4',
+        activeText: 'activeText 4',
+        completedText: 'completedText 4',
+        blockedText: 'blockedText 4',
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 422 if missing name', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          name: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing duration', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          duration: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing type', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          type: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing order', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          order: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing plannedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          plannedText: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing activeText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          activeText: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing completedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          completedText: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing blockedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          blockedText: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          endDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after completionDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          completionDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is before the timeline startDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-01T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if endDate is after the timeline endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          endDate: '2018-06-13T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if invalid timelineId param', (done) => {
+      request(server)
+        .post('/v4/timelines/0/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 404 if timeline does not exist', (done) => {
+      request(server)
+        .post('/v4/timelines/1000/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 404 if timeline was deleted', (done) => {
+      request(server)
+        .post('/v4/timelines/3/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(404, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.duration.should.be.eql(body.param.duration);
+          resJson.startDate.should.be.eql(body.param.startDate);
+          resJson.endDate.should.be.eql(body.param.endDate);
+          resJson.completionDate.should.be.eql(body.param.completionDate);
+          resJson.status.should.be.eql(body.param.status);
+          resJson.type.should.be.eql(body.param.type);
+          resJson.details.should.be.eql(body.param.details);
+          resJson.order.should.be.eql(body.param.order);
+          resJson.plannedText.should.be.eql(body.param.plannedText);
+          resJson.activeText.should.be.eql(body.param.activeText);
+          resJson.completedText.should.be.eql(body.param.completedText);
+          resJson.blockedText.should.be.eql(body.param.blockedText);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          // eslint-disable-next-line no-unused-expressions
+          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_ADDED).should.be.true;
+
+          // Verify 'order' of the other milestones
+          models.Milestone.findAll({ where: { timelineId: 1 } })
+            .then((milestones) => {
+              _.each(milestones, (milestone) => {
+                if (milestone.id === 1) {
+                  milestone.order.should.be.eql(1);
+                } else if (milestone.id === 2) {
+                  milestone.order.should.be.eql(2 + 1);
+                } else if (milestone.id === 3) {
+                  milestone.order.should.be.eql(3 + 1);
+                }
+              });
+
+              done();
+            });
+        });
+    });
+
+    it('should return 201 for connect manager', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051334); // manager
+          resJson.updatedBy.should.be.eql(40051334); // manager
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+
+    it('should return 201 for copilot', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051332); // copilot
+          resJson.updatedBy.should.be.eql(40051332); // copilot
+          done();
+        });
+    });
+
+    it('should return 201 for member', (done) => {
+      request(server)
+        .post('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051331); // member
+          resJson.updatedBy.should.be.eql(40051331); // member
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/milestones/delete.js b/src/routes/milestones/delete.js
new file mode 100644
index 00000000..f7074cc0
--- /dev/null
+++ b/src/routes/milestones/delete.js
@@ -0,0 +1,65 @@
+/**
+ * API to delete a timeline
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+import { EVENT } from '../../constants';
+import util from '../../util';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+    milestoneId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params for
+  // checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('milestone.delete'),
+  (req, res, next) => {
+    const where = {
+      timelineId: req.params.timelineId,
+      id: req.params.milestoneId,
+    };
+
+    return models.sequelize.transaction(tx =>
+      // Find the milestone
+      models.Milestone.findOne({
+        where,
+        transaction: tx,
+      })
+        .then((milestone) => {
+          // Not found
+          if (!milestone) {
+            const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          // Update the deletedBy, and soft delete
+          return milestone.update({ deletedBy: req.authUser.userId }, { transaction: tx })
+            .then(() => milestone.destroy({ transaction: tx }));
+        })
+        .then((deleted) => {
+          // Send event to bus
+          req.log.debug('Sending event to RabbitMQ bus for milestone %d', deleted.id);
+          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_REMOVED,
+            deleted,
+            { correlationId: req.id },
+          );
+
+          // Write to response
+          res.status(204).end();
+          return Promise.resolve();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestones/delete.spec.js b/src/routes/milestones/delete.spec.js
new file mode 100644
index 00000000..21502333
--- /dev/null
+++ b/src/routes/milestones/delete.spec.js
@@ -0,0 +1,325 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import { EVENT } from '../../constants';
+
+
+describe('DELETE milestone', () => {
+  beforeEach((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+               models.ProjectPhase.bulkCreate([
+                 {
+                   projectId: 1,
+                   name: 'test project phase 1',
+                   status: 'active',
+                   startDate: '2018-05-15T00:00:00Z',
+                   endDate: '2018-05-15T12:00:00Z',
+                   budget: 20.0,
+                   progress: 1.23456,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 1,
+                   updatedBy: 1,
+                 },
+                 {
+                   projectId: 2,
+                   name: 'test project phase 2',
+                   status: 'active',
+                   startDate: '2018-05-16T00:00:00Z',
+                   endDate: '2018-05-16T12:00:00Z',
+                   budget: 21.0,
+                   progress: 1.234567,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 2,
+                   updatedBy: 2,
+                   deletedAt: '2018-05-15T00:00:00Z',
+                 },
+               ]))
+              .then(() =>
+                // Create timelines
+                 models.Timeline.bulkCreate([
+                   {
+                     name: 'name 1',
+                     description: 'description 1',
+                     startDate: '2018-05-11T00:00:00.000Z',
+                     endDate: '2018-05-12T00:00:00.000Z',
+                     reference: 'project',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 2',
+                     description: 'description 2',
+                     startDate: '2018-05-12T00:00:00.000Z',
+                     endDate: '2018-05-13T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 3',
+                     description: 'description 3',
+                     startDate: '2018-05-13T00:00:00.000Z',
+                     endDate: '2018-05-14T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                     deletedAt: '2018-05-14T00:00:00.000Z',
+                   },
+                 ]))
+              .then(() => {
+                // Create milestones
+                models.Milestone.bulkCreate([
+                  {
+                    timelineId: 1,
+                    name: 'milestone 1',
+                    duration: 2,
+                    startDate: '2018-05-03T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 2',
+                    duration: 3,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type2',
+                    order: 2,
+                    plannedText: 'plannedText 2',
+                    activeText: 'activeText 2',
+                    completedText: 'completedText 2',
+                    blockedText: 'blockedText 2',
+                    createdBy: 2,
+                    updatedBy: 3,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 3',
+                    duration: 4,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type3',
+                    order: 3,
+                    plannedText: 'plannedText 3',
+                    activeText: 'activeText 3',
+                    completedText: 'completedText 3',
+                    blockedText: 'blockedText 3',
+                    createdBy: 3,
+                    updatedBy: 4,
+                    deletedBy: 1,
+                    deletedAt: '2018-05-04T00:00:00.000Z',
+                  },
+                ])
+                  .then(() => done());
+              });
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('DELETE /timelines/{timelineId}/milestones/{milestoneId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
+      request(server)
+        .delete('/v4/timelines/2/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .delete('/v4/timelines/1234/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .delete('/v4/timelines/3/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed milestone', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/100')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted milestone', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid timelineId param', (done) => {
+      request(server)
+        .delete('/v4/timelines/0/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid milestoneId param', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 204, for admin, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(204)
+        .end(() => {
+          // eslint-disable-next-line no-unused-expressions
+          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_REMOVED).should.be.true;
+          done();
+        });
+    });
+
+    it('should return 204, for connect admin, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect manager, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for copilot, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for member, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/milestones/get.js b/src/routes/milestones/get.js
new file mode 100644
index 00000000..c35a3e86
--- /dev/null
+++ b/src/routes/milestones/get.js
@@ -0,0 +1,48 @@
+/**
+ * API to get a milestone
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+    milestoneId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params for
+  // checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('milestone.view'),
+  (req, res, next) => {
+    const where = {
+      timelineId: req.params.timelineId,
+      id: req.params.milestoneId,
+    };
+
+    // Find the milestone
+    models.Milestone.findOne({ where })
+      .then((milestone) => {
+        // Not found
+        if (!milestone) {
+          const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
+          apiErr.status = 404;
+          return Promise.reject(apiErr);
+        }
+
+        // Write to response
+        res.json(util.wrapResponse(req.id, _.omit(milestone.toJSON(), ['deletedBy', 'deletedAt'])));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/milestones/get.spec.js b/src/routes/milestones/get.spec.js
new file mode 100644
index 00000000..919b756d
--- /dev/null
+++ b/src/routes/milestones/get.spec.js
@@ -0,0 +1,342 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+describe('GET milestone', () => {
+  before((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ])
+              .then(() =>
+                // Create phase
+                 models.ProjectPhase.bulkCreate([
+                   {
+                     projectId: 1,
+                     name: 'test project phase 1',
+                     status: 'active',
+                     startDate: '2018-05-15T00:00:00Z',
+                     endDate: '2018-05-15T12:00:00Z',
+                     budget: 20.0,
+                     progress: 1.23456,
+                     details: {
+                       message: 'This can be any json 2',
+                     },
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     projectId: 2,
+                     name: 'test project phase 2',
+                     status: 'active',
+                     startDate: '2018-05-16T00:00:00Z',
+                     endDate: '2018-05-16T12:00:00Z',
+                     budget: 21.0,
+                     progress: 1.234567,
+                     details: {
+                       message: 'This can be any json 2',
+                     },
+                     createdBy: 2,
+                     updatedBy: 2,
+                     deletedAt: '2018-05-15T00:00:00Z',
+                   },
+                 ]))
+              .then(() =>
+                // Create timelines
+                 models.Timeline.bulkCreate([
+                   {
+                     name: 'name 1',
+                     description: 'description 1',
+                     startDate: '2018-05-11T00:00:00.000Z',
+                     endDate: '2018-05-12T00:00:00.000Z',
+                     reference: 'project',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 2',
+                     description: 'description 2',
+                     startDate: '2018-05-12T00:00:00.000Z',
+                     endDate: '2018-05-13T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                   },
+                   {
+                     name: 'name 3',
+                     description: 'description 3',
+                     startDate: '2018-05-13T00:00:00.000Z',
+                     endDate: '2018-05-14T00:00:00.000Z',
+                     reference: 'phase',
+                     referenceId: 1,
+                     createdBy: 1,
+                     updatedBy: 1,
+                     deletedAt: '2018-05-14T00:00:00.000Z',
+                   },
+                 ]))
+              .then(() => {
+                // Create milestones
+                models.Milestone.bulkCreate([
+                  {
+                    timelineId: 1,
+                    name: 'milestone 1',
+                    duration: 2,
+                    startDate: '2018-05-03T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 2',
+                    duration: 3,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type2',
+                    order: 2,
+                    plannedText: 'plannedText 2',
+                    activeText: 'activeText 2',
+                    completedText: 'completedText 2',
+                    blockedText: 'blockedText 2',
+                    createdBy: 2,
+                    updatedBy: 3,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 3',
+                    duration: 4,
+                    startDate: '2018-05-04T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type3',
+                    order: 3,
+                    plannedText: 'plannedText 3',
+                    activeText: 'activeText 3',
+                    completedText: 'completedText 3',
+                    blockedText: 'blockedText 3',
+                    createdBy: 3,
+                    updatedBy: 4,
+                    deletedBy: 1,
+                    deletedAt: '2018-05-04T00:00:00.000Z',
+                  },
+                ])
+                  .then(() => done());
+              });
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('GET /timelines/{timelineId}/milestones/{milestoneId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .get('/v4/timelines/1234/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .get('/v4/timelines/3/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed milestone', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted milestone', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid timelineId param', (done) => {
+      request(server)
+        .get('/v4/timelines/0/milestones/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid milestoneId param', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(1);
+          resJson.timelineId.should.be.eql(1);
+          resJson.name.should.be.eql('milestone 1');
+          resJson.duration.should.be.eql(2);
+          resJson.startDate.should.be.eql('2018-05-03T00:00:00.000Z');
+          resJson.status.should.be.eql('open');
+          resJson.type.should.be.eql('type1');
+          resJson.details.should.be.eql({
+            detail1: {
+              subDetail1A: 1,
+              subDetail1B: 2,
+            },
+            detail2: [1, 2, 3],
+          });
+          resJson.order.should.be.eql(1);
+          resJson.plannedText.should.be.eql('plannedText 1');
+          resJson.activeText.should.be.eql('activeText 1');
+          resJson.completedText.should.be.eql('completedText 1');
+          resJson.blockedText.should.be.eql('blockedText 1');
+
+          resJson.createdBy.should.be.eql(1);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(2);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/milestones/list.js b/src/routes/milestones/list.js
new file mode 100644
index 00000000..6ae2d5c2
--- /dev/null
+++ b/src/routes/milestones/list.js
@@ -0,0 +1,68 @@
+/**
+ * API to list all milestones
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import config from 'config';
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+
+const permissions = tcMiddleware.permissions;
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params for
+  // checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('milestone.view'),
+  (req, res, next) => {
+    // Parse the sort query
+    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'order';
+    if (sort && sort.indexOf(' ') === -1) {
+      sort += ' asc';
+    }
+    const sortableProps = [
+      'order asc', 'order desc',
+    ];
+    if (sort && _.indexOf(sortableProps, sort) < 0) {
+      const apiErr = new Error('Invalid sort criteria');
+      apiErr.status = 422;
+      return next(apiErr);
+    }
+    const sortColumnAndOrder = sort.split(' ');
+
+    // Get timeline from ES
+    return util.getElasticSearchClient().get({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      id: req.params.timelineId,
+    })
+      .then((doc) => {
+        if (!doc) {
+          const err = new Error(`Timeline not found for timeline id ${req.params.timelineId}`);
+          err.status = 404;
+          throw err;
+        }
+
+        // Get the milestones
+        let milestones = _.isArray(doc._source.milestones) ? doc._source.milestones : []; // eslint-disable-line no-underscore-dangle
+
+        // Sort
+        milestones = _.orderBy(milestones, [sortColumnAndOrder[0]], [sortColumnAndOrder[1]]);
+
+        // Write to response
+        res.json(util.wrapResponse(req.id, milestones, milestones.length));
+      })
+      .catch(err => next(err));
+  },
+];
diff --git a/src/routes/milestones/list.spec.js b/src/routes/milestones/list.spec.js
new file mode 100644
index 00000000..0240ee43
--- /dev/null
+++ b/src/routes/milestones/list.spec.js
@@ -0,0 +1,324 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import sleep from 'sleep';
+import config from 'config';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+
+// eslint-disable-next-line no-unused-vars
+const should = chai.should();
+
+const timelines = [
+  {
+    id: 1,
+    name: 'name 1',
+    description: 'description 1',
+    startDate: '2018-05-11T00:00:00.000Z',
+    endDate: '2018-05-12T00:00:00.000Z',
+    reference: 'project',
+    referenceId: 1,
+    createdBy: 1,
+    updatedBy: 1,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+];
+const milestones = [
+  {
+    id: 1,
+    timelineId: 1,
+    name: 'milestone 1',
+    duration: 2,
+    startDate: '2018-05-03T00:00:00.000Z',
+    endDate: '2018-05-04T00:00:00.000Z',
+    completionDate: '2018-05-05T00:00:00.000Z',
+    status: 'open',
+    type: 'type1',
+    details: {
+      detail1: {
+        subDetail1A: 1,
+        subDetail1B: 2,
+      },
+      detail2: [1, 2, 3],
+    },
+    order: 1,
+    plannedText: 'plannedText 1',
+    activeText: 'activeText 1',
+    completedText: 'completedText 1',
+    blockedText: 'blockedText 1',
+    createdBy: 1,
+    updatedBy: 2,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+  {
+    id: 2,
+    timelineId: 1,
+    name: 'milestone 2',
+    duration: 3,
+    startDate: '2018-05-04T00:00:00.000Z',
+    status: 'open',
+    type: 'type2',
+    order: 2,
+    plannedText: 'plannedText 2',
+    activeText: 'activeText 2',
+    completedText: 'completedText 2',
+    blockedText: 'blockedText 2',
+    createdBy: 2,
+    updatedBy: 3,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+];
+
+describe('LIST timelines', () => {
+  before(function beforeHook(done) {
+    this.timeout(10000);
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: 1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: 2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                },
+              ]))
+              .then(() =>
+                // Create timelines and milestones
+                models.Timeline.bulkCreate(timelines)
+                  .then(() => models.Milestone.bulkCreate(milestones)))
+              .then(() => {
+                // Index to ES
+                timelines[0].milestones = milestones;
+                timelines[0].projectId = 1;
+                return server.services.es.index({
+                  index: ES_TIMELINE_INDEX,
+                  type: ES_TIMELINE_TYPE,
+                  id: timelines[0].id,
+                  body: timelines[0],
+                })
+                  .then(() => {
+                    // sleep for some time, let elasticsearch indices be settled
+                    sleep.sleep(5);
+                    done();
+                  });
+              });
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('GET /timelines/{timelineId}/milestones', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member with no accessible project', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for not-existed timeline', (done) => {
+      request(server)
+        .get('/v4/timelines/11/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid sort column', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones?sort=id%20asc')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid sort order', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones?sort=order%20invalid')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          resJson[0].should.be.eql(milestones[0]);
+          resJson[1].should.be.eql(milestones[1]);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 with sort by order desc', (done) => {
+      request(server)
+        .get('/v4/timelines/1/milestones?sort=order%20desc')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          resJson[0].should.be.eql(milestones[1]);
+          resJson[1].should.be.eql(milestones[0]);
+
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/milestones/update.js b/src/routes/milestones/update.js
new file mode 100644
index 00000000..5641d290
--- /dev/null
+++ b/src/routes/milestones/update.js
@@ -0,0 +1,161 @@
+/**
+ * API to update a milestone
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import Sequelize from 'sequelize';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import { EVENT } from '../../constants';
+import models from '../../models';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+    milestoneId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      duration: Joi.number().integer().required(),
+      startDate: Joi.date().required(),
+      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      completionDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      status: Joi.string().max(45).required(),
+      type: Joi.string().max(45).required(),
+      details: Joi.object(),
+      order: Joi.number().integer().required(),
+      plannedText: Joi.string().max(512).required(),
+      activeText: Joi.string().max(512).required(),
+      completedText: Joi.string().max(512).required(),
+      blockedText: Joi.string().max(512).required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param,
+  // and set to request params for checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('milestone.edit'),
+  (req, res, next) => {
+    const where = {
+      timelineId: req.params.timelineId,
+      id: req.params.milestoneId,
+    };
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+      timelineId: req.params.timelineId,
+    });
+
+    // Validate startDate and endDate to be within the timeline startDate and endDate
+    let error;
+    if (req.body.param.startDate < req.timeline.startDate) {
+      error = 'Milestone startDate must not be before the timeline startDate';
+    } else if (req.body.param.endDate && req.timeline.endDate && req.body.param.endDate > req.timeline.endDate) {
+      error = 'Milestone endDate must not be after the timeline endDate';
+    }
+    if (error) {
+      const apiErr = new Error(error);
+      apiErr.status = 422;
+      return next(apiErr);
+    }
+
+    let original;
+    let updated;
+
+    return models.sequelize.transaction(() =>
+      // Find the milestone
+      models.Milestone.findOne({ where })
+        .then((milestone) => {
+          // Not found
+          if (!milestone) {
+            const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
+            apiErr.status = 404;
+            return Promise.reject(apiErr);
+          }
+
+          original = _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']);
+
+          // Merge JSON fields
+          entityToUpdate.details = util.mergeJsonObjects(milestone.details, entityToUpdate.details);
+
+          // Update
+          return milestone.update(entityToUpdate);
+        })
+        .then((updatedMilestone) => {
+          // Omit deletedAt, deletedBy
+          updated = _.omit(updatedMilestone.toJSON(), 'deletedAt', 'deletedBy');
+
+          // Update order of the other milestones only if the order was changed
+          if (original.order === updated.order) {
+            return Promise.resolve();
+          }
+
+          return models.Milestone.count({
+            where: {
+              timelineId: updated.timelineId,
+              id: { $ne: updated.id },
+              order: updated.order,
+            },
+          })
+            .then((count) => {
+              if (count === 0) {
+                return Promise.resolve();
+              }
+
+              // Increase the order from M to K: if there is an item with order K,
+              // orders from M+1 to K should be made M to K-1
+              if (original.order < updated.order) {
+                return models.Milestone.update({ order: Sequelize.literal('"order" - 1') }, {
+                  where: {
+                    timelineId: updated.timelineId,
+                    id: { $ne: updated.id },
+                    order: { $between: [original.order + 1, updated.order] },
+                  },
+                });
+              }
+
+              // Decrease the order from M to K: if there is an item with order K,
+              // orders from K to M-1 should be made K+1 to M
+              return models.Milestone.update({ order: Sequelize.literal('"order" + 1') }, {
+                where: {
+                  timelineId: updated.timelineId,
+                  id: { $ne: updated.id },
+                  order: { $between: [updated.order, original.order - 1] },
+                },
+              });
+            });
+        })
+        .then(() => {
+          // Send event to bus
+          req.log.debug('Sending event to RabbitMQ bus for milestone %d', updated.id);
+          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_UPDATED,
+            { original, updated },
+            { correlationId: req.id },
+          );
+
+          // Do not send events for the the other milestones (updated order) here,
+          // because it will make 'version conflict' error in ES.
+          // The order of the other milestones need to be updated in the MILESTONE_UPDATED event above
+
+          // Write to response
+          res.json(util.wrapResponse(req.id, updated));
+          return Promise.resolve();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/milestones/update.spec.js b/src/routes/milestones/update.spec.js
new file mode 100644
index 00000000..f120dc25
--- /dev/null
+++ b/src/routes/milestones/update.spec.js
@@ -0,0 +1,791 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import { EVENT } from '../../constants';
+
+const should = chai.should();
+
+describe('UPDATE Milestone', () => {
+  beforeEach((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: 1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: 2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                  deletedAt: '2018-05-15T00:00:00Z',
+                },
+              ]))
+              .then(() =>
+                // Create timelines
+                models.Timeline.bulkCreate([
+                  {
+                    name: 'name 1',
+                    description: 'description 1',
+                    startDate: '2018-05-02T00:00:00.000Z',
+                    endDate: '2018-06-12T00:00:00.000Z',
+                    reference: 'project',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 2',
+                    description: 'description 2',
+                    startDate: '2018-05-12T00:00:00.000Z',
+                    endDate: '2018-06-13T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 3',
+                    description: 'description 3',
+                    startDate: '2018-05-13T00:00:00.000Z',
+                    endDate: '2018-06-14T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                    deletedAt: '2018-05-14T00:00:00.000Z',
+                  },
+                ]).then(() => models.Milestone.bulkCreate([
+                  {
+                    id: 1,
+                    timelineId: 1,
+                    name: 'Milestone 1',
+                    duration: 2,
+                    startDate: '2018-05-13T00:00:00.000Z',
+                    endDate: '2018-05-14T00:00:00.000Z',
+                    completionDate: '2018-05-15T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                  },
+                  {
+                    id: 2,
+                    timelineId: 1,
+                    name: 'Milestone 2',
+                    duration: 3,
+                    startDate: '2018-05-14T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type2',
+                    order: 2,
+                    plannedText: 'plannedText 2',
+                    activeText: 'activeText 2',
+                    completedText: 'completedText 2',
+                    blockedText: 'blockedText 2',
+                    createdBy: 2,
+                    updatedBy: 3,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                  },
+                  {
+                    id: 3,
+                    timelineId: 1,
+                    name: 'Milestone 3',
+                    duration: 3,
+                    startDate: '2018-05-14T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type3',
+                    order: 3,
+                    plannedText: 'plannedText 3',
+                    activeText: 'activeText 3',
+                    completedText: 'completedText 3',
+                    blockedText: 'blockedText 3',
+                    createdBy: 2,
+                    updatedBy: 3,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                  },
+                  {
+                    id: 4,
+                    timelineId: 1,
+                    name: 'Milestone 4',
+                    duration: 3,
+                    startDate: '2018-05-14T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type4',
+                    order: 4,
+                    plannedText: 'plannedText 4',
+                    activeText: 'activeText 4',
+                    completedText: 'completedText 4',
+                    blockedText: 'blockedText 4',
+                    createdBy: 2,
+                    updatedBy: 3,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                  },
+                  {
+                    id: 5,
+                    timelineId: 1,
+                    name: 'Milestone 5',
+                    duration: 3,
+                    startDate: '2018-05-14T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type5',
+                    order: 5,
+                    plannedText: 'plannedText 5',
+                    activeText: 'activeText 5',
+                    completedText: 'completedText 5',
+                    blockedText: 'blockedText 5',
+                    createdBy: 2,
+                    updatedBy: 3,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                    deletedAt: '2018-05-11T00:00:00.000Z',
+                  },
+                ])))
+              .then(() => done());
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('PATCH /timelines/{timelineId}/milestones/{milestoneId}', () => {
+    const body = {
+      param: {
+        name: 'Milestone 1-updated',
+        duration: 3,
+        startDate: '2018-05-14T00:00:00.000Z',
+        endDate: '2018-05-15T00:00:00.000Z',
+        completionDate: '2018-05-16T00:00:00.000Z',
+        description: 'description-updated',
+        status: 'closed',
+        type: 'type1-updated',
+        details: {
+          detail1: {
+            subDetail1A: 0,
+            subDetail1C: 3,
+          },
+          detail2: [4],
+          detail3: 3,
+        },
+        order: 1,
+        plannedText: 'plannedText 1-updated',
+        activeText: 'activeText 1-updated',
+        completedText: 'completedText 1-updated',
+        blockedText: 'blockedText 1-updated',
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .patch('/v4/timelines/1234/milestones/1')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .patch('/v4/timelines/3/milestones/1')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for non-existed Milestone', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/111')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted Milestone', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/5')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid timelineId param', (done) => {
+      request(server)
+        .patch('/v4/timelines/0/milestones/1')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 422 for invalid milestoneId param', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/0')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+
+    it('should return 422 if missing name', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          name: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing duration', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          duration: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing type', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          type: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing order', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          order: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing plannedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          plannedText: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing activeText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          activeText: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing completedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          completedText: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing blockedText', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          blockedText: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          endDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after completionDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          completionDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is before timeline startDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-01T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if endDate is after timeline endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          endDate: '2018-07-01T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.duration.should.be.eql(body.param.duration);
+          resJson.startDate.should.be.eql(body.param.startDate);
+          resJson.endDate.should.be.eql(body.param.endDate);
+          resJson.completionDate.should.be.eql(body.param.completionDate);
+          resJson.status.should.be.eql(body.param.status);
+          resJson.type.should.be.eql(body.param.type);
+          resJson.details.should.be.eql({
+            detail1: { subDetail1A: 0, subDetail1B: 2, subDetail1C: 3 },
+            detail2: [4],
+            detail3: 3,
+          });
+          resJson.order.should.be.eql(body.param.order);
+          resJson.plannedText.should.be.eql(body.param.plannedText);
+          resJson.activeText.should.be.eql(body.param.activeText);
+          resJson.completedText.should.be.eql(body.param.completedText);
+          resJson.blockedText.should.be.eql(body.param.blockedText);
+
+          should.exist(resJson.createdBy);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          // eslint-disable-next-line no-unused-expressions
+          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_UPDATED).should.be.true;
+
+          done();
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order increases and replaces another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 4 }) }) // 1 to 4
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 4
+          // Milestone 2: order 2 - 1 = 1
+          // Milestone 3: order 3 - 1 = 2
+          // Milestone 4: order 4 - 1 = 3
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(4);
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+              })
+              .then(() => models.Milestone.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.Milestone.findById(4))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order increases and doesnot replace another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 5 }) }) // 1 to 5
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 5
+          // Milestone 2: order 2
+          // Milestone 3: order 3
+          // Milestone 4: order 4
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(5);
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.Milestone.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+              })
+              .then(() => models.Milestone.findById(4))
+              .then((milestone) => {
+                milestone.order.should.be.eql(4);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order decreases and replaces another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/4')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 1
+          // Milestone 2: order 3
+          // Milestone 3: order 4
+          // Milestone 4: order 2
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+              })
+              .then(() => models.Milestone.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(4);
+              })
+              .then(() => models.Milestone.findById(4))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - order decreases and doesnot replace another milestone\'s order', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1/milestones/4')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 4 to 0
+        .expect(200)
+        .end(() => {
+          // Milestone 1: order 1
+          // Milestone 2: order 3
+          // Milestone 3: order 4
+          // Milestone 4: order 0
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.order.should.be.eql(1);
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.order.should.be.eql(2);
+              })
+              .then(() => models.Milestone.findById(3))
+              .then((milestone) => {
+                milestone.order.should.be.eql(3);
+              })
+              .then(() => models.Milestone.findById(4))
+              .then((milestone) => {
+                milestone.order.should.be.eql(0);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .patch('/v4/timelines/1/milestones/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/timelines/create.js b/src/routes/timelines/create.js
new file mode 100644
index 00000000..ada7beae
--- /dev/null
+++ b/src/routes/timelines/create.js
@@ -0,0 +1,65 @@
+/**
+ * API to add a timeline
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import models from '../../models';
+import { EVENT, TIMELINE_REFERENCES } from '../../constants';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      startDate: Joi.date().required(),
+      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      reference: Joi.string().valid(_.values(TIMELINE_REFERENCES)).required(),
+      referenceId: Joi.number().integer().positive().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timeline request body, and set to request params
+  // for checking by the permissions middleware
+  util.validateTimelineRequestBody,
+  permissions('timeline.create'),
+  (req, res, next) => {
+    const entity = _.assign(req.body.param, {
+      createdBy: req.authUser.userId,
+      updatedBy: req.authUser.userId,
+    });
+
+    // Save to DB
+    return models.Timeline.create(entity)
+      .then((createdEntity) => {
+        // Omit deletedAt, deletedBy
+        const result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
+
+        // Send event to bus
+        req.log.debug('Sending event to RabbitMQ bus for timeline %d', result.id);
+        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_ADDED,
+          _.assign({ projectId: req.params.projectId }, result),
+          { correlationId: req.id },
+        );
+
+        // Write to the response
+        res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/timelines/create.spec.js b/src/routes/timelines/create.spec.js
new file mode 100644
index 00000000..10e3adbe
--- /dev/null
+++ b/src/routes/timelines/create.spec.js
@@ -0,0 +1,468 @@
+/**
+ * Tests for create.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import models from '../../models';
+import { EVENT } from '../../constants';
+
+const should = chai.should();
+
+describe('CREATE timeline', () => {
+  let projectId1;
+  let projectId2;
+
+  before((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ], { returning: true })
+          .then((projects) => {
+            projectId1 = projects[0].id;
+            projectId2 = projects[1].id;
+
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: projectId1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: projectId1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: projectId1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: projectId2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                  deletedAt: '2018-05-15T00:00:00Z',
+                },
+              ]))
+              .then(() => {
+                done();
+              });
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('POST /timelines', () => {
+    const body = {
+      param: {
+        name: 'new name',
+        description: 'new description',
+        startDate: '2018-05-29T00:00:00.000Z',
+        endDate: '2018-05-30T00:00:00.000Z',
+        reference: 'project',
+        referenceId: 1,
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
+      const bodyWithPhase = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 1,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send(bodyWithPhase)
+        .expect(403, done);
+    });
+
+    it('should return 422 if missing name', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          name: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing startDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          endDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing reference', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing referenceId', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: undefined,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if invalid reference', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'invalid',
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if invalid referenceId', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 0,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if project does not exist', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 1110,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if project was deleted', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 2,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if phase does not exist', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 2222,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if phase was deleted', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 2,
+        }),
+      };
+
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 201 for admin', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.startDate.should.be.eql(body.param.startDate);
+          resJson.endDate.should.be.eql(body.param.endDate);
+          resJson.reference.should.be.eql(body.param.reference);
+          resJson.referenceId.should.be.eql(body.param.referenceId);
+
+          resJson.createdBy.should.be.eql(40051333); // admin
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          // eslint-disable-next-line no-unused-expressions
+          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_ADDED).should.be.true;
+
+          done();
+        });
+    });
+
+    it('should return 201 for connect manager', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051334); // manager
+          resJson.updatedBy.should.be.eql(40051334); // manager
+          done();
+        });
+    });
+
+    it('should return 201 for connect admin', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051336); // connect admin
+          resJson.updatedBy.should.be.eql(40051336); // connect admin
+          done();
+        });
+    });
+
+    it('should return 201 for copilot', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051332); // copilot
+          resJson.updatedBy.should.be.eql(40051332); // copilot
+          done();
+        });
+    });
+
+    it('should return 201 for member', (done) => {
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051331); // member
+          resJson.updatedBy.should.be.eql(40051331); // member
+          done();
+        });
+    });
+
+    it('should return 201 for member (timeline refers to a phase)', (done) => {
+      const bodyWithPhase = _.merge({}, body, {
+        param: {
+          reference: 'phase',
+          referenceId: 1,
+        },
+      });
+      request(server)
+        .post('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(bodyWithPhase)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.createdBy.should.be.eql(40051331); // member
+          resJson.updatedBy.should.be.eql(40051331); // member
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/timelines/delete.js b/src/routes/timelines/delete.js
new file mode 100644
index 00000000..e3d94bb7
--- /dev/null
+++ b/src/routes/timelines/delete.js
@@ -0,0 +1,52 @@
+/**
+ * API to delete a timeline
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import models from '../../models';
+import { EVENT } from '../../constants';
+import util from '../../util';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params for
+  // checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('timeline.delete'),
+  (req, res, next) => {
+    const timeline = req.timeline;
+    const deleted = _.omit(timeline.toJSON(), ['deletedAt', 'deletedBy']);
+
+    return models.sequelize.transaction(() =>
+      // Update the deletedBy, then delete
+      timeline.update({ deletedBy: req.authUser.userId })
+        .then(() => timeline.destroy())
+        // Cascade delete the milestones
+        .then(() => models.Milestone.update({ deletedBy: req.authUser.userId }, { where: { timelineId: timeline.id } }))
+        .then(() => models.Milestone.destroy({ where: { timelineId: timeline.id } }))
+        .then(() => {
+          // Send event to bus
+          req.log.debug('Sending event to RabbitMQ bus for timeline %d', deleted.id);
+          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_REMOVED,
+            deleted,
+            { correlationId: req.id },
+          );
+
+          // Write to response
+          res.status(204).end();
+          return Promise.resolve();
+        })
+        .catch(next),
+    );
+  },
+];
diff --git a/src/routes/timelines/delete.spec.js b/src/routes/timelines/delete.spec.js
new file mode 100644
index 00000000..76a0fb55
--- /dev/null
+++ b/src/routes/timelines/delete.spec.js
@@ -0,0 +1,306 @@
+/**
+ * Tests for delete.js
+ */
+import request from 'supertest';
+import chai from 'chai';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import { EVENT } from '../../constants';
+
+const should = chai.should(); // eslint-disable-line no-unused-vars
+
+describe('DELETE timeline', () => {
+  beforeEach((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: 1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: 2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                  deletedAt: '2018-05-15T00:00:00Z',
+                },
+              ]))
+              .then(() =>
+                // Create timelines
+                models.Timeline.bulkCreate([
+                  {
+                    name: 'name 1',
+                    description: 'description 1',
+                    startDate: '2018-05-11T00:00:00.000Z',
+                    endDate: '2018-05-12T00:00:00.000Z',
+                    reference: 'project',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 2',
+                    description: 'description 2',
+                    startDate: '2018-05-12T00:00:00.000Z',
+                    endDate: '2018-05-13T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 3',
+                    description: 'description 3',
+                    startDate: '2018-05-13T00:00:00.000Z',
+                    endDate: '2018-05-14T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                    deletedAt: '2018-05-14T00:00:00.000Z',
+                  },
+                ]))
+              .then(() =>
+                // Create milestones
+                models.Milestone.bulkCreate([
+                  {
+                    timelineId: 1,
+                    name: 'milestone 1',
+                    duration: 2,
+                    startDate: '2018-05-03T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                  },
+                  {
+                    timelineId: 1,
+                    name: 'milestone 2',
+                    duration: 2,
+                    startDate: '2018-05-03T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type1',
+                    details: {
+                      detail1: {
+                        subDetail1A: 1,
+                        subDetail1B: 2,
+                      },
+                      detail2: [1, 2, 3],
+                    },
+                    order: 1,
+                    plannedText: 'plannedText 1',
+                    activeText: 'activeText 1',
+                    completedText: 'completedText 1',
+                    blockedText: 'blockedText 1',
+                    createdBy: 1,
+                    updatedBy: 2,
+                  },
+                ]))
+              .then(() => done());
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('DELETE /timelines/{timelineId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
+      request(server)
+        .delete('/v4/timelines/2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .delete('/v4/timelines/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .delete('/v4/timelines/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid param', (done) => {
+      request(server)
+        .delete('/v4/timelines/0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 204, for admin, if timeline was successfully removed', function (done) {
+      this.timeout(10000);
+
+      models.Milestone.findAll({ where: { timelineId: 1 } })
+        .then((results) => {
+          results.should.have.length(2);
+
+          request(server)
+            .delete('/v4/timelines/1')
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .expect(204)
+            .end(() => {
+              // eslint-disable-next-line no-unused-expressions
+              server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_REMOVED).should.be.true;
+
+              // Milestones are cascade deleted
+              setTimeout(() => {
+                models.Milestone.findAll({ where: { timelineId: 1 } })
+                  .then((afterResults) => {
+                    afterResults.should.have.length(0);
+
+                    done();
+                  });
+              }, 3000);
+            });
+        });
+    });
+
+    it('should return 204, for connect admin, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for connect manager, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for copilot, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+
+    it('should return 204, for member, if timeline was successfully removed', (done) => {
+      request(server)
+        .delete('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(204)
+        .end(done);
+    });
+  });
+});
diff --git a/src/routes/timelines/get.js b/src/routes/timelines/get.js
new file mode 100644
index 00000000..2e9a03b1
--- /dev/null
+++ b/src/routes/timelines/get.js
@@ -0,0 +1,36 @@
+/**
+ * API to get a timeline
+ */
+import validate from 'express-validation';
+import Joi from 'joi';
+import _ from 'lodash';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param, and set to request params for
+  // checking by the permissions middleware
+  util.validateTimelineIdParam,
+  permissions('timeline.view'),
+  (req, res) => {
+    // Load the milestones
+    req.timeline.getMilestones()
+      .then((milestones) => {
+        const timeline = _.omit(req.timeline.toJSON(), ['deletedAt', 'deletedBy']);
+        timeline.milestones =
+          _.map(milestones, milestone => _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']));
+
+        // Write to response
+        res.json(util.wrapResponse(req.id, timeline));
+      });
+  },
+];
diff --git a/src/routes/timelines/get.spec.js b/src/routes/timelines/get.spec.js
new file mode 100644
index 00000000..253013da
--- /dev/null
+++ b/src/routes/timelines/get.spec.js
@@ -0,0 +1,304 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const should = chai.should();
+
+const milestones = [
+  {
+    id: 1,
+    timelineId: 1,
+    name: 'milestone 1',
+    duration: 2,
+    startDate: '2018-05-03T00:00:00.000Z',
+    endDate: '2018-05-04T00:00:00.000Z',
+    completionDate: '2018-05-05T00:00:00.000Z',
+    status: 'open',
+    type: 'type1',
+    details: {
+      detail1: {
+        subDetail1A: 1,
+        subDetail1B: 2,
+      },
+      detail2: [1, 2, 3],
+    },
+    order: 1,
+    plannedText: 'plannedText 1',
+    activeText: 'activeText 1',
+    completedText: 'completedText 1',
+    blockedText: 'blockedText 1',
+    createdBy: 1,
+    updatedBy: 2,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+  {
+    id: 2,
+    timelineId: 1,
+    name: 'milestone 2',
+    duration: 3,
+    startDate: '2018-05-04T00:00:00.000Z',
+    status: 'open',
+    type: 'type2',
+    order: 2,
+    plannedText: 'plannedText 2',
+    activeText: 'activeText 2',
+    completedText: 'completedText 2',
+    blockedText: 'blockedText 2',
+    createdBy: 2,
+    updatedBy: 3,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+];
+
+describe('GET timeline', () => {
+  before((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: 1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: 2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                  deletedAt: '2018-05-15T00:00:00Z',
+                },
+              ]))
+              .then(() =>
+                // Create timelines
+                models.Timeline.bulkCreate([
+                  {
+                    name: 'name 1',
+                    description: 'description 1',
+                    startDate: '2018-05-11T00:00:00.000Z',
+                    endDate: '2018-05-12T00:00:00.000Z',
+                    reference: 'project',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 2',
+                    description: 'description 2',
+                    startDate: '2018-05-12T00:00:00.000Z',
+                    endDate: '2018-05-13T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 3',
+                    description: 'description 3',
+                    startDate: '2018-05-13T00:00:00.000Z',
+                    endDate: '2018-05-14T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                    deletedAt: '2018-05-14T00:00:00.000Z',
+                  },
+                ]))
+              .then(() => models.Milestone.bulkCreate(milestones))
+              .then(() => done());
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('GET /timelines/{timelineId}', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
+      request(server)
+        .get('/v4/timelines/2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .get('/v4/timelines/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .get('/v4/timelines/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid param', (done) => {
+      request(server)
+        .get('/v4/timelines/0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.id.should.be.eql(1);
+          resJson.name.should.be.eql('name 1');
+          resJson.description.should.be.eql('description 1');
+          resJson.startDate.should.be.eql('2018-05-11T00:00:00.000Z');
+          resJson.endDate.should.be.eql('2018-05-12T00:00:00.000Z');
+          resJson.reference.should.be.eql('project');
+          resJson.referenceId.should.be.eql(1);
+
+          resJson.createdBy.should.be.eql(1);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(1);
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedBy);
+          should.not.exist(resJson.deletedAt);
+
+          // Milestones
+          resJson.milestones.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect(200, done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .expect(200, done);
+    });
+  });
+});
diff --git a/src/routes/timelines/list.js b/src/routes/timelines/list.js
new file mode 100644
index 00000000..6d3ff14f
--- /dev/null
+++ b/src/routes/timelines/list.js
@@ -0,0 +1,94 @@
+/**
+ * API to list all timelines
+ */
+import config from 'config';
+import _ from 'lodash';
+import util from '../../util';
+import models from '../../models';
+import { USER_ROLE, TIMELINE_REFERENCES } from '../../constants';
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+
+/**
+ * Retrieve timelines from elastic search.
+ * @param {Array} esTerms the elastic search terms
+ * @returns {Promise} the promise resolves to the results
+ */
+function retrieveTimelines(esTerms) {
+  return new Promise((accept, reject) => {
+    const es = util.getElasticSearchClient();
+    es.search({
+      index: ES_TIMELINE_INDEX,
+      type: ES_TIMELINE_TYPE,
+      body: {
+        query: { bool: { must: esTerms } },
+      },
+    }).then((docs) => {
+      const rows = _.map(docs.hits.hits, single => _.omit(single._source, ['projectId'])); // eslint-disable-line no-underscore-dangle
+      accept({ rows, count: docs.hits.total });
+    }).catch(reject);
+  });
+}
+
+
+module.exports = [
+  (req, res, next) => {
+    // Validate the filter
+    const filter = util.parseQueryFilter(req.query.filter);
+    if (!util.isValidFilter(filter, ['reference', 'referenceId'])) {
+      const apiErr = new Error('Only allowed to filter by reference and referenceId');
+      apiErr.status = 422;
+      return next(apiErr);
+    }
+
+    // Build the elastic search query
+    const esTerms = [];
+    if (filter.reference) {
+      if (!_.includes(TIMELINE_REFERENCES, filter.reference)) {
+        const apiErr = new Error(`reference filter must be in ${TIMELINE_REFERENCES}`);
+        apiErr.status = 422;
+        return next(apiErr);
+      }
+
+      esTerms.push({
+        term: { reference: filter.reference },
+      });
+    }
+    if (filter.referenceId) {
+      if (_.lt(filter.referenceId, 1)) {
+        const apiErr = new Error('referenceId filter must be a positive integer');
+        apiErr.status = 422;
+        return next(apiErr);
+      }
+
+      esTerms.push({
+        term: { referenceId: filter.referenceId },
+      });
+    }
+
+    // Admin and topcoder manager can see all timelines
+    if (util.hasAdminRole(req) || util.hasRole(req, USER_ROLE.MANAGER)) {
+      return retrieveTimelines(esTerms)
+        .then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
+        .catch(err => next(err));
+    }
+
+    // Get project ids for copilot or member
+    const getProjectIds = util.hasRole(req, USER_ROLE.COPILOT) ?
+      models.Project.getProjectIdsForCopilot(req.authUser.userId) :
+      models.ProjectMember.getProjectIdsForUser(req.authUser.userId);
+
+    return getProjectIds
+      .then((accessibleProjectIds) => {
+        // Copilot or member can see his projects
+        esTerms.push({
+          terms: { projectId: accessibleProjectIds },
+        });
+
+        return retrieveTimelines(esTerms);
+      })
+      .then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
+      .catch(err => next(err));
+  },
+];
diff --git a/src/routes/timelines/list.spec.js b/src/routes/timelines/list.spec.js
new file mode 100644
index 00000000..f903d16c
--- /dev/null
+++ b/src/routes/timelines/list.spec.js
@@ -0,0 +1,397 @@
+/**
+ * Tests for list.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import sleep from 'sleep';
+import config from 'config';
+import _ from 'lodash';
+
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+
+const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
+const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
+
+const should = chai.should();
+
+const timelines = [
+  {
+    name: 'name 1',
+    description: 'description 1',
+    startDate: '2018-05-11T00:00:00.000Z',
+    endDate: '2018-05-12T00:00:00.000Z',
+    reference: 'project',
+    referenceId: 1,
+    createdBy: 1,
+    updatedBy: 1,
+  },
+  {
+    name: 'name 2',
+    description: 'description 2',
+    startDate: '2018-05-12T00:00:00.000Z',
+    endDate: '2018-05-13T00:00:00.000Z',
+    reference: 'phase',
+    referenceId: 1,
+    createdBy: 1,
+    updatedBy: 1,
+  },
+  {
+    name: 'name 3',
+    description: 'description 3',
+    startDate: '2018-05-13T00:00:00.000Z',
+    endDate: '2018-05-14T00:00:00.000Z',
+    reference: 'phase',
+    referenceId: 2,
+    createdBy: 1,
+    updatedBy: 1,
+  },
+];
+const milestones = [
+  {
+    id: 1,
+    timelineId: 1,
+    name: 'milestone 1',
+    duration: 2,
+    startDate: '2018-05-03T00:00:00.000Z',
+    endDate: '2018-05-04T00:00:00.000Z',
+    completionDate: '2018-05-05T00:00:00.000Z',
+    status: 'open',
+    type: 'type1',
+    details: {
+      detail1: {
+        subDetail1A: 1,
+        subDetail1B: 2,
+      },
+      detail2: [1, 2, 3],
+    },
+    order: 1,
+    plannedText: 'plannedText 1',
+    activeText: 'activeText 1',
+    completedText: 'completedText 1',
+    blockedText: 'blockedText 1',
+    createdBy: 1,
+    updatedBy: 2,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+  {
+    id: 2,
+    timelineId: 1,
+    name: 'milestone 2',
+    duration: 3,
+    startDate: '2018-05-04T00:00:00.000Z',
+    status: 'open',
+    type: 'type2',
+    order: 2,
+    plannedText: 'plannedText 2',
+    activeText: 'activeText 2',
+    completedText: 'completedText 2',
+    blockedText: 'blockedText 2',
+    createdBy: 2,
+    updatedBy: 3,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+];
+
+
+describe('LIST timelines', () => {
+  before(function beforeHook(done) {
+    this.timeout(10000);
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ])
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+               models.ProjectPhase.bulkCreate([
+                 {
+                   projectId: 1,
+                   name: 'test project phase 1',
+                   status: 'active',
+                   startDate: '2018-05-15T00:00:00Z',
+                   endDate: '2018-05-15T12:00:00Z',
+                   budget: 20.0,
+                   progress: 1.23456,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 1,
+                   updatedBy: 1,
+                 },
+                 {
+                   projectId: 2,
+                   name: 'test project phase 2',
+                   status: 'active',
+                   startDate: '2018-05-16T00:00:00Z',
+                   endDate: '2018-05-16T12:00:00Z',
+                   budget: 21.0,
+                   progress: 1.234567,
+                   details: {
+                     message: 'This can be any json 2',
+                   },
+                   createdBy: 2,
+                   updatedBy: 2,
+                 },
+               ]))
+              .then(() =>
+                // Create timelines
+                 models.Timeline.bulkCreate(timelines, { returning: true }))
+              .then(createdTimelines =>
+                // Index to ES
+                 Promise.all(_.map(createdTimelines, (createdTimeline) => {
+                   const timelineJson = _.omit(createdTimeline.toJSON(), 'deletedAt', 'deletedBy');
+                   timelineJson.projectId = createdTimeline.id !== 3 ? 1 : 2;
+                   if (timelineJson.id === 1) {
+                     timelineJson.milestones = milestones;
+                   }
+                   return server.services.es.index({
+                     index: ES_TIMELINE_INDEX,
+                     type: ES_TIMELINE_TYPE,
+                     id: timelineJson.id,
+                     body: timelineJson,
+                   });
+                 }))
+                  .then(() => {
+                    // sleep for some time, let elasticsearch indices be settled
+                    sleep.sleep(5);
+                    done();
+                  }));
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('GET /timelines', () => {
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .expect(403, done);
+    });
+
+    it('should return 422 for invalid filter key', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=invalid%3Dproject')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(422)
+        .end(done);
+    });
+
+    it('should return 422 for invalid reference filter', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=reference%3Dinvalid')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(422)
+        .end(done);
+    });
+
+    it('should return 422 for invalid referenceId filter', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=referenceId%3D0')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(422)
+        .end(done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const timeline = timelines[0];
+
+          let resJson = res.body.result.content;
+          resJson.should.have.length(3);
+          resJson = _.sortBy(resJson, o => o.id);
+          resJson[0].id.should.be.eql(1);
+          resJson[0].name.should.be.eql(timeline.name);
+          resJson[0].description.should.be.eql(timeline.description);
+          resJson[0].startDate.should.be.eql(timeline.startDate);
+          resJson[0].endDate.should.be.eql(timeline.endDate);
+          resJson[0].reference.should.be.eql(timeline.reference);
+          resJson[0].referenceId.should.be.eql(timeline.referenceId);
+
+          resJson[0].createdBy.should.be.eql(timeline.createdBy);
+          should.exist(resJson[0].createdAt);
+          resJson[0].updatedBy.should.be.eql(timeline.updatedBy);
+          should.exist(resJson[0].updatedAt);
+          should.not.exist(resJson[0].deletedBy);
+          should.not.exist(resJson[0].deletedAt);
+
+          // Milestones
+          resJson[0].milestones.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(3);
+
+          done();
+        });
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(3);
+
+          done();
+        });
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(2);
+
+          done();
+        });
+    });
+
+    it('should return 200 for member with no accessible project', (done) => {
+      request(server)
+        .get('/v4/timelines')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(0); // no accessible timelines
+
+          done();
+        });
+    });
+
+    it('should return 200 with reference filter', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=reference%3Dproject')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(1);
+
+          done();
+        });
+    });
+
+    it('should return 200 with referenceId filter', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=referenceId%3D2')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(1);
+
+          done();
+        });
+    });
+
+    it('should return 200 with reference and referenceId filter', (done) => {
+      request(server)
+        .get('/v4/timelines?filter=reference%3Dproject%26referenceId%3D1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          resJson.should.have.length(1);
+
+          done();
+        });
+    });
+  });
+});
diff --git a/src/routes/timelines/update.js b/src/routes/timelines/update.js
new file mode 100644
index 00000000..99343de4
--- /dev/null
+++ b/src/routes/timelines/update.js
@@ -0,0 +1,109 @@
+/**
+ * API to update a timeline
+ */
+import validate from 'express-validation';
+import _ from 'lodash';
+import Joi from 'joi';
+import { middleware as tcMiddleware } from 'tc-core-library-js';
+import util from '../../util';
+import { EVENT, TIMELINE_REFERENCES } from '../../constants';
+
+const permissions = tcMiddleware.permissions;
+
+const schema = {
+  params: {
+    timelineId: Joi.number().integer().positive().required(),
+  },
+  body: {
+    param: Joi.object().keys({
+      id: Joi.any().strip(),
+      name: Joi.string().max(255).required(),
+      description: Joi.string().max(255),
+      startDate: Joi.date().required(),
+      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
+      reference: Joi.string().valid(_.values(TIMELINE_REFERENCES)).required(),
+      referenceId: Joi.number().integer().positive().required(),
+      createdAt: Joi.any().strip(),
+      updatedAt: Joi.any().strip(),
+      deletedAt: Joi.any().strip(),
+      createdBy: Joi.any().strip(),
+      updatedBy: Joi.any().strip(),
+      deletedBy: Joi.any().strip(),
+    }).required(),
+  },
+};
+
+module.exports = [
+  validate(schema),
+  // Validate and get projectId from the timelineId param and request body,
+  // and set to request params for checking by the permissions middleware
+  util.validateTimelineIdParam,
+  util.validateTimelineRequestBody,
+  permissions('timeline.edit'),
+  (req, res, next) => {
+    const entityToUpdate = _.assign(req.body.param, {
+      updatedBy: req.authUser.userId,
+    });
+
+    const timeline = req.timeline;
+    const original = _.omit(timeline.toJSON(), ['deletedAt', 'deletedBy']);
+    let updated;
+
+    // Update
+    return timeline.update(entityToUpdate)
+      .then((updatedTimeline) => {
+        // Omit deletedAt, deletedBy
+        updated = _.omit(updatedTimeline.toJSON(), ['deletedAt', 'deletedBy']);
+
+        // Update milestones startDate and endDate if necessary
+        if (original.startDate !== updated.startDate || original.endDate !== updated.endDate) {
+          return updatedTimeline.getMilestones()
+            .then((milestones) => {
+              const updateMilestonePromises = _.map(milestones, (_milestone) => {
+                const milestone = _milestone;
+                if (original.startDate !== updated.startDate) {
+                  if (milestone.startDate && milestone.startDate < updated.startDate) {
+                    milestone.startDate = updated.startDate;
+                    if (milestone.endDate && milestone.endDate < milestone.startDate) {
+                      milestone.endDate = milestone.startDate;
+                    }
+                    milestone.updatedBy = req.authUser.userId;
+                  }
+                }
+
+                if (original.endDate !== updated.endDate) {
+                  if (milestone.endDate && updated.endDate && updated.endDate < milestone.endDate) {
+                    milestone.endDate = updated.endDate;
+                    milestone.updatedBy = req.authUser.userId;
+                  }
+                }
+
+                return milestone.save();
+              });
+
+              return Promise.all(updateMilestonePromises)
+                .then((updatedMilestones) => {
+                  updated.milestones =
+                    _.map(updatedMilestones, milestone => _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']));
+                  return Promise.resolve();
+                });
+            });
+        }
+
+        return Promise.resolve();
+      })
+      .then(() => {
+        // Send event to bus
+        req.log.debug('Sending event to RabbitMQ bus for timeline %d', updated.id);
+        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_UPDATED,
+          { original, updated },
+          { correlationId: req.id },
+        );
+
+        // Write to response
+        res.json(util.wrapResponse(req.id, updated));
+        return Promise.resolve();
+      })
+      .catch(next);
+  },
+];
diff --git a/src/routes/timelines/update.spec.js b/src/routes/timelines/update.spec.js
new file mode 100644
index 00000000..eb887fe3
--- /dev/null
+++ b/src/routes/timelines/update.spec.js
@@ -0,0 +1,626 @@
+/**
+ * Tests for get.js
+ */
+import chai from 'chai';
+import request from 'supertest';
+import _ from 'lodash';
+import models from '../../models';
+import server from '../../app';
+import testUtil from '../../tests/util';
+import { EVENT } from '../../constants';
+
+const should = chai.should();
+
+
+const milestones = [
+  {
+    id: 1,
+    timelineId: 1,
+    name: 'milestone 1',
+    duration: 2,
+    startDate: '2018-05-13T00:00:00.000Z',
+    endDate: '2018-05-16T00:00:00.000Z',
+    completionDate: '2018-05-05T00:00:00.000Z',
+    status: 'open',
+    type: 'type1',
+    details: {
+      detail1: {
+        subDetail1A: 1,
+        subDetail1B: 2,
+      },
+      detail2: [1, 2, 3],
+    },
+    order: 1,
+    plannedText: 'plannedText 1',
+    activeText: 'activeText 1',
+    completedText: 'completedText 1',
+    blockedText: 'blockedText 1',
+    createdBy: 1,
+    updatedBy: 2,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+  {
+    id: 2,
+    timelineId: 1,
+    name: 'milestone 2',
+    duration: 3,
+    startDate: '2018-05-14T00:00:00.000Z',
+    status: 'open',
+    type: 'type2',
+    order: 2,
+    plannedText: 'plannedText 2',
+    activeText: 'activeText 2',
+    completedText: 'completedText 2',
+    blockedText: 'blockedText 2',
+    createdBy: 2,
+    updatedBy: 3,
+    createdAt: '2018-05-11T00:00:00.000Z',
+    updatedAt: '2018-05-11T00:00:00.000Z',
+  },
+];
+
+describe('UPDATE timeline', () => {
+  beforeEach((done) => {
+    testUtil.clearDb()
+      .then(() => {
+        models.Project.bulkCreate([
+          {
+            type: 'generic',
+            billingAccountId: 1,
+            name: 'test1',
+            description: 'test project1',
+            status: 'draft',
+            details: {},
+            createdBy: 1,
+            updatedBy: 1,
+          },
+          {
+            type: 'generic',
+            billingAccountId: 2,
+            name: 'test2',
+            description: 'test project2',
+            status: 'draft',
+            details: {},
+            createdBy: 2,
+            updatedBy: 2,
+            deletedAt: '2018-05-15T00:00:00Z',
+          },
+        ], { returning: true })
+          .then(() => {
+            // Create member
+            models.ProjectMember.bulkCreate([
+              {
+                userId: 40051332,
+                projectId: 1,
+                role: 'copilot',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+              {
+                userId: 40051331,
+                projectId: 1,
+                role: 'customer',
+                isPrimary: true,
+                createdBy: 1,
+                updatedBy: 1,
+              },
+            ]).then(() =>
+              // Create phase
+              models.ProjectPhase.bulkCreate([
+                {
+                  projectId: 1,
+                  name: 'test project phase 1',
+                  status: 'active',
+                  startDate: '2018-05-15T00:00:00Z',
+                  endDate: '2018-05-15T12:00:00Z',
+                  budget: 20.0,
+                  progress: 1.23456,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 1,
+                  updatedBy: 1,
+                },
+                {
+                  projectId: 2,
+                  name: 'test project phase 2',
+                  status: 'active',
+                  startDate: '2018-05-16T00:00:00Z',
+                  endDate: '2018-05-16T12:00:00Z',
+                  budget: 21.0,
+                  progress: 1.234567,
+                  details: {
+                    message: 'This can be any json 2',
+                  },
+                  createdBy: 2,
+                  updatedBy: 2,
+                  deletedAt: '2018-05-15T00:00:00Z',
+                },
+              ]), { returning: true })
+              .then(() =>
+                // Create timelines
+                models.Timeline.bulkCreate([
+                  {
+                    name: 'name 1',
+                    description: 'description 1',
+                    startDate: '2018-05-11T00:00:00.000Z',
+                    endDate: '2018-05-20T00:00:00.000Z',
+                    reference: 'project',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 2',
+                    description: 'description 2',
+                    startDate: '2018-05-12T00:00:00.000Z',
+                    endDate: '2018-05-13T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                  },
+                  {
+                    name: 'name 3',
+                    description: 'description 3',
+                    startDate: '2018-05-13T00:00:00.000Z',
+                    endDate: '2018-05-14T00:00:00.000Z',
+                    reference: 'phase',
+                    referenceId: 1,
+                    createdBy: 1,
+                    updatedBy: 1,
+                    deletedAt: '2018-05-14T00:00:00.000Z',
+                  },
+                ]))
+              .then(() => models.Milestone.bulkCreate(milestones))
+              .then(() => done());
+          });
+      });
+  });
+
+  after(testUtil.clearDb);
+
+  describe('PATCH /timelines/{timelineId}', () => {
+    const body = {
+      param: {
+        name: 'new name 1',
+        description: 'new description 1',
+        startDate: '2018-06-01T00:00:00.000Z',
+        endDate: '2018-06-02T00:00:00.000Z',
+        reference: 'project',
+        referenceId: 1,
+      },
+    };
+
+    it('should return 403 if user is not authenticated', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send(body)
+        .expect(403, done);
+    });
+
+    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
+      request(server)
+        .patch('/v4/timelines/2')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect(403, done);
+    });
+
+    it('should return 404 for non-existed timeline', (done) => {
+      request(server)
+        .patch('/v4/timelines/1234')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted timeline', (done) => {
+      request(server)
+        .patch('/v4/timelines/3')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(404, done);
+    });
+
+    it('should return 422 for invalid param', (done) => {
+      request(server)
+        .patch('/v4/timelines/0')
+        .send(body)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .expect(422, done);
+    });
+
+    it('should return 404 for non-existed template', (done) => {
+      request(server)
+        .patch('/v4/timelines/1234')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 404 for deleted template', (done) => {
+      request(server)
+        .patch('/v4/timelines/3')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(404, done);
+    });
+
+    it('should return 422 if missing name', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          name: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing startDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if startDate is after endDate', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          startDate: '2018-05-29T00:00:00.000Z',
+          endDate: '2018-05-28T00:00:00.000Z',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing reference', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if missing referenceId', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: undefined,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if invalid reference', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'invalid',
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if invalid referenceId', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 0,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if project does not exist', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 1110,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if project was deleted', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          referenceId: 2,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if phase does not exist', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 2222,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 422 if phase was deleted', (done) => {
+      const invalidBody = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 2,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(invalidBody)
+        .expect('Content-Type', /json/)
+        .expect(422, done);
+    });
+
+    it('should return 200 for admin', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end((err, res) => {
+          const resJson = res.body.result.content;
+          should.exist(resJson.id);
+          resJson.name.should.be.eql(body.param.name);
+          resJson.description.should.be.eql(body.param.description);
+          resJson.startDate.should.be.eql(body.param.startDate);
+          resJson.endDate.should.be.eql(body.param.endDate);
+          resJson.reference.should.be.eql(body.param.reference);
+          resJson.referenceId.should.be.eql(body.param.referenceId);
+
+          resJson.createdBy.should.be.eql(1);
+          should.exist(resJson.createdAt);
+          resJson.updatedBy.should.be.eql(40051333); // admin
+          should.exist(resJson.updatedAt);
+          should.not.exist(resJson.deletedAt);
+          should.not.exist(resJson.deletedBy);
+
+          // eslint-disable-next-line no-unused-expressions
+          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_UPDATED).should.be.true;
+
+          done();
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin with changed startDate', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({
+          param: _.assign({}, body.param, {
+            startDate: '2018-05-15T00:00:00.000Z',
+            endDate: '2018-05-17T00:00:00.000Z', // no affect to milestones
+          }),
+        })
+        .expect(200)
+        .end(() => {
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.startDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
+                milestone.endDate.should.be.eql(new Date('2018-05-16T00:00:00.000Z'));
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.startDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
+                should.not.exist(milestone.endDate);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin with changed endDate', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({
+          param: _.assign({}, body.param, {
+            startDate: '2018-05-12T00:00:00.000Z', // no affect to milestones
+            endDate: '2018-05-15T00:00:00.000Z',
+          }),
+        })
+        .expect(200)
+        .end(() => {
+          setTimeout(() => {
+            models.Milestone.findById(1)
+              .then((milestone) => {
+                milestone.startDate.should.be.eql(new Date('2018-05-13T00:00:00.000Z'));
+                milestone.endDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
+              })
+              .then(() => models.Milestone.findById(2))
+              .then((milestone) => {
+                milestone.startDate.should.be.eql(new Date('2018-05-14T00:00:00.000Z'));
+                should.not.exist(milestone.endDate);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    it('should return 200 for connect admin', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for connect manager', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.manager}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for copilot', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 for member', (done) => {
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(body)
+        .expect(200)
+        .end(done);
+    });
+
+    it('should return 200 if changing reference and referenceId', (done) => {
+      const newBody = {
+        param: _.assign({}, body.param, {
+          reference: 'phase',
+          referenceId: 1,
+        }),
+      };
+
+      request(server)
+        .patch('/v4/timelines/1')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send(newBody)
+        .expect(200)
+        .end(done);
+    });
+  });
+});
diff --git a/src/tests/seed.js b/src/tests/seed.js
index 350480c4..3ef8b098 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -1,4 +1,5 @@
 import models from '../models';
+import { TIMELINE_REFERENCES } from '../constants';
 
 models.sequelize.sync({ force: true })
   .then(() =>
@@ -433,6 +434,132 @@ models.sequelize.sync({ force: true })
       createdBy: 1,
       updatedBy: 2,
     },
+  ], { returning: true }))
+  // Product milestone templates
+  .then(productTemplates => models.ProductMilestoneTemplate.bulkCreate([
+    {
+      name: 'milestoneTemplate 1',
+      duration: 3,
+      type: 'type1',
+      order: 1,
+      productTemplateId: productTemplates[0].id,
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'milestoneTemplate 2',
+      duration: 4,
+      type: 'type2',
+      order: 2,
+      productTemplateId: productTemplates[0].id,
+      createdBy: 2,
+      updatedBy: 3,
+    },
+  ]))
+  // Project phases
+  .then(() => models.ProjectPhase.bulkCreate([
+    {
+      name: 'phase 1',
+      projectId: 1,
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'phase 2',
+      projectId: 1,
+      createdBy: 2,
+      updatedBy: 3,
+    },
+  ], { returning: true }))
+  // Timelines
+  .then(projectPhases => models.Timeline.bulkCreate([
+    {
+      name: 'timeline 1',
+      startDate: '2018-05-01T00:00:00.000Z',
+      reference: TIMELINE_REFERENCES.PROJECT,
+      referenceId: projectPhases[0].projectId,
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      name: 'timeline 2',
+      startDate: '2018-05-02T00:00:00.000Z',
+      reference: TIMELINE_REFERENCES.PHASE,
+      referenceId: projectPhases[0].id,
+      createdBy: 2,
+      updatedBy: 3,
+    },
+    {
+      name: 'timeline 3',
+      startDate: '2018-05-03T00:00:00.000Z',
+      reference: TIMELINE_REFERENCES.PROJECT,
+      referenceId: projectPhases[0].projectId,
+      createdBy: 3,
+      updatedBy: 4,
+    },
+    {
+      name: 'timeline 4',
+      startDate: '2018-05-04T00:00:00.000Z',
+      reference: TIMELINE_REFERENCES.PROJECT,
+      referenceId: 2,
+      createdBy: 4,
+      updatedBy: 5,
+    },
+  ], { returning: true }))
+  // Milestones
+  .then(timelines => models.Milestone.bulkCreate([
+    {
+      timelineId: timelines[0].id,
+      name: 'milestone 1',
+      duration: 2,
+      startDate: '2018-05-03T00:00:00.000Z',
+      status: 'open',
+      type: 'type1',
+      details: {
+        detail1: {
+          subDetail1A: 1,
+          subDetail1B: 2,
+        },
+        detail2: [1, 2, 3],
+      },
+      order: 1,
+      plannedText: 'plannedText 1',
+      activeText: 'activeText 1',
+      completedText: 'completedText 1',
+      blockedText: 'blockedText 1',
+      createdBy: 1,
+      updatedBy: 2,
+    },
+    {
+      timelineId: timelines[0].id,
+      name: 'milestone 2',
+      duration: 3,
+      startDate: '2018-05-04T00:00:00.000Z',
+      status: 'open',
+      type: 'type2',
+      order: 2,
+      plannedText: 'plannedText 2',
+      activeText: 'activeText 2',
+      completedText: 'completedText 2',
+      blockedText: 'blockedText 2',
+      createdBy: 2,
+      updatedBy: 3,
+    },
+    {
+      timelineId: timelines[2].id,
+      name: 'milestone 3',
+      duration: 4,
+      startDate: '2018-05-04T00:00:00.000Z',
+      status: 'open',
+      type: 'type3',
+      order: 3,
+      plannedText: 'plannedText 3',
+      activeText: 'activeText 3',
+      completedText: 'completedText 3',
+      blockedText: 'blockedText 3',
+      createdBy: 3,
+      updatedBy: 4,
+    },
   ]))
   .then(() => models.ProjectType.bulkCreate([
     {
diff --git a/src/util.js b/src/util.js
index add05eb6..843ff371 100644
--- a/src/util.js
+++ b/src/util.js
@@ -17,7 +17,7 @@ import urlencode from 'urlencode';
 import elasticsearch from 'elasticsearch';
 import Promise from 'bluebird';
 import AWS from 'aws-sdk';
-import { ADMIN_ROLES, TOKEN_SCOPES } from './constants';
+import { ADMIN_ROLES, TOKEN_SCOPES, TIMELINE_REFERENCES } from './constants';
 
 const exec = require('child_process').exec;
 const models = require('./models').default;
@@ -381,6 +381,102 @@ _.assignIn(util, {
       return source;
     }
   }),
+
+  /**
+   * The middleware to validate and get the projectId specified by the timeline request object,
+   * and set to the request params. This should be called after the validate() middleware,
+   * and before the permissions() middleware.
+   * @param {Object} req the express request instance
+   * @param {Object} res the express response instance
+   * @param {Function} next the express next middleware
+   */
+  // eslint-disable-next-line valid-jsdoc
+  validateTimelineRequestBody: (req, res, next) => {
+    // The timeline refers to a project
+    if (req.body.param.reference === TIMELINE_REFERENCES.PROJECT) {
+      // Set projectId to the params so it can be used in the permission check middleware
+      req.params.projectId = req.body.param.referenceId;
+
+      // Validate projectId to be existed
+      return models.Project.findOne({
+        where: {
+          id: req.params.projectId,
+          deletedAt: { $eq: null },
+        },
+      })
+        .then((project) => {
+          if (!project) {
+            const apiErr = new Error(`Project not found for project id ${req.params.projectId}`);
+            apiErr.status = 422;
+            return next(apiErr);
+          }
+
+          return next();
+        });
+    }
+
+    // The timeline refers to a phase
+    return models.ProjectPhase.findOne({
+      where: {
+        id: req.body.param.referenceId,
+        deletedAt: { $eq: null },
+      },
+    })
+      .then((phase) => {
+        if (!phase) {
+          const apiErr = new Error(`Phase not found for phase id ${req.body.param.referenceId}`);
+          apiErr.status = 422;
+          return next(apiErr);
+        }
+
+        // Set projectId to the params so it can be used in the permission check middleware
+        req.params.projectId = req.body.param.referenceId;
+        return next();
+      });
+  },
+
+  /**
+   * The middleware to validate and get the projectId specified by the timelineId from request
+   * path parameter, and set to the request params. This should be called after the validate()
+   * middleware, and before the permissions() middleware.
+   * @param {Object} req the express request instance
+   * @param {Object} res the express response instance
+   * @param {Function} next the express next middleware
+   */
+  // eslint-disable-next-line valid-jsdoc
+  validateTimelineIdParam: (req, res, next) => {
+    models.Timeline.findById(req.params.timelineId)
+      .then((timeline) => {
+        if (!timeline) {
+          const apiErr = new Error(`Timeline not found for timeline id ${req.params.timelineId}`);
+          apiErr.status = 404;
+          return next(apiErr);
+        }
+
+        // Set timeline to the request to be used in the next middleware
+        req.timeline = timeline;
+
+        // The timeline refers to a project
+        if (timeline.reference === TIMELINE_REFERENCES.PROJECT) {
+          // Set projectId to the params so it can be used in the permission check middleware
+          req.params.projectId = timeline.referenceId;
+          return next();
+        }
+
+        // The timeline refers to a phase
+        return models.ProjectPhase.findOne({
+          where: {
+            id: timeline.referenceId,
+            deletedAt: { $eq: null },
+          },
+        })
+          .then((phase) => {
+            // Set projectId to the params so it can be used in the permission check middleware
+            req.params.projectId = phase.projectId;
+            return next();
+          });
+      });
+  },
 });
 
 export default util;
diff --git a/swagger.yaml b/swagger.yaml
index 39bad0d3..3fa16cb4 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -27,7 +27,7 @@ paths:
       operationId: findProjects
       security:
         - Bearer: []
-      description: Retreive projects that match the filter
+      description: Retrieve projects that match the filter
       responses:
         '422':
           description: Invalid input
@@ -344,7 +344,7 @@ paths:
       operationId: findProjectPhases
       security:
         - Bearer: []
-      description: Retreive all project phases. All users who can edit project can access this endpoint.
+      description: Retrieve all project phases. All users who can edit project can access this endpoint.
       parameters:
         - name: fields
           required: false
@@ -489,7 +489,7 @@ paths:
       operationId: findPhaseProducts
       security:
         - Bearer: []
-      description: Retreive all phase products. All users who can edit project can access this endpoint.
+      description: Retrieve all phase products. All users who can edit project can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -655,7 +655,7 @@ paths:
       operationId: findProjectTemplates
       security:
         - Bearer: []
-      description: Retreive all project templates. All user roles can access this endpoint.
+      description: Retrieve all project templates. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -781,7 +781,7 @@ paths:
       operationId: findProductTemplates
       security:
         - Bearer: []
-      description: Retreive all product templates. All user roles can access this endpoint.
+      description: Retrieve all product templates. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -907,7 +907,7 @@ paths:
       operationId: findProjectTypes
       security:
         - Bearer: []
-      description: Retreive all project types. All user roles can access this endpoint.
+      description: Retrieve all project types. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -1025,6 +1025,441 @@ paths:
           description: Project type successfully removed
 
 
+  /timelines:
+    get:
+      tags:
+        - timeline
+      operationId: findTimelines
+      security:
+        - Bearer: []
+      description: Retrieve timelines which its projects are accessible by the user.
+      parameters:
+        - name: filter
+          required: false
+          type: string
+          in: query
+          description: |
+            Url encoded list of supported filters
+             - reference
+             - referenceId
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of timelines
+          schema:
+            $ref: "#/definitions/TimelineListResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+    post:
+      tags:
+        - timeline
+      operationId: addTimeline
+      security:
+        - Bearer: []
+      description: Create a timeline. All users who can edit the project can access this endpoint.
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/TimelineBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created timeline
+          schema:
+            $ref: "#/definitions/TimelineResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /timelines/{timelineId}:
+    get:
+      tags:
+        - timeline
+      description: Retrieve timeline by id. All users who can view the project can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a timeline
+          schema:
+            $ref: "#/definitions/TimelineResponse"
+      parameters:
+        - $ref: "#/parameters/timelineIdParam"
+      operationId: getTimeline
+
+    patch:
+      tags:
+        - timeline
+      operationId: updateTimeline
+      security:
+        - Bearer: []
+      description: Update a timeline. All users who can edit the project can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated timeline.
+          schema:
+            $ref: "#/definitions/TimelineResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - $ref: "#/parameters/timelineIdParam"
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/TimelineBodyParam"
+
+    delete:
+      tags:
+        - timeline
+      description: Remove an existing timeline. All users who can edit the project can access this endpoint.
+      security:
+        - Bearer: []
+      parameters:
+        - $ref: "#/parameters/timelineIdParam"
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Timeline successfully removed
+
+  /timelines/{timelineId}/milestones:
+    parameters:
+      - $ref: "#/parameters/timelineIdParam"
+    get:
+      tags:
+        - milestone
+      operationId: findMilestones
+      security:
+        - Bearer: []
+      description: Retrieve all milestones. All users who can view the timeline can access this endpoint.
+      parameters:
+        - name: sort
+          required: false
+          description: sort by `order`. Default is `order asc`
+          in: query
+          type: string
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of milestones
+          schema:
+            $ref: "#/definitions/MilestoneListResponse"
+    post:
+      tags:
+        - milestone
+      operationId: addMilestone
+      security:
+        - Bearer: []
+      description: Create a milestone. All users who can edit the timeline can access this endpoint.
+        It also updates the `order` field of all other milestones in the same timeline which have `order` greater than or equal to the `order` specified in the POST body.
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/MilestoneBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created milestone
+          schema:
+            $ref: "#/definitions/MilestoneResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /timelines/{timelineId}/milestones/{milestoneId}:
+    parameters:
+      - $ref: "#/parameters/timelineIdParam"
+      - $ref: "#/parameters/milestoneIdParam"
+    get:
+      tags:
+        - milestone
+      description: Retrieve milestone by id. All users who can view the timeline can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a milestone
+          schema:
+            $ref: "#/definitions/MilestoneResponse"
+      operationId: getMilestone
+
+    patch:
+      tags:
+        - milestone
+      operationId: updateMilestone
+      security:
+        - Bearer: []
+      description: Update a milestone. All users who can edit the timeline can access this endpoint.
+        For attributes with JSON object type, it would overwrite the existing fields, or add new if the fields don't exist in the JSON object.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated milestone.
+          schema:
+            $ref: "#/definitions/MilestoneResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/MilestoneBodyParam"
+
+    delete:
+      tags:
+        - milestone
+      description: Remove an existing milestone. All users who can edit the timeline can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Milestone successfully removed
+
+
+  /productTemplates/{productTemplateId}/milestones:
+    parameters:
+      - $ref: "#/parameters/productTemplateIdParam"
+    get:
+      tags:
+        - productMilestoneTemplate
+      operationId: findMilestoneTemplates
+      security:
+        - Bearer: []
+      description: Retrieve all milestone templates. All user roles can access this endpoint.
+      parameters:
+        - name: sort
+          required: false
+          description: sort by `order`. Default is `order asc`
+          in: query
+          type: string
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: A list of milestone templates
+          schema:
+            $ref: "#/definitions/MilestoneTemplateListResponse"
+    post:
+      tags:
+        - productMilestoneTemplate
+      operationId: addMilestoneTemplate
+      security:
+        - Bearer: []
+      description: Create a milestone template. Only connect manager, connect admin, and admin can access this endpoint. It also updates the `order` field of all other milestone templates in the same product template which have `order` greater than or equal to the `order` specified in the POST body.
+      parameters:
+        - in: body
+          name: body
+          required: true
+          schema:
+            $ref: '#/definitions/MilestoneTemplateBodyParam'
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '201':
+          description: Returns the newly created milestone template
+          schema:
+            $ref: "#/definitions/MilestoneTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+
+  /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}:
+    parameters:
+      - $ref: "#/parameters/productTemplateIdParam"
+      - $ref: "#/parameters/milestoneTemplateIdParam"
+    get:
+      tags:
+        - productMilestoneTemplate
+      description: Retrieve milestone template by id. All user roles can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: a milestone template
+          schema:
+            $ref: "#/definitions/MilestoneTemplateResponse"
+      operationId: getMilestoneTemplate
+
+    patch:
+      tags:
+        - productMilestoneTemplate
+      operationId: updateMilestoneTemplate
+      security:
+        - Bearer: []
+      description: Update a milestone template. Only connect manager, connect admin, and admin can access this endpoint.
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '200':
+          description: Successfully updated milestone template.
+          schema:
+            $ref: "#/definitions/MilestoneTemplateResponse"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        default:
+          description: error payload
+          schema:
+            $ref: '#/definitions/ErrorModel'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/MilestoneTemplateBodyParam"
+
+    delete:
+      tags:
+        - productMilestoneTemplate
+      description: Remove an existing milestone template. Only connect manager, connect admin, and admin can access this endpoint.
+      security:
+        - Bearer: []
+      responses:
+        '403':
+          description: No permission or wrong token
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '404':
+          description: Not found
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '422':
+          description: Invalid input
+          schema:
+            $ref: "#/definitions/ErrorModel"
+        '204':
+          description: Milestone template successfully removed
+
+
+
+
 
 
 parameters:
@@ -1065,6 +1500,38 @@ parameters:
     description: project type key
     required: true
     type: string
+  timelineIdParam:
+    name: timelineId
+    in: path
+    description: timeline identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
+  milestoneIdParam:
+    name: milestoneId
+    in: path
+    description: milestone identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
+  productTemplateIdParam:
+    name: productTemplateId
+    in: path
+    description: product template identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
+  milestoneTemplateIdParam:
+    name: milestoneTemplateId
+    in: path
+    description: milestone template identifier
+    required: true
+    type: integer
+    format: int64
+    minimum: 1
   offsetParam:
     name: offset
     description: "number of items to skip. Defaults to 0"
@@ -1405,72 +1872,362 @@ definitions:
         description: member role on specified project
         enum: ["customer", "manager", "copilot"]
 
-  NewProjectMemberBodyParam:
+  NewProjectMemberBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/NewProjectMember"
+
+  UpdateProjectMember:
+      title: Project Member object
+      type: object
+      required:
+        - role
+      properties:
+        isPrimary:
+          type: boolean
+          description: primary option
+        role:
+          type: string
+          description: member role on specified project
+          enum: ["customer", "manager", "copilot"]
+
+  UpdateProjectMemberBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/UpdateProjectMember"
+
+  NewProjectAttachment:
+    title: Project attachment request
+    type: object
+    required:
+      - filePath
+      - s3Bucket
+      - title
+      - contentType
+    properties:
+      filePath:
+        type: string
+        description: path where file is stored
+      s3Bucket:
+        type: string
+        description: The s3 bucket of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
+      category:
+        type: string
+        description: Category of attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
+
+  NewProjectAttachmentBodyParam:
+    type: object
+    properties:
+      param:
+        $ref: "#/definitions/NewProjectAttachment"
+
+  NewProjectAttachmentResponse:
+    title: Project attachment object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectAttachment"
+
+  ProjectAttachment:
+    title: Project attachment
+    type: object
+    properties:
+      id:
+        type: number
+        description: unique id for the attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
+      category:
+        type: string
+        description: The category of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
+      downloadUrl:
+        type: string
+        description: download link for the attachment.
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
+        type: string
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+  ProjectMember:
+    title: Project Member object
+    type: object
+    properties:
+      id:
+        type: number
+        description: unique identifier for record
+      userId:
+        type: number
+        format: int64
+        description: user identifier
+      isPrimary:
+        type: boolean
+        description: Flag to indicate this member is primary for specified role
+      projectId:
+        type: number
+        format: int64
+        description: project identifier
+      role:
+        type: string
+        description: member role on specified project
+        enum: ["customer", "manager", "copilot"]
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
+        type: string
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+
+
+  NewProjectMemberResponse:
+    title: Project member object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectMember"
+
+  UpdateProjectMemberResponse:
+    title: Project member object response
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/ProjectMember"
+
+
+  ProjectResponse:
+    title: Single project object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            $ref: "#/definitions/Project"
+
+  UpdateProjectResponse:
+    title: response with original and updated project object
     type: object
     properties:
-      param:
-        $ref: "#/definitions/NewProjectMember"
-
-  UpdateProjectMember:
-      title: Project Member object
-      type: object
-      required:
-        - role
-      properties:
-        isPrimary:
-          type: boolean
-          description: primary option
-        role:
-          type: string
-          description: member role on specified project
-          enum: ["customer", "manager", "copilot"]
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          content:
+            type: object
+            properties:
+              original:
+                $ref: "#/definitions/Project"
+              updated:
+                 $ref: "#/definitions/Project"
 
-  UpdateProjectMemberBodyParam:
+  ProjectListResponse:
+    title: List response
     type: object
     properties:
-      param:
-        $ref: "#/definitions/UpdateProjectMember"
+      id:
+        type: string
+        readOnly: true
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/Project"
 
-  NewProjectAttachment:
-    title: Project attachment request
+  ProjectTemplateRequest:
+    title: Project template request object
     type: object
     required:
-      - filePath
-      - s3Bucket
-      - title
-      - contentType
+      - name
+      - key
+      - category
+      - scope
+      - phases
     properties:
-      filePath:
-        type: string
-        description: path where file is stored
-      s3Bucket:
-        type: string
-        description: The s3 bucket of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
+      name:
         type: string
-        description: Name of the attachment
-      description:
+        description: the project template name
+      key:
         type: string
-        description: Optional description for the attached file.
+        description: the project template key
       category:
         type: string
-        description: Category of attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
+        description: the project template category
+      scope:
+        type: object
+        description: the project template scope
+      phases:
+        type: object
+        description: the project template phases
 
-  NewProjectAttachmentBodyParam:
+  ProjectTemplateBodyParam:
+    title: Project template body param
     type: object
+    required:
+      - param
     properties:
       param:
-        $ref: "#/definitions/NewProjectAttachment"
+        $ref: "#/definitions/ProjectTemplateRequest"
 
-  NewProjectAttachmentResponse:
-    title: Project attachment object response
+  ProjectTemplate:
+    title: Project template object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProjectTemplateRequest"
+
+
+  ProjectTemplateResponse:
+    title: Single project template response object
     type: object
     properties:
       id:
@@ -1486,99 +2243,114 @@ definitions:
           status:
             type: string
             description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectAttachment"
+            $ref: "#/definitions/ProjectTemplate"
 
-  ProjectAttachment:
-    title: Project attachment
+  ProjectTemplateListResponse:
+    title: Project template list response object
     type: object
     properties:
       id:
-        type: number
-        description: unique id for the attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
-      category:
-        type: string
-        description: The category of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
-        type: string
-        description: Name of the attachment
-      description:
-        type: string
-        description: Optional description for the attached file.
-      downloadUrl:
         type: string
-        description: download link for the attachment.
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
         readOnly: true
-      updatedAt:
+        description: unique id identifying the request
+      version:
         type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-  ProjectMember:
-    title: Project Member object
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
+          content:
+            type: array
+            items:
+              $ref: "#/definitions/ProjectTemplate"
+              
+  ProductTemplateRequest:
+    title: Product template request object
     type: object
+    required:
+      - name
+      - key
+      - category
+      - scope
+      - phases
     properties:
-      id:
-        type: number
-        description: unique identifier for record
-      userId:
-        type: number
-        format: int64
-        description: user identifier
-      isPrimary:
-        type: boolean
-        description: Flag to indicate this member is primary for specified role
-      projectId:
-        type: number
-        format: int64
-        description: project identifier
-      role:
+      name:
         type: string
-        description: member role on specified project
-        enum: ["customer", "manager", "copilot"]
-      createdAt:
+        description: the product template name
+      productKey:
+        type: string
+        description: the product template key
+      icon:
+        type: string
+        description: the product template icon
+      brief:
         type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
+        description: the product template brief
+      details:
         type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
+        description: the product template details
+      aliases:
+        type: object
+        description: the product template aliases
+      template:
+        type: object
+        description: the product template template
 
+  ProductTemplateBodyParam:
+    title: Product template body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProductTemplateRequest"
 
+  ProductTemplate:
+    title: Product template object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProductTemplateRequest"
 
-  NewProjectMemberResponse:
-    title: Project member object response
+  ProjectUpgradeResponse:
+    title: Project upgrade response object
     type: object
     properties:
       id:
@@ -1594,11 +2366,11 @@ definitions:
           status:
             type: string
             description: http status code
-          content:
-            $ref: "#/definitions/ProjectMember"
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
 
-  UpdateProjectMemberResponse:
-    title: Project member object response
+  ProductTemplateResponse:
+    title: Single product template response object
     type: object
     properties:
       id:
@@ -1614,16 +2386,18 @@ definitions:
           status:
             type: string
             description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectMember"
-
+            $ref: "#/definitions/ProductTemplate"
 
-  ProjectResponse:
-    title: Single project object
+  ProductTemplateListResponse:
+    title: Product template list response object
     type: object
     properties:
       id:
         type: string
+        readOnly: true
         description: unique id identifying the request
       version:
         type: string
@@ -1635,11 +2409,93 @@ definitions:
           status:
             type: string
             description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/Project"
+            type: array
+            items:
+              $ref: "#/definitions/ProductTemplate"
 
-  UpdateProjectResponse:
-    title: response with original and updated project object
+  ProjectPhaseRequest:
+    title: Project phase request object
+    type: object
+    required:
+      - name
+      - status
+      - startDate
+      - endDate
+    properties:
+      name:
+        type: string
+        description: the project phase name
+      status:
+        type: string
+        description: the project phase status
+      startDate:
+        type: string
+        format: date
+        description: the project phase start date
+      endDate:
+        type: string
+        format: date
+        description: the project phase end date
+      budget:
+        type: number
+        description: the project phase budget
+      progress:
+        type: number
+        description: the project phase progress
+      details:
+        type: object
+        description: the project phase details
+
+  ProjectPhaseBodyParam:
+    title: Project phase body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectPhaseRequest"
+
+  ProjectPhase:
+    title: Project phase object
+    allOf:
+      - type: object
+        required:
+          - id
+          - createdAt
+          - createdBy
+          - updatedAt
+          - updatedBy
+        properties:
+          id:
+            type: number
+            format: int64
+            description: the id
+          createdAt:
+            type: string
+            description: Datetime (GMT) when object was created
+            readOnly: true
+          createdBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User who created this object
+            readOnly: true
+          updatedAt:
+            type: string
+            description: READ-ONLY. Datetime (GMT) when object was updated
+            readOnly: true
+          updatedBy:
+            type: integer
+            format: int64
+            description: READ-ONLY. User that last updated this object
+            readOnly: true
+      - $ref: "#/definitions/ProjectPhaseRequest"
+
+
+  ProjectPhaseResponse:
+    title: Single project phase response object
     type: object
     properties:
       id:
@@ -1655,16 +2511,13 @@ definitions:
           status:
             type: string
             description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
           content:
-            type: object
-            properties:
-              original:
-                $ref: "#/definitions/Project"
-              updated:
-                 $ref: "#/definitions/Project"
+            $ref: "#/definitions/ProjectPhase"
 
-  ProjectListResponse:
-    title: List response
+  ProjectPhaseListResponse:
+    title: Project phase list response object
     type: object
     properties:
       id:
@@ -1686,45 +2539,49 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/Project"
+              $ref: "#/definitions/ProjectPhase"
 
-  ProjectTemplateRequest:
-    title: Project template request object
+
+  PhaseProductRequest:
+    title: Phase product request object
     type: object
-    required:
-      - name
-      - key
-      - category
-      - scope
-      - phases
     properties:
       name:
         type: string
-        description: the project template name
-      key:
-        type: string
-        description: the project template key
-      category:
+        description: the phase product name
+      directProjectId:
+        type: number
+        description: the phase product direct project id
+      billingAccountId:
+        type: number
+        description: the phase product billing account Id
+      templateId:
+        type: number
+        description: the phase product template id
+      type:
         type: string
-        description: the project template category
-      scope:
-        type: object
-        description: the project template scope
-      phases:
+        description: the phase product type
+      estimatedPrice:
+        type: number
+        description: the phase product estimated price
+      actualPrice:
+        type: number
+        description: the phase product actual price
+      details:
         type: object
-        description: the project template phases
+        description: the phase product details
 
-  ProjectTemplateBodyParam:
-    title: Project template body param
+  PhaseProductBodyParam:
+    title: Phase product body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/ProjectTemplateRequest"
+        $ref: "#/definitions/PhaseProductRequest"
 
-  ProjectTemplate:
-    title: Project template object
+  PhaseProduct:
+    title: Phase product object
     allOf:
       - type: object
         required:
@@ -1756,11 +2613,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/ProjectTemplateRequest"
+      - $ref: "#/definitions/PhaseProductRequest"
 
 
-  ProjectTemplateResponse:
-    title: Single project template response object
+  PhaseProductResponse:
+    title: Single phase product response object
     type: object
     properties:
       id:
@@ -1779,10 +2636,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectTemplate"
+            $ref: "#/definitions/PhaseProduct"
 
-  ProjectTemplateListResponse:
-    title: Project template list response object
+  PhaseProductListResponse:
+    title: Phase product list response object
     type: object
     properties:
       id:
@@ -1804,64 +2661,64 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectTemplate"
+              $ref: "#/definitions/PhaseProduct"
               
-  ProductTemplateRequest:
-    title: Product template request object
+              
+              
+  ProjectTypeRequest:
+    title: Project type request object
     type: object
     required:
-      - name
-      - key
-      - category
-      - scope
-      - phases
+      - displayName
     properties:
-      name:
-        type: string
-        description: the product template name
-      productKey:
-        type: string
-        description: the product template key
-      icon:
-        type: string
-        description: the product template icon
-      brief:
-        type: string
-        description: the product template brief
-      details:
+      displayName:
         type: string
-        description: the product template details
-      aliases:
-        type: object
-        description: the product template aliases
-      template:
-        type: object
-        description: the product template template
+        description: the project type display name
 
-  ProductTemplateBodyParam:
-    title: Product template body param
+  ProjectTypeBodyParam:
+    title: Project type body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/ProductTemplateRequest"
+        $ref: "#/definitions/ProjectTypeRequest"
 
-  ProductTemplate:
-    title: Product template object
+  ProjectTypeCreateRequest:
+    title: Project type creation request object
+    type: object
+    allOf:
+      - type: object
+        required:
+          - key
+        properties:
+          key:
+            type: string
+            description: the project type key
+      - $ref: "#/definitions/ProjectTypeRequest"
+
+  ProjectTypeCreateBodyParam:
+    title: Project type creation body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectTypeCreateRequest"
+
+  ProjectType:
+    title: Project type object
     allOf:
       - type: object
         required:
-          - id
           - createdAt
           - createdBy
           - updatedAt
           - updatedBy
         properties:
-          id:
-            type: number
-            format: int64
-            description: the id
+          key:
+            type: string
+            description: the project type key
           createdAt:
             type: string
             description: Datetime (GMT) when object was created
@@ -1880,30 +2737,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/ProductTemplateRequest"
+      - $ref: "#/definitions/ProjectTypeCreateRequest"
 
-  ProjectUpgradeResponse:
-    title: Project upgrade response object
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
 
-  ProductTemplateResponse:
-    title: Single product template response object
+  ProjectTypeResponse:
+    title: Single project type response object
     type: object
     properties:
       id:
@@ -1922,10 +2760,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProductTemplate"
+            $ref: "#/definitions/ProjectType"
 
-  ProductTemplateListResponse:
-    title: Product template list response object
+  ProjectTypeListResponse:
+    title: Project type list response object
     type: object
     properties:
       id:
@@ -1947,52 +2785,54 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProductTemplate"
+              $ref: "#/definitions/ProjectType"
 
-  ProjectPhaseRequest:
-    title: Project phase request object
+
+  TimelineRequest:
+    title: Timeline request object
     type: object
     required:
       - name
-      - status
       - startDate
-      - endDate
+      - reference
+      - referenceId
     properties:
       name:
         type: string
-        description: the project phase name
-      status:
+        description: the timeline name
+      description:
         type: string
-        description: the project phase status
+        description: the timeline description
       startDate:
         type: string
         format: date
-        description: the project phase start date
+        description: the timeline start date
       endDate:
         type: string
         format: date
-        description: the project phase end date
-      budget:
+        description: the timeline end date
+      reference:
+        type: string
+        enum:
+          - project
+          - phase
+        description: the timeline reference
+      referenceId:
         type: number
-        description: the project phase budget
-      progress:
-        type: number
-        description: the project phase progress
-      details:
-        type: object
-        description: the project phase details
+        format: long
+        description: the timeline reference id (project id or phase id, corresponding to the `reference`)
 
-  ProjectPhaseBodyParam:
-    title: Project phase body param
+  TimelineBodyParam:
+    title: Timeline body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/ProjectPhaseRequest"
+        $ref: "#/definitions/TimelineRequest"
 
-  ProjectPhase:
-    title: Project phase object
+  Timeline:
+    title: Timeline object
     allOf:
       - type: object
         required:
@@ -2024,11 +2864,10 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/ProjectPhaseRequest"
+      - $ref: "#/definitions/TimelineRequest"
 
-
-  ProjectPhaseResponse:
-    title: Single project phase response object
+  TimelineResponse:
+    title: Single timeline response object
     type: object
     properties:
       id:
@@ -2047,10 +2886,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectPhase"
+            $ref: "#/definitions/Timeline"
 
-  ProjectPhaseListResponse:
-    title: Project phase list response object
+  TimelineListResponse:
+    title: Timeline list response object
     type: object
     properties:
       id:
@@ -2072,49 +2911,82 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectPhase"
-
+              $ref: "#/definitions/Timeline"
 
-  PhaseProductRequest:
-    title: Phase product request object
+  MilestoneRequest:
+    title: Milestone request object
     type: object
+    required:
+      - name
+      - duration
+      - startDate
+      - status
+      - type
+      - order
+      - plannedText
+      - activeText
+      - completedText
+      - blockedText
     properties:
       name:
         type: string
-        description: the phase product name
-      directProjectId:
-        type: number
-        description: the phase product direct project id
-      billingAccountId:
-        type: number
-        description: the phase product billing account Id
-      templateId:
+        description: the milestone name
+      description:
+        type: string
+        description: the milestone description
+      duration:
         type: number
-        description: the phase product template id
+        format: integer
+        description: the milestone duration
+      startDate:
+        type: string
+        format: date
+        description: the milestone start date
+      endDate:
+        type: string
+        format: date
+        description: the milestone end date
+      completionDate:
+        type: string
+        format: date
+        description: the milestone completion date
+      status:
+        type: string
+        description: the milestone status
       type:
         type: string
-        description: the phase product type
-      estimatedPrice:
-        type: number
-        description: the phase product estimated price
-      actualPrice:
-        type: number
-        description: the phase product actual price
+        description: the milestone type
       details:
         type: object
-        description: the phase product details
+        description: the milestone details
+      order:
+        type: number
+        format: integer
+        description: the milestone order
+      plannedText:
+        type: string
+        description: the milestone planned text
+      activeText:
+        type: string
+        description: the milestone active text
+      completedText:
+        type: string
+        description: the milestone completed text
+      blockedText:
+        type: string
+        description: the milestone blocked text
 
-  PhaseProductBodyParam:
-    title: Phase product body param
+  MilestoneBodyParam:
+    title: Milestone body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/PhaseProductRequest"
+        $ref: "#/definitions/MilestoneRequest"
 
-  PhaseProduct:
-    title: Phase product object
+  Milestone:
+    title: Milestone object
     allOf:
       - type: object
         required:
@@ -2146,11 +3018,10 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/PhaseProductRequest"
+      - $ref: "#/definitions/MilestoneRequest"
 
-
-  PhaseProductResponse:
-    title: Single phase product response object
+  MilestoneResponse:
+    title: Single milestone response object
     type: object
     properties:
       id:
@@ -2169,10 +3040,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/PhaseProduct"
+            $ref: "#/definitions/Milestone"
 
-  PhaseProductListResponse:
-    title: Phase product list response object
+  MilestoneListResponse:
+    title: Milestone list response object
     type: object
     properties:
       id:
@@ -2194,64 +3065,60 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/PhaseProduct"
-              
-              
-              
-  ProjectTypeRequest:
-    title: Project type request object
-    type: object
-    required:
-      - displayName
-    properties:
-      displayName:
-        type: string
-        description: the project type display name
+              $ref: "#/definitions/Milestone"
 
-  ProjectTypeBodyParam:
-    title: Project type body param
+
+  MilestoneTemplateRequest:
+    title: Milestone template request object
     type: object
     required:
-      - param
+      - name
+      - duration
+      - type
+      - order
     properties:
-      param:
-        $ref: "#/definitions/ProjectTypeRequest"
-
-  ProjectTypeCreateRequest:
-    title: Project type creation request object
-    type: object
-    allOf:
-      - type: object
-        required:
-          - key
-        properties:
-          key:
-            type: string
-            description: the project type key
-      - $ref: "#/definitions/ProjectTypeRequest"
+      name:
+        type: string
+        description: the milestone template name
+      description:
+        type: string
+        description: the milestone template description
+      duration:
+        type: number
+        format: integer
+        description: the milestone template duration
+      type:
+        type: string
+        description: the milestone template type
+      order:
+        type: number
+        format: integer
+        description: the milestone template order
 
-  ProjectTypeCreateBodyParam:
-    title: Project type creation body param
+  MilestoneTemplateBodyParam:
+    title: Milestone template body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/ProjectTypeCreateRequest"
+        $ref: "#/definitions/MilestoneTemplateRequest"
 
-  ProjectType:
-    title: Project type object
+  MilestoneTemplate:
+    title: Milestone template object
     allOf:
       - type: object
         required:
+          - id
           - createdAt
           - createdBy
           - updatedAt
           - updatedBy
         properties:
-          key:
-            type: string
-            description: the project type key
+          id:
+            type: number
+            format: int64
+            description: the id
           createdAt:
             type: string
             description: Datetime (GMT) when object was created
@@ -2270,11 +3137,10 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/ProjectTypeCreateRequest"
-
+      - $ref: "#/definitions/MilestoneTemplateRequest"
 
-  ProjectTypeResponse:
-    title: Single project type response object
+  MilestoneTemplateResponse:
+    title: Single milestone template response object
     type: object
     properties:
       id:
@@ -2293,10 +3159,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectType"
+            $ref: "#/definitions/MilestoneTemplate"
 
-  ProjectTypeListResponse:
-    title: Project type list response object
+  MilestoneTemplateListResponse:
+    title: Milestone template list response object
     type: object
     properties:
       id:
@@ -2318,4 +3184,4 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectType"
+              $ref: "#/definitions/MilestoneTemplate"

From da0e243e73640ae0b94113b24794a8fd3a547a8c Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Thu, 7 Jun 2018 00:11:11 +0700
Subject: [PATCH 28/59] Removed secrets in default.json

---
 config/default.json | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/default.json b/config/default.json
index 29a87f18..556a5a10 100644
--- a/config/default.json
+++ b/config/default.json
@@ -38,12 +38,13 @@
   "validIssuers": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]",
   "jwksUri": "",
   "busApiUrl": "http://api.topcoder-dev.com/v5",
+  "messageApiUrl": "http://api.topcoder-dev.com/v5",
   "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE",
   "HEALTH_CHECK_URL": "_health",
   "maxPhaseProductCount": 1,
-  "AUTH0_CLIENT_ID": "5fctfjaLJHdvM04kSrCcC8yn0I4t1JTd",
-  "AUTH0_CLIENT_SECRET": "GhvDENIrYXo-d8xQ10fxm9k7XSVg491vlpvolXyWNBmeBdhsA5BAq2mH4cAAYS0x",
-  "AUTH0_AUDIENCE": "https://www.topcoder.com",
-  "AUTH0_URL": "https://topcoder-newauth.auth0.com/oauth/token",
+  "AUTH0_CLIENT_ID": "",
+  "AUTH0_CLIENT_SECRET": "",
+  "AUTH0_AUDIENCE": "",
+  "AUTH0_URL": "",
   "TOKEN_CACHE_TIME": ""
 }

From 157bb75db6516bc5da4af69f1a677ce444e02511 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Fri, 8 Jun 2018 09:06:54 +0700
Subject: [PATCH 29/59] Added more tests for updating milestone order

---
 src/routes/milestones/update.spec.js | 194 ++++++++++++++++++++++++++-
 1 file changed, 192 insertions(+), 2 deletions(-)

diff --git a/src/routes/milestones/update.spec.js b/src/routes/milestones/update.spec.js
index f120dc25..fca57115 100644
--- a/src/routes/milestones/update.spec.js
+++ b/src/routes/milestones/update.spec.js
@@ -225,6 +225,24 @@ describe('UPDATE Milestone', () => {
                     updatedAt: '2018-05-11T00:00:00.000Z',
                     deletedAt: '2018-05-11T00:00:00.000Z',
                   },
+                  {
+                    id: 6,
+                    timelineId: 2, // Timeline 2
+                    name: 'Milestone 6',
+                    duration: 3,
+                    startDate: '2018-05-14T00:00:00.000Z',
+                    status: 'open',
+                    type: 'type5',
+                    order: 1,
+                    plannedText: 'plannedText 6',
+                    activeText: 'activeText 6',
+                    completedText: 'completedText 6',
+                    blockedText: 'blockedText 6',
+                    createdBy: 2,
+                    updatedBy: 3,
+                    createdAt: '2018-05-11T00:00:00.000Z',
+                    updatedAt: '2018-05-11T00:00:00.000Z',
+                  },
                 ])))
               .then(() => done());
           });
@@ -718,8 +736,8 @@ describe('UPDATE Milestone', () => {
         .expect(200)
         .end(() => {
           // Milestone 1: order 1
-          // Milestone 2: order 3
-          // Milestone 3: order 4
+          // Milestone 2: order 2
+          // Milestone 3: order 3
           // Milestone 4: order 0
           setTimeout(() => {
             models.Milestone.findById(1)
@@ -744,6 +762,178 @@ describe('UPDATE Milestone', () => {
         });
     });
 
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - changing order with only 1 item in list', function (done) {
+      this.timeout(10000);
+
+      request(server)
+        .patch('/v4/timelines/2/milestones/6')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.admin}`,
+        })
+        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 1 to 0
+        .expect(200)
+        .end(() => {
+          // Milestone 6: order 0
+          setTimeout(() => {
+            models.Milestone.findById(6)
+              .then((milestone) => {
+                milestone.order.should.be.eql(0);
+
+                done();
+              });
+          }, 3000);
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - changing order without changing other milestones\' orders', function (done) {
+      this.timeout(10000);
+
+      models.Milestone.bulkCreate([
+        {
+          id: 7,
+          timelineId: 2, // Timeline 2
+          name: 'Milestone 7',
+          duration: 3,
+          startDate: '2018-05-14T00:00:00.000Z',
+          status: 'open',
+          type: 'type7',
+          order: 3,
+          plannedText: 'plannedText 7',
+          activeText: 'activeText 7',
+          completedText: 'completedText 7',
+          blockedText: 'blockedText 7',
+          createdBy: 2,
+          updatedBy: 3,
+          createdAt: '2018-05-11T00:00:00.000Z',
+          updatedAt: '2018-05-11T00:00:00.000Z',
+        },
+        {
+          id: 8,
+          timelineId: 2, // Timeline 2
+          name: 'Milestone 8',
+          duration: 3,
+          startDate: '2018-05-14T00:00:00.000Z',
+          status: 'open',
+          type: 'type7',
+          order: 4,
+          plannedText: 'plannedText 8',
+          activeText: 'activeText 8',
+          completedText: 'completedText 8',
+          blockedText: 'blockedText 8',
+          createdBy: 2,
+          updatedBy: 3,
+          createdAt: '2018-05-11T00:00:00.000Z',
+          updatedAt: '2018-05-11T00:00:00.000Z',
+        },
+      ])
+        .then(() => {
+          request(server)
+            .patch('/v4/timelines/2/milestones/8')
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
+            .expect(200)
+            .end(() => {
+              // Milestone 6: order 1 => 1
+              // Milestone 7: order 3 => 3
+              // Milestone 8: order 4 => 2
+              setTimeout(() => {
+                models.Milestone.findById(6)
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(1);
+                  })
+                  .then(() => models.Milestone.findById(7))
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(3);
+                  })
+                  .then(() => models.Milestone.findById(8))
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(2);
+
+                    done();
+                  });
+              }, 3000);
+            });
+        });
+    });
+
+    // eslint-disable-next-line func-names
+    it('should return 200 for admin - changing order withchanging other milestones\' orders', function (done) {
+      this.timeout(10000);
+
+      models.Milestone.bulkCreate([
+        {
+          id: 7,
+          timelineId: 2, // Timeline 2
+          name: 'Milestone 7',
+          duration: 3,
+          startDate: '2018-05-14T00:00:00.000Z',
+          status: 'open',
+          type: 'type7',
+          order: 2,
+          plannedText: 'plannedText 7',
+          activeText: 'activeText 7',
+          completedText: 'completedText 7',
+          blockedText: 'blockedText 7',
+          createdBy: 2,
+          updatedBy: 3,
+          createdAt: '2018-05-11T00:00:00.000Z',
+          updatedAt: '2018-05-11T00:00:00.000Z',
+        },
+        {
+          id: 8,
+          timelineId: 2, // Timeline 2
+          name: 'Milestone 8',
+          duration: 3,
+          startDate: '2018-05-14T00:00:00.000Z',
+          status: 'open',
+          type: 'type7',
+          order: 4,
+          plannedText: 'plannedText 8',
+          activeText: 'activeText 8',
+          completedText: 'completedText 8',
+          blockedText: 'blockedText 8',
+          createdBy: 2,
+          updatedBy: 3,
+          createdAt: '2018-05-11T00:00:00.000Z',
+          updatedAt: '2018-05-11T00:00:00.000Z',
+        },
+      ])
+        .then(() => {
+          request(server)
+            .patch('/v4/timelines/2/milestones/8')
+            .set({
+              Authorization: `Bearer ${testUtil.jwts.admin}`,
+            })
+            .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
+            .expect(200)
+            .end(() => {
+              // Milestone 6: order 1 => 1
+              // Milestone 7: order 2 => 3
+              // Milestone 8: order 4 => 2
+              setTimeout(() => {
+                models.Milestone.findById(6)
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(1);
+                  })
+                  .then(() => models.Milestone.findById(7))
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(3);
+                  })
+                  .then(() => models.Milestone.findById(8))
+                  .then((milestone) => {
+                    milestone.order.should.be.eql(2);
+
+                    done();
+                  });
+              }, 3000);
+            });
+        });
+    });
+
     it('should return 200 for connect admin', (done) => {
       request(server)
         .patch('/v4/timelines/1/milestones/1')

From 13d9052143ee85de2445eba5c551c2134eea8373 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Fri, 8 Jun 2018 12:39:02 +0700
Subject: [PATCH 30/59] Added migration sql script: create project.templateId
 and new tables

---
 ..._project_add_templateId_and_new_tables.sql | 309 ++++++++++++++++++
 1 file changed, 309 insertions(+)
 create mode 100644 migrations/20180608_project_add_templateId_and_new_tables.sql

diff --git a/migrations/20180608_project_add_templateId_and_new_tables.sql b/migrations/20180608_project_add_templateId_and_new_tables.sql
new file mode 100644
index 00000000..2a47b964
--- /dev/null
+++ b/migrations/20180608_project_add_templateId_and_new_tables.sql
@@ -0,0 +1,309 @@
+--
+-- UPDATE EXISTING TABLES:
+--   projects
+--     templateId column: added
+-- CREATE NEW TABLES:
+--   milestones
+--   phase_products
+--   product_milestone_templates
+--   product_templates
+--   project_phases
+--   project_templates
+--   project_types
+--   timelines
+--
+
+--
+-- projects
+--
+ALTER TABLE projects ADD COLUMN "templateId" bigint;
+
+--
+-- milestones
+--
+
+CREATE TABLE milestones (
+    id bigint NOT NULL,
+    name character varying(255) NOT NULL,
+    description character varying(255),
+    duration integer NOT NULL,
+    "startDate" timestamp with time zone NOT NULL,
+    "endDate" timestamp with time zone,
+    "completionDate" timestamp with time zone,
+    status character varying(45) NOT NULL,
+    type character varying(45) NOT NULL,
+    details json,
+    "order" integer NOT NULL,
+    "plannedText" character varying(512) NOT NULL,
+    "activeText" character varying(512) NOT NULL,
+    "completedText" character varying(512) NOT NULL,
+    "blockedText" character varying(512) NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" bigint,
+    "createdBy" bigint NOT NULL,
+    "updatedBy" bigint NOT NULL,
+    "timelineId" bigint
+);
+
+CREATE SEQUENCE milestones_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE milestones_id_seq OWNED BY milestones.id;
+
+
+--
+-- phase_products
+--
+
+CREATE TABLE phase_products (
+    id bigint NOT NULL,
+    name character varying(255),
+    "projectId" bigint,
+    "directProjectId" bigint,
+    "billingAccountId" bigint,
+    "templateId" bigint DEFAULT 0,
+    type character varying(255),
+    "estimatedPrice" double precision DEFAULT 0,
+    "actualPrice" double precision DEFAULT 0,
+    details json DEFAULT '{}'::json,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" integer,
+    "createdBy" integer NOT NULL,
+    "updatedBy" integer NOT NULL,
+    "phaseId" bigint
+);
+
+
+CREATE SEQUENCE phase_products_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE phase_products_id_seq OWNED BY phase_products.id;
+
+--
+-- product_milestone_templates
+--
+
+CREATE TABLE product_milestone_templates (
+    id bigint NOT NULL,
+    name character varying(255) NOT NULL,
+    description character varying(255),
+    duration integer NOT NULL,
+    type character varying(45) NOT NULL,
+    "order" integer NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" bigint,
+    "createdBy" bigint NOT NULL,
+    "updatedBy" bigint NOT NULL,
+    "productTemplateId" bigint
+);
+
+CREATE SEQUENCE product_milestone_templates_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE product_milestone_templates_id_seq OWNED BY product_milestone_templates.id;
+
+
+--
+-- product_templates
+--
+CREATE TABLE product_templates (
+    id bigint NOT NULL,
+    name character varying(255) NOT NULL,
+    "productKey" character varying(45) NOT NULL,
+    icon character varying(255) NOT NULL,
+    brief character varying(45) NOT NULL,
+    details character varying(255) NOT NULL,
+    aliases json NOT NULL,
+    template json NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" bigint,
+    "createdBy" bigint NOT NULL,
+    "updatedBy" bigint NOT NULL
+);
+
+CREATE SEQUENCE product_templates_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE product_templates_id_seq OWNED BY product_templates.id;
+
+--
+-- project_phases
+--
+
+CREATE TABLE project_phases (
+    id bigint NOT NULL,
+    name character varying(255),
+    status character varying(255),
+    "startDate" timestamp with time zone,
+    "endDate" timestamp with time zone,
+    budget double precision DEFAULT 0,
+    progress double precision DEFAULT 0,
+    details json DEFAULT '{}'::json,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" integer,
+    "createdBy" integer NOT NULL,
+    "updatedBy" integer NOT NULL,
+    "projectId" bigint
+);
+
+CREATE SEQUENCE project_phases_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE project_phases_id_seq OWNED BY project_phases.id;
+
+
+--
+-- project_templates
+--
+CREATE TABLE project_templates (
+    id bigint NOT NULL,
+    name character varying(255) NOT NULL,
+    key character varying(45) NOT NULL,
+    category character varying(45) NOT NULL,
+    icon character varying(255) NOT NULL,
+    question character varying(255) NOT NULL,
+    info character varying(255) NOT NULL,
+    aliases json NOT NULL,
+    scope json NOT NULL,
+    phases json NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" bigint,
+    "createdBy" bigint NOT NULL,
+    "updatedBy" bigint NOT NULL
+);
+
+CREATE SEQUENCE project_templates_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE project_templates_id_seq OWNED BY project_templates.id;
+
+--
+-- project_types
+--
+
+CREATE TABLE project_types (
+    key character varying(45) NOT NULL,
+    "displayName" character varying(255) NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" integer,
+    "createdBy" integer NOT NULL,
+    "updatedBy" integer NOT NULL
+);
+
+--
+-- timelines
+--
+CREATE TABLE timelines (
+    id bigint NOT NULL,
+    name character varying(255) NOT NULL,
+    description character varying(255),
+    "startDate" timestamp with time zone NOT NULL,
+    "endDate" timestamp with time zone,
+    reference character varying(45) NOT NULL,
+    "referenceId" bigint NOT NULL,
+    "deletedAt" timestamp with time zone,
+    "createdAt" timestamp with time zone,
+    "updatedAt" timestamp with time zone,
+    "deletedBy" bigint,
+    "createdBy" bigint NOT NULL,
+    "updatedBy" bigint NOT NULL
+);
+
+CREATE SEQUENCE timelines_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE timelines_id_seq OWNED BY timelines.id;
+
+
+ALTER TABLE ONLY milestones ALTER COLUMN id SET DEFAULT nextval('milestones_id_seq'::regclass);
+
+ALTER TABLE ONLY phase_products ALTER COLUMN id SET DEFAULT nextval('phase_products_id_seq'::regclass);
+
+ALTER TABLE ONLY product_milestone_templates ALTER COLUMN id SET DEFAULT nextval('product_milestone_templates_id_seq'::regclass);
+
+ALTER TABLE ONLY product_templates ALTER COLUMN id SET DEFAULT nextval('product_templates_id_seq'::regclass);
+
+ALTER TABLE ONLY project_phases ALTER COLUMN id SET DEFAULT nextval('project_phases_id_seq'::regclass);
+
+ALTER TABLE ONLY project_templates ALTER COLUMN id SET DEFAULT nextval('project_templates_id_seq'::regclass);
+
+ALTER TABLE ONLY timelines ALTER COLUMN id SET DEFAULT nextval('timelines_id_seq'::regclass);
+
+ALTER TABLE ONLY milestones
+    ADD CONSTRAINT milestones_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY phase_products
+    ADD CONSTRAINT phase_products_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY product_milestone_templates
+    ADD CONSTRAINT product_milestone_templates_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY product_templates
+    ADD CONSTRAINT product_templates_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY project_phases
+    ADD CONSTRAINT project_phases_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY project_templates
+    ADD CONSTRAINT project_templates_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY project_types
+    ADD CONSTRAINT project_types_pkey PRIMARY KEY (key);
+
+ALTER TABLE ONLY timelines
+    ADD CONSTRAINT timelines_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY milestones
+    ADD CONSTRAINT "milestones_timelineId_fkey" FOREIGN KEY ("timelineId") REFERENCES timelines(id) ON UPDATE CASCADE ON DELETE CASCADE;
+
+ALTER TABLE ONLY phase_products
+    ADD CONSTRAINT "phase_products_phaseId_fkey" FOREIGN KEY ("phaseId") REFERENCES project_phases(id) ON UPDATE CASCADE ON DELETE SET NULL;
+
+
+ALTER TABLE ONLY product_milestone_templates
+    ADD CONSTRAINT "product_milestone_templates_productTemplateId_fkey" FOREIGN KEY ("productTemplateId") REFERENCES product_templates(id) ON UPDATE CASCADE ON DELETE CASCADE;
+
+ALTER TABLE ONLY project_phases
+    ADD CONSTRAINT "project_phases_projectId_fkey" FOREIGN KEY ("projectId") REFERENCES projects(id) ON UPDATE CASCADE ON DELETE SET NULL;

From 56cafd18165fcf091242917088b8e515af2b9cc1 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Sun, 10 Jun 2018 13:43:16 +0700
Subject: [PATCH 31/59] Merge migration scripts

---
 .../20180608_project_add_templateId_and_new_tables.sql      | 6 ++++++
 migrations/project_add_version_column.sql                   | 4 ----
 2 files changed, 6 insertions(+), 4 deletions(-)
 delete mode 100644 migrations/project_add_version_column.sql

diff --git a/migrations/20180608_project_add_templateId_and_new_tables.sql b/migrations/20180608_project_add_templateId_and_new_tables.sql
index 2a47b964..a43db5a3 100644
--- a/migrations/20180608_project_add_templateId_and_new_tables.sql
+++ b/migrations/20180608_project_add_templateId_and_new_tables.sql
@@ -2,6 +2,7 @@
 -- UPDATE EXISTING TABLES:
 --   projects
 --     templateId column: added
+--     version column: added
 -- CREATE NEW TABLES:
 --   milestones
 --   phase_products
@@ -18,6 +19,11 @@
 --
 ALTER TABLE projects ADD COLUMN "templateId" bigint;
 
+-- make sure to update existing projects to have this field set to "v2"
+ALTER TABLE projects ADD COLUMN "version" varchar(3) NOT NULL DEFAULT 'v2';
+-- make sure new projects from now on have "v3" as default value
+ALTER TABLE projects ALTER COLUMN "version" SET DEFAULT 'v3';
+
 --
 -- milestones
 --
diff --git a/migrations/project_add_version_column.sql b/migrations/project_add_version_column.sql
deleted file mode 100644
index 055d8598..00000000
--- a/migrations/project_add_version_column.sql
+++ /dev/null
@@ -1,4 +0,0 @@
--- make sure to update existing projects to have this field set to "v2"
-ALTER TABLE projects ADD COLUMN "version" varchar(3) NOT NULL DEFAULT 'v2';
--- make sure new projects from now on have "v3" as default value
-ALTER TABLE projects ALTER COLUMN "version" SET DEFAULT 'v3'

From e73a906b5cb28950c485fd77b24e9f7dba3da009 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 14:06:20 +0530
Subject: [PATCH 32/59] Fixing topic creation for each phase of a new project
 Fixed admin endpoint to index the phases as well Refactored code to be more
 lean for project create endpoint

---
 src/constants.js                         |   2 +
 src/events/projectPhases/index.js        |  21 +-
 src/events/projects/index.js             |  12 +-
 src/models/project.js                    |  12 +-
 src/routes/admin/project-index-create.js |   4 +-
 src/routes/admin/project-index-delete.js |   2 +-
 src/routes/projects/create.js            | 326 +++++++++++++----------
 src/routes/projects/create.spec.js       |  49 +++-
 src/services/busApi.js                   |  52 ++--
 9 files changed, 297 insertions(+), 183 deletions(-)

diff --git a/src/constants.js b/src/constants.js
index 1b48b8bd..a99469f5 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -9,6 +9,8 @@ export const PROJECT_STATUS = {
   CANCELLED: 'cancelled',
 };
 
+export const PROJECT_PHASE_STATUS = PROJECT_STATUS;
+
 export const PROJECT_MEMBER_ROLE = {
   MANAGER: 'manager',
   CUSTOMER: 'customer',
diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index 74aa40fb..e846f632 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -23,12 +23,25 @@ const eClient = util.getElasticSearchClient();
  */
 const indexProjectPhase = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
   try {
-    const data = JSON.parse(msg.content.toString());
-    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId });
+    const phase = JSON.parse(msg.content.toString());
+    const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: phase.projectId });
     const phases = _.isArray(doc._source.phases) ? doc._source.phases : []; // eslint-disable-line no-underscore-dangle
-    phases.push(_.omit(data, ['deletedAt', 'deletedBy']));
+    const existingPhaseIndex = _.findIndex(phases, p => p.id === phase.id);
+    // if phase does not exists already
+    if (existingPhaseIndex === -1) {
+      phases.push(_.omit(phase, ['deletedAt', 'deletedBy']));
+    } else { // if phase already exists, ideally we should never land here, but code handles the buggy indexing
+      // replaces the old inconsistent index where previously phase was not removed from the index but deleted
+      // from the database
+      phases.splice(existingPhaseIndex, 1, phase);
+    }
     const merged = _.assign(doc._source, { phases }); // eslint-disable-line no-underscore-dangle
-    yield eClient.update({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: data.projectId, body: { doc: merged } });
+    yield eClient.update({
+      index: ES_PROJECT_INDEX,
+      type: ES_PROJECT_TYPE,
+      id: phase.projectId,
+      body: { doc: merged },
+    });
     logger.debug('project phase added to project document successfully');
   } catch (error) {
     logger.error('Error handling indexing the project phase', error);
diff --git a/src/events/projects/index.js b/src/events/projects/index.js
index 24890633..02041663 100644
--- a/src/events/projects/index.js
+++ b/src/events/projects/index.js
@@ -34,6 +34,8 @@ const indexProject = Promise.coroutine(function* (logger, msg) { // eslint-disab
       const detail = _.find(memberDetails, md => md.userId === single.userId);
       return _.merge(single, _.pick(detail, 'handle', 'firstName', 'lastName', 'email'));
     });
+    // update project member record with details
+    data.phases = data.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
     // add the record to the index
     const result = yield eClient.index({
       index: ES_PROJECT_INDEX,
@@ -59,7 +61,11 @@ const projectCreatedHandler = Promise.coroutine(function* (logger, msg, channel)
   const project = JSON.parse(msg.content.toString());
   try {
     yield indexProject(logger, msg);
-    yield createPhaseTopic(logger, msg);
+    if (project.phases && project.phases.length > 0) {
+      logger.debug('Phases found for the project, trying to create topics for each phase.');
+      const topicPromises = _.map(project.phases, phase => createPhaseTopic(logger, phase));
+      yield Promise.all(topicPromises);
+    }
     channel.ack(msg);
   } catch (error) {
     logger.error(`Error processing event (projectId: ${project.id})`, error);
@@ -89,11 +95,11 @@ const projectUpdatedHandler = Promise.coroutine(function* (logger, msg, channel)
         doc: merged,
       },
     });
-    logger.debug(`project updated successfully in elasticsearh index, (projectId: ${data.id})`);
+    logger.debug(`project updated successfully in elasticsearh index, (projectId: ${data.original.id})`);
     channel.ack(msg);
     return undefined;
   } catch (error) {
-    logger.error(`failed to get project document, (projectId: ${data.id})`, error);
+    logger.error(`failed to get project document, (projectId: ${data.original.id})`, error);
     channel.nack(msg, false, !msg.fields.redelivered);
     return undefined;
   }
diff --git a/src/models/project.js b/src/models/project.js
index 48dd8615..51cac309 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -155,11 +155,21 @@ module.exports = function defineProject(sequelize, DataTypes) {
               .then(projects => ({ rows: projects, count }));
           });
       },
-      findProjectRange(startId, endId, fields) {
+      findProjectRange(models, startId, endId, fields) {
         return this.findAll({
           where: { id: { $between: [startId, endId] } },
           attributes: _.get(fields, 'projects', null),
           raw: true,
+          include: [{
+            model: models.ProjectPhase,
+            as: 'phases',
+            order: [['startDate', 'asc']],
+            // where: phasesWhere,
+            include: [{
+              model: models.PhaseProduct,
+              as: 'products',
+            }],
+          }]
         });
       },
     },
diff --git a/src/routes/admin/project-index-create.js b/src/routes/admin/project-index-create.js
index 96e4757e..cc6d5e56 100644
--- a/src/routes/admin/project-index-create.js
+++ b/src/routes/admin/project-index-create.js
@@ -50,13 +50,15 @@ module.exports = [
     });
 
     const eClient = util.getElasticSearchClient();
-    return models.Project.findProjectRange(projectIdStart, projectIdEnd, fields)
+    return models.Project.findProjectRange(models, projectIdStart, projectIdEnd, fields)
     .then((_projects) => {
       const projects = _projects.map((_project) => {
         const project = _project;
         if (!project) {
           return Promise.resolve(null);
         }
+        // removs the delete audit fields from the index data
+        project.phases = project.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
         return models.ProjectMember.getActiveProjectMembers(project.id)
         .then((currentProjectMembers) => {
           // check context for project members
diff --git a/src/routes/admin/project-index-delete.js b/src/routes/admin/project-index-delete.js
index 2564aca8..54f1c403 100644
--- a/src/routes/admin/project-index-delete.js
+++ b/src/routes/admin/project-index-delete.js
@@ -49,7 +49,7 @@ module.exports = [
     });
 
     const eClient = util.getElasticSearchClient();
-    return models.Project.findProjectRange(projectIdStart, projectIdEnd, fields)
+    return models.Project.findProjectRange(models, projectIdStart, projectIdEnd, fields)
     .then((_projects) => {
       const projects = _projects.map((_project) => {
         const project = _project;
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index af0dee30..95d099fb 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -6,7 +6,7 @@ import Joi from 'joi';
 import config from 'config';
 
 import models from '../../models';
-import { PROJECT_MEMBER_ROLE, PROJECT_STATUS, USER_ROLE, EVENT, REGEX } from '../../constants';
+import { PROJECT_MEMBER_ROLE, PROJECT_STATUS, PROJECT_PHASE_STATUS, USER_ROLE, EVENT, REGEX } from '../../constants';
 import util from '../../util';
 import directProject from '../../services/directProject';
 
@@ -63,9 +63,10 @@ const createProjectValdiations = {
  * @param {Object} req the request
  * @param {Object} project the project
  * @param {Object} projectTemplate the project template
+ * @param {Array} productTemplates array of the templates of the products used in the projec template
  * @returns {Promise} the promise that resolves to the created project and phases
  */
-function createProjectAndPhases(req, project, projectTemplate) {
+function createProjectAndPhases(req, project, projectTemplate, productTemplates) {
   const result = {
     newProject: null,
     newPhases: [],
@@ -77,59 +78,120 @@ function createProjectAndPhases(req, project, projectTemplate) {
       model: models.ProjectMember,
       as: 'members',
     }],
-  })
-    .then((newProject) => {
-      result.newProject = newProject;
+  }).then((newProject) => {
+    result.newProject = newProject;
+
+    if (!projectTemplate) {
+      return Promise.resolve(result);
+    }
+    const phases = _.values(projectTemplate.phases);
+    const productTemplateMap = _.map(productTemplates, (pt) => {
+      const map = {};
+      map[pt.id] = pt;
+      return map;
+    });
+    return Promise.all(_.map(phases, (phase, phaseIdx) =>
+      // Create phase
+      models.ProjectPhase.create({
+        projectId: newProject.id,
+        name: _.get(phase, 'name', `Stage ${phaseIdx}`),
+        status: _.get(phase, 'status', PROJECT_PHASE_STATUS.DRAFT),
+        budget: _.get(phase, 'budget', 0),
+        updatedBy: req.authUser.userId,
+        createdBy: req.authUser.userId,
+      }).then((newPhase) => {
+        req.log.debug(`Creating products in the newly created phase ${newPhase.id}`);
+        // Create products
+        return models.PhaseProduct.bulkCreate(_.map(phase.products, (product, productIndex) => ({
+          phaseId: newPhase.id,
+          projectId: newProject.id,
+          estimatedPrice: _.get(product, 'estimatedPrice', 0),
+          name: _.get(product, 'name', _.get(productTemplateMap, `${product.id}.name`, `Product ${productIndex}`)),
+          // assumes that phase template always contains id of each product
+          templateId: parseInt(product.id, 10),
+          updatedBy: req.authUser.userId,
+          createdBy: req.authUser.userId,
+        })), { returning: true })
+        .then((products) => {
+          // Add phases and products to the project JSON, so they can be stored to ES later
+          const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
+          newPhaseJson.products = _.map(products, product =>
+            _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
+          result.newPhases.push(newPhaseJson);
+          return Promise.resolve();
+        });
+      }),
+    ));
+  }).then(() => Promise.resolve(result));
+}
 
-      if (!projectTemplate) {
-        return Promise.resolve(result);
+/**
+ * Validates the project and product templates for the give project template id.
+ *
+ * @param {Integer} templateId id of the project template which should be validated
+ * @returns {Promise} the promise that resolves to an object containing validated project and product templates
+ */
+function validateAndFetchTemplates(templateId) {
+  return models.ProjectTemplate.findById(templateId, { raw: true })
+  .then((existingProjectTemplate) => {
+    if (!existingProjectTemplate) {
+      // Not found
+      const apiErr = new Error(`Project template not found for id ${templateId}`);
+      apiErr.status = 422;
+      return Promise.reject(apiErr);
+    }
+    return Promise.resolve(existingProjectTemplate);
+  })
+  .then((projectTemplate) => {
+    const phases = _.values(projectTemplate.phases);
+    const productPromises = [];
+    phases.forEach((phase) => {
+      // Make sure number of products of per phase <= max value
+      const productCount = _.isArray(phase.products) ? phase.products.length : 0;
+      if (productCount > config.maxPhaseProductCount) {
+        const apiErr = new Error(`Number of products per phase cannot exceed ${config.maxPhaseProductCount}`);
+        apiErr.status = 422;
+        throw apiErr;
       }
+      _.map(phase.products, (product) => {
+        productPromises.push(models.ProductTemplate.findById(product.id)
+        .then((productTemplate) => {
+          if (!productTemplate) {
+            // Not found
+            const apiErr = new Error(`Product template not found for id ${product.id}`);
+            apiErr.status = 422;
+            return Promise.reject(apiErr);
+          }
+          return Promise.resolve(productTemplate);
+        }));
+      });
+    });
+    if (productPromises.length > 0) {
+      return Promise.all(productPromises).then(productTemplates => ({ projectTemplate, productTemplates }));
+    }
+    // if there is no phase or product in a phase is specified, return empty product templates
+    return Promise.resolve({ projectTemplate, productTemplates: [] });
+  });
+}
 
-      const phases = _.values(projectTemplate.phases);
-      return Promise.all(_.map(phases, phase =>
-        // Create phase
-        models.ProjectPhase.create(
-          _.assign(
-            _.omit(phase, 'products'),
-            {
-              projectId: newProject.id,
-              updatedBy: req.authUser.userId,
-              createdBy: req.authUser.userId,
-            },
-          ),
-        )
-          .then((newPhase) => {
-            // Make sure number of products of per phase <= max value
-            const productCount = _.isArray(phase.products) ? phase.products.length : 0;
-            if (productCount > config.maxPhaseProductCount) {
-              const err = new Error('the number of products per phase cannot exceed ' +
-                `${config.maxPhaseProductCount}`);
-              err.status = 422;
-              throw err;
-            }
+/**
+ * Validates the project type being one from the allowed ones.
+ *
+ * @param {String} type key of the project type to be used
+ * @returns {Promise} promise which resolves to a project type if it is valid, rejects otherwise with 422 error
+ */
+function validateProjectType(type) {
+  return models.ProjectType.findOne({ where: { key: type } })
+  .then((projectType) => {
+    if (!projectType) {
+      // Not found
+      const apiErr = new Error(`Project type not found for key ${type}`);
+      apiErr.status = 422;
+      return Promise.reject(apiErr);
+    }
 
-            // Create products
-            return models.PhaseProduct.bulkCreate(_.map(phase.products, product =>
-              // productKey is just used for the JSON to be more human readable
-              // id need to map to templateId
-              _.assign(_.omit(product, ['id', 'productKey']), {
-                phaseId: newPhase.id,
-                projectId: newProject.id,
-                templateId: parseInt(product.id, 10),
-                updatedBy: req.authUser.userId,
-                createdBy: req.authUser.userId,
-              })), { returning: true })
-              .then((products) => {
-                // Add phases and products to the project JSON, so they can be stored to ES later
-                const newPhaseJson = _.omit(newPhase.toJSON(), ['deletedAt', 'deletedBy']);
-                newPhaseJson.products = _.map(products, product =>
-                  _.omit(product.toJSON(), ['deletedAt', 'deletedBy']));
-                result.newPhases.push(newPhaseJson);
-                return Promise.resolve();
-              });
-          })));
-    })
-    .then(() => Promise.resolve(result));
+    return Promise.resolve(projectType);
+  });
 }
 
 module.exports = [
@@ -174,102 +236,80 @@ module.exports = [
     });
     models.sequelize.transaction(() => {
       let newProject = null;
-      let projectTemplate;
       let newPhases;
       // Validate the project type
-      return models.ProjectType.findOne({ where: { key: project.type } })
-        .then((projectType) => {
-          if (!projectType) {
-            // Not found
-            const apiErr = new Error(`Project type not found for key ${project.type}`);
-            apiErr.status = 422;
-            return Promise.reject(apiErr);
-          }
-
-          return Promise.resolve();
-        })
-        // Validate the templateId
-        .then(() => {
-          if (project.templateId) {
-            return models.ProjectTemplate.findById(project.templateId)
-              .then((existingProjectTemplate) => {
-                if (!existingProjectTemplate) {
-                  // Not found
-                  const apiErr = new Error(`Project template not found for id ${project.templateId}`);
-                  apiErr.status = 422;
-                  return Promise.reject(apiErr);
-                }
-
-                projectTemplate = existingProjectTemplate;
-                return Promise.resolve();
-              });
-          }
-          return Promise.resolve();
-        })
-        // Create project and phases
-        .then(() => createProjectAndPhases(req, project, projectTemplate))
-        .then((createdProjectAndPhases) => {
-          newProject = createdProjectAndPhases.newProject;
-          newPhases = createdProjectAndPhases.newPhases;
+      return validateProjectType(project.type)
+      // Validate the templates
+      .then((projectType) => {
+        req.log.debug(`Project type ${projectType.key} validated successfully`);
+        return validateAndFetchTemplates(project.templateId);
+      })
+      // Create project and phases
+      .then(({ projectTemplate, productTemplates }) => {
+        req.log.debug('Creating project, phase and products');
+        return createProjectAndPhases(req, project, projectTemplate, productTemplates);
+      })
+      .then((createdProjectAndPhases) => {
+        newProject = createdProjectAndPhases.newProject;
+        newPhases = createdProjectAndPhases.newPhases;
 
-          req.log.debug('new project created (id# %d, name: %s)',
-            newProject.id, newProject.name);
-          // create direct project with name and description
-          const body = {
-            projectName: newProject.name,
-            projectDescription: newProject.description,
-          };
-          // billingAccountId is optional field
-          if (newProject.billingAccountId) {
-            body.billingAccountId = newProject.billingAccountId;
-          }
-          req.log.debug('creating project history for project %d', newProject.id);
-          // add to project history
-          models.ProjectHistory.create({
-            projectId: newProject.id,
-            status: PROJECT_STATUS.DRAFT,
-            cancelReason: null,
-            updatedBy: req.authUser.userId,
-          }).then(() => req.log.debug('project history created for project %d', newProject.id))
-            .catch(() => req.log.error('project history failed for project %d', newProject.id));
-          req.log.debug('creating direct project for project %d', newProject.id);
-          return directProject.createDirectProject(req, body)
-            .then((resp) => {
-              newProject.directProjectId = resp.data.result.content.projectId;
-              return newProject.save();
-            })
-            .then(() => newProject.reload(newProject.id))
-            .catch((err) => {
-              // log the error and continue
-              req.log.error('Error creating direct project');
-              req.log.error(err);
-              return Promise.resolve();
-            });
-          // return Promise.resolve();
-        })
-        .then(() => {
-          newProject = newProject.get({ plain: true });
-          // remove utm details & deletedAt field
-          newProject = _.omit(newProject, ['deletedAt', 'utm']);
-          // add an empty attachments array
-          newProject.attachments = [];
-          // set phases array
-          newProject.phases = newPhases;
+        req.log.debug('new project created (id# %d, name: %s)', newProject.id, newProject.name);
+        // create direct project with name and description
+        const body = {
+          projectName: newProject.name,
+          projectDescription: newProject.description,
+        };
+        // billingAccountId is optional field
+        if (newProject.billingAccountId) {
+          body.billingAccountId = newProject.billingAccountId;
+        }
+        req.log.debug('creating project history for project %d', newProject.id);
+        // add to project history asynchronously, don't wait for it to complete
+        models.ProjectHistory.create({
+          projectId: newProject.id,
+          status: PROJECT_STATUS.DRAFT,
+          cancelReason: null,
+          updatedBy: req.authUser.userId,
+        }).then(() => req.log.debug('project history created for project %d', newProject.id))
+          .catch(() => req.log.error('project history failed for project %d', newProject.id));
+        req.log.debug('creating direct project for project %d', newProject.id);
+        return directProject.createDirectProject(req, body)
+          .then((resp) => {
+            newProject.directProjectId = resp.data.result.content.projectId;
+            return newProject.save();
+          })
+          .then(() => newProject.reload(newProject.id))
+          .catch((err) => {
+            // log the error and continue
+            req.log.error('Error creating direct project');
+            req.log.error(err);
+            return Promise.resolve();
+          });
+        // return Promise.resolve();
+      })
+      .then(() => {
+        newProject = newProject.get({ plain: true });
+        // remove utm details & deletedAt field
+        newProject = _.omit(newProject, ['deletedAt', 'utm']);
+        // add an empty attachments array
+        newProject.attachments = [];
+        // set phases array
+        newProject.phases = newPhases;
 
-          req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
-          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
-            newProject,
-            { correlationId: req.id },
-          );
-          req.log.debug('Sending event to Kafka bus for project %d', newProject.id);
-          // emit event
-          req.app.emit(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED, { req, project: newProject });
-          res.status(201).json(util.wrapResponse(req.id, newProject, 1, 201));
-        })
-        .catch((err) => {
-          req.log.error(err.message);
-          util.handleError('Error creating project', err, req, next);
-        });
+        req.log.debug('Sending event to RabbitMQ bus for project %d', newProject.id);
+        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED,
+          newProject,
+          { correlationId: req.id },
+        );
+        req.log.debug('Sending event to Kafka bus for project %d', newProject.id);
+        // emit event
+        req.app.emit(EVENT.ROUTING_KEY.PROJECT_DRAFT_CREATED, { req, project: newProject });
+        res.status(201).json(util.wrapResponse(req.id, newProject, 1, 201));
+      })
+      .catch((err) => {
+        req.log.error(err.message);
+        util.handleError('Error creating project', err, req, next);
+      });
     });
   },
 ];
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index 802a6e7e..3f6064ff 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -11,6 +11,7 @@ import RabbitMQService from '../../services/rabbitmq';
 import models from '../../models';
 
 const should = chai.should();
+const expect = chai.expect;
 
 describe('Project create', () => {
   before((done) => {
@@ -25,6 +26,44 @@ describe('Project create', () => {
           updatedBy: 1,
         },
       ]))
+      .then(() => models.ProductTemplate.bulkCreate([
+        {
+          id: 21,
+          name: 'template 1',
+          productKey: 'productKey-1',
+          icon: 'http://example.com/icon2.ico',
+          brief: 'brief 1',
+          details: 'details 1',
+          aliases: {},
+          template: {},
+          createdBy: 3,
+          updatedBy: 4,
+        },
+        {
+          id: 22,
+          name: 'template 2',
+          productKey: 'productKey-2',
+          icon: 'http://example.com/icon2.ico',
+          brief: 'brief 2',
+          details: 'details 2',
+          aliases: {},
+          template: {},
+          createdBy: 3,
+          updatedBy: 4,
+        },
+        {
+          id: 23,
+          name: 'template 3',
+          productKey: 'productKey-3',
+          icon: 'http://example.com/icon3.ico',
+          brief: 'brief 3',
+          details: 'details 3',
+          aliases: {},
+          template: {},
+          createdBy: 3,
+          updatedBy: 4,
+        },
+      ]))
       .then(() => models.ProjectTemplate.bulkCreate([
         {
           id: 1,
@@ -209,6 +248,8 @@ describe('Project create', () => {
     });
 
     it('should return 201 if error to create direct project', (done) => {
+      const validBody = _.cloneDeep(body);
+      validBody.param.templateId = 3;
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.reject(new Error('error message')),
       });
@@ -218,7 +259,7 @@ describe('Project create', () => {
         .set({
           Authorization: `Bearer ${testUtil.jwts.member}`,
         })
-        .send(body)
+        .send(validBody)
         .expect('Content-Type', /json/)
         .expect(201)
         .end((err, res) => {
@@ -235,6 +276,8 @@ describe('Project create', () => {
     });
 
     it('should return 201 if valid user and data', (done) => {
+      const validBody = _.cloneDeep(body);
+      validBody.param.templateId = 3;
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.resolve({
           status: 200,
@@ -257,7 +300,7 @@ describe('Project create', () => {
         .set({
           Authorization: `Bearer ${testUtil.jwts.member}`,
         })
-        .send(body)
+        .send(validBody)
         .expect('Content-Type', /json/)
         .expect(201)
         .end((err, res) => {
@@ -335,7 +378,7 @@ describe('Project create', () => {
             const phases = _.sortBy(resJson.phases, p => p.name);
             phases[0].name.should.be.eql('Design Stage');
             phases[0].status.should.be.eql('open');
-            phases[0].details.should.be.eql({ description: 'detailed description' });
+            expect(phases[0].details).to.be.empty;
             phases[0].products.should.have.lengthOf(1);
             phases[0].products[0].name.should.be.eql('product 1');
             phases[0].products[0].templateId.should.be.eql(21);
diff --git a/src/services/busApi.js b/src/services/busApi.js
index 5639d25a..23006c8e 100644
--- a/src/services/busApi.js
+++ b/src/services/busApi.js
@@ -49,35 +49,33 @@ function createEvent(type, message, logger) {
   logger.debug(`Sending message: ${JSON.stringify(message)}`);
   return getClient().then((busClient) => {
     logger.debug('calling bus-api');
-    busClient.post('/bus/events', {
+    return busClient.post('/bus/events', {
       type,
       message: body,
-    })
-      .then((resp) => {
-        logger.debug('Sent event to bus-api');
-        logger.debug(`Sent event to bus-api [data]: ${resp.data}`);
-        logger.debug(`Sent event to bus-api [status]: ${resp.status}`);
-      })
-      .catch((error) => {
-        logger.debug('Error sending event to bus-api');
-        if (error.response) {
-          // The request was made and the server responded with a status code
-          // that falls out of the range of 2xx
-          logger.debug(error.response.data);
-          logger.debug(error.response.status);
-          logger.debug(error.response.headers);
-        } else if (error.request) {
-          // The request was made but no response was received
-          // `error.request` is an instance of XMLHttpRequest in the browser and an instance of
-          // http.ClientRequest in node.js
-          logger.debug(error.request);
-        } else {
-          // Something happened in setting up the request that triggered an Error
-          logger.debug(error.message);
-        }
-        logger.debug(error.config);
-        Promise.resolve();     // eslint-disable-line
-      });
+    }).then((resp) => {
+      logger.debug('Sent event to bus-api');
+      logger.debug(`Sent event to bus-api [data]: ${resp.data}`);
+      logger.debug(`Sent event to bus-api [status]: ${resp.status}`);
+    }).catch((error) => {
+      logger.debug('Error sending event to bus-api');
+      if (error.response) {
+        // The request was made and the server responded with a status code
+        // that falls out of the range of 2xx
+        logger.debug(error.response.data);
+        logger.debug(error.response.status);
+        logger.debug(error.response.headers);
+      } else if (error.request) {
+        // The request was made but no response was received
+        // `error.request` is an instance of XMLHttpRequest in the browser and an instance of
+        // http.ClientRequest in node.js
+        logger.debug(error.request);
+      } else {
+        // Something happened in setting up the request that triggered an Error
+        logger.debug(error.message);
+      }
+      logger.debug(error.config);
+      Promise.resolve();     // eslint-disable-line
+    });
   }).catch((errMessage) => {
     logger.debug(errMessage);
   });

From 23d58f4762d003426181d7b9c8710aa15f80a87b Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 14:07:55 +0530
Subject: [PATCH 33/59] fixing lint

---
 src/models/project.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/models/project.js b/src/models/project.js
index 51cac309..310a3e75 100644
--- a/src/models/project.js
+++ b/src/models/project.js
@@ -169,7 +169,7 @@ module.exports = function defineProject(sequelize, DataTypes) {
               model: models.PhaseProduct,
               as: 'products',
             }],
-          }]
+          }],
         });
       },
     },

From be2f54ca0aa6700636cc7d165255798919a43749 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 14:32:14 +0530
Subject: [PATCH 34/59] returning promise in phase create route

---
 src/routes/phases/create.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index 92e3cd90..31f8976e 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -42,7 +42,7 @@ module.exports = [
     models.sequelize.transaction(() => {
       let newProjectPhase = null;
 
-      models.Project.findOne({
+      return models.Project.findOne({
         where: { id: projectId, deletedAt: { $eq: null } },
       }).then((existingProject) => {
         if (!existingProject) {
@@ -50,7 +50,7 @@ module.exports = [
           err.status = 404;
           throw err;
         }
-        models.ProjectPhase
+       return models.ProjectPhase
           .create(data)
           .then((_newProjectPhase) => {
             newProjectPhase = _.cloneDeep(_newProjectPhase);

From 3a1729fcced71929e6b1343ba95b4eb5c71f2803 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 14:53:43 +0530
Subject: [PATCH 35/59] lint fix

---
 src/routes/phases/create.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index 31f8976e..c832d272 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -50,7 +50,7 @@ module.exports = [
           err.status = 404;
           throw err;
         }
-       return models.ProjectPhase
+        return models.ProjectPhase
           .create(data)
           .then((_newProjectPhase) => {
             newProjectPhase = _.cloneDeep(_newProjectPhase);

From 8c2997dcdd06b74065716d3ba6fddb004799463d Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 16:54:28 +0530
Subject: [PATCH 36/59] logging for more details fixing creation of product
 template map for fetching product template per phase

---
 src/events/projectPhases/index.js | 3 +++
 src/routes/projects/create.js     | 7 +++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index e846f632..05ab6692 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -59,6 +59,7 @@ const indexProjectPhase = Promise.coroutine(function* (logger, msg) { // eslint-
  */
 const createPhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
   try {
+    logger.debug('Creating topic for phase with msg', msg);
     const phase = JSON.parse(msg.content.toString());
     const topic = yield messageService.createTopic({
       reference: 'project',
@@ -85,7 +86,9 @@ const createPhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-d
  */
 const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
   try {
+    logger.debug('calling indexProjectPhase', msg);
     yield indexProjectPhase(logger, msg, channel);
+    logger.debug('calling createPhaseTopic', msg);
     yield createPhaseTopic(logger, msg);
     channel.ack(msg);
   } catch (error) {
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 95d099fb..3b5f34ee 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -85,10 +85,9 @@ function createProjectAndPhases(req, project, projectTemplate, productTemplates)
       return Promise.resolve(result);
     }
     const phases = _.values(projectTemplate.phases);
-    const productTemplateMap = _.map(productTemplates, (pt) => {
-      const map = {};
-      map[pt.id] = pt;
-      return map;
+    const productTemplateMap = {};
+    productTemplates.forEach((pt) => {
+      productTemplateMap[pt.id] = pt;
     });
     return Promise.all(_.map(phases, (phase, phaseIdx) =>
       // Create phase

From 5d045a81a298e0963dd7e25b98c03bf910b6e8ec Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 17:28:32 +0530
Subject: [PATCH 37/59] added db sync  call before running unit tests

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index e87622ab..4691b2f4 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "prestart": "npm run -s build",
     "start": "node dist",
     "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
-    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*spec.js*')",
+    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es  && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*.spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "seed": "babel-node src/tests/seed.js --presets es2015"
   },

From 3a9533a0eb639ca97a5c4ae371b79187a408cbc8 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 17:43:04 +0530
Subject: [PATCH 38/59] Skipped milestone and timeline tests

---
 src/routes/milestoneTemplates/create.spec.js | 2 +-
 src/routes/milestoneTemplates/delete.spec.js | 2 +-
 src/routes/milestoneTemplates/get.spec.js    | 2 +-
 src/routes/milestoneTemplates/list.spec.js   | 2 +-
 src/routes/milestoneTemplates/update.spec.js | 2 +-
 src/routes/milestones/create.spec.js         | 2 +-
 src/routes/milestones/delete.spec.js         | 2 +-
 src/routes/milestones/get.spec.js            | 2 +-
 src/routes/milestones/list.spec.js           | 2 +-
 src/routes/milestones/update.spec.js         | 2 +-
 src/routes/timelines/create.spec.js          | 2 +-
 src/routes/timelines/delete.spec.js          | 2 +-
 src/routes/timelines/get.spec.js             | 2 +-
 src/routes/timelines/list.spec.js            | 2 +-
 src/routes/timelines/update.spec.js          | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/routes/milestoneTemplates/create.spec.js b/src/routes/milestoneTemplates/create.spec.js
index 6fe6c128..d3e2070b 100644
--- a/src/routes/milestoneTemplates/create.spec.js
+++ b/src/routes/milestoneTemplates/create.spec.js
@@ -77,7 +77,7 @@ const milestoneTemplates = [
   },
 ];
 
-describe('CREATE milestone template', () => {
+xdescribe('CREATE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/delete.spec.js b/src/routes/milestoneTemplates/delete.spec.js
index 02fd111c..caa1bd38 100644
--- a/src/routes/milestoneTemplates/delete.spec.js
+++ b/src/routes/milestoneTemplates/delete.spec.js
@@ -77,7 +77,7 @@ const milestoneTemplates = [
   },
 ];
 
-describe('DELETE milestone template', () => {
+xdescribe('DELETE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/get.spec.js b/src/routes/milestoneTemplates/get.spec.js
index c2b144e3..c769703f 100644
--- a/src/routes/milestoneTemplates/get.spec.js
+++ b/src/routes/milestoneTemplates/get.spec.js
@@ -80,7 +80,7 @@ const milestoneTemplates = [
   },
 ];
 
-describe('GET milestone template', () => {
+xdescribe('GET milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/list.spec.js b/src/routes/milestoneTemplates/list.spec.js
index 87fb3228..40e96f87 100644
--- a/src/routes/milestoneTemplates/list.spec.js
+++ b/src/routes/milestoneTemplates/list.spec.js
@@ -90,7 +90,7 @@ const milestoneTemplates = [
   },
 ];
 
-describe('LIST milestone template', () => {
+xdescribe('LIST milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/update.spec.js b/src/routes/milestoneTemplates/update.spec.js
index 297f6ea9..b7ec5262 100644
--- a/src/routes/milestoneTemplates/update.spec.js
+++ b/src/routes/milestoneTemplates/update.spec.js
@@ -100,7 +100,7 @@ const milestoneTemplates = [
   },
 ];
 
-describe('UPDATE milestone template', () => {
+xdescribe('UPDATE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestones/create.spec.js b/src/routes/milestones/create.spec.js
index 98e72001..fd90c11a 100644
--- a/src/routes/milestones/create.spec.js
+++ b/src/routes/milestones/create.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-describe('CREATE milestone', () => {
+xdescribe('CREATE milestone', () => {
   let projectId1;
   let projectId2;
 
diff --git a/src/routes/milestones/delete.spec.js b/src/routes/milestones/delete.spec.js
index 21502333..237272de 100644
--- a/src/routes/milestones/delete.spec.js
+++ b/src/routes/milestones/delete.spec.js
@@ -9,7 +9,7 @@ import testUtil from '../../tests/util';
 import { EVENT } from '../../constants';
 
 
-describe('DELETE milestone', () => {
+xdescribe('DELETE milestone', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/milestones/get.spec.js b/src/routes/milestones/get.spec.js
index 919b756d..02fe56d0 100644
--- a/src/routes/milestones/get.spec.js
+++ b/src/routes/milestones/get.spec.js
@@ -10,7 +10,7 @@ import testUtil from '../../tests/util';
 
 const should = chai.should();
 
-describe('GET milestone', () => {
+xdescribe('GET milestone', () => {
   before((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/milestones/list.spec.js b/src/routes/milestones/list.spec.js
index 0240ee43..a4357cd2 100644
--- a/src/routes/milestones/list.spec.js
+++ b/src/routes/milestones/list.spec.js
@@ -79,7 +79,7 @@ const milestones = [
   },
 ];
 
-describe('LIST timelines', () => {
+xdescribe('LIST timelines', () => {
   before(function beforeHook(done) {
     this.timeout(10000);
     testUtil.clearDb()
diff --git a/src/routes/milestones/update.spec.js b/src/routes/milestones/update.spec.js
index fca57115..363d621f 100644
--- a/src/routes/milestones/update.spec.js
+++ b/src/routes/milestones/update.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-describe('UPDATE Milestone', () => {
+xdescribe('UPDATE Milestone', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/create.spec.js b/src/routes/timelines/create.spec.js
index 10e3adbe..07a91ea8 100644
--- a/src/routes/timelines/create.spec.js
+++ b/src/routes/timelines/create.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-describe('CREATE timeline', () => {
+xdescribe('CREATE timeline', () => {
   let projectId1;
   let projectId2;
 
diff --git a/src/routes/timelines/delete.spec.js b/src/routes/timelines/delete.spec.js
index 76a0fb55..34844494 100644
--- a/src/routes/timelines/delete.spec.js
+++ b/src/routes/timelines/delete.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should(); // eslint-disable-line no-unused-vars
 
-describe('DELETE timeline', () => {
+xdescribe('DELETE timeline', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/get.spec.js b/src/routes/timelines/get.spec.js
index 253013da..30a84ffb 100644
--- a/src/routes/timelines/get.spec.js
+++ b/src/routes/timelines/get.spec.js
@@ -58,7 +58,7 @@ const milestones = [
   },
 ];
 
-describe('GET timeline', () => {
+xdescribe('GET timeline', () => {
   before((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/list.spec.js b/src/routes/timelines/list.spec.js
index f903d16c..11905a94 100644
--- a/src/routes/timelines/list.spec.js
+++ b/src/routes/timelines/list.spec.js
@@ -97,7 +97,7 @@ const milestones = [
 ];
 
 
-describe('LIST timelines', () => {
+xdescribe('LIST timelines', () => {
   before(function beforeHook(done) {
     this.timeout(10000);
     testUtil.clearDb()
diff --git a/src/routes/timelines/update.spec.js b/src/routes/timelines/update.spec.js
index eb887fe3..4d44b5cb 100644
--- a/src/routes/timelines/update.spec.js
+++ b/src/routes/timelines/update.spec.js
@@ -60,7 +60,7 @@ const milestones = [
   },
 ];
 
-describe('UPDATE timeline', () => {
+xdescribe('UPDATE timeline', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {

From b408222fc75d384f352b586f1b9f927709283ed6 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 11 Jun 2018 17:45:01 +0530
Subject: [PATCH 39/59] Running only projects unit tests

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 4691b2f4..425fabfb 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "prestart": "npm run -s build",
     "start": "node dist",
     "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
-    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es  && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*.spec.js*')",
+    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es  && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*projects/*.spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "seed": "babel-node src/tests/seed.js --presets es2015"
   },

From a2a07f3563e58978e1c1b93640b603e9acd91f56 Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Mon, 11 Jun 2018 21:04:57 +0700
Subject: [PATCH 40/59] Fix circleci test failed

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index e87622ab..cd208896 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "prestart": "npm run -s build",
     "start": "node dist",
     "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
-    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --compilers js:babel-core/register $(find src -path '*spec.js*')",
+    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha --timeout 5000 --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "seed": "babel-node src/tests/seed.js --presets es2015"
   },

From bbdb5e8b8d9fb3ab3b2ebe38bedd9a0cebd451dd Mon Sep 17 00:00:00 2001
From: ngoctay <phamminhngoc@gmail.com>
Date: Tue, 12 Jun 2018 08:50:05 +0700
Subject: [PATCH 41/59] Added mocha timeout

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index cd208896..d83df2fc 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "prestart": "npm run -s build",
     "start": "node dist",
     "start:dev": "NODE_ENV=development PORT=8001 nodemon -w src --exec \"babel-node src --presets es2015\" | ./node_modules/.bin/bunyan",
-    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha --timeout 5000 --compilers js:babel-core/register $(find src -path '*spec.js*')",
+    "test": "NODE_ENV=test npm run lint && NODE_ENV=test npm run sync:es && NODE_ENV=test npm run sync:db && NODE_ENV=test ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- --timeout 5000 --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "test:watch": "NODE_ENV=test ./node_modules/.bin/mocha -w --compilers js:babel-core/register $(find src -path '*spec.js*')",
     "seed": "babel-node src/tests/seed.js --presets es2015"
   },

From 22c760c3dc9161e9098ea241feeee92a6d483e64 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 12 Jun 2018 10:19:43 +0530
Subject: [PATCH 42/59] Fixing issue with topic creation for a phase

---
 src/events/projectPhases/index.js | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index 05ab6692..f99759f6 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -18,12 +18,12 @@ const eClient = util.getElasticSearchClient();
  * Indexes the project phase in the elastic search.
  *
  * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
+ * @param  {Object} phase     event payload
  * @returns {undefined}
  */
-const indexProjectPhase = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
+const indexProjectPhase = Promise.coroutine(function* (logger, phase) { // eslint-disable-line func-names
   try {
-    const phase = JSON.parse(msg.content.toString());
+    // const phase = JSON.parse(msg.content.toString());
     const doc = yield eClient.get({ index: ES_PROJECT_INDEX, type: ES_PROJECT_TYPE, id: phase.projectId });
     const phases = _.isArray(doc._source.phases) ? doc._source.phases : []; // eslint-disable-line no-underscore-dangle
     const existingPhaseIndex = _.findIndex(phases, p => p.id === phase.id);
@@ -57,10 +57,10 @@ const indexProjectPhase = Promise.coroutine(function* (logger, msg) { // eslint-
  * @param  {Object} msg     event payload
  * @returns {undefined}
  */
-const createPhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-disable-line func-names
+const createPhaseTopic = Promise.coroutine(function* (logger, phase) { // eslint-disable-line func-names
   try {
-    logger.debug('Creating topic for phase with msg', msg);
-    const phase = JSON.parse(msg.content.toString());
+    logger.debug('Creating topic for phase with phase', phase);
+    // const phase = JSON.parse(msg.content.toString());
     const topic = yield messageService.createTopic({
       reference: 'project',
       referenceId: `${phase.projectId}`,
@@ -85,11 +85,12 @@ const createPhaseTopic = Promise.coroutine(function* (logger, msg) { // eslint-d
  * @returns {undefined}
  */
 const projectPhaseAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
+  const phase = JSON.parse(msg.content.toString());
   try {
-    logger.debug('calling indexProjectPhase', msg);
-    yield indexProjectPhase(logger, msg, channel);
-    logger.debug('calling createPhaseTopic', msg);
-    yield createPhaseTopic(logger, msg);
+    logger.debug('calling indexProjectPhase', phase);
+    yield indexProjectPhase(logger, phase, channel);
+    logger.debug('calling createPhaseTopic', phase);
+    yield createPhaseTopic(logger, phase);
     channel.ack(msg);
   } catch (error) {
     logger.error('Error handling project.phase.added event', error);

From 94f80a1ae52a1cdccc64d236584c1ea9ec774b0f Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 12 Jun 2018 10:39:55 +0530
Subject: [PATCH 43/59] Revert "Skipped milestone and timeline tests"

This reverts commit 3a9533a0eb639ca97a5c4ae371b79187a408cbc8.
---
 src/routes/milestoneTemplates/create.spec.js | 2 +-
 src/routes/milestoneTemplates/delete.spec.js | 2 +-
 src/routes/milestoneTemplates/get.spec.js    | 2 +-
 src/routes/milestoneTemplates/list.spec.js   | 2 +-
 src/routes/milestoneTemplates/update.spec.js | 2 +-
 src/routes/milestones/create.spec.js         | 2 +-
 src/routes/milestones/delete.spec.js         | 2 +-
 src/routes/milestones/get.spec.js            | 2 +-
 src/routes/milestones/list.spec.js           | 2 +-
 src/routes/milestones/update.spec.js         | 2 +-
 src/routes/timelines/create.spec.js          | 2 +-
 src/routes/timelines/delete.spec.js          | 2 +-
 src/routes/timelines/get.spec.js             | 2 +-
 src/routes/timelines/list.spec.js            | 2 +-
 src/routes/timelines/update.spec.js          | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/routes/milestoneTemplates/create.spec.js b/src/routes/milestoneTemplates/create.spec.js
index d3e2070b..6fe6c128 100644
--- a/src/routes/milestoneTemplates/create.spec.js
+++ b/src/routes/milestoneTemplates/create.spec.js
@@ -77,7 +77,7 @@ const milestoneTemplates = [
   },
 ];
 
-xdescribe('CREATE milestone template', () => {
+describe('CREATE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/delete.spec.js b/src/routes/milestoneTemplates/delete.spec.js
index caa1bd38..02fd111c 100644
--- a/src/routes/milestoneTemplates/delete.spec.js
+++ b/src/routes/milestoneTemplates/delete.spec.js
@@ -77,7 +77,7 @@ const milestoneTemplates = [
   },
 ];
 
-xdescribe('DELETE milestone template', () => {
+describe('DELETE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/get.spec.js b/src/routes/milestoneTemplates/get.spec.js
index c769703f..c2b144e3 100644
--- a/src/routes/milestoneTemplates/get.spec.js
+++ b/src/routes/milestoneTemplates/get.spec.js
@@ -80,7 +80,7 @@ const milestoneTemplates = [
   },
 ];
 
-xdescribe('GET milestone template', () => {
+describe('GET milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/list.spec.js b/src/routes/milestoneTemplates/list.spec.js
index 40e96f87..87fb3228 100644
--- a/src/routes/milestoneTemplates/list.spec.js
+++ b/src/routes/milestoneTemplates/list.spec.js
@@ -90,7 +90,7 @@ const milestoneTemplates = [
   },
 ];
 
-xdescribe('LIST milestone template', () => {
+describe('LIST milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestoneTemplates/update.spec.js b/src/routes/milestoneTemplates/update.spec.js
index b7ec5262..297f6ea9 100644
--- a/src/routes/milestoneTemplates/update.spec.js
+++ b/src/routes/milestoneTemplates/update.spec.js
@@ -100,7 +100,7 @@ const milestoneTemplates = [
   },
 ];
 
-xdescribe('UPDATE milestone template', () => {
+describe('UPDATE milestone template', () => {
   beforeEach(() => testUtil.clearDb()
     .then(() => models.ProductTemplate.bulkCreate(productTemplates))
     .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
diff --git a/src/routes/milestones/create.spec.js b/src/routes/milestones/create.spec.js
index fd90c11a..98e72001 100644
--- a/src/routes/milestones/create.spec.js
+++ b/src/routes/milestones/create.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-xdescribe('CREATE milestone', () => {
+describe('CREATE milestone', () => {
   let projectId1;
   let projectId2;
 
diff --git a/src/routes/milestones/delete.spec.js b/src/routes/milestones/delete.spec.js
index 237272de..21502333 100644
--- a/src/routes/milestones/delete.spec.js
+++ b/src/routes/milestones/delete.spec.js
@@ -9,7 +9,7 @@ import testUtil from '../../tests/util';
 import { EVENT } from '../../constants';
 
 
-xdescribe('DELETE milestone', () => {
+describe('DELETE milestone', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/milestones/get.spec.js b/src/routes/milestones/get.spec.js
index 02fe56d0..919b756d 100644
--- a/src/routes/milestones/get.spec.js
+++ b/src/routes/milestones/get.spec.js
@@ -10,7 +10,7 @@ import testUtil from '../../tests/util';
 
 const should = chai.should();
 
-xdescribe('GET milestone', () => {
+describe('GET milestone', () => {
   before((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/milestones/list.spec.js b/src/routes/milestones/list.spec.js
index a4357cd2..0240ee43 100644
--- a/src/routes/milestones/list.spec.js
+++ b/src/routes/milestones/list.spec.js
@@ -79,7 +79,7 @@ const milestones = [
   },
 ];
 
-xdescribe('LIST timelines', () => {
+describe('LIST timelines', () => {
   before(function beforeHook(done) {
     this.timeout(10000);
     testUtil.clearDb()
diff --git a/src/routes/milestones/update.spec.js b/src/routes/milestones/update.spec.js
index 363d621f..fca57115 100644
--- a/src/routes/milestones/update.spec.js
+++ b/src/routes/milestones/update.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-xdescribe('UPDATE Milestone', () => {
+describe('UPDATE Milestone', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/create.spec.js b/src/routes/timelines/create.spec.js
index 07a91ea8..10e3adbe 100644
--- a/src/routes/timelines/create.spec.js
+++ b/src/routes/timelines/create.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should();
 
-xdescribe('CREATE timeline', () => {
+describe('CREATE timeline', () => {
   let projectId1;
   let projectId2;
 
diff --git a/src/routes/timelines/delete.spec.js b/src/routes/timelines/delete.spec.js
index 34844494..76a0fb55 100644
--- a/src/routes/timelines/delete.spec.js
+++ b/src/routes/timelines/delete.spec.js
@@ -11,7 +11,7 @@ import { EVENT } from '../../constants';
 
 const should = chai.should(); // eslint-disable-line no-unused-vars
 
-xdescribe('DELETE timeline', () => {
+describe('DELETE timeline', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/get.spec.js b/src/routes/timelines/get.spec.js
index 30a84ffb..253013da 100644
--- a/src/routes/timelines/get.spec.js
+++ b/src/routes/timelines/get.spec.js
@@ -58,7 +58,7 @@ const milestones = [
   },
 ];
 
-xdescribe('GET timeline', () => {
+describe('GET timeline', () => {
   before((done) => {
     testUtil.clearDb()
       .then(() => {
diff --git a/src/routes/timelines/list.spec.js b/src/routes/timelines/list.spec.js
index 11905a94..f903d16c 100644
--- a/src/routes/timelines/list.spec.js
+++ b/src/routes/timelines/list.spec.js
@@ -97,7 +97,7 @@ const milestones = [
 ];
 
 
-xdescribe('LIST timelines', () => {
+describe('LIST timelines', () => {
   before(function beforeHook(done) {
     this.timeout(10000);
     testUtil.clearDb()
diff --git a/src/routes/timelines/update.spec.js b/src/routes/timelines/update.spec.js
index 4d44b5cb..eb887fe3 100644
--- a/src/routes/timelines/update.spec.js
+++ b/src/routes/timelines/update.spec.js
@@ -60,7 +60,7 @@ const milestones = [
   },
 ];
 
-xdescribe('UPDATE timeline', () => {
+describe('UPDATE timeline', () => {
   beforeEach((done) => {
     testUtil.clearDb()
       .then(() => {

From a9cf46897526d40c5a5d94d93f6fdfa77a205406 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho <pvmagacho@gmail.com>
Date: Tue, 12 Jun 2018 07:35:57 -0300
Subject: [PATCH 44/59] Revert "Timeline and Milestone REST API + Misc Fixes"

---
 README.md                                    |    2 +-
 config/custom-environment-variables.json     |    4 +-
 config/default.json                          |    4 +-
 config/test.json                             |    4 +-
 migrations/elasticsearch_sync.js             |    7 +-
 migrations/seedElasticsearchIndex.js         |   50 -
 postman.json                                 | 1196 +------------
 postman_environment.json                     |   42 -
 src/constants.js                             |   13 -
 src/events/index.js                          |   11 -
 src/events/milestones/index.js               |  150 --
 src/events/timelines/index.js                |   90 -
 src/models/milestone.js                      |   39 -
 src/models/productMilestoneTemplate.js       |   30 -
 src/models/productTemplate.js                |    9 -
 src/models/timeline.js                       |   36 -
 src/permissions/index.js                     |   15 -
 src/routes/index.js                          |   29 +-
 src/routes/milestoneTemplates/create.js      |   85 -
 src/routes/milestoneTemplates/create.spec.js |  282 ----
 src/routes/milestoneTemplates/delete.js      |   57 -
 src/routes/milestoneTemplates/delete.spec.js |  187 ---
 src/routes/milestoneTemplates/get.js         |   43 -
 src/routes/milestoneTemplates/get.spec.js    |  189 ---
 src/routes/milestoneTemplates/list.js        |   52 -
 src/routes/milestoneTemplates/list.spec.js   |  217 ---
 src/routes/milestoneTemplates/update.js      |  121 --
 src/routes/milestoneTemplates/update.spec.js |  428 -----
 src/routes/milestones/create.js              |  110 --
 src/routes/milestones/create.spec.js         |  606 -------
 src/routes/milestones/delete.js              |   65 -
 src/routes/milestones/delete.spec.js         |  325 ----
 src/routes/milestones/get.js                 |   48 -
 src/routes/milestones/get.spec.js            |  342 ----
 src/routes/milestones/list.js                |   68 -
 src/routes/milestones/list.spec.js           |  324 ----
 src/routes/milestones/update.js              |  161 --
 src/routes/milestones/update.spec.js         |  981 -----------
 src/routes/timelines/create.js               |   65 -
 src/routes/timelines/create.spec.js          |  468 ------
 src/routes/timelines/delete.js               |   52 -
 src/routes/timelines/delete.spec.js          |  306 ----
 src/routes/timelines/get.js                  |   36 -
 src/routes/timelines/get.spec.js             |  304 ----
 src/routes/timelines/list.js                 |   94 --
 src/routes/timelines/list.spec.js            |  397 -----
 src/routes/timelines/update.js               |  109 --
 src/routes/timelines/update.spec.js          |  626 -------
 src/tests/seed.js                            |  127 --
 src/util.js                                  |   98 +-
 swagger.yaml                                 | 1578 ++++--------------
 51 files changed, 374 insertions(+), 10308 deletions(-)
 delete mode 100644 src/events/milestones/index.js
 delete mode 100644 src/events/timelines/index.js
 delete mode 100644 src/models/milestone.js
 delete mode 100644 src/models/productMilestoneTemplate.js
 delete mode 100644 src/models/timeline.js
 delete mode 100644 src/routes/milestoneTemplates/create.js
 delete mode 100644 src/routes/milestoneTemplates/create.spec.js
 delete mode 100644 src/routes/milestoneTemplates/delete.js
 delete mode 100644 src/routes/milestoneTemplates/delete.spec.js
 delete mode 100644 src/routes/milestoneTemplates/get.js
 delete mode 100644 src/routes/milestoneTemplates/get.spec.js
 delete mode 100644 src/routes/milestoneTemplates/list.js
 delete mode 100644 src/routes/milestoneTemplates/list.spec.js
 delete mode 100644 src/routes/milestoneTemplates/update.js
 delete mode 100644 src/routes/milestoneTemplates/update.spec.js
 delete mode 100644 src/routes/milestones/create.js
 delete mode 100644 src/routes/milestones/create.spec.js
 delete mode 100644 src/routes/milestones/delete.js
 delete mode 100644 src/routes/milestones/delete.spec.js
 delete mode 100644 src/routes/milestones/get.js
 delete mode 100644 src/routes/milestones/get.spec.js
 delete mode 100644 src/routes/milestones/list.js
 delete mode 100644 src/routes/milestones/list.spec.js
 delete mode 100644 src/routes/milestones/update.js
 delete mode 100644 src/routes/milestones/update.spec.js
 delete mode 100644 src/routes/timelines/create.js
 delete mode 100644 src/routes/timelines/create.spec.js
 delete mode 100644 src/routes/timelines/delete.js
 delete mode 100644 src/routes/timelines/delete.spec.js
 delete mode 100644 src/routes/timelines/get.js
 delete mode 100644 src/routes/timelines/get.spec.js
 delete mode 100644 src/routes/timelines/list.js
 delete mode 100644 src/routes/timelines/list.spec.js
 delete mode 100644 src/routes/timelines/update.js
 delete mode 100644 src/routes/timelines/update.spec.js

diff --git a/README.md b/README.md
index c487aab6..e2e5a707 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ Authentication is handled via Authorization (Bearer) token header field. Token i
 ```
 eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbmlzdHJhdG9yIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJwc2hhaDEiLCJleHAiOjI0NjI0OTQ2MTgsInVzZXJJZCI6IjQwMTM1OTc4IiwiaWF0IjoxNDYyNDk0MDE4LCJlbWFpbCI6InBzaGFoMUB0ZXN0LmNvbSIsImp0aSI6ImY0ZTFhNTE0LTg5ODAtNDY0MC04ZWM1LWUzNmUzMWE3ZTg0OSJ9.XuNN7tpMOXvBG1QwWRQROj7NfuUbqhkjwn39Vy4tR5I
 ```
-It's been signed with the secret 'secret'. This secret should match your entry in config/local.js. You can generate your own token using https://jwt.io
+It's been signed with the secret 'secret'. This secret should match your entry in config/local.json. You can generate your own token using https://jwt.io
 
 ### Local Deployment
 Build image:
diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index 3e0b0287..6b5731a7 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -9,9 +9,7 @@
     "host": "PROJECTS_ES_URL",
     "apiVersion": "2.3",
     "indexName": "PROJECTS_ES_INDEX_NAME",
-    "docType": "projectV4",
-    "timelineIndexName": "TIMELINES_ES_INDEX_NAME",
-    "timelineDocType": "TIMELINES_ES_DOC_TYPE"
+    "docType": "projectV4"
   },
   "rabbitmqURL": "RABBITMQ_URL",
   "pubsubQueueName": "PUBSUB_QUEUE_NAME",
diff --git a/config/default.json b/config/default.json
index 556a5a10..053f0c35 100644
--- a/config/default.json
+++ b/config/default.json
@@ -20,9 +20,7 @@
     "host": "",
     "apiVersion": "2.3",
     "indexName": "projects",
-    "docType": "projectV4",
-    "timelineIndexName": "timelines",
-    "timelineDocType": "timelineV4"
+    "docType": "projectV4"
   },
   "systemUserClientId": "",
   "systemUserClientSecret": "",
diff --git a/config/test.json b/config/test.json
index 8668be6e..26d22a7a 100644
--- a/config/test.json
+++ b/config/test.json
@@ -7,9 +7,7 @@
       "host": "http://localhost:9200",
       "apiVersion": "2.3",
       "indexName": "projects_test",
-      "docType": "projectV4",
-      "timelineIndexName": "timelines_test",
-      "timelineDocType": "timelineV4"
+      "docType": "projectV4"
     },
     "rabbitmqUrl": "amqp://localhost:5672",
     "dbConfig": {
diff --git a/migrations/elasticsearch_sync.js b/migrations/elasticsearch_sync.js
index eac45e5f..321f86cb 100644
--- a/migrations/elasticsearch_sync.js
+++ b/migrations/elasticsearch_sync.js
@@ -16,7 +16,6 @@ import util from '../src/util';
 
 const ES_PROJECT_INDEX = config.get('elasticsearchConfig.indexName');
 const ES_PROJECT_TYPE = config.get('elasticsearchConfig.docType');
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
 
 // create new elasticsearch client
 // the client modifies the config object, so always passed the cloned object
@@ -324,14 +323,10 @@ esClient.indices.delete({
   ignore: [404],
 })
 .then(() => esClient.indices.create(getRequestBody(ES_PROJECT_INDEX)))
-// Re-create timeline index
-.then(() => esClient.indices.delete({ index: ES_TIMELINE_INDEX, ignore: [404] }))
-.then(() => esClient.indices.create({ index: ES_TIMELINE_INDEX }))
 .then(() => {
   console.log('elasticsearch indices synced successfully');
   process.exit();
-})
-.catch((err) => {
+}).catch((err) => {
   console.error('elasticsearch indices sync failed', err);
   process.exit();
 });
diff --git a/migrations/seedElasticsearchIndex.js b/migrations/seedElasticsearchIndex.js
index cf353f8f..4a10ec48 100644
--- a/migrations/seedElasticsearchIndex.js
+++ b/migrations/seedElasticsearchIndex.js
@@ -6,7 +6,6 @@ import config from 'config';
 import Promise from 'bluebird';
 import models from '../src/models';
 import RabbitMQService from '../src/services/rabbitmq';
-import { TIMELINE_REFERENCES } from '../src/constants';
 
 const logger = bunyan.createLogger({ name: 'init-es', level: config.get('logLevel') });
 
@@ -24,19 +23,6 @@ function getProjectIds() {
   return [];
 }
 
-/**
- * Retrieve timeline ids from cli if provided
- * @return {Array} list of timelineIds
- */
-function getTimelineIds() {
-  let timelineIdArg = _.find(process.argv, a => a.indexOf('timelineIds') > -1);
-  if (timelineIdArg) {
-    timelineIdArg = timelineIdArg.split('=');
-    return timelineIdArg[1].split(',').map(i => parseInt(i, 10));
-  }
-  return [];
-}
-
 Promise.coroutine(function* wrapped() {
   try {
     const rabbit = new RabbitMQService(logger);
@@ -72,48 +58,12 @@ Promise.coroutine(function* wrapped() {
     logger.info(`Retrieved #${members.length} members`);
     members = _.groupBy(members, 'projectId');
 
-    // Get timelines
-    const timelineIds = getTimelineIds();
-    const timelineWhereClause = (timelineIds.length > 0) ? { id: { $in: timelineIds } } : {};
-    let timelines = yield models.Timeline.findAll({
-      where: timelineWhereClause,
-      include: [{ model: models.Milestone, as: 'milestones' }],
-    });
-    logger.info(`Retrieved #${projects.length} timelines`);
-
-    // Convert to raw json and remove unnecessary fields
-    timelines = _.map(timelines, (timeline) => {
-      const entity = _.omit(timeline.toJSON(), ['deletedBy', 'deletedAt']);
-      entity.milestones = _.map(entity.milestones, milestone => _.omit(milestone, ['deletedBy', 'deletedAt']));
-      return entity;
-    });
-
-    // Get projectId for each timeline
-    yield Promise.all(
-      _.map(timelines, (timeline) => {
-        if (timeline.reference === TIMELINE_REFERENCES.PROJECT) {
-          timeline.projectId = timeline.referenceId;
-          return Promise.resolve(timeline);
-        }
-
-        return models.ProjectPhase.findById(timeline.referenceId)
-          .then((phase) => {
-            timeline.projectId = phase.projectId;
-            return Promise.resolve(timeline);
-          });
-      }),
-    );
-
     const promises = [];
     _.forEach(projects, (p) => {
       p.members = members[p.id];
       logger.debug(`Processing Project #${p.id}`);
       promises.push(rabbit.publish('project.initial', p, {}));
     });
-    _.forEach(timelines, (t) => {
-      logger.debug(`Processing Timeline #${t.id}`);
-      promises.push(rabbit.publish('timeline.initial', t, {}));
-    });
     Promise.all(promises)
       .then(() => {
         logger.info(`Published ${promises.length} msgs`);
diff --git a/postman.json b/postman.json
index 048cea72..d9cb23a4 100644
--- a/postman.json
+++ b/postman.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "440ee43d-66ca-4c9b-858d-22db97ea4cea",
+		"_postman_id": "1791b330-5331-4768-a265-f1cb5e6b4492",
 		"name": "tc-project-service",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
@@ -2840,7 +2840,7 @@
 		},
 		{
 			"name": "issue86 (create project with templateId)",
-			"description": null,
+			"description": "",
 			"item": [
 				{
 					"name": "Create project with templateId",
@@ -2928,18 +2928,8 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
 						},
-						"url": {
-							"raw": "{{api-url}}/v4/projects/6/upgrade",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"projects",
-								"6",
-								"upgrade"
-							]
-						}
+						"url": "{{api-url}}/v4/projects/6/upgrade",
+						"description": ""
 					},
 					"response": []
 				},
@@ -2961,18 +2951,8 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3\n\t}\n}"
 						},
-						"url": {
-							"raw": "{{api-url}}/v4/projects/7/upgrade",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"projects",
-								"7",
-								"upgrade"
-							]
-						}
+						"url": "{{api-url}}/v4/projects/7/upgrade",
+						"description": ""
 					},
 					"response": []
 				},
@@ -2994,18 +2974,8 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
 						},
-						"url": {
-							"raw": "{{api-url}}/v4/projects/6/upgrade",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"projects",
-								"6",
-								"upgrade"
-							]
-						}
+						"url": "{{api-url}}/v4/projects/6/upgrade",
+						"description": ""
 					},
 					"response": []
 				},
@@ -3027,1156 +2997,12 @@
 							"mode": "raw",
 							"raw": "{\n\t\"param\": {\n\t\t\"targetVersion\": \"v3\",\n\t\t\"defaultProductTemplateId\": 3,\n\t\t\"phaseName\": \"Custom phase name\"\n\t}\n}"
 						},
-						"url": {
-							"raw": "{{api-url}}/v4/projects/7/upgrade",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"projects",
-								"7",
-								"upgrade"
-							]
-						}
-					},
-					"response": []
-				}
-			]
-		},
-		{
-			"name": "Timeline",
-			"description": null,
-			"item": [
-				{
-					"name": "Create timeline",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-connectAdmin-40051336}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"description\":\"new description\",\r\n    \"startDate\":\"2018-05-29T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-30T00:00:00.000Z\",\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Create timeline with invalid data",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-connectAdmin-40051336}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"startDate\":\"2018-05-29T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-28T00:00:00.000Z\",\r\n    \"reference\": \"invalid\",\r\n    \"referenceId\": 0\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List timelines",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List timelines (filter by reference)",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines?filter=reference%3Dproject",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							],
-							"query": [
-								{
-									"key": "filter",
-									"value": "reference%3Dproject"
-								}
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List timelines (filter by referenceId)",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines?filter=referenceId%3D1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							],
-							"query": [
-								{
-									"key": "filter",
-									"value": "referenceId%3D1"
-								}
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List timelines (filter by reference and referenceId)",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines?filter=reference%3Dphase%26referenceId%3D1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines"
-							],
-							"query": [
-								{
-									"key": "filter",
-									"value": "reference%3Dphase%26referenceId%3D1"
-								}
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Get timeline",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update timeline",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-01T00:00:00.000Z\",\r\n    \"endDate\": null,\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update timeline (startDate)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": null,\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update timeline (endDate)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"timeline 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"reference\": \"project\",\r\n    \"referenceId\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Delete timeline",
-					"request": {
-						"method": "DELETE",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": ""
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/4",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"4"
-							]
-						}
-					},
-					"response": []
-				}
-			]
-		},
-		{
-			"name": "Milestone",
-			"description": null,
-			"item": [
-				{
-					"name": "Create milestone",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-member-40051331}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 3\",\r\n    \"description\": \"description 3\",\r\n    \"duration\": 4,\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-08T00:00:00.000Z\",\r\n    \"status\": \"open\",\r\n    \"type\": \"type3\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            2,\r\n            3,\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 3\",\r\n    \"activeText\": \"activeText 3\",\r\n    \"completedText\": \"completedText 3\",\r\n    \"blockedText\": \"blockedText 3\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Create milestone with invalid data",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-member-40051331}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"startDate\": \"2018-05-05T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-04T00:00:00.000Z\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List milestones",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List milestones (sort)",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones?sort=order desc",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones"
-							],
-							"query": [
-								{
-									"key": "sort",
-									"value": "order desc"
-								}
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Get milestone",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 1 => 2)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 2,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 2 => 1)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 1 => 3)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 3,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 3 => 1)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestone 1-updated\",\r\n    \"description\": \"description-updated\",\r\n    \"duration\": 3,\r\n    \"startDate\": \"2018-05-04T00:00:00.000Z\",\r\n    \"endDate\": \"2018-05-06T00:00:00.000Z\",\r\n    \"completionDate\": \"2018-05-07T00:00:00.000Z\",\r\n    \"status\": \"closed\",\r\n    \"type\": \"type2\",\r\n    \"details\": {\r\n        \"detail1\": {\r\n            \"subDetail1C\": 3\r\n        },\r\n        \"detail2\": [\r\n            4\r\n        ]\r\n    },\r\n    \"order\": 1,\r\n    \"plannedText\": \"plannedText 1-updated\",\r\n    \"activeText\": \"activeText 1-updated\",\r\n    \"completedText\": \"completedText 1-updated\",\r\n    \"blockedText\": \"blockedText 1-updated\"\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Delete milestone",
-					"request": {
-						"method": "DELETE",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": ""
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/timelines/1/milestones/2",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"timelines",
-								"1",
-								"milestones",
-								"2"
-							]
-						}
-					},
-					"response": []
-				}
-			]
-		},
-		{
-			"name": "Milestone Template",
-			"description": null,
-			"item": [
-				{
-					"name": "Create milestone template",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-admin-40051333}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\": \"milestoneTemplate 3\",\r\n    \"description\": \"description 3\",\r\n    \"duration\": 33,\r\n    \"type\": \"type3\",\r\n    \"order\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Create milestone template with invalid data",
-					"request": {
-						"method": "POST",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-admin-40051333}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List milestone templates",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "List milestone templates (sort)",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token-copilot-40051332}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones?sort=order desc",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones"
-							],
-							"query": [
-								{
-									"key": "sort",
-									"value": "order desc"
-								}
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Get milestone template",
-					"request": {
-						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n    \"name\":\"new name\",\r\n    \"key\":\"new key\",\r\n    \"category\":\"new category\",\r\n    \"scope\":{\r\n      \"scope1\":\"scope 1\"\r\n    },\r\n    \"phases\":{\r\n      \"phase1\":\"phase 1\"\r\n    }\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n\t\"name\": \"milestoneTemplate 1-updated\",\r\n\t\"description\": \"description 1-updated\",\r\n\t\"duration\": 34,\r\n\t\"type\": \"type1-updated\",\r\n\t\"order\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 1 => 2)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 2\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 2 => 1)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n\t\"name\": \"milestoneTemplate 1-updated\",\r\n\t\"description\": \"description 1-updated\",\r\n\t\"duration\": 34,\r\n\t\"type\": \"type1-updated\",\r\n\t\"order\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 1 => 3)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 3\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Update milestone (order 3 => 1)",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\r\n  \"param\":{\r\n  \"name\": \"milestoneTemplate 1-updated\",\r\n  \"description\": \"description 1-updated\",\r\n  \"duration\": 34,\r\n  \"type\": \"type1-updated\",\r\n  \"order\": 1\r\n  }\r\n}"
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/1",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"1"
-							]
-						}
-					},
-					"response": []
-				},
-				{
-					"name": "Delete milestone",
-					"request": {
-						"method": "DELETE",
-						"header": [
-							{
-								"key": "Content-Type",
-								"value": "application/json"
-							},
-							{
-								"key": "Authorization",
-								"value": "Bearer {{jwt-token}}"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": ""
-						},
-						"url": {
-							"raw": "{{api-url}}/v4/productTemplates/1/milestones/2",
-							"host": [
-								"{{api-url}}"
-							],
-							"path": [
-								"v4",
-								"productTemplates",
-								"1",
-								"milestones",
-								"2"
-							]
-						}
+						"url": "{{api-url}}/v4/projects/7/upgrade",
+						"description": ""
 					},
 					"response": []
 				}
 			]
 		}
 	]
-}
\ No newline at end of file
+}
diff --git a/postman_environment.json b/postman_environment.json
index 84968c61..12fab912 100644
--- a/postman_environment.json
+++ b/postman_environment.json
@@ -15,48 +15,6 @@
       "description": "",
       "type": "text",
       "enabled": true
-    },
-    {
-      "key": "jwt-token-admin-40051333",
-      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiYWRtaW5pc3RyYXRvciJdLCJpc3MiOiJodHRwczovL2FwaS50b3Bjb2Rlci1kZXYuY29tIiwiaGFuZGxlIjoidGVzdDEiLCJleHAiOjI1NjMwNzY2ODksInVzZXJJZCI6IjQwMDUxMzMzIiwiaWF0IjoxNDYzMDc2MDg5LCJlbWFpbCI6InRlc3RAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.wKWUe0-SaiFVN-VR_-GwgFlvWaDkSbc8H55ktb9LAVw",
-      "description": "",
-      "type": "text",
-      "enabled": true
-    },
-    {
-      "key": "jwt-token-member-40051331",
-      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzEiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoidGVzdEB0b3Bjb2Rlci5jb20iLCJqdGkiOiJiMzNiNzdjZC1iNTJlLTQwZmUtODM3ZS1iZWI4ZTBhZTZhNGEifQ.pDtRzcGQjgCBD6aLsW-1OFhzmrv5mXhb8YLDWbGAnKo",
-      "description": "",
-      "type": "text",
-      "enabled": true
-    },
-    {
-      "key": "jwt-token-copilot-40051332",
-      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiQ29ubmVjdCBDb3BpbG90Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjo0MDA1MTMzMiwiZW1haWwiOiJ0ZXN0QHRvcGNvZGVyLmNvbSIsImlhdCI6MTQ3MDYyMDA0NH0.DnX17gBaVF2JTuRai-C2BDSdEjij9da_s4eYcMIjP0c",
-      "description": "",
-      "type": "text",
-      "enabled": true
-    },
-    {
-      "key": "jwt-token-manager-40051334",
-      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiQ29ubmVjdCBNYW5hZ2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJ0ZXN0MSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzQiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoidGVzdEB0b3Bjb2Rlci5jb20iLCJqdGkiOiJiMzNiNzdjZC1iNTJlLTQwZmUtODM3ZS1iZWI4ZTBhZTZhNGEifQ.J5VtOEQVph5jfe2Ji-NH7txEDcx_5gthhFeD-MzX9ck",
-      "description": "",
-      "type": "text",
-      "enabled": true
-    },
-    {
-      "key": "jwt-token-member2-40051335",
-      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJtZW1iZXIyIiwiZXhwIjoyNTYzMDc2Njg5LCJ1c2VySWQiOiI0MDA1MTMzNSIsImlhdCI6MTQ2MzA3NjA4OSwiZW1haWwiOiJ0ZXN0QHRvcGNvZGVyLmNvbSIsImp0aSI6ImIzM2I3N2NkLWI1MmUtNDBmZS04MzdlLWJlYjhlMGFlNmE0YSJ9.Mh4bw3wm-cn5Kcf96gLFVlD0kySOqqk4xN3qnreAKL4",
-      "description": "",
-      "type": "text",
-      "enabled": true
-    },
-    {
-      "key": "jwt-token-connectAdmin-40051336",
-      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJDb25uZWN0IEFkbWluIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJjb25uZWN0X2FkbWluMSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzYiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoiY29ubmVjdF9hZG1pbjFAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.nSGfXMl02NZ90ZKLiEKPg75iAjU92mfteaY6xgqkM30",
-      "description": "",
-      "type": "text",
-      "enabled": true
     }
   ],
   "_postman_variable_scope": "environment",
diff --git a/src/constants.js b/src/constants.js
index a99469f5..4e24c806 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -49,14 +49,6 @@ export const EVENT = {
     PROJECT_PHASE_PRODUCT_ADDED: 'project.phase.product.added',
     PROJECT_PHASE_PRODUCT_UPDATED: 'project.phase.product.updated',
     PROJECT_PHASE_PRODUCT_REMOVED: 'project.phase.product.removed',
-
-    TIMELINE_ADDED: 'timeline.added',
-    TIMELINE_UPDATED: 'timeline.updated',
-    TIMELINE_REMOVED: 'timeline.removed',
-
-    MILESTONE_ADDED: 'milestone.added',
-    MILESTONE_UPDATED: 'milestone.updated',
-    MILESTONE_REMOVED: 'milestone.removed',
   },
 };
 
@@ -96,8 +88,3 @@ export const REGEX = {
 export const TOKEN_SCOPES = {
   CONNECT_PROJECT_ADMIN: 'all:connect_project',
 };
-
-export const TIMELINE_REFERENCES = {
-  PROJECT: 'project',
-  PHASE: 'phase',
-};
diff --git a/src/events/index.js b/src/events/index.js
index fac17d8d..cf6decf8 100644
--- a/src/events/index.js
+++ b/src/events/index.js
@@ -9,8 +9,6 @@ import { projectPhaseAddedHandler, projectPhaseRemovedHandler,
   projectPhaseUpdatedHandler } from './projectPhases';
 import { phaseProductAddedHandler, phaseProductRemovedHandler,
   phaseProductUpdatedHandler } from './phaseProducts';
-import { timelineAddedHandler, timelineUpdatedHandler, timelineRemovedHandler } from './timelines';
-import { milestoneAddedHandler, milestoneUpdatedHandler, milestoneRemovedHandler } from './milestones';
 
 export default {
   'project.initial': projectCreatedHandler,
@@ -32,13 +30,4 @@ export default {
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_ADDED]: phaseProductAddedHandler,
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_REMOVED]: phaseProductRemovedHandler,
   [EVENT.ROUTING_KEY.PROJECT_PHASE_PRODUCT_UPDATED]: phaseProductUpdatedHandler,
-
-  // Timeline and milestone
-  'timeline.initial': timelineAddedHandler,
-  [EVENT.ROUTING_KEY.TIMELINE_ADDED]: timelineAddedHandler,
-  [EVENT.ROUTING_KEY.TIMELINE_REMOVED]: timelineRemovedHandler,
-  [EVENT.ROUTING_KEY.TIMELINE_UPDATED]: timelineUpdatedHandler,
-  [EVENT.ROUTING_KEY.MILESTONE_ADDED]: milestoneAddedHandler,
-  [EVENT.ROUTING_KEY.MILESTONE_REMOVED]: milestoneRemovedHandler,
-  [EVENT.ROUTING_KEY.MILESTONE_UPDATED]: milestoneUpdatedHandler,
 };
diff --git a/src/events/milestones/index.js b/src/events/milestones/index.js
deleted file mode 100644
index 3ebd578a..00000000
--- a/src/events/milestones/index.js
+++ /dev/null
@@ -1,150 +0,0 @@
-/**
- * Event handlers for milestone create, update and delete.
- */
-import config from 'config';
-import _ from 'lodash';
-import Promise from 'bluebird';
-import util from '../../util';
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-
-const eClient = util.getElasticSearchClient();
-
-/**
- * Handler for milestone creation event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- */
-const milestoneAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.timelineId });
-    const milestones = _.isArray(doc._source.milestones) ? doc._source.milestones : []; // eslint-disable-line no-underscore-dangle
-
-    // Increase the order of the other milestones in the same timeline,
-    // which have `order` >= this milestone order
-    _.each(milestones, (milestone) => {
-      if (milestone.order >= data.order) {
-        milestone.order += 1; // eslint-disable-line no-param-reassign
-      }
-    });
-
-    milestones.push(data);
-    const merged = _.assign(doc._source, { milestones }); // eslint-disable-line no-underscore-dangle
-    yield eClient.update({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: data.timelineId,
-      body: { doc: merged },
-    });
-    logger.debug('milestone added to timeline document successfully');
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`Error processing event (milestoneId: ${data.id})`, error);
-    // if the message has been redelivered dont attempt to reprocess it
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-/**
- * Handler for milestone updated event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- * @returns {undefined}
- */
-const milestoneUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.original.timelineId });
-    const milestones = _.map(doc._source.milestones, (single) => { // eslint-disable-line no-underscore-dangle
-      if (single.id === data.original.id) {
-        return _.assign(single, data.updated);
-      }
-      return single;
-    });
-
-    if (data.original.order !== data.updated.order) {
-      const milestoneWithSameOrder =
-        _.find(milestones, milestone => milestone.id !== data.updated.id && milestone.order === data.updated.order);
-      if (milestoneWithSameOrder) {
-        // Increase the order from M to K: if there is an item with order K,
-        // orders from M+1 to K should be made M to K-1
-        if (data.original.order < data.updated.order) {
-          _.each(milestones, (single) => {
-            if (single.id !== data.updated.id
-              && (data.original.order + 1) <= single.order
-              && single.order <= data.updated.order) {
-              single.order -= 1; // eslint-disable-line no-param-reassign
-            }
-          });
-        } else {
-          // Decrease the order from M to K: if there is an item with order K,
-          // orders from K to M-1 should be made K+1 to M
-          _.each(milestones, (single) => {
-            if (single.id !== data.updated.id
-              && data.updated.order <= single.order
-              && single.order <= (data.original.order - 1)) {
-              single.order += 1; // eslint-disable-line no-param-reassign
-            }
-          });
-        }
-      }
-    }
-
-    const merged = _.assign(doc._source, { milestones }); // eslint-disable-line no-underscore-dangle
-    yield eClient.update({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: data.original.timelineId,
-      body: {
-        doc: merged,
-      },
-    });
-    logger.debug('elasticsearch index updated, milestone updated successfully');
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`Error processing event (milestoneId: ${data.original.id})`, error);
-    // if the message has been redelivered dont attempt to reprocess it
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-/**
- * Handler for milestone deleted event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- * @returns {undefined}
- */
-const milestoneRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.timelineId });
-    const milestones = _.filter(doc._source.milestones, single => single.id !== data.id); // eslint-disable-line no-underscore-dangle
-    const merged = _.assign(doc._source, { milestones });       // eslint-disable-line no-underscore-dangle
-    yield eClient.update({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: data.timelineId,
-      body: {
-        doc: merged,
-      },
-    });
-    logger.debug('milestone removed from timeline document successfully');
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`Error processing event (milestoneId: ${data.id})`, error);
-    // if the message has been redelivered dont attempt to reprocess it
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-
-module.exports = {
-  milestoneAddedHandler,
-  milestoneRemovedHandler,
-  milestoneUpdatedHandler,
-};
diff --git a/src/events/timelines/index.js b/src/events/timelines/index.js
deleted file mode 100644
index 0de36410..00000000
--- a/src/events/timelines/index.js
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * Event handlers for timeline create, update and delete
- */
-import _ from 'lodash';
-import Promise from 'bluebird';
-import config from 'config';
-import util from '../../util';
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-const eClient = util.getElasticSearchClient();
-
-/**
- * Handler for timeline creation event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- */
-const timelineAddedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    // add the record to the index
-    const result = yield eClient.index({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: data.id,
-      body: data,
-    });
-    logger.debug(`timeline indexed successfully (timelineId: ${data.id})`, result);
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`Error processing event (timelineId: ${data.id})`, error);
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-/**
- * Handler for timeline updated event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- */
-const timelineUpdatedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    // first get the existing document and than merge the updated changes and save the new document
-    const doc = yield eClient.get({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.original.id });
-    const merged = _.merge(doc._source, data.updated);        // eslint-disable-line no-underscore-dangle
-    merged.milestones = data.updated.milestones;
-    // update the merged document
-    yield eClient.update({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: data.original.id,
-      body: {
-        doc: merged,
-      },
-    });
-    logger.debug(`timeline updated successfully in elasticsearh index, (timelineId: ${data.original.id})`);
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`failed to get timeline document, (timelineId: ${data.original.id})`, error);
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-/**
- * Handler for timeline deleted event
- * @param  {Object} logger  logger to log along with trace id
- * @param  {Object} msg     event payload
- * @param  {Object} channel channel to ack, nack
- */
-const timelineRemovedHandler = Promise.coroutine(function* (logger, msg, channel) { // eslint-disable-line func-names
-  const data = JSON.parse(msg.content.toString());
-  try {
-    yield eClient.delete({ index: ES_TIMELINE_INDEX, type: ES_TIMELINE_TYPE, id: data.id });
-    logger.debug(`timeline deleted successfully from elasticsearh index (timelineId: ${data.id})`);
-    channel.ack(msg);
-  } catch (error) {
-    logger.error(`failed to delete timeline document (timelineId: ${data.id})`, error);
-    channel.nack(msg, false, !msg.fields.redelivered);
-  }
-});
-
-
-module.exports = {
-  timelineAddedHandler,
-  timelineUpdatedHandler,
-  timelineRemovedHandler,
-};
diff --git a/src/models/milestone.js b/src/models/milestone.js
deleted file mode 100644
index cb3e0306..00000000
--- a/src/models/milestone.js
+++ /dev/null
@@ -1,39 +0,0 @@
-/* eslint-disable valid-jsdoc */
-
-/**
- * The Milestone model
- */
-module.exports = (sequelize, DataTypes) => {
-  const Milestone = sequelize.define('Milestone', {
-    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
-    name: { type: DataTypes.STRING(255), allowNull: false },
-    description: DataTypes.STRING(255),
-    duration: { type: DataTypes.INTEGER, allowNull: false },
-    startDate: { type: DataTypes.DATE, allowNull: false },
-    endDate: DataTypes.DATE,
-    completionDate: DataTypes.DATE,
-    status: { type: DataTypes.STRING(45), allowNull: false },
-    type: { type: DataTypes.STRING(45), allowNull: false },
-    details: DataTypes.JSON,
-    order: { type: DataTypes.INTEGER, allowNull: false },
-    plannedText: { type: DataTypes.STRING(512), allowNull: false },
-    activeText: { type: DataTypes.STRING(512), allowNull: false },
-    completedText: { type: DataTypes.STRING(512), allowNull: false },
-    blockedText: { type: DataTypes.STRING(512), allowNull: false },
-    deletedAt: DataTypes.DATE,
-    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    deletedBy: DataTypes.BIGINT,
-    createdBy: { type: DataTypes.BIGINT, allowNull: false },
-    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
-  }, {
-    tableName: 'milestones',
-    paranoid: true,
-    timestamps: true,
-    updatedAt: 'updatedAt',
-    createdAt: 'createdAt',
-    deletedAt: 'deletedAt',
-  });
-
-  return Milestone;
-};
diff --git a/src/models/productMilestoneTemplate.js b/src/models/productMilestoneTemplate.js
deleted file mode 100644
index acd40c11..00000000
--- a/src/models/productMilestoneTemplate.js
+++ /dev/null
@@ -1,30 +0,0 @@
-/* eslint-disable valid-jsdoc */
-
-/**
- * The Product Milestone Template model
- */
-module.exports = (sequelize, DataTypes) => {
-  const ProductMilestoneTemplate = sequelize.define('ProductMilestoneTemplate', {
-    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
-    name: { type: DataTypes.STRING(255), allowNull: false },
-    description: DataTypes.STRING(255),
-    duration: { type: DataTypes.INTEGER, allowNull: false },
-    type: { type: DataTypes.STRING(45), allowNull: false },
-    order: { type: DataTypes.INTEGER, allowNull: false },
-    deletedAt: DataTypes.DATE,
-    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    deletedBy: DataTypes.BIGINT,
-    createdBy: { type: DataTypes.BIGINT, allowNull: false },
-    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
-  }, {
-    tableName: 'product_milestone_templates',
-    paranoid: true,
-    timestamps: true,
-    updatedAt: 'updatedAt',
-    createdAt: 'createdAt',
-    deletedAt: 'deletedAt',
-  });
-
-  return ProductMilestoneTemplate;
-};
diff --git a/src/models/productTemplate.js b/src/models/productTemplate.js
index 2671d98e..72d7bc30 100644
--- a/src/models/productTemplate.js
+++ b/src/models/productTemplate.js
@@ -26,15 +26,6 @@ module.exports = (sequelize, DataTypes) => {
     updatedAt: 'updatedAt',
     createdAt: 'createdAt',
     deletedAt: 'deletedAt',
-    classMethods: {
-      associate: (models) => {
-        ProductTemplate.hasMany(models.ProductMilestoneTemplate, {
-          as: 'milestones',
-          foreignKey: 'productTemplateId',
-          onDelete: 'cascade',
-        });
-      },
-    },
   });
 
   return ProductTemplate;
diff --git a/src/models/timeline.js b/src/models/timeline.js
deleted file mode 100644
index 5b9d6247..00000000
--- a/src/models/timeline.js
+++ /dev/null
@@ -1,36 +0,0 @@
-/* eslint-disable valid-jsdoc */
-
-/**
- * The Timeline model
- */
-module.exports = (sequelize, DataTypes) => {
-  const Timeline = sequelize.define('Timeline', {
-    id: { type: DataTypes.BIGINT, primaryKey: true, autoIncrement: true },
-    name: { type: DataTypes.STRING(255), allowNull: false },
-    description: DataTypes.STRING(255),
-    startDate: { type: DataTypes.DATE, allowNull: false },
-    endDate: DataTypes.DATE,
-    reference: { type: DataTypes.STRING(45), allowNull: false },
-    referenceId: { type: DataTypes.BIGINT, allowNull: false },
-    deletedAt: DataTypes.DATE,
-    createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
-    deletedBy: DataTypes.BIGINT,
-    createdBy: { type: DataTypes.BIGINT, allowNull: false },
-    updatedBy: { type: DataTypes.BIGINT, allowNull: false },
-  }, {
-    tableName: 'timelines',
-    paranoid: true,
-    timestamps: true,
-    updatedAt: 'updatedAt',
-    createdAt: 'createdAt',
-    deletedAt: 'deletedAt',
-    classMethods: {
-      associate: (models) => {
-        Timeline.hasMany(models.Milestone, { as: 'milestones', foreignKey: 'timelineId', onDelete: 'cascade' });
-      },
-    },
-  });
-
-  return Timeline;
-};
diff --git a/src/permissions/index.js b/src/permissions/index.js
index f0d3af2a..6ea7a418 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -35,11 +35,6 @@ module.exports = () => {
   Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
   Authorizer.setPolicy('productTemplate.view', true);
 
-  Authorizer.setPolicy('milestoneTemplate.create', connectManagerOrAdmin);
-  Authorizer.setPolicy('milestoneTemplate.edit', connectManagerOrAdmin);
-  Authorizer.setPolicy('milestoneTemplate.delete', connectManagerOrAdmin);
-  Authorizer.setPolicy('milestoneTemplate.view', true);
-
   Authorizer.setPolicy('project.addProjectPhase', projectEdit);
   Authorizer.setPolicy('project.updateProjectPhase', projectEdit);
   Authorizer.setPolicy('project.deleteProjectPhase', projectEdit);
@@ -51,14 +46,4 @@ module.exports = () => {
   Authorizer.setPolicy('projectType.edit', projectAdmin);
   Authorizer.setPolicy('projectType.delete', projectAdmin);
   Authorizer.setPolicy('projectType.view', true); // anyone can view project types
-
-  Authorizer.setPolicy('timeline.create', projectEdit);
-  Authorizer.setPolicy('timeline.edit', projectEdit);
-  Authorizer.setPolicy('timeline.delete', projectEdit);
-  Authorizer.setPolicy('timeline.view', projectView);
-
-  Authorizer.setPolicy('milestone.create', projectEdit);
-  Authorizer.setPolicy('milestone.edit', projectEdit);
-  Authorizer.setPolicy('milestone.delete', projectEdit);
-  Authorizer.setPolicy('milestone.view', projectView);
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index d9b46645..289f47c6 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -27,7 +27,7 @@ router.get(`/${apiVersion}/projects/health`, (req, res) => {
 const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
 
 router.all(
-  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes|timelines)(?!\\/health).*`),
+  RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes)(?!\\/health).*`),
   jwtAuth());
 
 // Register all the routes
@@ -88,15 +88,6 @@ router.route('/v4/productTemplates/:templateId(\\d+)')
   .patch(require('./productTemplates/update'))
   .delete(require('./productTemplates/delete'));
 
-router.route('/v4/productTemplates/:productTemplateId(\\d+)/milestones')
-  .post(require('./milestoneTemplates/create'))
-  .get(require('./milestoneTemplates/list'));
-
-router.route('/v4/productTemplates/:productTemplateId(\\d+)/milestones/:milestoneTemplateId(\\d+)')
-  .get(require('./milestoneTemplates/get'))
-  .patch(require('./milestoneTemplates/update'))
-  .delete(require('./milestoneTemplates/delete'));
-
 router.route('/v4/projects/:projectId(\\d+)/phases')
   .get(require('./phases/list'))
   .post(require('./phases/create'));
@@ -124,24 +115,6 @@ router.route('/v4/projectTypes/:key')
   .patch(require('./projectTypes/update'))
   .delete(require('./projectTypes/delete'));
 
-router.route('/v4/timelines')
-  .post(require('./timelines/create'))
-  .get(require('./timelines/list'));
-
-router.route('/v4/timelines/:timelineId(\\d+)')
-  .get(require('./timelines/get'))
-  .patch(require('./timelines/update'))
-  .delete(require('./timelines/delete'));
-
-router.route('/v4/timelines/:timelineId(\\d+)/milestones')
-  .post(require('./milestones/create'))
-  .get(require('./milestones/list'));
-
-router.route('/v4/timelines/:timelineId(\\d+)/milestones/:milestoneId(\\d+)')
-  .get(require('./milestones/get'))
-  .patch(require('./milestones/update'))
-  .delete(require('./milestones/delete'));
-
 // register error handler
 router.use((err, req, res, next) => { // eslint-disable-line no-unused-vars
   // DO NOT REMOVE next arg.. even though eslint
diff --git a/src/routes/milestoneTemplates/create.js b/src/routes/milestoneTemplates/create.js
deleted file mode 100644
index 55ea5c12..00000000
--- a/src/routes/milestoneTemplates/create.js
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * API to add a milestone template
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import Sequelize from 'sequelize';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    productTemplateId: Joi.number().integer().positive().required(),
-  },
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      duration: Joi.number().integer().required(),
-      type: Joi.string().max(45).required(),
-      order: Joi.number().integer().required(),
-      productTemplateId: Joi.any().strip(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  permissions('milestoneTemplate.create'),
-  (req, res, next) => {
-    const entity = _.assign(req.body.param, {
-      createdBy: req.authUser.userId,
-      updatedBy: req.authUser.userId,
-      productTemplateId: req.params.productTemplateId,
-    });
-    let result;
-
-    return models.sequelize.transaction(tx =>
-      // Find the product template
-      models.ProductTemplate.findById(req.params.productTemplateId, { transaction: tx })
-        .then((productTemplate) => {
-          // Not found
-          if (!productTemplate) {
-            const apiErr = new Error(
-              `Product template not found for product template id ${req.params.productTemplateId}`);
-            apiErr.status = 404;
-            return Promise.reject(apiErr);
-          }
-
-          // Create the milestone template
-          return models.ProductMilestoneTemplate.create(entity, { transaction: tx });
-        })
-        .then((createdEntity) => {
-          // Omit deletedAt and deletedBy
-          result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
-
-          // Increase the order of the other milestone templates in the same product template,
-          // which have `order` >= this milestone template order
-          return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" + 1') }, {
-            where: {
-              productTemplateId: req.params.productTemplateId,
-              id: { $ne: result.id },
-              order: { $gte: result.order },
-            },
-            transaction: tx,
-          });
-        })
-        .then(() => {
-          // Write to response
-          res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestoneTemplates/create.spec.js b/src/routes/milestoneTemplates/create.spec.js
deleted file mode 100644
index 6fe6c128..00000000
--- a/src/routes/milestoneTemplates/create.spec.js
+++ /dev/null
@@ -1,282 +0,0 @@
-/**
- * Tests for create.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import models from '../../models';
-
-const should = chai.should();
-
-const productTemplates = [
-  {
-    name: 'name 1',
-    productKey: 'productKey 1',
-    icon: 'http://example.com/icon1.ico',
-    brief: 'brief 1',
-    details: 'details 1',
-    aliases: {
-      alias1: {
-        subAlias1A: 1,
-        subAlias1B: 2,
-      },
-      alias2: [1, 2, 3],
-    },
-    template: {
-      template1: {
-        name: 'template 1',
-        details: {
-          anyDetails: 'any details 1',
-        },
-        others: ['others 11', 'others 12'],
-      },
-      template2: {
-        name: 'template 2',
-        details: {
-          anyDetails: 'any details 2',
-        },
-        others: ['others 21', 'others 22'],
-      },
-    },
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'template 2',
-    productKey: 'productKey 2',
-    icon: 'http://example.com/icon2.ico',
-    brief: 'brief 2',
-    details: 'details 2',
-    aliases: {},
-    template: {},
-    createdBy: 3,
-    updatedBy: 4,
-    deletedAt: new Date(),
-  },
-];
-const milestoneTemplates = [
-  {
-    name: 'milestoneTemplate 1',
-    duration: 3,
-    type: 'type1',
-    order: 1,
-    productTemplateId: 1,
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'milestoneTemplate 2',
-    duration: 4,
-    type: 'type2',
-    order: 2,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-  },
-];
-
-describe('CREATE milestone template', () => {
-  beforeEach(() => testUtil.clearDb()
-    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
-    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
-  );
-  after(testUtil.clearDb);
-
-  describe('POST /productTemplates/{productTemplateId}/milestones', () => {
-    const body = {
-      param: {
-        name: 'milestoneTemplate 3',
-        description: 'description 3',
-        duration: 33,
-        type: 'type3',
-        order: 1,
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for copilot', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed product template', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1000/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 422 if missing name', (done) => {
-      const invalidBody = {
-        param: {
-          name: undefined,
-        },
-      };
-
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing duration', (done) => {
-      const invalidBody = {
-        param: {
-          duration: undefined,
-        },
-      };
-
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing type', (done) => {
-      const invalidBody = {
-        param: {
-          type: undefined,
-        },
-      };
-
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing order', (done) => {
-      const invalidBody = {
-        param: {
-          order: undefined,
-        },
-      };
-
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 201 for admin', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          should.exist(resJson.id);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.duration.should.be.eql(body.param.duration);
-          resJson.type.should.be.eql(body.param.type);
-          resJson.order.should.be.eql(body.param.order);
-
-          resJson.createdBy.should.be.eql(40051333); // admin
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          // Verify 'order' of the other milestones
-          models.ProductMilestoneTemplate.findAll({
-            where: {
-              productTemplateId: 1,
-            },
-          })
-            .then((milestones) => {
-              _.each(milestones, (milestone) => {
-                if (milestone.id === 1) {
-                  milestone.order.should.be.eql(1 + 1);
-                } else if (milestone.id === 2) {
-                  milestone.order.should.be.eql(2 + 1);
-                }
-              });
-
-              done();
-            });
-        });
-    });
-
-    it('should return 201 for connect manager', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051334); // manager
-          resJson.updatedBy.should.be.eql(40051334); // manager
-          done();
-        });
-    });
-
-    it('should return 201 for connect admin', (done) => {
-      request(server)
-        .post('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051336); // connect admin
-          resJson.updatedBy.should.be.eql(40051336); // connect admin
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/milestoneTemplates/delete.js b/src/routes/milestoneTemplates/delete.js
deleted file mode 100644
index bacb3e36..00000000
--- a/src/routes/milestoneTemplates/delete.js
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * API to delete a milestone template
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    productTemplateId: Joi.number().integer().positive().required(),
-    milestoneTemplateId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  permissions('milestoneTemplate.delete'),
-  (req, res, next) => {
-    const where = {
-      id: req.params.milestoneTemplateId,
-      deletedAt: { $eq: null },
-      productTemplateId: req.params.productTemplateId,
-    };
-
-    return models.sequelize.transaction(tx =>
-      // Update the deletedBy
-      models.ProductMilestoneTemplate.update({ deletedBy: req.authUser.userId }, {
-        where,
-        returning: true,
-        raw: true,
-        transaction: tx,
-      })
-        .then((updatedResults) => {
-          // Not found
-          if (updatedResults[0] === 0) {
-            const apiErr = new Error(
-              `Milestone template not found for milestone template id ${req.params.milestoneTemplateId}`);
-            apiErr.status = 404;
-            return Promise.reject(apiErr);
-          }
-
-          // Soft delete
-          return models.ProductMilestoneTemplate.destroy({
-            where,
-            transaction: tx,
-          });
-        })
-        .then(() => {
-          res.status(204).end();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestoneTemplates/delete.spec.js b/src/routes/milestoneTemplates/delete.spec.js
deleted file mode 100644
index 02fd111c..00000000
--- a/src/routes/milestoneTemplates/delete.spec.js
+++ /dev/null
@@ -1,187 +0,0 @@
-/**
- * Tests for delete.js
- */
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const productTemplates = [
-  {
-    name: 'name 1',
-    productKey: 'productKey 1',
-    icon: 'http://example.com/icon1.ico',
-    brief: 'brief 1',
-    details: 'details 1',
-    aliases: {
-      alias1: {
-        subAlias1A: 1,
-        subAlias1B: 2,
-      },
-      alias2: [1, 2, 3],
-    },
-    template: {
-      template1: {
-        name: 'template 1',
-        details: {
-          anyDetails: 'any details 1',
-        },
-        others: ['others 11', 'others 12'],
-      },
-      template2: {
-        name: 'template 2',
-        details: {
-          anyDetails: 'any details 2',
-        },
-        others: ['others 21', 'others 22'],
-      },
-    },
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'template 2',
-    productKey: 'productKey 2',
-    icon: 'http://example.com/icon2.ico',
-    brief: 'brief 2',
-    details: 'details 2',
-    aliases: {},
-    template: {},
-    createdBy: 3,
-    updatedBy: 4,
-    deletedAt: new Date(),
-  },
-];
-const milestoneTemplates = [
-  {
-    id: 1,
-    name: 'milestoneTemplate 1',
-    duration: 3,
-    type: 'type1',
-    order: 1,
-    productTemplateId: 1,
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    id: 2,
-    name: 'milestoneTemplate 2',
-    duration: 4,
-    type: 'type2',
-    order: 2,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-    deletedAt: new Date(),
-  },
-];
-
-describe('DELETE milestone template', () => {
-  beforeEach(() => testUtil.clearDb()
-    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
-    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
-  );
-  after(testUtil.clearDb);
-
-  describe('DELETE /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 403 for copilot', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed product template', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1234/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed milestone template', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/444')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted milestone template', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid productTemplateId param', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/0/milestones/2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid milestoneTemplateId param', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 204, for admin, if template was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for connect admin, if template was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for connect manager, if template was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-  });
-});
diff --git a/src/routes/milestoneTemplates/get.js b/src/routes/milestoneTemplates/get.js
deleted file mode 100644
index 1c1fa3f0..00000000
--- a/src/routes/milestoneTemplates/get.js
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * API to get a milestone template
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    productTemplateId: Joi.number().integer().positive().required(),
-    milestoneTemplateId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  permissions('milestoneTemplate.view'),
-  (req, res, next) => models.ProductMilestoneTemplate.findOne({
-    where: {
-      id: req.params.milestoneTemplateId,
-      productTemplateId: req.params.productTemplateId,
-    },
-    attributes: { exclude: ['deletedAt', 'deletedBy'] },
-    raw: true,
-  })
-    .then((milestoneTemplate) => {
-      // Not found
-      if (!milestoneTemplate) {
-        const apiErr = new Error(
-          `Milestone template not found for milestone template id ${req.params.milestoneTemplateId}`);
-        apiErr.status = 404;
-        return Promise.reject(apiErr);
-      }
-
-      res.json(util.wrapResponse(req.id, milestoneTemplate));
-      return Promise.resolve();
-    })
-    .catch(next),
-];
diff --git a/src/routes/milestoneTemplates/get.spec.js b/src/routes/milestoneTemplates/get.spec.js
deleted file mode 100644
index c2b144e3..00000000
--- a/src/routes/milestoneTemplates/get.spec.js
+++ /dev/null
@@ -1,189 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const should = chai.should();
-
-const productTemplates = [
-  {
-    name: 'name 1',
-    productKey: 'productKey 1',
-    icon: 'http://example.com/icon1.ico',
-    brief: 'brief 1',
-    details: 'details 1',
-    aliases: {
-      alias1: {
-        subAlias1A: 1,
-        subAlias1B: 2,
-      },
-      alias2: [1, 2, 3],
-    },
-    template: {
-      template1: {
-        name: 'template 1',
-        details: {
-          anyDetails: 'any details 1',
-        },
-        others: ['others 11', 'others 12'],
-      },
-      template2: {
-        name: 'template 2',
-        details: {
-          anyDetails: 'any details 2',
-        },
-        others: ['others 21', 'others 22'],
-      },
-    },
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'template 2',
-    productKey: 'productKey 2',
-    icon: 'http://example.com/icon2.ico',
-    brief: 'brief 2',
-    details: 'details 2',
-    aliases: {},
-    template: {},
-    createdBy: 3,
-    updatedBy: 4,
-    deletedAt: new Date(),
-  },
-];
-const milestoneTemplates = [
-  {
-    id: 1,
-    name: 'milestoneTemplate 1',
-    duration: 3,
-    type: 'type1',
-    order: 1,
-    productTemplateId: 1,
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    id: 2,
-    name: 'milestoneTemplate 2',
-    duration: 4,
-    type: 'type2',
-    order: 2,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-    deletedAt: new Date(),
-  },
-];
-
-describe('GET milestone template', () => {
-  beforeEach(() => testUtil.clearDb()
-    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
-    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
-  );
-  after(testUtil.clearDb);
-
-  describe('GET /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed product template', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1234/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed milestone template', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1111')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted milestone template', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.id.should.be.eql(milestoneTemplates[0].id);
-          resJson.name.should.be.eql(milestoneTemplates[0].name);
-          resJson.duration.should.be.eql(milestoneTemplates[0].duration);
-          resJson.type.should.be.eql(milestoneTemplates[0].type);
-          resJson.order.should.be.eql(milestoneTemplates[0].order);
-          resJson.productTemplateId.should.be.eql(milestoneTemplates[0].productTemplateId);
-
-          resJson.createdBy.should.be.eql(milestoneTemplates[0].createdBy);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(milestoneTemplates[0].updatedBy);
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(200, done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(200, done);
-    });
-  });
-});
diff --git a/src/routes/milestoneTemplates/list.js b/src/routes/milestoneTemplates/list.js
deleted file mode 100644
index 40b6ae19..00000000
--- a/src/routes/milestoneTemplates/list.js
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * API to list all milestone templates
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import _ from 'lodash';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    productTemplateId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  permissions('milestoneTemplate.view'),
-  (req, res, next) => {
-    // Parse the sort query
-    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'order';
-    if (sort && sort.indexOf(' ') === -1) {
-      sort += ' asc';
-    }
-    const sortableProps = [
-      'order asc', 'order desc',
-    ];
-    if (sort && _.indexOf(sortableProps, sort) < 0) {
-      const apiErr = new Error('Invalid sort criteria');
-      apiErr.status = 422;
-      return next(apiErr);
-    }
-    const sortColumnAndOrder = sort.split(' ');
-
-    // Get all milestone templates
-    return models.ProductMilestoneTemplate.findAll({
-      where: {
-        productTemplateId: req.params.productTemplateId,
-      },
-      order: [sortColumnAndOrder],
-      attributes: { exclude: ['deletedAt', 'deletedBy'] },
-      raw: true,
-    })
-      .then((milestoneTemplates) => {
-        res.json(util.wrapResponse(req.id, milestoneTemplates));
-      })
-      .catch(next);
-  },
-];
diff --git a/src/routes/milestoneTemplates/list.spec.js b/src/routes/milestoneTemplates/list.spec.js
deleted file mode 100644
index 87fb3228..00000000
--- a/src/routes/milestoneTemplates/list.spec.js
+++ /dev/null
@@ -1,217 +0,0 @@
-/**
- * Tests for list.js
- */
-import chai from 'chai';
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const should = chai.should();
-
-const productTemplates = [
-  {
-    name: 'name 1',
-    productKey: 'productKey 1',
-    icon: 'http://example.com/icon1.ico',
-    brief: 'brief 1',
-    details: 'details 1',
-    aliases: {
-      alias1: {
-        subAlias1A: 1,
-        subAlias1B: 2,
-      },
-      alias2: [1, 2, 3],
-    },
-    template: {
-      template1: {
-        name: 'template 1',
-        details: {
-          anyDetails: 'any details 1',
-        },
-        others: ['others 11', 'others 12'],
-      },
-      template2: {
-        name: 'template 2',
-        details: {
-          anyDetails: 'any details 2',
-        },
-        others: ['others 21', 'others 22'],
-      },
-    },
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'template 2',
-    productKey: 'productKey 2',
-    icon: 'http://example.com/icon2.ico',
-    brief: 'brief 2',
-    details: 'details 2',
-    aliases: {},
-    template: {},
-    createdBy: 3,
-    updatedBy: 4,
-    deletedAt: new Date(),
-  },
-];
-const milestoneTemplates = [
-  {
-    id: 1,
-    name: 'milestoneTemplate 1',
-    duration: 3,
-    type: 'type1',
-    order: 1,
-    productTemplateId: 1,
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    id: 2,
-    name: 'milestoneTemplate 2',
-    duration: 4,
-    type: 'type2',
-    order: 2,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-  },
-  {
-    id: 3,
-    name: 'milestoneTemplate 3',
-    duration: 5,
-    type: 'type3',
-    order: 3,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-    deletedAt: new Date(),
-  },
-];
-
-describe('LIST milestone template', () => {
-  beforeEach(() => testUtil.clearDb()
-    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
-    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
-  );
-  after(testUtil.clearDb);
-
-  describe('GET /productTemplates/{productTemplateId}/milestones', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .expect(403, done);
-    });
-
-    it('should return 422 for invalid productTemplateId param', (done) => {
-      request(server)
-        .get('/v4/productTemplates/0/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid sort column', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones?sort=id')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid sort order', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones?sort=order%20invalid')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-          resJson[0].id.should.be.eql(milestoneTemplates[0].id);
-          resJson[0].name.should.be.eql(milestoneTemplates[0].name);
-          resJson[0].duration.should.be.eql(milestoneTemplates[0].duration);
-          resJson[0].type.should.be.eql(milestoneTemplates[0].type);
-          resJson[0].order.should.be.eql(milestoneTemplates[0].order);
-          resJson[0].productTemplateId.should.be.eql(milestoneTemplates[0].productTemplateId);
-
-          resJson[0].createdBy.should.be.eql(milestoneTemplates[0].createdBy);
-          should.exist(resJson[0].createdAt);
-          resJson[0].updatedBy.should.be.eql(milestoneTemplates[0].updatedBy);
-          should.exist(resJson[0].updatedAt);
-          should.not.exist(resJson[0].deletedBy);
-          should.not.exist(resJson[0].deletedAt);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(200, done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(200, done);
-    });
-
-    it('should return 200 with sort desc', (done) => {
-      request(server)
-        .get('/v4/productTemplates/1/milestones?sort=order%20desc')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-          resJson[0].id.should.be.eql(2);
-          resJson[1].id.should.be.eql(1);
-
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/milestoneTemplates/update.js b/src/routes/milestoneTemplates/update.js
deleted file mode 100644
index 65da9e9f..00000000
--- a/src/routes/milestoneTemplates/update.js
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * API to update a milestone template
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import Sequelize from 'sequelize';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    productTemplateId: Joi.number().integer().positive().required(),
-    milestoneTemplateId: Joi.number().integer().positive().required(),
-  },
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      duration: Joi.number().integer().required(),
-      type: Joi.string().max(45).required(),
-      order: Joi.number().integer().required(),
-      productTemplateId: Joi.any().strip(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  permissions('milestoneTemplate.edit'),
-  (req, res, next) => {
-    const entityToUpdate = _.assign(req.body.param, {
-      updatedBy: req.authUser.userId,
-    });
-
-    let original;
-    let updated;
-
-    return models.sequelize.transaction(() =>
-      // Get the milestone template
-      models.ProductMilestoneTemplate.findOne({
-        where: {
-          id: req.params.milestoneTemplateId,
-          productTemplateId: req.params.productTemplateId,
-        },
-        attributes: { exclude: ['deletedAt', 'deletedBy'] },
-      })
-        .then((milestoneTemplate) => {
-          // Not found
-          if (!milestoneTemplate) {
-            const apiErr = new Error(`Milestone template not found for template id ${req.params.milestoneTemplateId}`);
-            apiErr.status = 404;
-            return Promise.reject(apiErr);
-          }
-
-          original = _.omit(milestoneTemplate.toJSON(), ['deletedAt', 'deletedBy']);
-
-          // Update
-          return milestoneTemplate.update(entityToUpdate);
-        })
-        .then((milestoneTemplate) => {
-          updated = _.omit(milestoneTemplate.toJSON(), ['deletedAt', 'deletedBy']);
-
-          // Update order of the other milestones only if the order was changed
-          if (original.order === updated.order) {
-            return Promise.resolve();
-          }
-
-          return models.ProductMilestoneTemplate.count({
-            where: {
-              productTemplateId: updated.productTemplateId,
-              id: { $ne: updated.id },
-              order: updated.order,
-            },
-          })
-            .then((count) => {
-              if (count === 0) {
-                return Promise.resolve();
-              }
-
-              // Increase the order from M to K: if there is an item with order K,
-              // orders from M+1 to K should be made M to K-1
-              if (original.order < updated.order) {
-                return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" - 1') }, {
-                  where: {
-                    productTemplateId: updated.productTemplateId,
-                    id: { $ne: updated.id },
-                    order: { $between: [original.order + 1, updated.order] },
-                  },
-                });
-              }
-
-              // Decrease the order from M to K: if there is an item with order K,
-              // orders from K to M-1 should be made K+1 to M
-              return models.ProductMilestoneTemplate.update({ order: Sequelize.literal('"order" + 1') }, {
-                where: {
-                  productTemplateId: updated.productTemplateId,
-                  id: { $ne: updated.id },
-                  order: { $between: [updated.order, original.order - 1] },
-                },
-              });
-            });
-        })
-        .then(() => {
-          res.json(util.wrapResponse(req.id, updated));
-          return Promise.resolve();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestoneTemplates/update.spec.js b/src/routes/milestoneTemplates/update.spec.js
deleted file mode 100644
index 297f6ea9..00000000
--- a/src/routes/milestoneTemplates/update.spec.js
+++ /dev/null
@@ -1,428 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const should = chai.should();
-
-const productTemplates = [
-  {
-    name: 'name 1',
-    productKey: 'productKey 1',
-    icon: 'http://example.com/icon1.ico',
-    brief: 'brief 1',
-    details: 'details 1',
-    aliases: {
-      alias1: {
-        subAlias1A: 1,
-        subAlias1B: 2,
-      },
-      alias2: [1, 2, 3],
-    },
-    template: {
-      template1: {
-        name: 'template 1',
-        details: {
-          anyDetails: 'any details 1',
-        },
-        others: ['others 11', 'others 12'],
-      },
-      template2: {
-        name: 'template 2',
-        details: {
-          anyDetails: 'any details 2',
-        },
-        others: ['others 21', 'others 22'],
-      },
-    },
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    name: 'template 2',
-    productKey: 'productKey 2',
-    icon: 'http://example.com/icon2.ico',
-    brief: 'brief 2',
-    details: 'details 2',
-    aliases: {},
-    template: {},
-    createdBy: 3,
-    updatedBy: 4,
-    deletedAt: new Date(),
-  },
-];
-const milestoneTemplates = [
-  {
-    id: 1,
-    name: 'milestoneTemplate 1',
-    duration: 3,
-    type: 'type1',
-    order: 1,
-    productTemplateId: 1,
-    createdBy: 1,
-    updatedBy: 2,
-  },
-  {
-    id: 2,
-    name: 'milestoneTemplate 2',
-    duration: 4,
-    type: 'type2',
-    order: 2,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-  },
-  {
-    id: 3,
-    name: 'milestoneTemplate 3',
-    duration: 5,
-    type: 'type3',
-    order: 3,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-  },
-  {
-    id: 4,
-    name: 'milestoneTemplate 4',
-    duration: 5,
-    type: 'type4',
-    order: 4,
-    productTemplateId: 1,
-    createdBy: 2,
-    updatedBy: 3,
-    deletedAt: new Date(),
-  },
-];
-
-describe('UPDATE milestone template', () => {
-  beforeEach(() => testUtil.clearDb()
-    .then(() => models.ProductTemplate.bulkCreate(productTemplates))
-    .then(() => models.ProductMilestoneTemplate.bulkCreate(milestoneTemplates)),
-  );
-  after(testUtil.clearDb);
-
-  describe('PATCH /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}', () => {
-    const body = {
-      param: {
-        name: 'milestoneTemplate 1-updated',
-        description: 'description-updated',
-        duration: 6,
-        type: 'type1-updated',
-        order: 5,
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for copilot', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 422 for missing name', (done) => {
-      const invalidBody = {
-        param: {
-          name: undefined,
-        },
-      };
-
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect(422, done);
-    });
-
-    it('should return 422 for missing type', (done) => {
-      const invalidBody = {
-        param: {
-          type: undefined,
-        },
-      };
-
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect(422, done);
-    });
-
-    it('should return 422 for missing duration', (done) => {
-      const invalidBody = {
-        param: {
-          duration: undefined,
-        },
-      };
-
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect(422, done);
-    });
-
-    it('should return 422 for missing order', (done) => {
-      const invalidBody = {
-        param: {
-          order: undefined,
-        },
-      };
-
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect(422, done);
-    });
-
-    it('should return 404 for non-existed product template', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/122/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed milestone template', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/111')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted milestone template', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/4')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.id.should.be.eql(1);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.duration.should.be.eql(body.param.duration);
-          resJson.type.should.be.eql(body.param.type);
-          resJson.order.should.be.eql(body.param.order);
-
-          should.exist(resJson.createdBy);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          done();
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order increases and replaces another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 3 }) }) // 1 to 3
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 3
-          // Milestone 2: order 2 - 1 = 1
-          // Milestone 3: order 3 - 1 = 2
-          setTimeout(() => {
-            models.ProductMilestoneTemplate.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order increases and doesnot replace another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-      .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 4 }) }) // 1 to 4
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 4
-          // Milestone 2: order 2
-          // Milestone 3: order 3
-          setTimeout(() => {
-            models.ProductMilestoneTemplate.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(4);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order decreases and replaces another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-      .patch('/v4/productTemplates/1/milestones/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 1 }) }) // 3 to 1
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 2
-          // Milestone 2: order 3
-          // Milestone 3: order 1
-          setTimeout(() => {
-            models.ProductMilestoneTemplate.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order decreases and doesnot replace another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-      .patch('/v4/productTemplates/1/milestones/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 3 to 0
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 1
-          // Milestone 2: order 2
-          // Milestone 3: order 0
-          setTimeout(() => {
-            models.ProductMilestoneTemplate.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.ProductMilestoneTemplate.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(0);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .patch('/v4/productTemplates/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-  });
-});
diff --git a/src/routes/milestones/create.js b/src/routes/milestones/create.js
deleted file mode 100644
index f653d685..00000000
--- a/src/routes/milestones/create.js
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * API to add a milestone
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import Sequelize from 'sequelize';
-import util from '../../util';
-import models from '../../models';
-import { EVENT } from '../../constants';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-  },
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      duration: Joi.number().integer().required(),
-      startDate: Joi.date().required(),
-      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      completionDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      status: Joi.string().max(45).required(),
-      type: Joi.string().max(45).required(),
-      details: Joi.object(),
-      order: Joi.number().integer().required(),
-      plannedText: Joi.string().max(512).required(),
-      activeText: Joi.string().max(512).required(),
-      completedText: Joi.string().max(512).required(),
-      blockedText: Joi.string().max(512).required(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params
-  // for checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('milestone.create'),
-  (req, res, next) => {
-    const entity = _.assign(req.body.param, {
-      createdBy: req.authUser.userId,
-      updatedBy: req.authUser.userId,
-      timelineId: req.params.timelineId,
-    });
-    let result;
-
-    // Validate startDate and endDate to be within the timeline startDate and endDate
-    let error;
-    if (req.body.param.startDate < req.timeline.startDate) {
-      error = 'Milestone startDate must not be before the timeline startDate';
-    } else if (req.body.param.endDate && req.timeline.endDate && req.body.param.endDate > req.timeline.endDate) {
-      error = 'Milestone endDate must not be after the timeline endDate';
-    }
-    if (error) {
-      const apiErr = new Error(error);
-      apiErr.status = 422;
-      return next(apiErr);
-    }
-
-    return models.sequelize.transaction(tx =>
-      // Save to DB
-      models.Milestone.create(entity, { transaction: tx })
-        .then((createdEntity) => {
-          // Omit deletedAt, deletedBy
-          result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
-
-          // Send event to bus
-          req.log.debug('Sending event to RabbitMQ bus for milestone %d', result.id);
-          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_ADDED,
-            result,
-            { correlationId: req.id },
-          );
-
-          // Increase the order of the other milestones in the same timeline,
-          // which have `order` >= this milestone order
-          return models.Milestone.update({ order: Sequelize.literal('"order" + 1') }, {
-            where: {
-              timelineId: result.timelineId,
-              id: { $ne: result.id },
-              order: { $gte: result.order },
-            },
-            transaction: tx,
-          });
-        })
-        .then(() => {
-          // Do not send events for the updated milestones here,
-          // because it will make 'version conflict' error in ES.
-          // The order of the other milestones need to be updated in the MILESTONE_ADDED event handler
-
-          // Write to the response
-          res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
-          return Promise.resolve();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestones/create.spec.js b/src/routes/milestones/create.spec.js
deleted file mode 100644
index 98e72001..00000000
--- a/src/routes/milestones/create.spec.js
+++ /dev/null
@@ -1,606 +0,0 @@
-/**
- * Tests for create.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import models from '../../models';
-import { EVENT } from '../../constants';
-
-const should = chai.should();
-
-describe('CREATE milestone', () => {
-  let projectId1;
-  let projectId2;
-
-  beforeEach((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ], { returning: true })
-          .then((projects) => {
-            projectId1 = projects[0].id;
-            projectId2 = projects[1].id;
-
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: projectId1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: projectId1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-               models.ProjectPhase.bulkCreate([
-                 {
-                   projectId: projectId1,
-                   name: 'test project phase 1',
-                   status: 'active',
-                   startDate: '2018-05-15T00:00:00Z',
-                   endDate: '2018-05-15T12:00:00Z',
-                   budget: 20.0,
-                   progress: 1.23456,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 1,
-                   updatedBy: 1,
-                 },
-                 {
-                   projectId: projectId2,
-                   name: 'test project phase 2',
-                   status: 'active',
-                   startDate: '2018-05-16T00:00:00Z',
-                   endDate: '2018-05-16T12:00:00Z',
-                   budget: 21.0,
-                   progress: 1.234567,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 2,
-                   updatedBy: 2,
-                   deletedAt: '2018-05-15T00:00:00Z',
-                 },
-               ]))
-              .then(() =>
-                // Create timelines
-                 models.Timeline.bulkCreate([
-                   {
-                     name: 'name 1',
-                     description: 'description 1',
-                     startDate: '2018-05-02T00:00:00.000Z',
-                     endDate: '2018-06-12T00:00:00.000Z',
-                     reference: 'project',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 2',
-                     description: 'description 2',
-                     startDate: '2018-05-12T00:00:00.000Z',
-                     endDate: '2018-06-13T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 3',
-                     description: 'description 3',
-                     startDate: '2018-05-13T00:00:00.000Z',
-                     endDate: '2018-06-14T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                     deletedAt: '2018-05-14T00:00:00.000Z',
-                   },
-                 ]))
-              .then(() => {
-                // Create milestones
-                models.Milestone.bulkCreate([
-                  {
-                    timelineId: 1,
-                    name: 'milestone 1',
-                    duration: 2,
-                    startDate: '2018-05-03T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 2',
-                    duration: 3,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type2',
-                    order: 2,
-                    plannedText: 'plannedText 2',
-                    activeText: 'activeText 2',
-                    completedText: 'completedText 2',
-                    blockedText: 'blockedText 2',
-                    createdBy: 2,
-                    updatedBy: 3,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 3',
-                    duration: 4,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type3',
-                    order: 3,
-                    plannedText: 'plannedText 3',
-                    activeText: 'activeText 3',
-                    completedText: 'completedText 3',
-                    blockedText: 'blockedText 3',
-                    createdBy: 3,
-                    updatedBy: 4,
-                  },
-                ])
-                  .then(() => done());
-              });
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('POST /timelines/{timelineId}/milestones', () => {
-    const body = {
-      param: {
-        name: 'milestone 4',
-        description: 'description 4',
-        duration: 4,
-        startDate: '2018-05-05T00:00:00.000Z',
-        endDate: '2018-05-07T00:00:00.000Z',
-        completionDate: '2018-05-08T00:00:00.000Z',
-        status: 'open',
-        type: 'type4',
-        details: {
-          detail1: {
-            subDetail1C: 4,
-          },
-          detail2: [
-            3,
-            4,
-            5,
-          ],
-        },
-        order: 2,
-        plannedText: 'plannedText 4',
-        activeText: 'activeText 4',
-        completedText: 'completedText 4',
-        blockedText: 'blockedText 4',
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 422 if missing name', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          name: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing duration', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          duration: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing type', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          type: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing order', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          order: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing plannedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          plannedText: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing activeText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          activeText: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing completedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          completedText: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing blockedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          blockedText: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          endDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after completionDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          completionDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is before the timeline startDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-01T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if endDate is after the timeline endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          endDate: '2018-06-13T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if invalid timelineId param', (done) => {
-      request(server)
-        .post('/v4/timelines/0/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 404 if timeline does not exist', (done) => {
-      request(server)
-        .post('/v4/timelines/1000/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(404, done);
-    });
-
-    it('should return 404 if timeline was deleted', (done) => {
-      request(server)
-        .post('/v4/timelines/3/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(404, done);
-    });
-
-    it('should return 201 for admin', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          should.exist(resJson.id);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.duration.should.be.eql(body.param.duration);
-          resJson.startDate.should.be.eql(body.param.startDate);
-          resJson.endDate.should.be.eql(body.param.endDate);
-          resJson.completionDate.should.be.eql(body.param.completionDate);
-          resJson.status.should.be.eql(body.param.status);
-          resJson.type.should.be.eql(body.param.type);
-          resJson.details.should.be.eql(body.param.details);
-          resJson.order.should.be.eql(body.param.order);
-          resJson.plannedText.should.be.eql(body.param.plannedText);
-          resJson.activeText.should.be.eql(body.param.activeText);
-          resJson.completedText.should.be.eql(body.param.completedText);
-          resJson.blockedText.should.be.eql(body.param.blockedText);
-
-          resJson.createdBy.should.be.eql(40051333); // admin
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          // eslint-disable-next-line no-unused-expressions
-          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_ADDED).should.be.true;
-
-          // Verify 'order' of the other milestones
-          models.Milestone.findAll({ where: { timelineId: 1 } })
-            .then((milestones) => {
-              _.each(milestones, (milestone) => {
-                if (milestone.id === 1) {
-                  milestone.order.should.be.eql(1);
-                } else if (milestone.id === 2) {
-                  milestone.order.should.be.eql(2 + 1);
-                } else if (milestone.id === 3) {
-                  milestone.order.should.be.eql(3 + 1);
-                }
-              });
-
-              done();
-            });
-        });
-    });
-
-    it('should return 201 for connect manager', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051334); // manager
-          resJson.updatedBy.should.be.eql(40051334); // manager
-          done();
-        });
-    });
-
-    it('should return 201 for connect admin', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051336); // connect admin
-          resJson.updatedBy.should.be.eql(40051336); // connect admin
-          done();
-        });
-    });
-
-    it('should return 201 for copilot', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051332); // copilot
-          resJson.updatedBy.should.be.eql(40051332); // copilot
-          done();
-        });
-    });
-
-    it('should return 201 for member', (done) => {
-      request(server)
-        .post('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051331); // member
-          resJson.updatedBy.should.be.eql(40051331); // member
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/milestones/delete.js b/src/routes/milestones/delete.js
deleted file mode 100644
index f7074cc0..00000000
--- a/src/routes/milestones/delete.js
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * API to delete a timeline
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import models from '../../models';
-import { EVENT } from '../../constants';
-import util from '../../util';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-    milestoneId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params for
-  // checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('milestone.delete'),
-  (req, res, next) => {
-    const where = {
-      timelineId: req.params.timelineId,
-      id: req.params.milestoneId,
-    };
-
-    return models.sequelize.transaction(tx =>
-      // Find the milestone
-      models.Milestone.findOne({
-        where,
-        transaction: tx,
-      })
-        .then((milestone) => {
-          // Not found
-          if (!milestone) {
-            const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
-            apiErr.status = 404;
-            return Promise.reject(apiErr);
-          }
-
-          // Update the deletedBy, and soft delete
-          return milestone.update({ deletedBy: req.authUser.userId }, { transaction: tx })
-            .then(() => milestone.destroy({ transaction: tx }));
-        })
-        .then((deleted) => {
-          // Send event to bus
-          req.log.debug('Sending event to RabbitMQ bus for milestone %d', deleted.id);
-          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_REMOVED,
-            deleted,
-            { correlationId: req.id },
-          );
-
-          // Write to response
-          res.status(204).end();
-          return Promise.resolve();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestones/delete.spec.js b/src/routes/milestones/delete.spec.js
deleted file mode 100644
index 21502333..00000000
--- a/src/routes/milestones/delete.spec.js
+++ /dev/null
@@ -1,325 +0,0 @@
-/**
- * Tests for delete.js
- */
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import { EVENT } from '../../constants';
-
-
-describe('DELETE milestone', () => {
-  beforeEach((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-               models.ProjectPhase.bulkCreate([
-                 {
-                   projectId: 1,
-                   name: 'test project phase 1',
-                   status: 'active',
-                   startDate: '2018-05-15T00:00:00Z',
-                   endDate: '2018-05-15T12:00:00Z',
-                   budget: 20.0,
-                   progress: 1.23456,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 1,
-                   updatedBy: 1,
-                 },
-                 {
-                   projectId: 2,
-                   name: 'test project phase 2',
-                   status: 'active',
-                   startDate: '2018-05-16T00:00:00Z',
-                   endDate: '2018-05-16T12:00:00Z',
-                   budget: 21.0,
-                   progress: 1.234567,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 2,
-                   updatedBy: 2,
-                   deletedAt: '2018-05-15T00:00:00Z',
-                 },
-               ]))
-              .then(() =>
-                // Create timelines
-                 models.Timeline.bulkCreate([
-                   {
-                     name: 'name 1',
-                     description: 'description 1',
-                     startDate: '2018-05-11T00:00:00.000Z',
-                     endDate: '2018-05-12T00:00:00.000Z',
-                     reference: 'project',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 2',
-                     description: 'description 2',
-                     startDate: '2018-05-12T00:00:00.000Z',
-                     endDate: '2018-05-13T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 3',
-                     description: 'description 3',
-                     startDate: '2018-05-13T00:00:00.000Z',
-                     endDate: '2018-05-14T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                     deletedAt: '2018-05-14T00:00:00.000Z',
-                   },
-                 ]))
-              .then(() => {
-                // Create milestones
-                models.Milestone.bulkCreate([
-                  {
-                    timelineId: 1,
-                    name: 'milestone 1',
-                    duration: 2,
-                    startDate: '2018-05-03T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 2',
-                    duration: 3,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type2',
-                    order: 2,
-                    plannedText: 'plannedText 2',
-                    activeText: 'activeText 2',
-                    completedText: 'completedText 2',
-                    blockedText: 'blockedText 2',
-                    createdBy: 2,
-                    updatedBy: 3,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 3',
-                    duration: 4,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type3',
-                    order: 3,
-                    plannedText: 'plannedText 3',
-                    activeText: 'activeText 3',
-                    completedText: 'completedText 3',
-                    blockedText: 'blockedText 3',
-                    createdBy: 3,
-                    updatedBy: 4,
-                    deletedBy: 1,
-                    deletedAt: '2018-05-04T00:00:00.000Z',
-                  },
-                ])
-                  .then(() => done());
-              });
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('DELETE /timelines/{timelineId}/milestones/{milestoneId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
-      request(server)
-        .delete('/v4/timelines/2/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .delete('/v4/timelines/1234/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .delete('/v4/timelines/3/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed milestone', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/100')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted milestone', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid timelineId param', (done) => {
-      request(server)
-        .delete('/v4/timelines/0/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid milestoneId param', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 204, for admin, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(204)
-        .end(() => {
-          // eslint-disable-next-line no-unused-expressions
-          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_REMOVED).should.be.true;
-          done();
-        });
-    });
-
-    it('should return 204, for connect admin, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for connect manager, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for copilot, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for member, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-  });
-});
diff --git a/src/routes/milestones/get.js b/src/routes/milestones/get.js
deleted file mode 100644
index c35a3e86..00000000
--- a/src/routes/milestones/get.js
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * API to get a milestone
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import _ from 'lodash';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-    milestoneId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params for
-  // checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('milestone.view'),
-  (req, res, next) => {
-    const where = {
-      timelineId: req.params.timelineId,
-      id: req.params.milestoneId,
-    };
-
-    // Find the milestone
-    models.Milestone.findOne({ where })
-      .then((milestone) => {
-        // Not found
-        if (!milestone) {
-          const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
-          apiErr.status = 404;
-          return Promise.reject(apiErr);
-        }
-
-        // Write to response
-        res.json(util.wrapResponse(req.id, _.omit(milestone.toJSON(), ['deletedBy', 'deletedAt'])));
-        return Promise.resolve();
-      })
-      .catch(next);
-  },
-];
diff --git a/src/routes/milestones/get.spec.js b/src/routes/milestones/get.spec.js
deleted file mode 100644
index 919b756d..00000000
--- a/src/routes/milestones/get.spec.js
+++ /dev/null
@@ -1,342 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const should = chai.should();
-
-describe('GET milestone', () => {
-  before((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ])
-              .then(() =>
-                // Create phase
-                 models.ProjectPhase.bulkCreate([
-                   {
-                     projectId: 1,
-                     name: 'test project phase 1',
-                     status: 'active',
-                     startDate: '2018-05-15T00:00:00Z',
-                     endDate: '2018-05-15T12:00:00Z',
-                     budget: 20.0,
-                     progress: 1.23456,
-                     details: {
-                       message: 'This can be any json 2',
-                     },
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     projectId: 2,
-                     name: 'test project phase 2',
-                     status: 'active',
-                     startDate: '2018-05-16T00:00:00Z',
-                     endDate: '2018-05-16T12:00:00Z',
-                     budget: 21.0,
-                     progress: 1.234567,
-                     details: {
-                       message: 'This can be any json 2',
-                     },
-                     createdBy: 2,
-                     updatedBy: 2,
-                     deletedAt: '2018-05-15T00:00:00Z',
-                   },
-                 ]))
-              .then(() =>
-                // Create timelines
-                 models.Timeline.bulkCreate([
-                   {
-                     name: 'name 1',
-                     description: 'description 1',
-                     startDate: '2018-05-11T00:00:00.000Z',
-                     endDate: '2018-05-12T00:00:00.000Z',
-                     reference: 'project',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 2',
-                     description: 'description 2',
-                     startDate: '2018-05-12T00:00:00.000Z',
-                     endDate: '2018-05-13T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                   },
-                   {
-                     name: 'name 3',
-                     description: 'description 3',
-                     startDate: '2018-05-13T00:00:00.000Z',
-                     endDate: '2018-05-14T00:00:00.000Z',
-                     reference: 'phase',
-                     referenceId: 1,
-                     createdBy: 1,
-                     updatedBy: 1,
-                     deletedAt: '2018-05-14T00:00:00.000Z',
-                   },
-                 ]))
-              .then(() => {
-                // Create milestones
-                models.Milestone.bulkCreate([
-                  {
-                    timelineId: 1,
-                    name: 'milestone 1',
-                    duration: 2,
-                    startDate: '2018-05-03T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 2',
-                    duration: 3,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type2',
-                    order: 2,
-                    plannedText: 'plannedText 2',
-                    activeText: 'activeText 2',
-                    completedText: 'completedText 2',
-                    blockedText: 'blockedText 2',
-                    createdBy: 2,
-                    updatedBy: 3,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 3',
-                    duration: 4,
-                    startDate: '2018-05-04T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type3',
-                    order: 3,
-                    plannedText: 'plannedText 3',
-                    activeText: 'activeText 3',
-                    completedText: 'completedText 3',
-                    blockedText: 'blockedText 3',
-                    createdBy: 3,
-                    updatedBy: 4,
-                    deletedBy: 1,
-                    deletedAt: '2018-05-04T00:00:00.000Z',
-                  },
-                ])
-                  .then(() => done());
-              });
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('GET /timelines/{timelineId}/milestones/{milestoneId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .get('/v4/timelines/1234/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .get('/v4/timelines/3/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed milestone', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1234')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted milestone', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid timelineId param', (done) => {
-      request(server)
-        .get('/v4/timelines/0/milestones/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid milestoneId param', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.id.should.be.eql(1);
-          resJson.timelineId.should.be.eql(1);
-          resJson.name.should.be.eql('milestone 1');
-          resJson.duration.should.be.eql(2);
-          resJson.startDate.should.be.eql('2018-05-03T00:00:00.000Z');
-          resJson.status.should.be.eql('open');
-          resJson.type.should.be.eql('type1');
-          resJson.details.should.be.eql({
-            detail1: {
-              subDetail1A: 1,
-              subDetail1B: 2,
-            },
-            detail2: [1, 2, 3],
-          });
-          resJson.order.should.be.eql(1);
-          resJson.plannedText.should.be.eql('plannedText 1');
-          resJson.activeText.should.be.eql('activeText 1');
-          resJson.completedText.should.be.eql('completedText 1');
-          resJson.blockedText.should.be.eql('blockedText 1');
-
-          resJson.createdBy.should.be.eql(1);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(2);
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(200, done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(200, done);
-    });
-  });
-});
diff --git a/src/routes/milestones/list.js b/src/routes/milestones/list.js
deleted file mode 100644
index 6ae2d5c2..00000000
--- a/src/routes/milestones/list.js
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * API to list all milestones
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import config from 'config';
-import _ from 'lodash';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-
-const permissions = tcMiddleware.permissions;
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params for
-  // checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('milestone.view'),
-  (req, res, next) => {
-    // Parse the sort query
-    let sort = req.query.sort ? decodeURIComponent(req.query.sort) : 'order';
-    if (sort && sort.indexOf(' ') === -1) {
-      sort += ' asc';
-    }
-    const sortableProps = [
-      'order asc', 'order desc',
-    ];
-    if (sort && _.indexOf(sortableProps, sort) < 0) {
-      const apiErr = new Error('Invalid sort criteria');
-      apiErr.status = 422;
-      return next(apiErr);
-    }
-    const sortColumnAndOrder = sort.split(' ');
-
-    // Get timeline from ES
-    return util.getElasticSearchClient().get({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      id: req.params.timelineId,
-    })
-      .then((doc) => {
-        if (!doc) {
-          const err = new Error(`Timeline not found for timeline id ${req.params.timelineId}`);
-          err.status = 404;
-          throw err;
-        }
-
-        // Get the milestones
-        let milestones = _.isArray(doc._source.milestones) ? doc._source.milestones : []; // eslint-disable-line no-underscore-dangle
-
-        // Sort
-        milestones = _.orderBy(milestones, [sortColumnAndOrder[0]], [sortColumnAndOrder[1]]);
-
-        // Write to response
-        res.json(util.wrapResponse(req.id, milestones, milestones.length));
-      })
-      .catch(err => next(err));
-  },
-];
diff --git a/src/routes/milestones/list.spec.js b/src/routes/milestones/list.spec.js
deleted file mode 100644
index 0240ee43..00000000
--- a/src/routes/milestones/list.spec.js
+++ /dev/null
@@ -1,324 +0,0 @@
-/**
- * Tests for list.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import sleep from 'sleep';
-import config from 'config';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-
-// eslint-disable-next-line no-unused-vars
-const should = chai.should();
-
-const timelines = [
-  {
-    id: 1,
-    name: 'name 1',
-    description: 'description 1',
-    startDate: '2018-05-11T00:00:00.000Z',
-    endDate: '2018-05-12T00:00:00.000Z',
-    reference: 'project',
-    referenceId: 1,
-    createdBy: 1,
-    updatedBy: 1,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-];
-const milestones = [
-  {
-    id: 1,
-    timelineId: 1,
-    name: 'milestone 1',
-    duration: 2,
-    startDate: '2018-05-03T00:00:00.000Z',
-    endDate: '2018-05-04T00:00:00.000Z',
-    completionDate: '2018-05-05T00:00:00.000Z',
-    status: 'open',
-    type: 'type1',
-    details: {
-      detail1: {
-        subDetail1A: 1,
-        subDetail1B: 2,
-      },
-      detail2: [1, 2, 3],
-    },
-    order: 1,
-    plannedText: 'plannedText 1',
-    activeText: 'activeText 1',
-    completedText: 'completedText 1',
-    blockedText: 'blockedText 1',
-    createdBy: 1,
-    updatedBy: 2,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-  {
-    id: 2,
-    timelineId: 1,
-    name: 'milestone 2',
-    duration: 3,
-    startDate: '2018-05-04T00:00:00.000Z',
-    status: 'open',
-    type: 'type2',
-    order: 2,
-    plannedText: 'plannedText 2',
-    activeText: 'activeText 2',
-    completedText: 'completedText 2',
-    blockedText: 'blockedText 2',
-    createdBy: 2,
-    updatedBy: 3,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-];
-
-describe('LIST timelines', () => {
-  before(function beforeHook(done) {
-    this.timeout(10000);
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: 1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: 2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                },
-              ]))
-              .then(() =>
-                // Create timelines and milestones
-                models.Timeline.bulkCreate(timelines)
-                  .then(() => models.Milestone.bulkCreate(milestones)))
-              .then(() => {
-                // Index to ES
-                timelines[0].milestones = milestones;
-                timelines[0].projectId = 1;
-                return server.services.es.index({
-                  index: ES_TIMELINE_INDEX,
-                  type: ES_TIMELINE_TYPE,
-                  id: timelines[0].id,
-                  body: timelines[0],
-                })
-                  .then(() => {
-                    // sleep for some time, let elasticsearch indices be settled
-                    sleep.sleep(5);
-                    done();
-                  });
-              });
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('GET /timelines/{timelineId}/milestones', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member with no accessible project', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for not-existed timeline', (done) => {
-      request(server)
-        .get('/v4/timelines/11/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid sort column', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones?sort=id%20asc')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid sort order', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones?sort=order%20invalid')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          resJson[0].should.be.eql(milestones[0]);
-          resJson[1].should.be.eql(milestones[1]);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 with sort by order desc', (done) => {
-      request(server)
-        .get('/v4/timelines/1/milestones?sort=order%20desc')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          resJson[0].should.be.eql(milestones[1]);
-          resJson[1].should.be.eql(milestones[0]);
-
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/milestones/update.js b/src/routes/milestones/update.js
deleted file mode 100644
index 5641d290..00000000
--- a/src/routes/milestones/update.js
+++ /dev/null
@@ -1,161 +0,0 @@
-/**
- * API to update a milestone
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import Sequelize from 'sequelize';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import { EVENT } from '../../constants';
-import models from '../../models';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-    milestoneId: Joi.number().integer().positive().required(),
-  },
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      duration: Joi.number().integer().required(),
-      startDate: Joi.date().required(),
-      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      completionDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      status: Joi.string().max(45).required(),
-      type: Joi.string().max(45).required(),
-      details: Joi.object(),
-      order: Joi.number().integer().required(),
-      plannedText: Joi.string().max(512).required(),
-      activeText: Joi.string().max(512).required(),
-      completedText: Joi.string().max(512).required(),
-      blockedText: Joi.string().max(512).required(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param,
-  // and set to request params for checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('milestone.edit'),
-  (req, res, next) => {
-    const where = {
-      timelineId: req.params.timelineId,
-      id: req.params.milestoneId,
-    };
-    const entityToUpdate = _.assign(req.body.param, {
-      updatedBy: req.authUser.userId,
-      timelineId: req.params.timelineId,
-    });
-
-    // Validate startDate and endDate to be within the timeline startDate and endDate
-    let error;
-    if (req.body.param.startDate < req.timeline.startDate) {
-      error = 'Milestone startDate must not be before the timeline startDate';
-    } else if (req.body.param.endDate && req.timeline.endDate && req.body.param.endDate > req.timeline.endDate) {
-      error = 'Milestone endDate must not be after the timeline endDate';
-    }
-    if (error) {
-      const apiErr = new Error(error);
-      apiErr.status = 422;
-      return next(apiErr);
-    }
-
-    let original;
-    let updated;
-
-    return models.sequelize.transaction(() =>
-      // Find the milestone
-      models.Milestone.findOne({ where })
-        .then((milestone) => {
-          // Not found
-          if (!milestone) {
-            const apiErr = new Error(`Milestone not found for milestone id ${req.params.milestoneId}`);
-            apiErr.status = 404;
-            return Promise.reject(apiErr);
-          }
-
-          original = _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']);
-
-          // Merge JSON fields
-          entityToUpdate.details = util.mergeJsonObjects(milestone.details, entityToUpdate.details);
-
-          // Update
-          return milestone.update(entityToUpdate);
-        })
-        .then((updatedMilestone) => {
-          // Omit deletedAt, deletedBy
-          updated = _.omit(updatedMilestone.toJSON(), 'deletedAt', 'deletedBy');
-
-          // Update order of the other milestones only if the order was changed
-          if (original.order === updated.order) {
-            return Promise.resolve();
-          }
-
-          return models.Milestone.count({
-            where: {
-              timelineId: updated.timelineId,
-              id: { $ne: updated.id },
-              order: updated.order,
-            },
-          })
-            .then((count) => {
-              if (count === 0) {
-                return Promise.resolve();
-              }
-
-              // Increase the order from M to K: if there is an item with order K,
-              // orders from M+1 to K should be made M to K-1
-              if (original.order < updated.order) {
-                return models.Milestone.update({ order: Sequelize.literal('"order" - 1') }, {
-                  where: {
-                    timelineId: updated.timelineId,
-                    id: { $ne: updated.id },
-                    order: { $between: [original.order + 1, updated.order] },
-                  },
-                });
-              }
-
-              // Decrease the order from M to K: if there is an item with order K,
-              // orders from K to M-1 should be made K+1 to M
-              return models.Milestone.update({ order: Sequelize.literal('"order" + 1') }, {
-                where: {
-                  timelineId: updated.timelineId,
-                  id: { $ne: updated.id },
-                  order: { $between: [updated.order, original.order - 1] },
-                },
-              });
-            });
-        })
-        .then(() => {
-          // Send event to bus
-          req.log.debug('Sending event to RabbitMQ bus for milestone %d', updated.id);
-          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.MILESTONE_UPDATED,
-            { original, updated },
-            { correlationId: req.id },
-          );
-
-          // Do not send events for the the other milestones (updated order) here,
-          // because it will make 'version conflict' error in ES.
-          // The order of the other milestones need to be updated in the MILESTONE_UPDATED event above
-
-          // Write to response
-          res.json(util.wrapResponse(req.id, updated));
-          return Promise.resolve();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/milestones/update.spec.js b/src/routes/milestones/update.spec.js
deleted file mode 100644
index fca57115..00000000
--- a/src/routes/milestones/update.spec.js
+++ /dev/null
@@ -1,981 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import { EVENT } from '../../constants';
-
-const should = chai.should();
-
-describe('UPDATE Milestone', () => {
-  beforeEach((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: 1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: 2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                  deletedAt: '2018-05-15T00:00:00Z',
-                },
-              ]))
-              .then(() =>
-                // Create timelines
-                models.Timeline.bulkCreate([
-                  {
-                    name: 'name 1',
-                    description: 'description 1',
-                    startDate: '2018-05-02T00:00:00.000Z',
-                    endDate: '2018-06-12T00:00:00.000Z',
-                    reference: 'project',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 2',
-                    description: 'description 2',
-                    startDate: '2018-05-12T00:00:00.000Z',
-                    endDate: '2018-06-13T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 3',
-                    description: 'description 3',
-                    startDate: '2018-05-13T00:00:00.000Z',
-                    endDate: '2018-06-14T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                    deletedAt: '2018-05-14T00:00:00.000Z',
-                  },
-                ]).then(() => models.Milestone.bulkCreate([
-                  {
-                    id: 1,
-                    timelineId: 1,
-                    name: 'Milestone 1',
-                    duration: 2,
-                    startDate: '2018-05-13T00:00:00.000Z',
-                    endDate: '2018-05-14T00:00:00.000Z',
-                    completionDate: '2018-05-15T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                  {
-                    id: 2,
-                    timelineId: 1,
-                    name: 'Milestone 2',
-                    duration: 3,
-                    startDate: '2018-05-14T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type2',
-                    order: 2,
-                    plannedText: 'plannedText 2',
-                    activeText: 'activeText 2',
-                    completedText: 'completedText 2',
-                    blockedText: 'blockedText 2',
-                    createdBy: 2,
-                    updatedBy: 3,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                  {
-                    id: 3,
-                    timelineId: 1,
-                    name: 'Milestone 3',
-                    duration: 3,
-                    startDate: '2018-05-14T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type3',
-                    order: 3,
-                    plannedText: 'plannedText 3',
-                    activeText: 'activeText 3',
-                    completedText: 'completedText 3',
-                    blockedText: 'blockedText 3',
-                    createdBy: 2,
-                    updatedBy: 3,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                  {
-                    id: 4,
-                    timelineId: 1,
-                    name: 'Milestone 4',
-                    duration: 3,
-                    startDate: '2018-05-14T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type4',
-                    order: 4,
-                    plannedText: 'plannedText 4',
-                    activeText: 'activeText 4',
-                    completedText: 'completedText 4',
-                    blockedText: 'blockedText 4',
-                    createdBy: 2,
-                    updatedBy: 3,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                  {
-                    id: 5,
-                    timelineId: 1,
-                    name: 'Milestone 5',
-                    duration: 3,
-                    startDate: '2018-05-14T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type5',
-                    order: 5,
-                    plannedText: 'plannedText 5',
-                    activeText: 'activeText 5',
-                    completedText: 'completedText 5',
-                    blockedText: 'blockedText 5',
-                    createdBy: 2,
-                    updatedBy: 3,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                    deletedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                  {
-                    id: 6,
-                    timelineId: 2, // Timeline 2
-                    name: 'Milestone 6',
-                    duration: 3,
-                    startDate: '2018-05-14T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type5',
-                    order: 1,
-                    plannedText: 'plannedText 6',
-                    activeText: 'activeText 6',
-                    completedText: 'completedText 6',
-                    blockedText: 'blockedText 6',
-                    createdBy: 2,
-                    updatedBy: 3,
-                    createdAt: '2018-05-11T00:00:00.000Z',
-                    updatedAt: '2018-05-11T00:00:00.000Z',
-                  },
-                ])))
-              .then(() => done());
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('PATCH /timelines/{timelineId}/milestones/{milestoneId}', () => {
-    const body = {
-      param: {
-        name: 'Milestone 1-updated',
-        duration: 3,
-        startDate: '2018-05-14T00:00:00.000Z',
-        endDate: '2018-05-15T00:00:00.000Z',
-        completionDate: '2018-05-16T00:00:00.000Z',
-        description: 'description-updated',
-        status: 'closed',
-        type: 'type1-updated',
-        details: {
-          detail1: {
-            subDetail1A: 0,
-            subDetail1C: 3,
-          },
-          detail2: [4],
-          detail3: 3,
-        },
-        order: 1,
-        plannedText: 'plannedText 1-updated',
-        activeText: 'activeText 1-updated',
-        completedText: 'completedText 1-updated',
-        blockedText: 'blockedText 1-updated',
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .patch('/v4/timelines/1234/milestones/1')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .patch('/v4/timelines/3/milestones/1')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for non-existed Milestone', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/111')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted Milestone', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/5')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid timelineId param', (done) => {
-      request(server)
-        .patch('/v4/timelines/0/milestones/1')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 422 for invalid milestoneId param', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/0')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-
-    it('should return 422 if missing name', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          name: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing duration', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          duration: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing type', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          type: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing order', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          order: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing plannedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          plannedText: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing activeText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          activeText: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing completedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          completedText: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing blockedText', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          blockedText: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          endDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after completionDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          completionDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is before timeline startDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-01T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if endDate is after timeline endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          endDate: '2018-07-01T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          should.exist(resJson.id);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.duration.should.be.eql(body.param.duration);
-          resJson.startDate.should.be.eql(body.param.startDate);
-          resJson.endDate.should.be.eql(body.param.endDate);
-          resJson.completionDate.should.be.eql(body.param.completionDate);
-          resJson.status.should.be.eql(body.param.status);
-          resJson.type.should.be.eql(body.param.type);
-          resJson.details.should.be.eql({
-            detail1: { subDetail1A: 0, subDetail1B: 2, subDetail1C: 3 },
-            detail2: [4],
-            detail3: 3,
-          });
-          resJson.order.should.be.eql(body.param.order);
-          resJson.plannedText.should.be.eql(body.param.plannedText);
-          resJson.activeText.should.be.eql(body.param.activeText);
-          resJson.completedText.should.be.eql(body.param.completedText);
-          resJson.blockedText.should.be.eql(body.param.blockedText);
-
-          should.exist(resJson.createdBy);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          // eslint-disable-next-line no-unused-expressions
-          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.MILESTONE_UPDATED).should.be.true;
-
-          done();
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order increases and replaces another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 4 }) }) // 1 to 4
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 4
-          // Milestone 2: order 2 - 1 = 1
-          // Milestone 3: order 3 - 1 = 2
-          // Milestone 4: order 4 - 1 = 3
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(4);
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-              })
-              .then(() => models.Milestone.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.Milestone.findById(4))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order increases and doesnot replace another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 5 }) }) // 1 to 5
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 5
-          // Milestone 2: order 2
-          // Milestone 3: order 3
-          // Milestone 4: order 4
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(5);
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.Milestone.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-              })
-              .then(() => models.Milestone.findById(4))
-              .then((milestone) => {
-                milestone.order.should.be.eql(4);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order decreases and replaces another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/4')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 1
-          // Milestone 2: order 3
-          // Milestone 3: order 4
-          // Milestone 4: order 2
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-              })
-              .then(() => models.Milestone.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(4);
-              })
-              .then(() => models.Milestone.findById(4))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - order decreases and doesnot replace another milestone\'s order', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1/milestones/4')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 4 to 0
-        .expect(200)
-        .end(() => {
-          // Milestone 1: order 1
-          // Milestone 2: order 2
-          // Milestone 3: order 3
-          // Milestone 4: order 0
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.order.should.be.eql(1);
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.order.should.be.eql(2);
-              })
-              .then(() => models.Milestone.findById(3))
-              .then((milestone) => {
-                milestone.order.should.be.eql(3);
-              })
-              .then(() => models.Milestone.findById(4))
-              .then((milestone) => {
-                milestone.order.should.be.eql(0);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - changing order with only 1 item in list', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/2/milestones/6')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({ param: _.assign({}, body.param, { order: 0 }) }) // 1 to 0
-        .expect(200)
-        .end(() => {
-          // Milestone 6: order 0
-          setTimeout(() => {
-            models.Milestone.findById(6)
-              .then((milestone) => {
-                milestone.order.should.be.eql(0);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - changing order without changing other milestones\' orders', function (done) {
-      this.timeout(10000);
-
-      models.Milestone.bulkCreate([
-        {
-          id: 7,
-          timelineId: 2, // Timeline 2
-          name: 'Milestone 7',
-          duration: 3,
-          startDate: '2018-05-14T00:00:00.000Z',
-          status: 'open',
-          type: 'type7',
-          order: 3,
-          plannedText: 'plannedText 7',
-          activeText: 'activeText 7',
-          completedText: 'completedText 7',
-          blockedText: 'blockedText 7',
-          createdBy: 2,
-          updatedBy: 3,
-          createdAt: '2018-05-11T00:00:00.000Z',
-          updatedAt: '2018-05-11T00:00:00.000Z',
-        },
-        {
-          id: 8,
-          timelineId: 2, // Timeline 2
-          name: 'Milestone 8',
-          duration: 3,
-          startDate: '2018-05-14T00:00:00.000Z',
-          status: 'open',
-          type: 'type7',
-          order: 4,
-          plannedText: 'plannedText 8',
-          activeText: 'activeText 8',
-          completedText: 'completedText 8',
-          blockedText: 'blockedText 8',
-          createdBy: 2,
-          updatedBy: 3,
-          createdAt: '2018-05-11T00:00:00.000Z',
-          updatedAt: '2018-05-11T00:00:00.000Z',
-        },
-      ])
-        .then(() => {
-          request(server)
-            .patch('/v4/timelines/2/milestones/8')
-            .set({
-              Authorization: `Bearer ${testUtil.jwts.admin}`,
-            })
-            .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
-            .expect(200)
-            .end(() => {
-              // Milestone 6: order 1 => 1
-              // Milestone 7: order 3 => 3
-              // Milestone 8: order 4 => 2
-              setTimeout(() => {
-                models.Milestone.findById(6)
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(1);
-                  })
-                  .then(() => models.Milestone.findById(7))
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(3);
-                  })
-                  .then(() => models.Milestone.findById(8))
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(2);
-
-                    done();
-                  });
-              }, 3000);
-            });
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin - changing order withchanging other milestones\' orders', function (done) {
-      this.timeout(10000);
-
-      models.Milestone.bulkCreate([
-        {
-          id: 7,
-          timelineId: 2, // Timeline 2
-          name: 'Milestone 7',
-          duration: 3,
-          startDate: '2018-05-14T00:00:00.000Z',
-          status: 'open',
-          type: 'type7',
-          order: 2,
-          plannedText: 'plannedText 7',
-          activeText: 'activeText 7',
-          completedText: 'completedText 7',
-          blockedText: 'blockedText 7',
-          createdBy: 2,
-          updatedBy: 3,
-          createdAt: '2018-05-11T00:00:00.000Z',
-          updatedAt: '2018-05-11T00:00:00.000Z',
-        },
-        {
-          id: 8,
-          timelineId: 2, // Timeline 2
-          name: 'Milestone 8',
-          duration: 3,
-          startDate: '2018-05-14T00:00:00.000Z',
-          status: 'open',
-          type: 'type7',
-          order: 4,
-          plannedText: 'plannedText 8',
-          activeText: 'activeText 8',
-          completedText: 'completedText 8',
-          blockedText: 'blockedText 8',
-          createdBy: 2,
-          updatedBy: 3,
-          createdAt: '2018-05-11T00:00:00.000Z',
-          updatedAt: '2018-05-11T00:00:00.000Z',
-        },
-      ])
-        .then(() => {
-          request(server)
-            .patch('/v4/timelines/2/milestones/8')
-            .set({
-              Authorization: `Bearer ${testUtil.jwts.admin}`,
-            })
-            .send({ param: _.assign({}, body.param, { order: 2 }) }) // 4 to 2
-            .expect(200)
-            .end(() => {
-              // Milestone 6: order 1 => 1
-              // Milestone 7: order 2 => 3
-              // Milestone 8: order 4 => 2
-              setTimeout(() => {
-                models.Milestone.findById(6)
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(1);
-                  })
-                  .then(() => models.Milestone.findById(7))
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(3);
-                  })
-                  .then(() => models.Milestone.findById(8))
-                  .then((milestone) => {
-                    milestone.order.should.be.eql(2);
-
-                    done();
-                  });
-              }, 3000);
-            });
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .patch('/v4/timelines/1/milestones/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-  });
-});
diff --git a/src/routes/timelines/create.js b/src/routes/timelines/create.js
deleted file mode 100644
index ada7beae..00000000
--- a/src/routes/timelines/create.js
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * API to add a timeline
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import models from '../../models';
-import { EVENT, TIMELINE_REFERENCES } from '../../constants';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      startDate: Joi.date().required(),
-      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      reference: Joi.string().valid(_.values(TIMELINE_REFERENCES)).required(),
-      referenceId: Joi.number().integer().positive().required(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timeline request body, and set to request params
-  // for checking by the permissions middleware
-  util.validateTimelineRequestBody,
-  permissions('timeline.create'),
-  (req, res, next) => {
-    const entity = _.assign(req.body.param, {
-      createdBy: req.authUser.userId,
-      updatedBy: req.authUser.userId,
-    });
-
-    // Save to DB
-    return models.Timeline.create(entity)
-      .then((createdEntity) => {
-        // Omit deletedAt, deletedBy
-        const result = _.omit(createdEntity.toJSON(), 'deletedAt', 'deletedBy');
-
-        // Send event to bus
-        req.log.debug('Sending event to RabbitMQ bus for timeline %d', result.id);
-        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_ADDED,
-          _.assign({ projectId: req.params.projectId }, result),
-          { correlationId: req.id },
-        );
-
-        // Write to the response
-        res.status(201).json(util.wrapResponse(req.id, result, 1, 201));
-        return Promise.resolve();
-      })
-      .catch(next);
-  },
-];
diff --git a/src/routes/timelines/create.spec.js b/src/routes/timelines/create.spec.js
deleted file mode 100644
index 10e3adbe..00000000
--- a/src/routes/timelines/create.spec.js
+++ /dev/null
@@ -1,468 +0,0 @@
-/**
- * Tests for create.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import models from '../../models';
-import { EVENT } from '../../constants';
-
-const should = chai.should();
-
-describe('CREATE timeline', () => {
-  let projectId1;
-  let projectId2;
-
-  before((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ], { returning: true })
-          .then((projects) => {
-            projectId1 = projects[0].id;
-            projectId2 = projects[1].id;
-
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: projectId1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: projectId1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: projectId1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: projectId2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                  deletedAt: '2018-05-15T00:00:00Z',
-                },
-              ]))
-              .then(() => {
-                done();
-              });
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('POST /timelines', () => {
-    const body = {
-      param: {
-        name: 'new name',
-        description: 'new description',
-        startDate: '2018-05-29T00:00:00.000Z',
-        endDate: '2018-05-30T00:00:00.000Z',
-        reference: 'project',
-        referenceId: 1,
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
-      const bodyWithPhase = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 1,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .send(bodyWithPhase)
-        .expect(403, done);
-    });
-
-    it('should return 422 if missing name', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          name: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing startDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          endDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing reference', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing referenceId', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: undefined,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if invalid reference', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'invalid',
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if invalid referenceId', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 0,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if project does not exist', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 1110,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if project was deleted', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 2,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if phase does not exist', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 2222,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if phase was deleted', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 2,
-        }),
-      };
-
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 201 for admin', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          should.exist(resJson.id);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.startDate.should.be.eql(body.param.startDate);
-          resJson.endDate.should.be.eql(body.param.endDate);
-          resJson.reference.should.be.eql(body.param.reference);
-          resJson.referenceId.should.be.eql(body.param.referenceId);
-
-          resJson.createdBy.should.be.eql(40051333); // admin
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          // eslint-disable-next-line no-unused-expressions
-          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_ADDED).should.be.true;
-
-          done();
-        });
-    });
-
-    it('should return 201 for connect manager', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051334); // manager
-          resJson.updatedBy.should.be.eql(40051334); // manager
-          done();
-        });
-    });
-
-    it('should return 201 for connect admin', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051336); // connect admin
-          resJson.updatedBy.should.be.eql(40051336); // connect admin
-          done();
-        });
-    });
-
-    it('should return 201 for copilot', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051332); // copilot
-          resJson.updatedBy.should.be.eql(40051332); // copilot
-          done();
-        });
-    });
-
-    it('should return 201 for member', (done) => {
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051331); // member
-          resJson.updatedBy.should.be.eql(40051331); // member
-          done();
-        });
-    });
-
-    it('should return 201 for member (timeline refers to a phase)', (done) => {
-      const bodyWithPhase = _.merge({}, body, {
-        param: {
-          reference: 'phase',
-          referenceId: 1,
-        },
-      });
-      request(server)
-        .post('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(bodyWithPhase)
-        .expect('Content-Type', /json/)
-        .expect(201)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.createdBy.should.be.eql(40051331); // member
-          resJson.updatedBy.should.be.eql(40051331); // member
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/timelines/delete.js b/src/routes/timelines/delete.js
deleted file mode 100644
index e3d94bb7..00000000
--- a/src/routes/timelines/delete.js
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * API to delete a timeline
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import _ from 'lodash';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import models from '../../models';
-import { EVENT } from '../../constants';
-import util from '../../util';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params for
-  // checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('timeline.delete'),
-  (req, res, next) => {
-    const timeline = req.timeline;
-    const deleted = _.omit(timeline.toJSON(), ['deletedAt', 'deletedBy']);
-
-    return models.sequelize.transaction(() =>
-      // Update the deletedBy, then delete
-      timeline.update({ deletedBy: req.authUser.userId })
-        .then(() => timeline.destroy())
-        // Cascade delete the milestones
-        .then(() => models.Milestone.update({ deletedBy: req.authUser.userId }, { where: { timelineId: timeline.id } }))
-        .then(() => models.Milestone.destroy({ where: { timelineId: timeline.id } }))
-        .then(() => {
-          // Send event to bus
-          req.log.debug('Sending event to RabbitMQ bus for timeline %d', deleted.id);
-          req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_REMOVED,
-            deleted,
-            { correlationId: req.id },
-          );
-
-          // Write to response
-          res.status(204).end();
-          return Promise.resolve();
-        })
-        .catch(next),
-    );
-  },
-];
diff --git a/src/routes/timelines/delete.spec.js b/src/routes/timelines/delete.spec.js
deleted file mode 100644
index 76a0fb55..00000000
--- a/src/routes/timelines/delete.spec.js
+++ /dev/null
@@ -1,306 +0,0 @@
-/**
- * Tests for delete.js
- */
-import request from 'supertest';
-import chai from 'chai';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import { EVENT } from '../../constants';
-
-const should = chai.should(); // eslint-disable-line no-unused-vars
-
-describe('DELETE timeline', () => {
-  beforeEach((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: 1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: 2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                  deletedAt: '2018-05-15T00:00:00Z',
-                },
-              ]))
-              .then(() =>
-                // Create timelines
-                models.Timeline.bulkCreate([
-                  {
-                    name: 'name 1',
-                    description: 'description 1',
-                    startDate: '2018-05-11T00:00:00.000Z',
-                    endDate: '2018-05-12T00:00:00.000Z',
-                    reference: 'project',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 2',
-                    description: 'description 2',
-                    startDate: '2018-05-12T00:00:00.000Z',
-                    endDate: '2018-05-13T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 3',
-                    description: 'description 3',
-                    startDate: '2018-05-13T00:00:00.000Z',
-                    endDate: '2018-05-14T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                    deletedAt: '2018-05-14T00:00:00.000Z',
-                  },
-                ]))
-              .then(() =>
-                // Create milestones
-                models.Milestone.bulkCreate([
-                  {
-                    timelineId: 1,
-                    name: 'milestone 1',
-                    duration: 2,
-                    startDate: '2018-05-03T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                  },
-                  {
-                    timelineId: 1,
-                    name: 'milestone 2',
-                    duration: 2,
-                    startDate: '2018-05-03T00:00:00.000Z',
-                    status: 'open',
-                    type: 'type1',
-                    details: {
-                      detail1: {
-                        subDetail1A: 1,
-                        subDetail1B: 2,
-                      },
-                      detail2: [1, 2, 3],
-                    },
-                    order: 1,
-                    plannedText: 'plannedText 1',
-                    activeText: 'activeText 1',
-                    completedText: 'completedText 1',
-                    blockedText: 'blockedText 1',
-                    createdBy: 1,
-                    updatedBy: 2,
-                  },
-                ]))
-              .then(() => done());
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('DELETE /timelines/{timelineId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
-      request(server)
-        .delete('/v4/timelines/2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .delete('/v4/timelines/1234')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .delete('/v4/timelines/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid param', (done) => {
-      request(server)
-        .delete('/v4/timelines/0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 204, for admin, if timeline was successfully removed', function (done) {
-      this.timeout(10000);
-
-      models.Milestone.findAll({ where: { timelineId: 1 } })
-        .then((results) => {
-          results.should.have.length(2);
-
-          request(server)
-            .delete('/v4/timelines/1')
-            .set({
-              Authorization: `Bearer ${testUtil.jwts.admin}`,
-            })
-            .expect(204)
-            .end(() => {
-              // eslint-disable-next-line no-unused-expressions
-              server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_REMOVED).should.be.true;
-
-              // Milestones are cascade deleted
-              setTimeout(() => {
-                models.Milestone.findAll({ where: { timelineId: 1 } })
-                  .then((afterResults) => {
-                    afterResults.should.have.length(0);
-
-                    done();
-                  });
-              }, 3000);
-            });
-        });
-    });
-
-    it('should return 204, for connect admin, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for connect manager, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for copilot, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-
-    it('should return 204, for member, if timeline was successfully removed', (done) => {
-      request(server)
-        .delete('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(204)
-        .end(done);
-    });
-  });
-});
diff --git a/src/routes/timelines/get.js b/src/routes/timelines/get.js
deleted file mode 100644
index 2e9a03b1..00000000
--- a/src/routes/timelines/get.js
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * API to get a timeline
- */
-import validate from 'express-validation';
-import Joi from 'joi';
-import _ from 'lodash';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param, and set to request params for
-  // checking by the permissions middleware
-  util.validateTimelineIdParam,
-  permissions('timeline.view'),
-  (req, res) => {
-    // Load the milestones
-    req.timeline.getMilestones()
-      .then((milestones) => {
-        const timeline = _.omit(req.timeline.toJSON(), ['deletedAt', 'deletedBy']);
-        timeline.milestones =
-          _.map(milestones, milestone => _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']));
-
-        // Write to response
-        res.json(util.wrapResponse(req.id, timeline));
-      });
-  },
-];
diff --git a/src/routes/timelines/get.spec.js b/src/routes/timelines/get.spec.js
deleted file mode 100644
index 253013da..00000000
--- a/src/routes/timelines/get.spec.js
+++ /dev/null
@@ -1,304 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const should = chai.should();
-
-const milestones = [
-  {
-    id: 1,
-    timelineId: 1,
-    name: 'milestone 1',
-    duration: 2,
-    startDate: '2018-05-03T00:00:00.000Z',
-    endDate: '2018-05-04T00:00:00.000Z',
-    completionDate: '2018-05-05T00:00:00.000Z',
-    status: 'open',
-    type: 'type1',
-    details: {
-      detail1: {
-        subDetail1A: 1,
-        subDetail1B: 2,
-      },
-      detail2: [1, 2, 3],
-    },
-    order: 1,
-    plannedText: 'plannedText 1',
-    activeText: 'activeText 1',
-    completedText: 'completedText 1',
-    blockedText: 'blockedText 1',
-    createdBy: 1,
-    updatedBy: 2,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-  {
-    id: 2,
-    timelineId: 1,
-    name: 'milestone 2',
-    duration: 3,
-    startDate: '2018-05-04T00:00:00.000Z',
-    status: 'open',
-    type: 'type2',
-    order: 2,
-    plannedText: 'plannedText 2',
-    activeText: 'activeText 2',
-    completedText: 'completedText 2',
-    blockedText: 'blockedText 2',
-    createdBy: 2,
-    updatedBy: 3,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-];
-
-describe('GET timeline', () => {
-  before((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: 1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: 2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                  deletedAt: '2018-05-15T00:00:00Z',
-                },
-              ]))
-              .then(() =>
-                // Create timelines
-                models.Timeline.bulkCreate([
-                  {
-                    name: 'name 1',
-                    description: 'description 1',
-                    startDate: '2018-05-11T00:00:00.000Z',
-                    endDate: '2018-05-12T00:00:00.000Z',
-                    reference: 'project',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 2',
-                    description: 'description 2',
-                    startDate: '2018-05-12T00:00:00.000Z',
-                    endDate: '2018-05-13T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 3',
-                    description: 'description 3',
-                    startDate: '2018-05-13T00:00:00.000Z',
-                    endDate: '2018-05-14T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                    deletedAt: '2018-05-14T00:00:00.000Z',
-                  },
-                ]))
-              .then(() => models.Milestone.bulkCreate(milestones))
-              .then(() => done());
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('GET /timelines/{timelineId}', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
-      request(server)
-        .get('/v4/timelines/2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .get('/v4/timelines/1234')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .get('/v4/timelines/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid param', (done) => {
-      request(server)
-        .get('/v4/timelines/0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.id.should.be.eql(1);
-          resJson.name.should.be.eql('name 1');
-          resJson.description.should.be.eql('description 1');
-          resJson.startDate.should.be.eql('2018-05-11T00:00:00.000Z');
-          resJson.endDate.should.be.eql('2018-05-12T00:00:00.000Z');
-          resJson.reference.should.be.eql('project');
-          resJson.referenceId.should.be.eql(1);
-
-          resJson.createdBy.should.be.eql(1);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(1);
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedBy);
-          should.not.exist(resJson.deletedAt);
-
-          // Milestones
-          resJson.milestones.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .expect(200, done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .expect(200, done);
-    });
-  });
-});
diff --git a/src/routes/timelines/list.js b/src/routes/timelines/list.js
deleted file mode 100644
index 6d3ff14f..00000000
--- a/src/routes/timelines/list.js
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * API to list all timelines
- */
-import config from 'config';
-import _ from 'lodash';
-import util from '../../util';
-import models from '../../models';
-import { USER_ROLE, TIMELINE_REFERENCES } from '../../constants';
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-
-/**
- * Retrieve timelines from elastic search.
- * @param {Array} esTerms the elastic search terms
- * @returns {Promise} the promise resolves to the results
- */
-function retrieveTimelines(esTerms) {
-  return new Promise((accept, reject) => {
-    const es = util.getElasticSearchClient();
-    es.search({
-      index: ES_TIMELINE_INDEX,
-      type: ES_TIMELINE_TYPE,
-      body: {
-        query: { bool: { must: esTerms } },
-      },
-    }).then((docs) => {
-      const rows = _.map(docs.hits.hits, single => _.omit(single._source, ['projectId'])); // eslint-disable-line no-underscore-dangle
-      accept({ rows, count: docs.hits.total });
-    }).catch(reject);
-  });
-}
-
-
-module.exports = [
-  (req, res, next) => {
-    // Validate the filter
-    const filter = util.parseQueryFilter(req.query.filter);
-    if (!util.isValidFilter(filter, ['reference', 'referenceId'])) {
-      const apiErr = new Error('Only allowed to filter by reference and referenceId');
-      apiErr.status = 422;
-      return next(apiErr);
-    }
-
-    // Build the elastic search query
-    const esTerms = [];
-    if (filter.reference) {
-      if (!_.includes(TIMELINE_REFERENCES, filter.reference)) {
-        const apiErr = new Error(`reference filter must be in ${TIMELINE_REFERENCES}`);
-        apiErr.status = 422;
-        return next(apiErr);
-      }
-
-      esTerms.push({
-        term: { reference: filter.reference },
-      });
-    }
-    if (filter.referenceId) {
-      if (_.lt(filter.referenceId, 1)) {
-        const apiErr = new Error('referenceId filter must be a positive integer');
-        apiErr.status = 422;
-        return next(apiErr);
-      }
-
-      esTerms.push({
-        term: { referenceId: filter.referenceId },
-      });
-    }
-
-    // Admin and topcoder manager can see all timelines
-    if (util.hasAdminRole(req) || util.hasRole(req, USER_ROLE.MANAGER)) {
-      return retrieveTimelines(esTerms)
-        .then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
-        .catch(err => next(err));
-    }
-
-    // Get project ids for copilot or member
-    const getProjectIds = util.hasRole(req, USER_ROLE.COPILOT) ?
-      models.Project.getProjectIdsForCopilot(req.authUser.userId) :
-      models.ProjectMember.getProjectIdsForUser(req.authUser.userId);
-
-    return getProjectIds
-      .then((accessibleProjectIds) => {
-        // Copilot or member can see his projects
-        esTerms.push({
-          terms: { projectId: accessibleProjectIds },
-        });
-
-        return retrieveTimelines(esTerms);
-      })
-      .then(result => res.json(util.wrapResponse(req.id, result.rows, result.count)))
-      .catch(err => next(err));
-  },
-];
diff --git a/src/routes/timelines/list.spec.js b/src/routes/timelines/list.spec.js
deleted file mode 100644
index f903d16c..00000000
--- a/src/routes/timelines/list.spec.js
+++ /dev/null
@@ -1,397 +0,0 @@
-/**
- * Tests for list.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import sleep from 'sleep';
-import config from 'config';
-import _ from 'lodash';
-
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-
-const ES_TIMELINE_INDEX = config.get('elasticsearchConfig.timelineIndexName');
-const ES_TIMELINE_TYPE = config.get('elasticsearchConfig.timelineDocType');
-
-const should = chai.should();
-
-const timelines = [
-  {
-    name: 'name 1',
-    description: 'description 1',
-    startDate: '2018-05-11T00:00:00.000Z',
-    endDate: '2018-05-12T00:00:00.000Z',
-    reference: 'project',
-    referenceId: 1,
-    createdBy: 1,
-    updatedBy: 1,
-  },
-  {
-    name: 'name 2',
-    description: 'description 2',
-    startDate: '2018-05-12T00:00:00.000Z',
-    endDate: '2018-05-13T00:00:00.000Z',
-    reference: 'phase',
-    referenceId: 1,
-    createdBy: 1,
-    updatedBy: 1,
-  },
-  {
-    name: 'name 3',
-    description: 'description 3',
-    startDate: '2018-05-13T00:00:00.000Z',
-    endDate: '2018-05-14T00:00:00.000Z',
-    reference: 'phase',
-    referenceId: 2,
-    createdBy: 1,
-    updatedBy: 1,
-  },
-];
-const milestones = [
-  {
-    id: 1,
-    timelineId: 1,
-    name: 'milestone 1',
-    duration: 2,
-    startDate: '2018-05-03T00:00:00.000Z',
-    endDate: '2018-05-04T00:00:00.000Z',
-    completionDate: '2018-05-05T00:00:00.000Z',
-    status: 'open',
-    type: 'type1',
-    details: {
-      detail1: {
-        subDetail1A: 1,
-        subDetail1B: 2,
-      },
-      detail2: [1, 2, 3],
-    },
-    order: 1,
-    plannedText: 'plannedText 1',
-    activeText: 'activeText 1',
-    completedText: 'completedText 1',
-    blockedText: 'blockedText 1',
-    createdBy: 1,
-    updatedBy: 2,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-  {
-    id: 2,
-    timelineId: 1,
-    name: 'milestone 2',
-    duration: 3,
-    startDate: '2018-05-04T00:00:00.000Z',
-    status: 'open',
-    type: 'type2',
-    order: 2,
-    plannedText: 'plannedText 2',
-    activeText: 'activeText 2',
-    completedText: 'completedText 2',
-    blockedText: 'blockedText 2',
-    createdBy: 2,
-    updatedBy: 3,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-];
-
-
-describe('LIST timelines', () => {
-  before(function beforeHook(done) {
-    this.timeout(10000);
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ])
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-               models.ProjectPhase.bulkCreate([
-                 {
-                   projectId: 1,
-                   name: 'test project phase 1',
-                   status: 'active',
-                   startDate: '2018-05-15T00:00:00Z',
-                   endDate: '2018-05-15T12:00:00Z',
-                   budget: 20.0,
-                   progress: 1.23456,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 1,
-                   updatedBy: 1,
-                 },
-                 {
-                   projectId: 2,
-                   name: 'test project phase 2',
-                   status: 'active',
-                   startDate: '2018-05-16T00:00:00Z',
-                   endDate: '2018-05-16T12:00:00Z',
-                   budget: 21.0,
-                   progress: 1.234567,
-                   details: {
-                     message: 'This can be any json 2',
-                   },
-                   createdBy: 2,
-                   updatedBy: 2,
-                 },
-               ]))
-              .then(() =>
-                // Create timelines
-                 models.Timeline.bulkCreate(timelines, { returning: true }))
-              .then(createdTimelines =>
-                // Index to ES
-                 Promise.all(_.map(createdTimelines, (createdTimeline) => {
-                   const timelineJson = _.omit(createdTimeline.toJSON(), 'deletedAt', 'deletedBy');
-                   timelineJson.projectId = createdTimeline.id !== 3 ? 1 : 2;
-                   if (timelineJson.id === 1) {
-                     timelineJson.milestones = milestones;
-                   }
-                   return server.services.es.index({
-                     index: ES_TIMELINE_INDEX,
-                     type: ES_TIMELINE_TYPE,
-                     id: timelineJson.id,
-                     body: timelineJson,
-                   });
-                 }))
-                  .then(() => {
-                    // sleep for some time, let elasticsearch indices be settled
-                    sleep.sleep(5);
-                    done();
-                  }));
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('GET /timelines', () => {
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .expect(403, done);
-    });
-
-    it('should return 422 for invalid filter key', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=invalid%3Dproject')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(422)
-        .end(done);
-    });
-
-    it('should return 422 for invalid reference filter', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=reference%3Dinvalid')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(422)
-        .end(done);
-    });
-
-    it('should return 422 for invalid referenceId filter', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=referenceId%3D0')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(422)
-        .end(done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const timeline = timelines[0];
-
-          let resJson = res.body.result.content;
-          resJson.should.have.length(3);
-          resJson = _.sortBy(resJson, o => o.id);
-          resJson[0].id.should.be.eql(1);
-          resJson[0].name.should.be.eql(timeline.name);
-          resJson[0].description.should.be.eql(timeline.description);
-          resJson[0].startDate.should.be.eql(timeline.startDate);
-          resJson[0].endDate.should.be.eql(timeline.endDate);
-          resJson[0].reference.should.be.eql(timeline.reference);
-          resJson[0].referenceId.should.be.eql(timeline.referenceId);
-
-          resJson[0].createdBy.should.be.eql(timeline.createdBy);
-          should.exist(resJson[0].createdAt);
-          resJson[0].updatedBy.should.be.eql(timeline.updatedBy);
-          should.exist(resJson[0].updatedAt);
-          should.not.exist(resJson[0].deletedBy);
-          should.not.exist(resJson[0].deletedAt);
-
-          // Milestones
-          resJson[0].milestones.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(3);
-
-          done();
-        });
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(3);
-
-          done();
-        });
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(2);
-
-          done();
-        });
-    });
-
-    it('should return 200 for member with no accessible project', (done) => {
-      request(server)
-        .get('/v4/timelines')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(0); // no accessible timelines
-
-          done();
-        });
-    });
-
-    it('should return 200 with reference filter', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=reference%3Dproject')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(1);
-
-          done();
-        });
-    });
-
-    it('should return 200 with referenceId filter', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=referenceId%3D2')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(1);
-
-          done();
-        });
-    });
-
-    it('should return 200 with reference and referenceId filter', (done) => {
-      request(server)
-        .get('/v4/timelines?filter=reference%3Dproject%26referenceId%3D1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          resJson.should.have.length(1);
-
-          done();
-        });
-    });
-  });
-});
diff --git a/src/routes/timelines/update.js b/src/routes/timelines/update.js
deleted file mode 100644
index 99343de4..00000000
--- a/src/routes/timelines/update.js
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * API to update a timeline
- */
-import validate from 'express-validation';
-import _ from 'lodash';
-import Joi from 'joi';
-import { middleware as tcMiddleware } from 'tc-core-library-js';
-import util from '../../util';
-import { EVENT, TIMELINE_REFERENCES } from '../../constants';
-
-const permissions = tcMiddleware.permissions;
-
-const schema = {
-  params: {
-    timelineId: Joi.number().integer().positive().required(),
-  },
-  body: {
-    param: Joi.object().keys({
-      id: Joi.any().strip(),
-      name: Joi.string().max(255).required(),
-      description: Joi.string().max(255),
-      startDate: Joi.date().required(),
-      endDate: Joi.date().min(Joi.ref('startDate')).allow(null),
-      reference: Joi.string().valid(_.values(TIMELINE_REFERENCES)).required(),
-      referenceId: Joi.number().integer().positive().required(),
-      createdAt: Joi.any().strip(),
-      updatedAt: Joi.any().strip(),
-      deletedAt: Joi.any().strip(),
-      createdBy: Joi.any().strip(),
-      updatedBy: Joi.any().strip(),
-      deletedBy: Joi.any().strip(),
-    }).required(),
-  },
-};
-
-module.exports = [
-  validate(schema),
-  // Validate and get projectId from the timelineId param and request body,
-  // and set to request params for checking by the permissions middleware
-  util.validateTimelineIdParam,
-  util.validateTimelineRequestBody,
-  permissions('timeline.edit'),
-  (req, res, next) => {
-    const entityToUpdate = _.assign(req.body.param, {
-      updatedBy: req.authUser.userId,
-    });
-
-    const timeline = req.timeline;
-    const original = _.omit(timeline.toJSON(), ['deletedAt', 'deletedBy']);
-    let updated;
-
-    // Update
-    return timeline.update(entityToUpdate)
-      .then((updatedTimeline) => {
-        // Omit deletedAt, deletedBy
-        updated = _.omit(updatedTimeline.toJSON(), ['deletedAt', 'deletedBy']);
-
-        // Update milestones startDate and endDate if necessary
-        if (original.startDate !== updated.startDate || original.endDate !== updated.endDate) {
-          return updatedTimeline.getMilestones()
-            .then((milestones) => {
-              const updateMilestonePromises = _.map(milestones, (_milestone) => {
-                const milestone = _milestone;
-                if (original.startDate !== updated.startDate) {
-                  if (milestone.startDate && milestone.startDate < updated.startDate) {
-                    milestone.startDate = updated.startDate;
-                    if (milestone.endDate && milestone.endDate < milestone.startDate) {
-                      milestone.endDate = milestone.startDate;
-                    }
-                    milestone.updatedBy = req.authUser.userId;
-                  }
-                }
-
-                if (original.endDate !== updated.endDate) {
-                  if (milestone.endDate && updated.endDate && updated.endDate < milestone.endDate) {
-                    milestone.endDate = updated.endDate;
-                    milestone.updatedBy = req.authUser.userId;
-                  }
-                }
-
-                return milestone.save();
-              });
-
-              return Promise.all(updateMilestonePromises)
-                .then((updatedMilestones) => {
-                  updated.milestones =
-                    _.map(updatedMilestones, milestone => _.omit(milestone.toJSON(), ['deletedAt', 'deletedBy']));
-                  return Promise.resolve();
-                });
-            });
-        }
-
-        return Promise.resolve();
-      })
-      .then(() => {
-        // Send event to bus
-        req.log.debug('Sending event to RabbitMQ bus for timeline %d', updated.id);
-        req.app.services.pubsub.publish(EVENT.ROUTING_KEY.TIMELINE_UPDATED,
-          { original, updated },
-          { correlationId: req.id },
-        );
-
-        // Write to response
-        res.json(util.wrapResponse(req.id, updated));
-        return Promise.resolve();
-      })
-      .catch(next);
-  },
-];
diff --git a/src/routes/timelines/update.spec.js b/src/routes/timelines/update.spec.js
deleted file mode 100644
index eb887fe3..00000000
--- a/src/routes/timelines/update.spec.js
+++ /dev/null
@@ -1,626 +0,0 @@
-/**
- * Tests for get.js
- */
-import chai from 'chai';
-import request from 'supertest';
-import _ from 'lodash';
-import models from '../../models';
-import server from '../../app';
-import testUtil from '../../tests/util';
-import { EVENT } from '../../constants';
-
-const should = chai.should();
-
-
-const milestones = [
-  {
-    id: 1,
-    timelineId: 1,
-    name: 'milestone 1',
-    duration: 2,
-    startDate: '2018-05-13T00:00:00.000Z',
-    endDate: '2018-05-16T00:00:00.000Z',
-    completionDate: '2018-05-05T00:00:00.000Z',
-    status: 'open',
-    type: 'type1',
-    details: {
-      detail1: {
-        subDetail1A: 1,
-        subDetail1B: 2,
-      },
-      detail2: [1, 2, 3],
-    },
-    order: 1,
-    plannedText: 'plannedText 1',
-    activeText: 'activeText 1',
-    completedText: 'completedText 1',
-    blockedText: 'blockedText 1',
-    createdBy: 1,
-    updatedBy: 2,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-  {
-    id: 2,
-    timelineId: 1,
-    name: 'milestone 2',
-    duration: 3,
-    startDate: '2018-05-14T00:00:00.000Z',
-    status: 'open',
-    type: 'type2',
-    order: 2,
-    plannedText: 'plannedText 2',
-    activeText: 'activeText 2',
-    completedText: 'completedText 2',
-    blockedText: 'blockedText 2',
-    createdBy: 2,
-    updatedBy: 3,
-    createdAt: '2018-05-11T00:00:00.000Z',
-    updatedAt: '2018-05-11T00:00:00.000Z',
-  },
-];
-
-describe('UPDATE timeline', () => {
-  beforeEach((done) => {
-    testUtil.clearDb()
-      .then(() => {
-        models.Project.bulkCreate([
-          {
-            type: 'generic',
-            billingAccountId: 1,
-            name: 'test1',
-            description: 'test project1',
-            status: 'draft',
-            details: {},
-            createdBy: 1,
-            updatedBy: 1,
-          },
-          {
-            type: 'generic',
-            billingAccountId: 2,
-            name: 'test2',
-            description: 'test project2',
-            status: 'draft',
-            details: {},
-            createdBy: 2,
-            updatedBy: 2,
-            deletedAt: '2018-05-15T00:00:00Z',
-          },
-        ], { returning: true })
-          .then(() => {
-            // Create member
-            models.ProjectMember.bulkCreate([
-              {
-                userId: 40051332,
-                projectId: 1,
-                role: 'copilot',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-              {
-                userId: 40051331,
-                projectId: 1,
-                role: 'customer',
-                isPrimary: true,
-                createdBy: 1,
-                updatedBy: 1,
-              },
-            ]).then(() =>
-              // Create phase
-              models.ProjectPhase.bulkCreate([
-                {
-                  projectId: 1,
-                  name: 'test project phase 1',
-                  status: 'active',
-                  startDate: '2018-05-15T00:00:00Z',
-                  endDate: '2018-05-15T12:00:00Z',
-                  budget: 20.0,
-                  progress: 1.23456,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 1,
-                  updatedBy: 1,
-                },
-                {
-                  projectId: 2,
-                  name: 'test project phase 2',
-                  status: 'active',
-                  startDate: '2018-05-16T00:00:00Z',
-                  endDate: '2018-05-16T12:00:00Z',
-                  budget: 21.0,
-                  progress: 1.234567,
-                  details: {
-                    message: 'This can be any json 2',
-                  },
-                  createdBy: 2,
-                  updatedBy: 2,
-                  deletedAt: '2018-05-15T00:00:00Z',
-                },
-              ]), { returning: true })
-              .then(() =>
-                // Create timelines
-                models.Timeline.bulkCreate([
-                  {
-                    name: 'name 1',
-                    description: 'description 1',
-                    startDate: '2018-05-11T00:00:00.000Z',
-                    endDate: '2018-05-20T00:00:00.000Z',
-                    reference: 'project',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 2',
-                    description: 'description 2',
-                    startDate: '2018-05-12T00:00:00.000Z',
-                    endDate: '2018-05-13T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                  },
-                  {
-                    name: 'name 3',
-                    description: 'description 3',
-                    startDate: '2018-05-13T00:00:00.000Z',
-                    endDate: '2018-05-14T00:00:00.000Z',
-                    reference: 'phase',
-                    referenceId: 1,
-                    createdBy: 1,
-                    updatedBy: 1,
-                    deletedAt: '2018-05-14T00:00:00.000Z',
-                  },
-                ]))
-              .then(() => models.Milestone.bulkCreate(milestones))
-              .then(() => done());
-          });
-      });
-  });
-
-  after(testUtil.clearDb);
-
-  describe('PATCH /timelines/{timelineId}', () => {
-    const body = {
-      param: {
-        name: 'new name 1',
-        description: 'new description 1',
-        startDate: '2018-06-01T00:00:00.000Z',
-        endDate: '2018-06-02T00:00:00.000Z',
-        reference: 'project',
-        referenceId: 1,
-      },
-    };
-
-    it('should return 403 if user is not authenticated', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .send(body)
-        .expect(403, done);
-    });
-
-    it('should return 403 for member who is not in the project (timeline refers to a phase)', (done) => {
-      request(server)
-        .patch('/v4/timelines/2')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member2}`,
-        })
-        .expect(403, done);
-    });
-
-    it('should return 404 for non-existed timeline', (done) => {
-      request(server)
-        .patch('/v4/timelines/1234')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted timeline', (done) => {
-      request(server)
-        .patch('/v4/timelines/3')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(404, done);
-    });
-
-    it('should return 422 for invalid param', (done) => {
-      request(server)
-        .patch('/v4/timelines/0')
-        .send(body)
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .expect(422, done);
-    });
-
-    it('should return 404 for non-existed template', (done) => {
-      request(server)
-        .patch('/v4/timelines/1234')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 404 for deleted template', (done) => {
-      request(server)
-        .patch('/v4/timelines/3')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(404, done);
-    });
-
-    it('should return 422 if missing name', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          name: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing startDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if startDate is after endDate', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          startDate: '2018-05-29T00:00:00.000Z',
-          endDate: '2018-05-28T00:00:00.000Z',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing reference', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if missing referenceId', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: undefined,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if invalid reference', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'invalid',
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if invalid referenceId', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 0,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if project does not exist', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 1110,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if project was deleted', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          referenceId: 2,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if phase does not exist', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 2222,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 422 if phase was deleted', (done) => {
-      const invalidBody = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 2,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(invalidBody)
-        .expect('Content-Type', /json/)
-        .expect(422, done);
-    });
-
-    it('should return 200 for admin', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end((err, res) => {
-          const resJson = res.body.result.content;
-          should.exist(resJson.id);
-          resJson.name.should.be.eql(body.param.name);
-          resJson.description.should.be.eql(body.param.description);
-          resJson.startDate.should.be.eql(body.param.startDate);
-          resJson.endDate.should.be.eql(body.param.endDate);
-          resJson.reference.should.be.eql(body.param.reference);
-          resJson.referenceId.should.be.eql(body.param.referenceId);
-
-          resJson.createdBy.should.be.eql(1);
-          should.exist(resJson.createdAt);
-          resJson.updatedBy.should.be.eql(40051333); // admin
-          should.exist(resJson.updatedAt);
-          should.not.exist(resJson.deletedAt);
-          should.not.exist(resJson.deletedBy);
-
-          // eslint-disable-next-line no-unused-expressions
-          server.services.pubsub.publish.calledWith(EVENT.ROUTING_KEY.TIMELINE_UPDATED).should.be.true;
-
-          done();
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin with changed startDate', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({
-          param: _.assign({}, body.param, {
-            startDate: '2018-05-15T00:00:00.000Z',
-            endDate: '2018-05-17T00:00:00.000Z', // no affect to milestones
-          }),
-        })
-        .expect(200)
-        .end(() => {
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.startDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
-                milestone.endDate.should.be.eql(new Date('2018-05-16T00:00:00.000Z'));
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.startDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
-                should.not.exist(milestone.endDate);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    // eslint-disable-next-line func-names
-    it('should return 200 for admin with changed endDate', function (done) {
-      this.timeout(10000);
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send({
-          param: _.assign({}, body.param, {
-            startDate: '2018-05-12T00:00:00.000Z', // no affect to milestones
-            endDate: '2018-05-15T00:00:00.000Z',
-          }),
-        })
-        .expect(200)
-        .end(() => {
-          setTimeout(() => {
-            models.Milestone.findById(1)
-              .then((milestone) => {
-                milestone.startDate.should.be.eql(new Date('2018-05-13T00:00:00.000Z'));
-                milestone.endDate.should.be.eql(new Date('2018-05-15T00:00:00.000Z'));
-              })
-              .then(() => models.Milestone.findById(2))
-              .then((milestone) => {
-                milestone.startDate.should.be.eql(new Date('2018-05-14T00:00:00.000Z'));
-                should.not.exist(milestone.endDate);
-
-                done();
-              });
-          }, 3000);
-        });
-    });
-
-    it('should return 200 for connect admin', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for connect manager', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for copilot', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.copilot}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 for member', (done) => {
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
-        })
-        .send(body)
-        .expect(200)
-        .end(done);
-    });
-
-    it('should return 200 if changing reference and referenceId', (done) => {
-      const newBody = {
-        param: _.assign({}, body.param, {
-          reference: 'phase',
-          referenceId: 1,
-        }),
-      };
-
-      request(server)
-        .patch('/v4/timelines/1')
-        .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
-        })
-        .send(newBody)
-        .expect(200)
-        .end(done);
-    });
-  });
-});
diff --git a/src/tests/seed.js b/src/tests/seed.js
index 3ef8b098..350480c4 100644
--- a/src/tests/seed.js
+++ b/src/tests/seed.js
@@ -1,5 +1,4 @@
 import models from '../models';
-import { TIMELINE_REFERENCES } from '../constants';
 
 models.sequelize.sync({ force: true })
   .then(() =>
@@ -434,132 +433,6 @@ models.sequelize.sync({ force: true })
       createdBy: 1,
       updatedBy: 2,
     },
-  ], { returning: true }))
-  // Product milestone templates
-  .then(productTemplates => models.ProductMilestoneTemplate.bulkCreate([
-    {
-      name: 'milestoneTemplate 1',
-      duration: 3,
-      type: 'type1',
-      order: 1,
-      productTemplateId: productTemplates[0].id,
-      createdBy: 1,
-      updatedBy: 2,
-    },
-    {
-      name: 'milestoneTemplate 2',
-      duration: 4,
-      type: 'type2',
-      order: 2,
-      productTemplateId: productTemplates[0].id,
-      createdBy: 2,
-      updatedBy: 3,
-    },
-  ]))
-  // Project phases
-  .then(() => models.ProjectPhase.bulkCreate([
-    {
-      name: 'phase 1',
-      projectId: 1,
-      createdBy: 1,
-      updatedBy: 2,
-    },
-    {
-      name: 'phase 2',
-      projectId: 1,
-      createdBy: 2,
-      updatedBy: 3,
-    },
-  ], { returning: true }))
-  // Timelines
-  .then(projectPhases => models.Timeline.bulkCreate([
-    {
-      name: 'timeline 1',
-      startDate: '2018-05-01T00:00:00.000Z',
-      reference: TIMELINE_REFERENCES.PROJECT,
-      referenceId: projectPhases[0].projectId,
-      createdBy: 1,
-      updatedBy: 2,
-    },
-    {
-      name: 'timeline 2',
-      startDate: '2018-05-02T00:00:00.000Z',
-      reference: TIMELINE_REFERENCES.PHASE,
-      referenceId: projectPhases[0].id,
-      createdBy: 2,
-      updatedBy: 3,
-    },
-    {
-      name: 'timeline 3',
-      startDate: '2018-05-03T00:00:00.000Z',
-      reference: TIMELINE_REFERENCES.PROJECT,
-      referenceId: projectPhases[0].projectId,
-      createdBy: 3,
-      updatedBy: 4,
-    },
-    {
-      name: 'timeline 4',
-      startDate: '2018-05-04T00:00:00.000Z',
-      reference: TIMELINE_REFERENCES.PROJECT,
-      referenceId: 2,
-      createdBy: 4,
-      updatedBy: 5,
-    },
-  ], { returning: true }))
-  // Milestones
-  .then(timelines => models.Milestone.bulkCreate([
-    {
-      timelineId: timelines[0].id,
-      name: 'milestone 1',
-      duration: 2,
-      startDate: '2018-05-03T00:00:00.000Z',
-      status: 'open',
-      type: 'type1',
-      details: {
-        detail1: {
-          subDetail1A: 1,
-          subDetail1B: 2,
-        },
-        detail2: [1, 2, 3],
-      },
-      order: 1,
-      plannedText: 'plannedText 1',
-      activeText: 'activeText 1',
-      completedText: 'completedText 1',
-      blockedText: 'blockedText 1',
-      createdBy: 1,
-      updatedBy: 2,
-    },
-    {
-      timelineId: timelines[0].id,
-      name: 'milestone 2',
-      duration: 3,
-      startDate: '2018-05-04T00:00:00.000Z',
-      status: 'open',
-      type: 'type2',
-      order: 2,
-      plannedText: 'plannedText 2',
-      activeText: 'activeText 2',
-      completedText: 'completedText 2',
-      blockedText: 'blockedText 2',
-      createdBy: 2,
-      updatedBy: 3,
-    },
-    {
-      timelineId: timelines[2].id,
-      name: 'milestone 3',
-      duration: 4,
-      startDate: '2018-05-04T00:00:00.000Z',
-      status: 'open',
-      type: 'type3',
-      order: 3,
-      plannedText: 'plannedText 3',
-      activeText: 'activeText 3',
-      completedText: 'completedText 3',
-      blockedText: 'blockedText 3',
-      createdBy: 3,
-      updatedBy: 4,
-    },
   ]))
   .then(() => models.ProjectType.bulkCreate([
     {
diff --git a/src/util.js b/src/util.js
index 843ff371..add05eb6 100644
--- a/src/util.js
+++ b/src/util.js
@@ -17,7 +17,7 @@ import urlencode from 'urlencode';
 import elasticsearch from 'elasticsearch';
 import Promise from 'bluebird';
 import AWS from 'aws-sdk';
-import { ADMIN_ROLES, TOKEN_SCOPES, TIMELINE_REFERENCES } from './constants';
+import { ADMIN_ROLES, TOKEN_SCOPES } from './constants';
 
 const exec = require('child_process').exec;
 const models = require('./models').default;
@@ -381,102 +381,6 @@ _.assignIn(util, {
       return source;
     }
   }),
-
-  /**
-   * The middleware to validate and get the projectId specified by the timeline request object,
-   * and set to the request params. This should be called after the validate() middleware,
-   * and before the permissions() middleware.
-   * @param {Object} req the express request instance
-   * @param {Object} res the express response instance
-   * @param {Function} next the express next middleware
-   */
-  // eslint-disable-next-line valid-jsdoc
-  validateTimelineRequestBody: (req, res, next) => {
-    // The timeline refers to a project
-    if (req.body.param.reference === TIMELINE_REFERENCES.PROJECT) {
-      // Set projectId to the params so it can be used in the permission check middleware
-      req.params.projectId = req.body.param.referenceId;
-
-      // Validate projectId to be existed
-      return models.Project.findOne({
-        where: {
-          id: req.params.projectId,
-          deletedAt: { $eq: null },
-        },
-      })
-        .then((project) => {
-          if (!project) {
-            const apiErr = new Error(`Project not found for project id ${req.params.projectId}`);
-            apiErr.status = 422;
-            return next(apiErr);
-          }
-
-          return next();
-        });
-    }
-
-    // The timeline refers to a phase
-    return models.ProjectPhase.findOne({
-      where: {
-        id: req.body.param.referenceId,
-        deletedAt: { $eq: null },
-      },
-    })
-      .then((phase) => {
-        if (!phase) {
-          const apiErr = new Error(`Phase not found for phase id ${req.body.param.referenceId}`);
-          apiErr.status = 422;
-          return next(apiErr);
-        }
-
-        // Set projectId to the params so it can be used in the permission check middleware
-        req.params.projectId = req.body.param.referenceId;
-        return next();
-      });
-  },
-
-  /**
-   * The middleware to validate and get the projectId specified by the timelineId from request
-   * path parameter, and set to the request params. This should be called after the validate()
-   * middleware, and before the permissions() middleware.
-   * @param {Object} req the express request instance
-   * @param {Object} res the express response instance
-   * @param {Function} next the express next middleware
-   */
-  // eslint-disable-next-line valid-jsdoc
-  validateTimelineIdParam: (req, res, next) => {
-    models.Timeline.findById(req.params.timelineId)
-      .then((timeline) => {
-        if (!timeline) {
-          const apiErr = new Error(`Timeline not found for timeline id ${req.params.timelineId}`);
-          apiErr.status = 404;
-          return next(apiErr);
-        }
-
-        // Set timeline to the request to be used in the next middleware
-        req.timeline = timeline;
-
-        // The timeline refers to a project
-        if (timeline.reference === TIMELINE_REFERENCES.PROJECT) {
-          // Set projectId to the params so it can be used in the permission check middleware
-          req.params.projectId = timeline.referenceId;
-          return next();
-        }
-
-        // The timeline refers to a phase
-        return models.ProjectPhase.findOne({
-          where: {
-            id: timeline.referenceId,
-            deletedAt: { $eq: null },
-          },
-        })
-          .then((phase) => {
-            // Set projectId to the params so it can be used in the permission check middleware
-            req.params.projectId = phase.projectId;
-            return next();
-          });
-      });
-  },
 });
 
 export default util;
diff --git a/swagger.yaml b/swagger.yaml
index 3fa16cb4..39bad0d3 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -27,7 +27,7 @@ paths:
       operationId: findProjects
       security:
         - Bearer: []
-      description: Retrieve projects that match the filter
+      description: Retreive projects that match the filter
       responses:
         '422':
           description: Invalid input
@@ -344,7 +344,7 @@ paths:
       operationId: findProjectPhases
       security:
         - Bearer: []
-      description: Retrieve all project phases. All users who can edit project can access this endpoint.
+      description: Retreive all project phases. All users who can edit project can access this endpoint.
       parameters:
         - name: fields
           required: false
@@ -489,7 +489,7 @@ paths:
       operationId: findPhaseProducts
       security:
         - Bearer: []
-      description: Retrieve all phase products. All users who can edit project can access this endpoint.
+      description: Retreive all phase products. All users who can edit project can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -655,7 +655,7 @@ paths:
       operationId: findProjectTemplates
       security:
         - Bearer: []
-      description: Retrieve all project templates. All user roles can access this endpoint.
+      description: Retreive all project templates. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -781,7 +781,7 @@ paths:
       operationId: findProductTemplates
       security:
         - Bearer: []
-      description: Retrieve all product templates. All user roles can access this endpoint.
+      description: Retreive all product templates. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -907,7 +907,7 @@ paths:
       operationId: findProjectTypes
       security:
         - Bearer: []
-      description: Retrieve all project types. All user roles can access this endpoint.
+      description: Retreive all project types. All user roles can access this endpoint.
       responses:
         '403':
           description: No permission or wrong token
@@ -1025,441 +1025,6 @@ paths:
           description: Project type successfully removed
 
 
-  /timelines:
-    get:
-      tags:
-        - timeline
-      operationId: findTimelines
-      security:
-        - Bearer: []
-      description: Retrieve timelines which its projects are accessible by the user.
-      parameters:
-        - name: filter
-          required: false
-          type: string
-          in: query
-          description: |
-            Url encoded list of supported filters
-             - reference
-             - referenceId
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: A list of timelines
-          schema:
-            $ref: "#/definitions/TimelineListResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-    post:
-      tags:
-        - timeline
-      operationId: addTimeline
-      security:
-        - Bearer: []
-      description: Create a timeline. All users who can edit the project can access this endpoint.
-      parameters:
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/TimelineBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created timeline
-          schema:
-            $ref: "#/definitions/TimelineResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /timelines/{timelineId}:
-    get:
-      tags:
-        - timeline
-      description: Retrieve timeline by id. All users who can view the project can access this endpoint.
-      security:
-        - Bearer: []
-      responses:
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: a timeline
-          schema:
-            $ref: "#/definitions/TimelineResponse"
-      parameters:
-        - $ref: "#/parameters/timelineIdParam"
-      operationId: getTimeline
-
-    patch:
-      tags:
-        - timeline
-      operationId: updateTimeline
-      security:
-        - Bearer: []
-      description: Update a timeline. All users who can edit the project can access this endpoint.
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: Successfully updated timeline.
-          schema:
-            $ref: "#/definitions/TimelineResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        default:
-          description: error payload
-          schema:
-            $ref: '#/definitions/ErrorModel'
-      parameters:
-        - $ref: "#/parameters/timelineIdParam"
-        - name: body
-          in: body
-          required: true
-          schema:
-            $ref: "#/definitions/TimelineBodyParam"
-
-    delete:
-      tags:
-        - timeline
-      description: Remove an existing timeline. All users who can edit the project can access this endpoint.
-      security:
-        - Bearer: []
-      parameters:
-        - $ref: "#/parameters/timelineIdParam"
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Timeline successfully removed
-
-  /timelines/{timelineId}/milestones:
-    parameters:
-      - $ref: "#/parameters/timelineIdParam"
-    get:
-      tags:
-        - milestone
-      operationId: findMilestones
-      security:
-        - Bearer: []
-      description: Retrieve all milestones. All users who can view the timeline can access this endpoint.
-      parameters:
-        - name: sort
-          required: false
-          description: sort by `order`. Default is `order asc`
-          in: query
-          type: string
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: A list of milestones
-          schema:
-            $ref: "#/definitions/MilestoneListResponse"
-    post:
-      tags:
-        - milestone
-      operationId: addMilestone
-      security:
-        - Bearer: []
-      description: Create a milestone. All users who can edit the timeline can access this endpoint.
-        It also updates the `order` field of all other milestones in the same timeline which have `order` greater than or equal to the `order` specified in the POST body.
-      parameters:
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/MilestoneBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created milestone
-          schema:
-            $ref: "#/definitions/MilestoneResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /timelines/{timelineId}/milestones/{milestoneId}:
-    parameters:
-      - $ref: "#/parameters/timelineIdParam"
-      - $ref: "#/parameters/milestoneIdParam"
-    get:
-      tags:
-        - milestone
-      description: Retrieve milestone by id. All users who can view the timeline can access this endpoint.
-      security:
-        - Bearer: []
-      responses:
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: a milestone
-          schema:
-            $ref: "#/definitions/MilestoneResponse"
-      operationId: getMilestone
-
-    patch:
-      tags:
-        - milestone
-      operationId: updateMilestone
-      security:
-        - Bearer: []
-      description: Update a milestone. All users who can edit the timeline can access this endpoint.
-        For attributes with JSON object type, it would overwrite the existing fields, or add new if the fields don't exist in the JSON object.
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: Successfully updated milestone.
-          schema:
-            $ref: "#/definitions/MilestoneResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        default:
-          description: error payload
-          schema:
-            $ref: '#/definitions/ErrorModel'
-      parameters:
-        - name: body
-          in: body
-          required: true
-          schema:
-            $ref: "#/definitions/MilestoneBodyParam"
-
-    delete:
-      tags:
-        - milestone
-      description: Remove an existing milestone. All users who can edit the timeline can access this endpoint.
-      security:
-        - Bearer: []
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Milestone successfully removed
-
-
-  /productTemplates/{productTemplateId}/milestones:
-    parameters:
-      - $ref: "#/parameters/productTemplateIdParam"
-    get:
-      tags:
-        - productMilestoneTemplate
-      operationId: findMilestoneTemplates
-      security:
-        - Bearer: []
-      description: Retrieve all milestone templates. All user roles can access this endpoint.
-      parameters:
-        - name: sort
-          required: false
-          description: sort by `order`. Default is `order asc`
-          in: query
-          type: string
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: A list of milestone templates
-          schema:
-            $ref: "#/definitions/MilestoneTemplateListResponse"
-    post:
-      tags:
-        - productMilestoneTemplate
-      operationId: addMilestoneTemplate
-      security:
-        - Bearer: []
-      description: Create a milestone template. Only connect manager, connect admin, and admin can access this endpoint. It also updates the `order` field of all other milestone templates in the same product template which have `order` greater than or equal to the `order` specified in the POST body.
-      parameters:
-        - in: body
-          name: body
-          required: true
-          schema:
-            $ref: '#/definitions/MilestoneTemplateBodyParam'
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '201':
-          description: Returns the newly created milestone template
-          schema:
-            $ref: "#/definitions/MilestoneTemplateResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-
-  /productTemplates/{productTemplateId}/milestones/{milestoneTemplateId}:
-    parameters:
-      - $ref: "#/parameters/productTemplateIdParam"
-      - $ref: "#/parameters/milestoneTemplateIdParam"
-    get:
-      tags:
-        - productMilestoneTemplate
-      description: Retrieve milestone template by id. All user roles can access this endpoint.
-      security:
-        - Bearer: []
-      responses:
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: a milestone template
-          schema:
-            $ref: "#/definitions/MilestoneTemplateResponse"
-      operationId: getMilestoneTemplate
-
-    patch:
-      tags:
-        - productMilestoneTemplate
-      operationId: updateMilestoneTemplate
-      security:
-        - Bearer: []
-      description: Update a milestone template. Only connect manager, connect admin, and admin can access this endpoint.
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '200':
-          description: Successfully updated milestone template.
-          schema:
-            $ref: "#/definitions/MilestoneTemplateResponse"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        default:
-          description: error payload
-          schema:
-            $ref: '#/definitions/ErrorModel'
-      parameters:
-        - name: body
-          in: body
-          required: true
-          schema:
-            $ref: "#/definitions/MilestoneTemplateBodyParam"
-
-    delete:
-      tags:
-        - productMilestoneTemplate
-      description: Remove an existing milestone template. Only connect manager, connect admin, and admin can access this endpoint.
-      security:
-        - Bearer: []
-      responses:
-        '403':
-          description: No permission or wrong token
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '404':
-          description: Not found
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '422':
-          description: Invalid input
-          schema:
-            $ref: "#/definitions/ErrorModel"
-        '204':
-          description: Milestone template successfully removed
-
-
-
-
 
 
 parameters:
@@ -1500,38 +1065,6 @@ parameters:
     description: project type key
     required: true
     type: string
-  timelineIdParam:
-    name: timelineId
-    in: path
-    description: timeline identifier
-    required: true
-    type: integer
-    format: int64
-    minimum: 1
-  milestoneIdParam:
-    name: milestoneId
-    in: path
-    description: milestone identifier
-    required: true
-    type: integer
-    format: int64
-    minimum: 1
-  productTemplateIdParam:
-    name: productTemplateId
-    in: path
-    description: product template identifier
-    required: true
-    type: integer
-    format: int64
-    minimum: 1
-  milestoneTemplateIdParam:
-    name: milestoneTemplateId
-    in: path
-    description: milestone template identifier
-    required: true
-    type: integer
-    format: int64
-    minimum: 1
   offsetParam:
     name: offset
     description: "number of items to skip. Defaults to 0"
@@ -1872,362 +1405,72 @@ definitions:
         description: member role on specified project
         enum: ["customer", "manager", "copilot"]
 
-  NewProjectMemberBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/NewProjectMember"
-
-  UpdateProjectMember:
-      title: Project Member object
-      type: object
-      required:
-        - role
-      properties:
-        isPrimary:
-          type: boolean
-          description: primary option
-        role:
-          type: string
-          description: member role on specified project
-          enum: ["customer", "manager", "copilot"]
-
-  UpdateProjectMemberBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/UpdateProjectMember"
-
-  NewProjectAttachment:
-    title: Project attachment request
-    type: object
-    required:
-      - filePath
-      - s3Bucket
-      - title
-      - contentType
-    properties:
-      filePath:
-        type: string
-        description: path where file is stored
-      s3Bucket:
-        type: string
-        description: The s3 bucket of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
-        type: string
-        description: Name of the attachment
-      description:
-        type: string
-        description: Optional description for the attached file.
-      category:
-        type: string
-        description: Category of attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
-
-  NewProjectAttachmentBodyParam:
-    type: object
-    properties:
-      param:
-        $ref: "#/definitions/NewProjectAttachment"
-
-  NewProjectAttachmentResponse:
-    title: Project attachment object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectAttachment"
-
-  ProjectAttachment:
-    title: Project attachment
-    type: object
-    properties:
-      id:
-        type: number
-        description: unique id for the attachment
-      size:
-        type: number
-        format: float
-        description: The size of attachment
-      category:
-        type: string
-        description: The category of attachment
-      contentType:
-        type: string
-        description: Uploaded file content type
-      title:
-        type: string
-        description: Name of the attachment
-      description:
-        type: string
-        description: Optional description for the attached file.
-      downloadUrl:
-        type: string
-        description: download link for the attachment.
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
-        type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-  ProjectMember:
-    title: Project Member object
-    type: object
-    properties:
-      id:
-        type: number
-        description: unique identifier for record
-      userId:
-        type: number
-        format: int64
-        description: user identifier
-      isPrimary:
-        type: boolean
-        description: Flag to indicate this member is primary for specified role
-      projectId:
-        type: number
-        format: int64
-        description: project identifier
-      role:
-        type: string
-        description: member role on specified project
-        enum: ["customer", "manager", "copilot"]
-      createdAt:
-        type: string
-        description: Datetime (GMT) when task was created
-        readOnly: true
-      createdBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User who created this task
-        readOnly: true
-      updatedAt:
-        type: string
-        description: READ-ONLY. Datetime (GMT) when task was updated
-        readOnly: true
-      updatedBy:
-        type: integer
-        format: int64
-        description: READ-ONLY. User that last updated this task
-        readOnly: true
-
-
-
-  NewProjectMemberResponse:
-    title: Project member object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectMember"
-
-  UpdateProjectMemberResponse:
-    title: Project member object response
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/ProjectMember"
-
-
-  ProjectResponse:
-    title: Single project object
-    type: object
-    properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            $ref: "#/definitions/Project"
-
-  UpdateProjectResponse:
-    title: response with original and updated project object
+  NewProjectMemberBodyParam:
     type: object
     properties:
-      id:
-        type: string
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          content:
-            type: object
-            properties:
-              original:
-                $ref: "#/definitions/Project"
-              updated:
-                 $ref: "#/definitions/Project"
+      param:
+        $ref: "#/definitions/NewProjectMember"
 
-  ProjectListResponse:
-    title: List response
+  UpdateProjectMember:
+      title: Project Member object
+      type: object
+      required:
+        - role
+      properties:
+        isPrimary:
+          type: boolean
+          description: primary option
+        role:
+          type: string
+          description: member role on specified project
+          enum: ["customer", "manager", "copilot"]
+
+  UpdateProjectMemberBodyParam:
     type: object
     properties:
-      id:
-        type: string
-        readOnly: true
-        description: unique id identifying the request
-      version:
-        type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
-          content:
-            type: array
-            items:
-              $ref: "#/definitions/Project"
+      param:
+        $ref: "#/definitions/UpdateProjectMember"
 
-  ProjectTemplateRequest:
-    title: Project template request object
+  NewProjectAttachment:
+    title: Project attachment request
     type: object
     required:
-      - name
-      - key
-      - category
-      - scope
-      - phases
+      - filePath
+      - s3Bucket
+      - title
+      - contentType
     properties:
-      name:
+      filePath:
         type: string
-        description: the project template name
-      key:
+        description: path where file is stored
+      s3Bucket:
         type: string
-        description: the project template key
+        description: The s3 bucket of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
       category:
         type: string
-        description: the project template category
-      scope:
-        type: object
-        description: the project template scope
-      phases:
-        type: object
-        description: the project template phases
+        description: Category of attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
 
-  ProjectTemplateBodyParam:
-    title: Project template body param
+  NewProjectAttachmentBodyParam:
     type: object
-    required:
-      - param
     properties:
       param:
-        $ref: "#/definitions/ProjectTemplateRequest"
-
-  ProjectTemplate:
-    title: Project template object
-    allOf:
-      - type: object
-        required:
-          - id
-          - createdAt
-          - createdBy
-          - updatedAt
-          - updatedBy
-        properties:
-          id:
-            type: number
-            format: int64
-            description: the id
-          createdAt:
-            type: string
-            description: Datetime (GMT) when object was created
-            readOnly: true
-          createdBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User who created this object
-            readOnly: true
-          updatedAt:
-            type: string
-            description: READ-ONLY. Datetime (GMT) when object was updated
-            readOnly: true
-          updatedBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User that last updated this object
-            readOnly: true
-      - $ref: "#/definitions/ProjectTemplateRequest"
-
+        $ref: "#/definitions/NewProjectAttachment"
 
-  ProjectTemplateResponse:
-    title: Single project template response object
+  NewProjectAttachmentResponse:
+    title: Project attachment object response
     type: object
     properties:
       id:
@@ -2243,114 +1486,99 @@ definitions:
           status:
             type: string
             description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectTemplate"
+            $ref: "#/definitions/ProjectAttachment"
 
-  ProjectTemplateListResponse:
-    title: Project template list response object
+  ProjectAttachment:
+    title: Project attachment
     type: object
     properties:
       id:
+        type: number
+        description: unique id for the attachment
+      size:
+        type: number
+        format: float
+        description: The size of attachment
+      category:
+        type: string
+        description: The category of attachment
+      contentType:
+        type: string
+        description: Uploaded file content type
+      title:
+        type: string
+        description: Name of the attachment
+      description:
+        type: string
+        description: Optional description for the attached file.
+      downloadUrl:
         type: string
+        description: download link for the attachment.
+      createdAt:
+        type: string
+        description: Datetime (GMT) when task was created
         readOnly: true
-        description: unique id identifying the request
-      version:
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
         type: string
-      result:
-        type: object
-        properties:
-          success:
-            type: boolean
-          status:
-            type: string
-            description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
-          content:
-            type: array
-            items:
-              $ref: "#/definitions/ProjectTemplate"
-              
-  ProductTemplateRequest:
-    title: Product template request object
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
+
+  ProjectMember:
+    title: Project Member object
     type: object
-    required:
-      - name
-      - key
-      - category
-      - scope
-      - phases
     properties:
-      name:
-        type: string
-        description: the product template name
-      productKey:
-        type: string
-        description: the product template key
-      icon:
+      id:
+        type: number
+        description: unique identifier for record
+      userId:
+        type: number
+        format: int64
+        description: user identifier
+      isPrimary:
+        type: boolean
+        description: Flag to indicate this member is primary for specified role
+      projectId:
+        type: number
+        format: int64
+        description: project identifier
+      role:
         type: string
-        description: the product template icon
-      brief:
+        description: member role on specified project
+        enum: ["customer", "manager", "copilot"]
+      createdAt:
         type: string
-        description: the product template brief
-      details:
+        description: Datetime (GMT) when task was created
+        readOnly: true
+      createdBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User who created this task
+        readOnly: true
+      updatedAt:
         type: string
-        description: the product template details
-      aliases:
-        type: object
-        description: the product template aliases
-      template:
-        type: object
-        description: the product template template
+        description: READ-ONLY. Datetime (GMT) when task was updated
+        readOnly: true
+      updatedBy:
+        type: integer
+        format: int64
+        description: READ-ONLY. User that last updated this task
+        readOnly: true
 
-  ProductTemplateBodyParam:
-    title: Product template body param
-    type: object
-    required:
-      - param
-    properties:
-      param:
-        $ref: "#/definitions/ProductTemplateRequest"
 
-  ProductTemplate:
-    title: Product template object
-    allOf:
-      - type: object
-        required:
-          - id
-          - createdAt
-          - createdBy
-          - updatedAt
-          - updatedBy
-        properties:
-          id:
-            type: number
-            format: int64
-            description: the id
-          createdAt:
-            type: string
-            description: Datetime (GMT) when object was created
-            readOnly: true
-          createdBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User who created this object
-            readOnly: true
-          updatedAt:
-            type: string
-            description: READ-ONLY. Datetime (GMT) when object was updated
-            readOnly: true
-          updatedBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User that last updated this object
-            readOnly: true
-      - $ref: "#/definitions/ProductTemplateRequest"
 
-  ProjectUpgradeResponse:
-    title: Project upgrade response object
+  NewProjectMemberResponse:
+    title: Project member object response
     type: object
     properties:
       id:
@@ -2366,11 +1594,11 @@ definitions:
           status:
             type: string
             description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
+          content:
+            $ref: "#/definitions/ProjectMember"
 
-  ProductTemplateResponse:
-    title: Single product template response object
+  UpdateProjectMemberResponse:
+    title: Project member object response
     type: object
     properties:
       id:
@@ -2386,18 +1614,16 @@ definitions:
           status:
             type: string
             description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProductTemplate"
+            $ref: "#/definitions/ProjectMember"
 
-  ProductTemplateListResponse:
-    title: Product template list response object
+
+  ProjectResponse:
+    title: Single project object
     type: object
     properties:
       id:
         type: string
-        readOnly: true
         description: unique id identifying the request
       version:
         type: string
@@ -2409,93 +1635,11 @@ definitions:
           status:
             type: string
             description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
           content:
-            type: array
-            items:
-              $ref: "#/definitions/ProductTemplate"
-
-  ProjectPhaseRequest:
-    title: Project phase request object
-    type: object
-    required:
-      - name
-      - status
-      - startDate
-      - endDate
-    properties:
-      name:
-        type: string
-        description: the project phase name
-      status:
-        type: string
-        description: the project phase status
-      startDate:
-        type: string
-        format: date
-        description: the project phase start date
-      endDate:
-        type: string
-        format: date
-        description: the project phase end date
-      budget:
-        type: number
-        description: the project phase budget
-      progress:
-        type: number
-        description: the project phase progress
-      details:
-        type: object
-        description: the project phase details
-
-  ProjectPhaseBodyParam:
-    title: Project phase body param
-    type: object
-    required:
-      - param
-    properties:
-      param:
-        $ref: "#/definitions/ProjectPhaseRequest"
-
-  ProjectPhase:
-    title: Project phase object
-    allOf:
-      - type: object
-        required:
-          - id
-          - createdAt
-          - createdBy
-          - updatedAt
-          - updatedBy
-        properties:
-          id:
-            type: number
-            format: int64
-            description: the id
-          createdAt:
-            type: string
-            description: Datetime (GMT) when object was created
-            readOnly: true
-          createdBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User who created this object
-            readOnly: true
-          updatedAt:
-            type: string
-            description: READ-ONLY. Datetime (GMT) when object was updated
-            readOnly: true
-          updatedBy:
-            type: integer
-            format: int64
-            description: READ-ONLY. User that last updated this object
-            readOnly: true
-      - $ref: "#/definitions/ProjectPhaseRequest"
-
+            $ref: "#/definitions/Project"
 
-  ProjectPhaseResponse:
-    title: Single project phase response object
+  UpdateProjectResponse:
+    title: response with original and updated project object
     type: object
     properties:
       id:
@@ -2511,13 +1655,16 @@ definitions:
           status:
             type: string
             description: http status code
-          metadata:
-            $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectPhase"
+            type: object
+            properties:
+              original:
+                $ref: "#/definitions/Project"
+              updated:
+                 $ref: "#/definitions/Project"
 
-  ProjectPhaseListResponse:
-    title: Project phase list response object
+  ProjectListResponse:
+    title: List response
     type: object
     properties:
       id:
@@ -2539,49 +1686,45 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectPhase"
-
+              $ref: "#/definitions/Project"
 
-  PhaseProductRequest:
-    title: Phase product request object
+  ProjectTemplateRequest:
+    title: Project template request object
     type: object
+    required:
+      - name
+      - key
+      - category
+      - scope
+      - phases
     properties:
       name:
         type: string
-        description: the phase product name
-      directProjectId:
-        type: number
-        description: the phase product direct project id
-      billingAccountId:
-        type: number
-        description: the phase product billing account Id
-      templateId:
-        type: number
-        description: the phase product template id
-      type:
+        description: the project template name
+      key:
         type: string
-        description: the phase product type
-      estimatedPrice:
-        type: number
-        description: the phase product estimated price
-      actualPrice:
-        type: number
-        description: the phase product actual price
-      details:
+        description: the project template key
+      category:
+        type: string
+        description: the project template category
+      scope:
         type: object
-        description: the phase product details
+        description: the project template scope
+      phases:
+        type: object
+        description: the project template phases
 
-  PhaseProductBodyParam:
-    title: Phase product body param
+  ProjectTemplateBodyParam:
+    title: Project template body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/PhaseProductRequest"
+        $ref: "#/definitions/ProjectTemplateRequest"
 
-  PhaseProduct:
-    title: Phase product object
+  ProjectTemplate:
+    title: Project template object
     allOf:
       - type: object
         required:
@@ -2613,11 +1756,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/PhaseProductRequest"
+      - $ref: "#/definitions/ProjectTemplateRequest"
 
 
-  PhaseProductResponse:
-    title: Single phase product response object
+  ProjectTemplateResponse:
+    title: Single project template response object
     type: object
     properties:
       id:
@@ -2636,10 +1779,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/PhaseProduct"
+            $ref: "#/definitions/ProjectTemplate"
 
-  PhaseProductListResponse:
-    title: Phase product list response object
+  ProjectTemplateListResponse:
+    title: Project template list response object
     type: object
     properties:
       id:
@@ -2659,66 +1802,66 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            type: array
-            items:
-              $ref: "#/definitions/PhaseProduct"
-              
-              
+            type: array
+            items:
+              $ref: "#/definitions/ProjectTemplate"
               
-  ProjectTypeRequest:
-    title: Project type request object
+  ProductTemplateRequest:
+    title: Product template request object
     type: object
     required:
-      - displayName
+      - name
+      - key
+      - category
+      - scope
+      - phases
     properties:
-      displayName:
+      name:
         type: string
-        description: the project type display name
-
-  ProjectTypeBodyParam:
-    title: Project type body param
-    type: object
-    required:
-      - param
-    properties:
-      param:
-        $ref: "#/definitions/ProjectTypeRequest"
-
-  ProjectTypeCreateRequest:
-    title: Project type creation request object
-    type: object
-    allOf:
-      - type: object
-        required:
-          - key
-        properties:
-          key:
-            type: string
-            description: the project type key
-      - $ref: "#/definitions/ProjectTypeRequest"
+        description: the product template name
+      productKey:
+        type: string
+        description: the product template key
+      icon:
+        type: string
+        description: the product template icon
+      brief:
+        type: string
+        description: the product template brief
+      details:
+        type: string
+        description: the product template details
+      aliases:
+        type: object
+        description: the product template aliases
+      template:
+        type: object
+        description: the product template template
 
-  ProjectTypeCreateBodyParam:
-    title: Project type creation body param
+  ProductTemplateBodyParam:
+    title: Product template body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/ProjectTypeCreateRequest"
+        $ref: "#/definitions/ProductTemplateRequest"
 
-  ProjectType:
-    title: Project type object
+  ProductTemplate:
+    title: Product template object
     allOf:
       - type: object
         required:
+          - id
           - createdAt
           - createdBy
           - updatedAt
           - updatedBy
         properties:
-          key:
-            type: string
-            description: the project type key
+          id:
+            type: number
+            format: int64
+            description: the id
           createdAt:
             type: string
             description: Datetime (GMT) when object was created
@@ -2737,11 +1880,30 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/ProjectTypeCreateRequest"
+      - $ref: "#/definitions/ProductTemplateRequest"
 
+  ProjectUpgradeResponse:
+    title: Project upgrade response object
+    type: object
+    properties:
+      id:
+        type: string
+        description: unique id identifying the request
+      version:
+        type: string
+      result:
+        type: object
+        properties:
+          success:
+            type: boolean
+          status:
+            type: string
+            description: http status code
+          metadata:
+            $ref: "#/definitions/ResponseMetadata"
 
-  ProjectTypeResponse:
-    title: Single project type response object
+  ProductTemplateResponse:
+    title: Single product template response object
     type: object
     properties:
       id:
@@ -2760,10 +1922,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/ProjectType"
+            $ref: "#/definitions/ProductTemplate"
 
-  ProjectTypeListResponse:
-    title: Project type list response object
+  ProductTemplateListResponse:
+    title: Product template list response object
     type: object
     properties:
       id:
@@ -2785,54 +1947,52 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/ProjectType"
-
+              $ref: "#/definitions/ProductTemplate"
 
-  TimelineRequest:
-    title: Timeline request object
+  ProjectPhaseRequest:
+    title: Project phase request object
     type: object
     required:
       - name
+      - status
       - startDate
-      - reference
-      - referenceId
+      - endDate
     properties:
       name:
         type: string
-        description: the timeline name
-      description:
+        description: the project phase name
+      status:
         type: string
-        description: the timeline description
+        description: the project phase status
       startDate:
         type: string
         format: date
-        description: the timeline start date
+        description: the project phase start date
       endDate:
         type: string
         format: date
-        description: the timeline end date
-      reference:
-        type: string
-        enum:
-          - project
-          - phase
-        description: the timeline reference
-      referenceId:
+        description: the project phase end date
+      budget:
         type: number
-        format: long
-        description: the timeline reference id (project id or phase id, corresponding to the `reference`)
+        description: the project phase budget
+      progress:
+        type: number
+        description: the project phase progress
+      details:
+        type: object
+        description: the project phase details
 
-  TimelineBodyParam:
-    title: Timeline body param
+  ProjectPhaseBodyParam:
+    title: Project phase body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/TimelineRequest"
+        $ref: "#/definitions/ProjectPhaseRequest"
 
-  Timeline:
-    title: Timeline object
+  ProjectPhase:
+    title: Project phase object
     allOf:
       - type: object
         required:
@@ -2864,10 +2024,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/TimelineRequest"
+      - $ref: "#/definitions/ProjectPhaseRequest"
 
-  TimelineResponse:
-    title: Single timeline response object
+
+  ProjectPhaseResponse:
+    title: Single project phase response object
     type: object
     properties:
       id:
@@ -2886,10 +2047,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/Timeline"
+            $ref: "#/definitions/ProjectPhase"
 
-  TimelineListResponse:
-    title: Timeline list response object
+  ProjectPhaseListResponse:
+    title: Project phase list response object
     type: object
     properties:
       id:
@@ -2911,82 +2072,49 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/Timeline"
+              $ref: "#/definitions/ProjectPhase"
+
 
-  MilestoneRequest:
-    title: Milestone request object
+  PhaseProductRequest:
+    title: Phase product request object
     type: object
-    required:
-      - name
-      - duration
-      - startDate
-      - status
-      - type
-      - order
-      - plannedText
-      - activeText
-      - completedText
-      - blockedText
     properties:
       name:
         type: string
-        description: the milestone name
-      description:
-        type: string
-        description: the milestone description
-      duration:
+        description: the phase product name
+      directProjectId:
         type: number
-        format: integer
-        description: the milestone duration
-      startDate:
-        type: string
-        format: date
-        description: the milestone start date
-      endDate:
-        type: string
-        format: date
-        description: the milestone end date
-      completionDate:
-        type: string
-        format: date
-        description: the milestone completion date
-      status:
-        type: string
-        description: the milestone status
+        description: the phase product direct project id
+      billingAccountId:
+        type: number
+        description: the phase product billing account Id
+      templateId:
+        type: number
+        description: the phase product template id
       type:
         type: string
-        description: the milestone type
+        description: the phase product type
+      estimatedPrice:
+        type: number
+        description: the phase product estimated price
+      actualPrice:
+        type: number
+        description: the phase product actual price
       details:
         type: object
-        description: the milestone details
-      order:
-        type: number
-        format: integer
-        description: the milestone order
-      plannedText:
-        type: string
-        description: the milestone planned text
-      activeText:
-        type: string
-        description: the milestone active text
-      completedText:
-        type: string
-        description: the milestone completed text
-      blockedText:
-        type: string
-        description: the milestone blocked text
+        description: the phase product details
 
-  MilestoneBodyParam:
-    title: Milestone body param
+  PhaseProductBodyParam:
+    title: Phase product body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/MilestoneRequest"
+        $ref: "#/definitions/PhaseProductRequest"
 
-  Milestone:
-    title: Milestone object
+  PhaseProduct:
+    title: Phase product object
     allOf:
       - type: object
         required:
@@ -3018,10 +2146,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/MilestoneRequest"
+      - $ref: "#/definitions/PhaseProductRequest"
 
-  MilestoneResponse:
-    title: Single milestone response object
+
+  PhaseProductResponse:
+    title: Single phase product response object
     type: object
     properties:
       id:
@@ -3040,10 +2169,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/Milestone"
+            $ref: "#/definitions/PhaseProduct"
 
-  MilestoneListResponse:
-    title: Milestone list response object
+  PhaseProductListResponse:
+    title: Phase product list response object
     type: object
     properties:
       id:
@@ -3065,60 +2194,64 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/Milestone"
-
-
-  MilestoneTemplateRequest:
-    title: Milestone template request object
+              $ref: "#/definitions/PhaseProduct"
+              
+              
+              
+  ProjectTypeRequest:
+    title: Project type request object
     type: object
     required:
-      - name
-      - duration
-      - type
-      - order
+      - displayName
     properties:
-      name:
-        type: string
-        description: the milestone template name
-      description:
-        type: string
-        description: the milestone template description
-      duration:
-        type: number
-        format: integer
-        description: the milestone template duration
-      type:
+      displayName:
         type: string
-        description: the milestone template type
-      order:
-        type: number
-        format: integer
-        description: the milestone template order
+        description: the project type display name
 
-  MilestoneTemplateBodyParam:
-    title: Milestone template body param
+  ProjectTypeBodyParam:
+    title: Project type body param
     type: object
     required:
       - param
     properties:
       param:
-        $ref: "#/definitions/MilestoneTemplateRequest"
+        $ref: "#/definitions/ProjectTypeRequest"
 
-  MilestoneTemplate:
-    title: Milestone template object
+  ProjectTypeCreateRequest:
+    title: Project type creation request object
+    type: object
+    allOf:
+      - type: object
+        required:
+          - key
+        properties:
+          key:
+            type: string
+            description: the project type key
+      - $ref: "#/definitions/ProjectTypeRequest"
+
+  ProjectTypeCreateBodyParam:
+    title: Project type creation body param
+    type: object
+    required:
+      - param
+    properties:
+      param:
+        $ref: "#/definitions/ProjectTypeCreateRequest"
+
+  ProjectType:
+    title: Project type object
     allOf:
       - type: object
         required:
-          - id
           - createdAt
           - createdBy
           - updatedAt
           - updatedBy
         properties:
-          id:
-            type: number
-            format: int64
-            description: the id
+          key:
+            type: string
+            description: the project type key
           createdAt:
             type: string
             description: Datetime (GMT) when object was created
@@ -3137,10 +2270,11 @@ definitions:
             format: int64
             description: READ-ONLY. User that last updated this object
             readOnly: true
-      - $ref: "#/definitions/MilestoneTemplateRequest"
+      - $ref: "#/definitions/ProjectTypeCreateRequest"
+
 
-  MilestoneTemplateResponse:
-    title: Single milestone template response object
+  ProjectTypeResponse:
+    title: Single project type response object
     type: object
     properties:
       id:
@@ -3159,10 +2293,10 @@ definitions:
           metadata:
             $ref: "#/definitions/ResponseMetadata"
           content:
-            $ref: "#/definitions/MilestoneTemplate"
+            $ref: "#/definitions/ProjectType"
 
-  MilestoneTemplateListResponse:
-    title: Milestone template list response object
+  ProjectTypeListResponse:
+    title: Project type list response object
     type: object
     properties:
       id:
@@ -3184,4 +2318,4 @@ definitions:
           content:
             type: array
             items:
-              $ref: "#/definitions/MilestoneTemplate"
+              $ref: "#/definitions/ProjectType"

From 8164211d974ee4b3cc5c4ebe1057e8d4c3d31049 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 13:00:38 +0530
Subject: [PATCH 45/59] using system user token to create topics for phase

---
 src/events/projectPhases/index.js |  2 +-
 src/services/messageService.js    | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index f99759f6..2c32eb6c 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -69,7 +69,7 @@ const createPhaseTopic = Promise.coroutine(function* (logger, phase) { // eslint
       body: 'Welcome!!! Please use this channel for communication around the phase.',
     }, logger);
     logger.debug('topic for the phase created successfully');
-    logger.debug(topic);
+    logger.debug('created topic', topic);
   } catch (error) {
     logger.error('Error in creating topic for the project phase', error);
     // don't throw the error back to nack the bus, because we don't want to get multiple topics per phase
diff --git a/src/services/messageService.js b/src/services/messageService.js
index ce03ff45..bac85bb5 100644
--- a/src/services/messageService.js
+++ b/src/services/messageService.js
@@ -1,5 +1,6 @@
 import config from 'config';
 import _ from 'lodash';
+import util from '../util';
 
 const Promise = require('bluebird');
 const axios = require('axios');
@@ -50,7 +51,7 @@ async function getClient(logger) {
 
     return client;
   } catch (err) {
-    return Promise.reject(`Bus api calling - Error in genearting m2m token : ${err.message}`);
+    return Promise.reject(`Message api calling - Error in genearting m2m token : ${err.message}`);
   }
 }
 
@@ -63,13 +64,18 @@ async function getClient(logger) {
  */
 function createTopic(topic, logger) {
   logger.debug(`createTopic for topic: ${JSON.stringify(topic)}`);
-  return getClient(logger).then((msgClient) => {
+  // return getClient(logger).then((msgClient) => {
+  return util.getSystemUserToken(logger).then((adminToken) => {
     logger.debug('calling message service');
-    return msgClient.post('/topics/create', topic)
+    // return msgClient.post('/topics/create', topic)
+    const httpClient = util.getHttpClient({ id: `topic#create#${topic.referenceId}`, log: logger });
+    httpClient.defaults.headers.common.Authorization = `Bearer ${adminToken}`;
+    return httpClient.post(`${config.get('messageApiUrl')}/topics/create`, topic)
       .then((resp) => {
         logger.debug('Topic created successfully');
         logger.debug(`Topic created successfully [status]: ${resp.status}`);
         logger.debug(`Topic created successfully [data]: ${resp.data}`);
+        return _.get(resp.data, 'result.content', {});
       })
       .catch((error) => {
         logger.debug('Error creating topic');

From 28ebc6ea04abbdc8f1c985bc3d76353ef0d604fa Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 14:46:51 +0530
Subject: [PATCH 46/59] Allowed direct project and billing account ids in
 update product calls added new fields, spentBudget and duration, in phase
 reverted back to m2m call while creating topic because now message is updated
 to use cdderbot as user for m2m calls for the topic creation

---
 src/events/projectPhases/index.js  |  1 -
 src/models/projectPhase.js         |  2 ++
 src/routes/phaseProducts/update.js |  2 ++
 src/routes/phases/create.js        |  2 ++
 src/routes/phases/update.js        |  2 ++
 src/services/messageService.js     | 12 ++++++------
 6 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/events/projectPhases/index.js b/src/events/projectPhases/index.js
index 2c32eb6c..98123522 100644
--- a/src/events/projectPhases/index.js
+++ b/src/events/projectPhases/index.js
@@ -60,7 +60,6 @@ const indexProjectPhase = Promise.coroutine(function* (logger, phase) { // eslin
 const createPhaseTopic = Promise.coroutine(function* (logger, phase) { // eslint-disable-line func-names
   try {
     logger.debug('Creating topic for phase with phase', phase);
-    // const phase = JSON.parse(msg.content.toString());
     const topic = yield messageService.createTopic({
       reference: 'project',
       referenceId: `${phase.projectId}`,
diff --git a/src/models/projectPhase.js b/src/models/projectPhase.js
index 3d21ec1c..47336258 100644
--- a/src/models/projectPhase.js
+++ b/src/models/projectPhase.js
@@ -9,7 +9,9 @@ module.exports = function defineProjectPhase(sequelize, DataTypes) {
     status: { type: DataTypes.STRING, allowNull: true },
     startDate: { type: DataTypes.DATE, allowNull: true },
     endDate: { type: DataTypes.DATE, allowNull: true },
+    duration: { type: DataTypes.INTEGER, allowNull: false },
     budget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
+    spentBudget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     progress: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     details: { type: DataTypes.JSON, defaultValue: {} },
 
diff --git a/src/routes/phaseProducts/update.js b/src/routes/phaseProducts/update.js
index 9d335f2a..fa7ac460 100644
--- a/src/routes/phaseProducts/update.js
+++ b/src/routes/phaseProducts/update.js
@@ -16,6 +16,8 @@ const updatePhaseProductValidation = {
       name: Joi.string().optional(),
       type: Joi.string().optional(),
       templateId: Joi.number().optional(),
+      directProjectId: Joi.number().positive().optional(),
+      billingAccountId: Joi.number().positive().optional(),
       estimatedPrice: Joi.number().positive().optional(),
       actualPrice: Joi.number().positive().optional(),
       details: Joi.any().optional(),
diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index c832d272..ddc20d0e 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -16,7 +16,9 @@ const addProjectPhaseValidations = {
       status: Joi.string().required(),
       startDate: Joi.date().max(Joi.ref('endDate')).optional(),
       endDate: Joi.date().optional(),
+      duration: Joi.number().positive().optional(),
       budget: Joi.number().positive().optional(),
+      spentBudget: Joi.number().positive().optional(),
       progress: Joi.number().positive().optional(),
       details: Joi.any().optional(),
     }).required(),
diff --git a/src/routes/phases/update.js b/src/routes/phases/update.js
index 194becfa..f05b8a9a 100644
--- a/src/routes/phases/update.js
+++ b/src/routes/phases/update.js
@@ -17,7 +17,9 @@ const updateProjectPhaseValidation = {
       status: Joi.string().optional(),
       startDate: Joi.date().optional(),
       endDate: Joi.date().optional(),
+      duration: Joi.number().positive().optional(),
       budget: Joi.number().positive().optional(),
+      spentBudget: Joi.number().positive().optional(),
       progress: Joi.number().positive().optional(),
       details: Joi.any().optional(),
     }).required(),
diff --git a/src/services/messageService.js b/src/services/messageService.js
index bac85bb5..556ee322 100644
--- a/src/services/messageService.js
+++ b/src/services/messageService.js
@@ -64,13 +64,13 @@ async function getClient(logger) {
  */
 function createTopic(topic, logger) {
   logger.debug(`createTopic for topic: ${JSON.stringify(topic)}`);
-  // return getClient(logger).then((msgClient) => {
-  return util.getSystemUserToken(logger).then((adminToken) => {
+  return getClient(logger).then((msgClient) => {
+  // return util.getSystemUserToken(logger).then((adminToken) => {
     logger.debug('calling message service');
-    // return msgClient.post('/topics/create', topic)
-    const httpClient = util.getHttpClient({ id: `topic#create#${topic.referenceId}`, log: logger });
-    httpClient.defaults.headers.common.Authorization = `Bearer ${adminToken}`;
-    return httpClient.post(`${config.get('messageApiUrl')}/topics/create`, topic)
+    return msgClient.post('/topics/create', topic)
+    // const httpClient = util.getHttpClient({ id: `topic#create#${topic.referenceId}`, log: logger });
+    // httpClient.defaults.headers.common.Authorization = `Bearer ${adminToken}`;
+    // return httpClient.post(`${config.get('messageApiUrl')}/topics/create`, topic)
       .then((resp) => {
         logger.debug('Topic created successfully');
         logger.debug(`Topic created successfully [status]: ${resp.status}`);

From 2ec838ad23e455736c90ed5cf83933029bd35ad5 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 14:48:25 +0530
Subject: [PATCH 47/59] lint fix

---
 src/services/messageService.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/services/messageService.js b/src/services/messageService.js
index 556ee322..d7e0f678 100644
--- a/src/services/messageService.js
+++ b/src/services/messageService.js
@@ -1,6 +1,6 @@
 import config from 'config';
 import _ from 'lodash';
-import util from '../util';
+// import util from '../util';
 
 const Promise = require('bluebird');
 const axios = require('axios');

From d489ee28e3399b46c826089f6427364d0130cbed Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 14:50:49 +0530
Subject: [PATCH 48/59] marking duration as optional field

---
 src/models/projectPhase.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/models/projectPhase.js b/src/models/projectPhase.js
index 47336258..bcfe827a 100644
--- a/src/models/projectPhase.js
+++ b/src/models/projectPhase.js
@@ -9,7 +9,7 @@ module.exports = function defineProjectPhase(sequelize, DataTypes) {
     status: { type: DataTypes.STRING, allowNull: true },
     startDate: { type: DataTypes.DATE, allowNull: true },
     endDate: { type: DataTypes.DATE, allowNull: true },
-    duration: { type: DataTypes.INTEGER, allowNull: false },
+    duration: { type: DataTypes.INTEGER, allowNull: true },
     budget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     spentBudget: { type: DataTypes.DOUBLE, defaultValue: 0.0 },
     progress: { type: DataTypes.DOUBLE, defaultValue: 0.0 },

From e8c5836dc4ad1902551532c07c3f415233fe7246 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 14:57:08 +0530
Subject: [PATCH 49/59] setting duration from phase template

---
 src/routes/projects/create.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 3b5f34ee..669ffa75 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -94,6 +94,7 @@ function createProjectAndPhases(req, project, projectTemplate, productTemplates)
       models.ProjectPhase.create({
         projectId: newProject.id,
         name: _.get(phase, 'name', `Stage ${phaseIdx}`),
+        duration: _.get(phase, 'duration', 0),
         status: _.get(phase, 'status', PROJECT_PHASE_STATUS.DRAFT),
         budget: _.get(phase, 'budget', 0),
         updatedBy: req.authUser.userId,

From 009b747ce536f45ae749e712b95108d78302bea3 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 15:08:16 +0530
Subject: [PATCH 50/59] Allowing only copilots and above role users to
 add/update/delete phase/products

---
 src/permissions/copilotAndAbove.js | 18 ++++++++++++++++++
 src/permissions/index.js           | 13 +++++++------
 2 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 src/permissions/copilotAndAbove.js

diff --git a/src/permissions/copilotAndAbove.js b/src/permissions/copilotAndAbove.js
new file mode 100644
index 00000000..e5d5121a
--- /dev/null
+++ b/src/permissions/copilotAndAbove.js
@@ -0,0 +1,18 @@
+import util from '../util';
+import { MANAGER_ROLES, USER_ROLE } from '../constants';
+
+
+/**
+ * Permission to alloow copilot and above roles to perform certain operations
+ * @param {Object}    req         the express request instance
+ * @return {Promise}              returns a promise
+ */
+module.exports = req => new Promise((resolve, reject) => {
+  const hasAccess = util.hasRoles(req, [...MANAGER_ROLES, USER_ROLE.COPILOT]);
+
+  if (!hasAccess) {
+    return reject(new Error('You do not have permissions to perform this action'));
+  }
+
+  return resolve(true);
+});
diff --git a/src/permissions/index.js b/src/permissions/index.js
index 6ea7a418..1cd1591a 100644
--- a/src/permissions/index.js
+++ b/src/permissions/index.js
@@ -7,6 +7,7 @@ const projectDelete = require('./project.delete');
 const projectMemberDelete = require('./projectMember.delete');
 const projectAdmin = require('./admin.ops');
 const connectManagerOrAdmin = require('./connectManagerOrAdmin.ops');
+const copilotAndAbove = require('./copilotAndAbove');
 
 module.exports = () => {
   Authorizer.setDeniedStatusCode(403);
@@ -35,12 +36,12 @@ module.exports = () => {
   Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
   Authorizer.setPolicy('productTemplate.view', true);
 
-  Authorizer.setPolicy('project.addProjectPhase', projectEdit);
-  Authorizer.setPolicy('project.updateProjectPhase', projectEdit);
-  Authorizer.setPolicy('project.deleteProjectPhase', projectEdit);
-  Authorizer.setPolicy('project.addPhaseProduct', projectEdit);
-  Authorizer.setPolicy('project.updatePhaseProduct', projectEdit);
-  Authorizer.setPolicy('project.deletePhaseProduct', projectEdit);
+  Authorizer.setPolicy('project.addProjectPhase', copilotAndAbove);
+  Authorizer.setPolicy('project.updateProjectPhase', copilotAndAbove);
+  Authorizer.setPolicy('project.deleteProjectPhase', copilotAndAbove);
+  Authorizer.setPolicy('project.addPhaseProduct', copilotAndAbove);
+  Authorizer.setPolicy('project.updatePhaseProduct', copilotAndAbove);
+  Authorizer.setPolicy('project.deletePhaseProduct', copilotAndAbove);
 
   Authorizer.setPolicy('projectType.create', projectAdmin);
   Authorizer.setPolicy('projectType.edit', projectAdmin);

From b7d053519a9d67984f14407fb4b3608402186d3e Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 15:51:15 +0530
Subject: [PATCH 51/59] added new fields to the schema migration file

---
 migrations/20180608_project_add_templateId_and_new_tables.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/migrations/20180608_project_add_templateId_and_new_tables.sql b/migrations/20180608_project_add_templateId_and_new_tables.sql
index a43db5a3..04d7e993 100644
--- a/migrations/20180608_project_add_templateId_and_new_tables.sql
+++ b/migrations/20180608_project_add_templateId_and_new_tables.sql
@@ -166,7 +166,9 @@ CREATE TABLE project_phases (
     status character varying(255),
     "startDate" timestamp with time zone,
     "endDate" timestamp with time zone,
+    duration integer,
     budget double precision DEFAULT 0,
+    "spentBudget" double precision DEFAULT 0,
     progress double precision DEFAULT 0,
     details json DEFAULT '{}'::json,
     "deletedAt" timestamp with time zone,

From 7368322253d4373d5729b9c50639aa8d3dbc2040 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 16:46:47 +0530
Subject: [PATCH 52/59] added unit tests for phase and products for validating
 the add/update/delete access updates. Customers should not be able to do
 that.

---
 package-lock.json                       | 70 +++++++++----------------
 package.json                            |  1 +
 src/routes/phaseProducts/create.spec.js | 42 +++++++++++++--
 src/routes/phaseProducts/delete.spec.js | 41 +++++++++++++--
 src/routes/phaseProducts/get.spec.js    | 59 ++++++++++++++++++---
 src/routes/phaseProducts/list.spec.js   | 56 +++++++++++++++++---
 src/routes/phaseProducts/update.spec.js | 42 +++++++++++++--
 src/routes/phases/create.spec.js        | 42 +++++++++++++--
 src/routes/phases/delete.spec.js        | 41 +++++++++++++--
 src/routes/phases/get.spec.js           | 59 ++++++++++++++++++---
 src/routes/phases/list.spec.js          | 56 +++++++++++++++++---
 src/routes/phases/update.spec.js        | 42 +++++++++++++--
 src/tests/util.js                       |  3 ++
 13 files changed, 460 insertions(+), 94 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59e653b9..55f7a395 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4810,45 +4810,25 @@
       "dev": true
     },
     "jsonwebtoken": {
-      "version": "7.4.3",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-7.4.3.tgz",
-      "integrity": "sha1-d/UCHeBYtgWheD+hKD6ZgS5kVjg=",
-      "requires": {
-        "joi": "6.10.1",
-        "jws": "3.1.4",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.3.0.tgz",
+      "integrity": "sha512-oge/hvlmeJCH+iIz1DwcO7vKPkNGJHhgkspk8OH3VKlw+mbi42WtD4ig1+VXRln765vxptAv+xT26Fd3cteqag==",
+      "requires": {
+        "jws": "3.1.5",
+        "lodash.includes": "4.3.0",
+        "lodash.isboolean": "3.0.3",
+        "lodash.isinteger": "4.0.4",
+        "lodash.isnumber": "3.0.3",
+        "lodash.isplainobject": "4.0.6",
+        "lodash.isstring": "4.0.1",
         "lodash.once": "4.1.1",
-        "ms": "2.0.0",
-        "xtend": "4.0.1"
+        "ms": "2.1.1"
       },
       "dependencies": {
-        "hoek": {
-          "version": "2.16.3",
-          "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz",
-          "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0="
-        },
-        "isemail": {
-          "version": "1.2.0",
-          "resolved": "https://registry.npmjs.org/isemail/-/isemail-1.2.0.tgz",
-          "integrity": "sha1-vgPfjMPineTSxd9lASY/H6RZXpo="
-        },
-        "joi": {
-          "version": "6.10.1",
-          "resolved": "https://registry.npmjs.org/joi/-/joi-6.10.1.tgz",
-          "integrity": "sha1-TVDDGAeRIgAP5fFq8f+OGRe3fgY=",
-          "requires": {
-            "hoek": "2.16.3",
-            "isemail": "1.2.0",
-            "moment": "2.19.1",
-            "topo": "1.1.0"
-          }
-        },
-        "topo": {
-          "version": "1.1.0",
-          "resolved": "https://registry.npmjs.org/topo/-/topo-1.1.0.tgz",
-          "integrity": "sha1-6ddRYV0buH3IZdsYL6HKCl71NtU=",
-          "requires": {
-            "hoek": "2.16.3"
-          }
+        "ms": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
+          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
         }
       }
     },
@@ -4864,13 +4844,12 @@
       }
     },
     "jwa": {
-      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.1.5.tgz",
-      "integrity": "sha1-oFUs4CIHQs1S4VN3SjKQXDDnVuU=",
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.1.6.tgz",
+      "integrity": "sha512-tBO/cf++BUsJkYql/kBbJroKOgHWEigTKBAjjBEmrMGYd1QMBC74Hr4Wo2zCZw6ZrVhlJPvoMrkcOnlWR/DJfw==",
       "requires": {
-        "base64url": "2.0.0",
         "buffer-equal-constant-time": "1.0.1",
-        "ecdsa-sig-formatter": "1.0.9",
+        "ecdsa-sig-formatter": "1.0.10",
         "safe-buffer": "5.1.1"
       }
     },
@@ -4888,12 +4867,11 @@
       }
     },
     "jws": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/jws/-/jws-3.1.4.tgz",
-      "integrity": "sha1-+ei5M46KhHJ31kRLFGT2GIDgUKI=",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-3.1.5.tgz",
+      "integrity": "sha512-GsCSexFADNQUr8T5HPJvayTjvPIfoyJPtLQBwn5a4WZQchcrPMPMAWcC1AzJVRDKyD6ZPROPAxgv6rfHViO4uQ==",
       "requires": {
-        "base64url": "2.0.0",
-        "jwa": "1.1.5",
+        "jwa": "1.1.6",
         "safe-buffer": "5.1.1"
       }
     },
diff --git a/package.json b/package.json
index d83df2fc..dac6d5a8 100644
--- a/package.json
+++ b/package.json
@@ -50,6 +50,7 @@
     "express-validation": "^0.6.0",
     "http-aws-es": "^1.1.3",
     "joi": "^8.0.5",
+    "jsonwebtoken": "^8.3.0",
     "lodash": "^4.16.4",
     "method-override": "^2.3.9",
     "pg": "^4.5.5",
diff --git a/src/routes/phaseProducts/create.spec.js b/src/routes/phaseProducts/create.spec.js
index 95a6d1ca..e5fe049d 100644
--- a/src/routes/phaseProducts/create.spec.js
+++ b/src/routes/phaseProducts/create.spec.js
@@ -21,6 +21,20 @@ const body = {
 describe('Phase Products', () => {
   let projectId;
   let phaseId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -37,14 +51,23 @@ describe('Phase Products', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
                 status: 'active',
@@ -72,7 +95,18 @@ describe('Phase Products', () => {
   });
 
   describe('POST /projects/{projectId}/phases/{phaseId}/products', () => {
-    it('should return 403 if user does not have permissions', (done) => {
+    it('should return 403 if user does not have permissions (non team member)', (done) => {
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 403 if user does not have permissions (customer)', (done) => {
       request(server)
         .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
         .set({
diff --git a/src/routes/phaseProducts/delete.spec.js b/src/routes/phaseProducts/delete.spec.js
index 2908bee9..9bf234b4 100644
--- a/src/routes/phaseProducts/delete.spec.js
+++ b/src/routes/phaseProducts/delete.spec.js
@@ -21,6 +21,20 @@ describe('Phase Products', () => {
   let projectId;
   let phaseId;
   let productId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -37,14 +51,23 @@ describe('Phase Products', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
                 status: 'active',
@@ -77,7 +100,17 @@ describe('Phase Products', () => {
   });
 
   describe('DELETE /projects/{id}/phases/{phaseId}/products/{productId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 403 when user have no permission (customer)', (done) => {
       request(server)
         .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
diff --git a/src/routes/phaseProducts/get.spec.js b/src/routes/phaseProducts/get.spec.js
index b2b65b2a..d2022f17 100644
--- a/src/routes/phaseProducts/get.spec.js
+++ b/src/routes/phaseProducts/get.spec.js
@@ -24,6 +24,20 @@ describe('Phase Products', () => {
   let projectId;
   let phaseId;
   let productId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -40,14 +54,23 @@ describe('Phase Products', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
                 status: 'active',
@@ -80,11 +103,11 @@ describe('Phase Products', () => {
   });
 
   describe('GET /projects/{id}/phases/{phaseId}/products/{productId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
         })
         .expect('Content-Type', /json/)
         .expect(403, done);
@@ -120,7 +143,31 @@ describe('Phase Products', () => {
         .expect(404, done);
     });
 
-    it('should return 1 phase when user have project permission', (done) => {
+    it('should return 1 phase when user have project permission (customer)', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql(body.name);
+            resJson.type.should.be.eql(body.type);
+            resJson.estimatedPrice.should.be.eql(body.estimatedPrice);
+            resJson.actualPrice.should.be.eql(body.actualPrice);
+            resJson.details.should.be.eql(body.details);
+            done();
+          }
+        });
+    });
+
+    it('should return 1 phase when user have project permission (copilot)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
diff --git a/src/routes/phaseProducts/list.spec.js b/src/routes/phaseProducts/list.spec.js
index 5f91dece..0b0b46db 100644
--- a/src/routes/phaseProducts/list.spec.js
+++ b/src/routes/phaseProducts/list.spec.js
@@ -29,6 +29,20 @@ describe('Phase Products', () => {
   let projectId;
   let phaseId;
   let project;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before(function beforeHook(done) {
     this.timeout(10000);
     // mocks
@@ -47,14 +61,23 @@ describe('Phase Products', () => {
           projectId = p.id;
           project = p.toJSON();
           // create members
-          models.ProjectMember.create({
-            userId: 40051332,
+          models.ProjectMember.bulkCreate([{
+            id: 1,
+            userId: copilotUser.userId,
             projectId,
             role: 'copilot',
+            isPrimary: false,
+            createdBy: 1,
+            updatedBy: 1,
+          }, {
+            id: 2,
+            userId: memberUser.userId,
+            projectId,
+            role: 'customer',
             isPrimary: true,
             createdBy: 1,
             updatedBy: 1,
-          }).then(() => {
+          }]).then(() => {
             models.ProjectPhase.create({
               name: 'test project phase',
               status: 'active',
@@ -100,11 +123,11 @@ describe('Phase Products', () => {
   });
 
   describe('GET /projects/{id}/phases/{phaseId}/products', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}/products`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
@@ -133,7 +156,28 @@ describe('Phase Products', () => {
         .expect(404, done);
     });
 
-    it('should return 1 phase when user have project permission', (done) => {
+    it('should return 1 phase when user have project permission (customer)', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.should.have.lengthOf(1);
+            done();
+          }
+        });
+    });
+
+    it('should return 1 phase when user have project permission (copilot)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}/products`)
         .set({
diff --git a/src/routes/phaseProducts/update.spec.js b/src/routes/phaseProducts/update.spec.js
index 1a8b8a21..1f0d91ac 100644
--- a/src/routes/phaseProducts/update.spec.js
+++ b/src/routes/phaseProducts/update.spec.js
@@ -34,6 +34,20 @@ describe('Phase Products', () => {
   let projectId;
   let phaseId;
   let productId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -50,14 +64,23 @@ describe('Phase Products', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
                 status: 'active',
@@ -90,7 +113,18 @@ describe('Phase Products', () => {
   });
 
   describe('PATCH /projects/{id}/phases/{phaseId}/products/{productId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 403 when user have no permission (customer)', (done) => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
diff --git a/src/routes/phases/create.spec.js b/src/routes/phases/create.spec.js
index 81debe7f..1e9d35f8 100644
--- a/src/routes/phases/create.spec.js
+++ b/src/routes/phases/create.spec.js
@@ -22,6 +22,20 @@ const body = {
 
 describe('Project Phases', () => {
   let projectId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -38,14 +52,23 @@ describe('Project Phases', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => done());
+            }]).then(() => done());
           });
         });
   });
@@ -55,7 +78,18 @@ describe('Project Phases', () => {
   });
 
   describe('POST /projects/{id}/phases/', () => {
-    it('should return 403 if user does not have permissions', (done) => {
+    it('should return 403 if user does not have permissions (non team member)', (done) => {
+      request(server)
+          .post(`/v4/projects/${projectId}/phases/`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.member2}`,
+          })
+          .send({ param: body })
+          .expect('Content-Type', /json/)
+          .expect(403, done);
+    });
+
+    it('should return 403 if user does not have permissions (customer)', (done) => {
       request(server)
           .post(`/v4/projects/${projectId}/phases/`)
           .set({
diff --git a/src/routes/phases/delete.spec.js b/src/routes/phases/delete.spec.js
index cb1ea251..43a56b13 100644
--- a/src/routes/phases/delete.spec.js
+++ b/src/routes/phases/delete.spec.js
@@ -22,6 +22,20 @@ const body = {
 describe('Project Phases', () => {
   let projectId;
   let phaseId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -38,14 +52,23 @@ describe('Project Phases', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               _.assign(body, { projectId });
               models.ProjectPhase.create(body).then((phase) => {
                 phaseId = phase.id;
@@ -61,7 +84,17 @@ describe('Project Phases', () => {
   });
 
   describe('DELETE /projects/{projectId}/phases/{phaseId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 if user does not have permissions (non team member)', (done) => {
+      request(server)
+        .delete(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 403 if user does not have permissions (customer)', (done) => {
       request(server)
         .delete(`/v4/projects/${projectId}/phases/${phaseId}`)
         .set({
diff --git a/src/routes/phases/get.spec.js b/src/routes/phases/get.spec.js
index 8a384e38..1dab6542 100644
--- a/src/routes/phases/get.spec.js
+++ b/src/routes/phases/get.spec.js
@@ -25,6 +25,20 @@ const body = {
 describe('Project Phases', () => {
   let projectId;
   let phaseId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -41,14 +55,23 @@ describe('Project Phases', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               _.assign(body, { projectId });
               models.ProjectPhase.create(body).then((phase) => {
                 phaseId = phase.id;
@@ -64,11 +87,11 @@ describe('Project Phases', () => {
   });
 
   describe('GET /projects/{projectId}/phases/{phaseId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
         })
         .expect('Content-Type', /json/)
         .expect(403, done);
@@ -94,7 +117,31 @@ describe('Project Phases', () => {
         .expect(404, done);
     });
 
-    it('should return 1 phase when user have project permission', (done) => {
+    it('should return 1 phase when user have project permission (customer)', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.name.should.be.eql('test project phase');
+            resJson.status.should.be.eql('active');
+            resJson.budget.should.be.eql(20.0);
+            resJson.progress.should.be.eql(1.23456);
+            resJson.details.should.be.eql({ message: 'This can be any json' });
+            done();
+          }
+        });
+    });
+
+    it('should return 1 phase when user have project permission (copilot)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/${phaseId}`)
         .set({
diff --git a/src/routes/phases/list.spec.js b/src/routes/phases/list.spec.js
index 74761ad2..86b6d7e9 100644
--- a/src/routes/phases/list.spec.js
+++ b/src/routes/phases/list.spec.js
@@ -30,6 +30,20 @@ const body = {
 describe('Project Phases', () => {
   let projectId;
   let project;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before(function beforeHook(done) {
     this.timeout(10000);
     // mocks
@@ -48,14 +62,23 @@ describe('Project Phases', () => {
           projectId = p.id;
           project = p.toJSON();
           // create members
-          models.ProjectMember.create({
-            userId: 40051332,
+          models.ProjectMember.bulkCreate([{
+            id: 1,
+            userId: copilotUser.userId,
             projectId,
             role: 'copilot',
+            isPrimary: false,
+            createdBy: 1,
+            updatedBy: 1,
+          }, {
+            id: 2,
+            userId: memberUser.userId,
+            projectId,
+            role: 'customer',
             isPrimary: true,
             createdBy: 1,
             updatedBy: 1,
-          }).then(() => {
+          }]).then(() => {
             _.assign(body, { projectId });
             return models.ProjectPhase.create(body);
           }).then((phase) => {
@@ -81,11 +104,11 @@ describe('Project Phases', () => {
   });
 
   describe('GET /projects/{id}/phases/', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 when user have no permission (non team member)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.member}`,
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
@@ -103,7 +126,28 @@ describe('Project Phases', () => {
         .expect(404, done);
     });
 
-    it('should return 1 phase when user have project permission', (done) => {
+    it('should return 1 phase when user have project permission (customer)', (done) => {
+      request(server)
+        .get(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send({ param: body })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            resJson.should.have.lengthOf(1);
+            done();
+          }
+        });
+    });
+
+    it('should return 1 phase when user have project permission (copilot)', (done) => {
       request(server)
         .get(`/v4/projects/${projectId}/phases/`)
         .set({
diff --git a/src/routes/phases/update.spec.js b/src/routes/phases/update.spec.js
index a129255e..3412a2fc 100644
--- a/src/routes/phases/update.spec.js
+++ b/src/routes/phases/update.spec.js
@@ -37,6 +37,20 @@ const updateBody = {
 describe('Project Phases', () => {
   let projectId;
   let phaseId;
+  const memberUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.member).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.member).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
+  const copilotUser = {
+    handle: testUtil.getDecodedToken(testUtil.jwts.copilot).handle,
+    userId: testUtil.getDecodedToken(testUtil.jwts.copilot).userId,
+    firstName: 'fname',
+    lastName: 'lName',
+    email: 'some@abc.com',
+  };
   before((done) => {
     // mocks
     testUtil.clearDb()
@@ -53,14 +67,23 @@ describe('Project Phases', () => {
           }).then((p) => {
             projectId = p.id;
             // create members
-            models.ProjectMember.create({
-              userId: 40051332,
+            models.ProjectMember.bulkCreate([{
+              id: 1,
+              userId: copilotUser.userId,
               projectId,
               role: 'copilot',
+              isPrimary: false,
+              createdBy: 1,
+              updatedBy: 1,
+            }, {
+              id: 2,
+              userId: memberUser.userId,
+              projectId,
+              role: 'customer',
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }).then(() => {
+            }]).then(() => {
               _.assign(body, { projectId });
               models.ProjectPhase.create(body).then((phase) => {
                 phaseId = phase.id;
@@ -76,7 +99,18 @@ describe('Project Phases', () => {
   });
 
   describe('PATCH /projects/{projectId}/phases/{phaseId}', () => {
-    it('should return 403 when user have no permission', (done) => {
+    it('should return 403 if user does not have permissions (non team member)', (done) => {
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member2}`,
+        })
+        .send({ param: updateBody })
+        .expect('Content-Type', /json/)
+        .expect(403, done);
+    });
+
+    it('should return 403 if user does not have permissions (customer)', (done) => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
         .set({
diff --git a/src/tests/util.js b/src/tests/util.js
index ded1ff9f..f3dff595 100644
--- a/src/tests/util.js
+++ b/src/tests/util.js
@@ -2,6 +2,8 @@
 
 import models from '../models';
 
+const jwt = require('jsonwebtoken');
+
 export default {
   clearDb: done => models.sequelize.sync({ force: true })
       .then(() => {
@@ -25,4 +27,5 @@ export default {
     // userId = 40051336, [ 'Connect Admin' ], handle: 'connect_admin1', email: 'connect_admin1@topcoder.com'
     connectAdmin: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJDb25uZWN0IEFkbWluIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJjb25uZWN0X2FkbWluMSIsImV4cCI6MjU2MzA3NjY4OSwidXNlcklkIjoiNDAwNTEzMzYiLCJpYXQiOjE0NjMwNzYwODksImVtYWlsIjoiY29ubmVjdF9hZG1pbjFAdG9wY29kZXIuY29tIiwianRpIjoiYjMzYjc3Y2QtYjUyZS00MGZlLTgzN2UtYmViOGUwYWU2YTRhIn0.nSGfXMl02NZ90ZKLiEKPg75iAjU92mfteaY6xgqkM30',
   },
+  getDecodedToken: token => jwt.decode(token),
 };

From e957be57b64e2c5cb1e7979e59b68a4f9e717f89 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Wed, 13 Jun 2018 16:48:53 +0530
Subject: [PATCH 53/59] dependency update

---
 package-lock.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 55f7a395..d5e4d622 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2576,11 +2576,10 @@
       }
     },
     "ecdsa-sig-formatter": {
-      "version": "1.0.9",
-      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.9.tgz",
-      "integrity": "sha1-S8kmJ07Dtau1AW5+HWCSGsJisqE=",
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.10.tgz",
+      "integrity": "sha1-HFlQAPBKiJffuFAAiSoPTDOvhsM=",
       "requires": {
-        "base64url": "2.0.0",
         "safe-buffer": "5.1.1"
       }
     },

From c1e6c92d7ab024e5ffa5a99a1c7293580bd45817 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 18 Jun 2018 11:57:53 +0530
Subject: [PATCH 54/59] making project compatible with current connect app so
 that the service can be deployed without front end changes

---
 src/events/projects/index.js             | 6 ++++--
 src/routes/admin/project-index-create.js | 6 ++++--
 src/routes/projects/create.js            | 4 ++++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/events/projects/index.js b/src/events/projects/index.js
index 02041663..64a7690a 100644
--- a/src/events/projects/index.js
+++ b/src/events/projects/index.js
@@ -34,8 +34,10 @@ const indexProject = Promise.coroutine(function* (logger, msg) { // eslint-disab
       const detail = _.find(memberDetails, md => md.userId === single.userId);
       return _.merge(single, _.pick(detail, 'handle', 'firstName', 'lastName', 'email'));
     });
-    // update project member record with details
-    data.phases = data.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
+    if (data.phases) {
+      // removes non required fields from phase objects
+      data.phases = data.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
+    }
     // add the record to the index
     const result = yield eClient.index({
       index: ES_PROJECT_INDEX,
diff --git a/src/routes/admin/project-index-create.js b/src/routes/admin/project-index-create.js
index cc6d5e56..2a57a00b 100644
--- a/src/routes/admin/project-index-create.js
+++ b/src/routes/admin/project-index-create.js
@@ -57,8 +57,10 @@ module.exports = [
         if (!project) {
           return Promise.resolve(null);
         }
-        // removs the delete audit fields from the index data
-        project.phases = project.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
+        if (project.phases) {
+          // removs the delete audit fields from the index data
+          project.phases = project.phases.map(phase => _.omit(phase, ['deletedAt', 'deletedBy']));
+        }
         return models.ProjectMember.getActiveProjectMembers(project.id)
         .then((currentProjectMembers) => {
           // check context for project members
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 669ffa75..9957bca5 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -81,6 +81,7 @@ function createProjectAndPhases(req, project, projectTemplate, productTemplates)
   }).then((newProject) => {
     result.newProject = newProject;
 
+    // backward compatibility for releasing the service before releasing the front end
     if (!projectTemplate) {
       return Promise.resolve(result);
     }
@@ -132,6 +133,9 @@ function createProjectAndPhases(req, project, projectTemplate, productTemplates)
  * @returns {Promise} the promise that resolves to an object containing validated project and product templates
  */
 function validateAndFetchTemplates(templateId) {
+  // backward compatibility for releasing the service before releasing the front end
+  // we ignore missing template id field and create a project without phase/products
+  if (!templateId) return Promise.resolve(null);
   return models.ProjectTemplate.findById(templateId, { raw: true })
   .then((existingProjectTemplate) => {
     if (!existingProjectTemplate) {

From d0cdd1e028db7ec7c5a93568681f8621fba4d60d Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 18 Jun 2018 12:58:56 +0530
Subject: [PATCH 55/59] Added disabled and hidden fields to the project and
 product templates models

---
 src/models/productTemplate.js              | 2 ++
 src/models/projectTemplate.js              | 2 ++
 src/routes/productTemplates/create.js      | 2 ++
 src/routes/productTemplates/create.spec.js | 4 ++++
 src/routes/productTemplates/list.spec.js   | 7 ++++++-
 src/routes/productTemplates/update.js      | 2 ++
 src/routes/productTemplates/update.spec.js | 4 ++++
 src/routes/projectTemplates/create.js      | 2 ++
 src/routes/projectTemplates/create.spec.js | 4 ++++
 src/routes/projectTemplates/list.spec.js   | 2 ++
 src/routes/projectTemplates/update.js      | 2 ++
 src/routes/projectTemplates/update.spec.js | 4 ++++
 12 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/src/models/productTemplate.js b/src/models/productTemplate.js
index 72d7bc30..cf1cf2db 100644
--- a/src/models/productTemplate.js
+++ b/src/models/productTemplate.js
@@ -14,6 +14,8 @@ module.exports = (sequelize, DataTypes) => {
     aliases: { type: DataTypes.JSON, allowNull: false },
     template: { type: DataTypes.JSON, allowNull: false },
     deletedAt: DataTypes.DATE,
+    disabled: { type: DataTypes.BOOLEAN, defaultValue: false },
+    hidden: { type: DataTypes.BOOLEAN, defaultValue: false },
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     deletedBy: DataTypes.BIGINT,
diff --git a/src/models/projectTemplate.js b/src/models/projectTemplate.js
index 9adac016..b2cb2581 100644
--- a/src/models/projectTemplate.js
+++ b/src/models/projectTemplate.js
@@ -15,6 +15,8 @@ module.exports = (sequelize, DataTypes) => {
     aliases: { type: DataTypes.JSON, allowNull: false },
     scope: { type: DataTypes.JSON, allowNull: false },
     phases: { type: DataTypes.JSON, allowNull: false },
+    disabled: { type: DataTypes.BOOLEAN, defaultValue: false },
+    hidden: { type: DataTypes.BOOLEAN, defaultValue: false },
     deletedAt: DataTypes.DATE,
     createdAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
     updatedAt: { type: DataTypes.DATE, defaultValue: DataTypes.NOW },
diff --git a/src/routes/productTemplates/create.js b/src/routes/productTemplates/create.js
index 1a7ba7db..f0ab51b0 100644
--- a/src/routes/productTemplates/create.js
+++ b/src/routes/productTemplates/create.js
@@ -21,6 +21,8 @@ const schema = {
       details: Joi.string().max(255).required(),
       aliases: Joi.array().required(),
       template: Joi.object().required(),
+      disabled: Joi.boolean().optional(),
+      hidden: Joi.boolean().optional(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/productTemplates/create.spec.js b/src/routes/productTemplates/create.spec.js
index b54d000b..e874873b 100644
--- a/src/routes/productTemplates/create.spec.js
+++ b/src/routes/productTemplates/create.spec.js
@@ -19,6 +19,8 @@ describe('CREATE product template', () => {
         brief: 'brief 1',
         details: 'details 1',
         aliases: ['product key 1', 'product_key_1'],
+        disabled: true,
+        hidden: true,
         template: {
           template1: {
             name: 'template 1',
@@ -102,6 +104,8 @@ describe('CREATE product template', () => {
           resJson.details.should.be.eql(body.param.details);
           resJson.aliases.should.be.eql(body.param.aliases);
           resJson.template.should.be.eql(body.param.template);
+          resJson.disabled.should.be.eql(true);
+          resJson.hidden.should.be.eql(true);
 
           resJson.createdBy.should.be.eql(40051333); // admin
           should.exist(resJson.createdAt);
diff --git a/src/routes/productTemplates/list.spec.js b/src/routes/productTemplates/list.spec.js
index f3ab7334..10d95f18 100644
--- a/src/routes/productTemplates/list.spec.js
+++ b/src/routes/productTemplates/list.spec.js
@@ -2,6 +2,7 @@
  * Tests for list.js
  */
 // import chai from 'chai';
+import _ from 'lodash';
 import request from 'supertest';
 
 import models from '../../models';
@@ -14,7 +15,7 @@ const validateProductTemplates = (count, resJson, expectedTemplates) => {
   resJson.should.have.length(count);
   resJson.forEach((pt, idx) => {
     pt.should.have.all.keys('id', 'name', 'productKey', 'icon', 'brief', 'details', 'aliases',
-    'template', 'createdBy', 'createdAt', 'updatedBy', 'updatedAt');
+    'template', 'disabled', 'hidden', 'createdBy', 'createdAt', 'updatedBy', 'updatedAt');
     pt.should.not.have.all.keys('deletedAt', 'deletedBy');
     pt.name.should.be.eql(expectedTemplates[idx].name);
     pt.productKey.should.be.eql(expectedTemplates[idx].productKey);
@@ -25,6 +26,8 @@ const validateProductTemplates = (count, resJson, expectedTemplates) => {
     pt.template.should.be.eql(expectedTemplates[idx].template);
     pt.createdBy.should.be.eql(expectedTemplates[idx].createdBy);
     pt.updatedBy.should.be.eql(expectedTemplates[idx].updatedBy);
+    pt.disabled.should.be.eql(_.get(expectedTemplates[idx], 'disabled', false));
+    pt.hidden.should.be.eql(_.get(expectedTemplates[idx], 'hidden', false));
   });
 };
 
@@ -43,6 +46,8 @@ describe('LIST product templates', () => {
         },
         alias2: [1, 2, 3],
       },
+      disabled: true,
+      hidden: true,
       template: {
         template1: {
           name: 'template 1',
diff --git a/src/routes/productTemplates/update.js b/src/routes/productTemplates/update.js
index 0950688e..eb559fa2 100644
--- a/src/routes/productTemplates/update.js
+++ b/src/routes/productTemplates/update.js
@@ -24,6 +24,8 @@ const schema = {
       details: Joi.string().max(255),
       aliases: Joi.object(),
       template: Joi.object(),
+      disabled: Joi.boolean().optional(),
+      hidden: Joi.boolean().optional(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/productTemplates/update.spec.js b/src/routes/productTemplates/update.spec.js
index 0d5c5e0e..7eee9f01 100644
--- a/src/routes/productTemplates/update.spec.js
+++ b/src/routes/productTemplates/update.spec.js
@@ -24,6 +24,8 @@ describe('UPDATE product template', () => {
       },
       alias2: [1, 2, 3],
     },
+    disabled: true,
+    hidden: true,
     template: {
       template1: {
         name: 'template 1',
@@ -174,6 +176,8 @@ describe('UPDATE product template', () => {
           resJson.icon.should.be.eql(body.param.icon);
           resJson.brief.should.be.eql(body.param.brief);
           resJson.details.should.be.eql(body.param.details);
+          resJson.disabled.should.be.eql(true);
+          resJson.hidden.should.be.eql(true);
 
           resJson.aliases.should.be.eql({
             alias1: {
diff --git a/src/routes/projectTemplates/create.js b/src/routes/projectTemplates/create.js
index 66450b86..cdae740e 100644
--- a/src/routes/projectTemplates/create.js
+++ b/src/routes/projectTemplates/create.js
@@ -23,6 +23,8 @@ const schema = {
       aliases: Joi.array().required(),
       scope: Joi.object().required(),
       phases: Joi.object().required(),
+      disabled: Joi.boolean().optional(),
+      hidden: Joi.boolean().optional(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/projectTemplates/create.spec.js b/src/routes/projectTemplates/create.spec.js
index 2cb8fa56..ecf86a11 100644
--- a/src/routes/projectTemplates/create.spec.js
+++ b/src/routes/projectTemplates/create.spec.js
@@ -20,6 +20,8 @@ describe('CREATE project template', () => {
         question: 'question 1',
         info: 'info 1',
         aliases: ['key-1', 'key_1'],
+        disabled: true,
+        hidden: true,
         scope: {
           scope1: {
             subScope1A: 1,
@@ -106,6 +108,8 @@ describe('CREATE project template', () => {
           resJson.name.should.be.eql(body.param.name);
           resJson.key.should.be.eql(body.param.key);
           resJson.category.should.be.eql(body.param.category);
+          resJson.disabled.should.be.eql(true);
+          resJson.hidden.should.be.eql(true);
           resJson.scope.should.be.eql(body.param.scope);
           resJson.phases.should.be.eql(body.param.phases);
 
diff --git a/src/routes/projectTemplates/list.spec.js b/src/routes/projectTemplates/list.spec.js
index 8eb2089f..f6bae1f7 100644
--- a/src/routes/projectTemplates/list.spec.js
+++ b/src/routes/projectTemplates/list.spec.js
@@ -20,6 +20,8 @@ describe('LIST project templates', () => {
       question: 'question 1',
       info: 'info 1',
       aliases: ['key-1', 'key_1'],
+      disabled: true,
+      hidden: true,
       scope: {
         scope1: {
           subScope1A: 1,
diff --git a/src/routes/projectTemplates/update.js b/src/routes/projectTemplates/update.js
index 0e60e49c..7a9f27e5 100644
--- a/src/routes/projectTemplates/update.js
+++ b/src/routes/projectTemplates/update.js
@@ -26,6 +26,8 @@ const schema = {
       aliases: Joi.array(),
       scope: Joi.object(),
       phases: Joi.object(),
+      disabled: Joi.boolean().optional(),
+      hidden: Joi.boolean().optional(),
       createdAt: Joi.any().strip(),
       updatedAt: Joi.any().strip(),
       deletedAt: Joi.any().strip(),
diff --git a/src/routes/projectTemplates/update.spec.js b/src/routes/projectTemplates/update.spec.js
index aeaf2a82..7ee11dd1 100644
--- a/src/routes/projectTemplates/update.spec.js
+++ b/src/routes/projectTemplates/update.spec.js
@@ -19,6 +19,8 @@ describe('UPDATE project template', () => {
     question: 'question 1',
     info: 'info 1',
     aliases: ['key-1', 'key_1'],
+    disabled: true,
+    hidden: true,
     scope: {
       scope1: {
         subScope1A: 1,
@@ -205,6 +207,8 @@ describe('UPDATE project template', () => {
               others: ['others 31', 'others 32'],
             },
           });
+          resJson.disabled.should.be.eql(true);
+          resJson.hidden.should.be.eql(true);
           resJson.createdBy.should.be.eql(template.createdBy);
           should.exist(resJson.createdAt);
           resJson.updatedBy.should.be.eql(40051333); // admin

From 8d4c36cf6fc0ca2d9d28d0a1bb569e384cc42863 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 18 Jun 2018 12:59:22 +0530
Subject: [PATCH 56/59] fixed issue with backward compatibility code

---
 src/routes/projects/create.js      |  2 +-
 src/routes/projects/create.spec.js | 55 ++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index 9957bca5..e5524b2a 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -135,7 +135,7 @@ function createProjectAndPhases(req, project, projectTemplate, productTemplates)
 function validateAndFetchTemplates(templateId) {
   // backward compatibility for releasing the service before releasing the front end
   // we ignore missing template id field and create a project without phase/products
-  if (!templateId) return Promise.resolve(null);
+  if (!templateId) return Promise.resolve({});
   return models.ProjectTemplate.findById(templateId, { raw: true })
   .then((existingProjectTemplate) => {
     if (!existingProjectTemplate) {
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index 3f6064ff..e0384a13 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -329,6 +329,61 @@ describe('Project create', () => {
         });
     });
 
+    it('should return 201 if valid user and data (without template id: backward compatibility)', (done) => {
+      const validBody = _.cloneDeep(body);
+      const mockHttpClient = _.merge(testUtil.mockHttpClient, {
+        post: () => Promise.resolve({
+          status: 200,
+          data: {
+            id: 'requesterId',
+            version: 'v3',
+            result: {
+              success: true,
+              status: 200,
+              content: {
+                projectId: 128,
+              },
+            },
+          },
+        }),
+      });
+      sandbox.stub(util, 'getHttpClient', () => mockHttpClient);
+      request(server)
+        .post('/v4/projects')
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.member}`,
+        })
+        .send(validBody)
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            should.exist(resJson);
+            should.exist(resJson.billingAccountId);
+            should.exist(resJson.name);
+            resJson.directProjectId.should.be.eql(128);
+            resJson.status.should.be.eql('draft');
+            resJson.type.should.be.eql(body.param.type);
+            resJson.version.should.be.eql('v3');
+            resJson.members.should.have.lengthOf(1);
+            resJson.members[0].role.should.be.eql('customer');
+            resJson.members[0].userId.should.be.eql(40051331);
+            resJson.members[0].projectId.should.be.eql(resJson.id);
+            resJson.members[0].isPrimary.should.be.truthy;
+            resJson.bookmarks.should.have.lengthOf(1);
+            resJson.bookmarks[0].title.should.be.eql('title1');
+            resJson.bookmarks[0].address.should.be.eql('http://www.address.com');
+            server.services.pubsub.publish.calledWith('project.draft-created').should.be.true;
+            // should not create phases without a template id
+            resJson.phases.should.have.lengthOf(0);
+            done();
+          }
+        });
+    });
+
     it('should return 201 if valid user and data (with templateId)', (done) => {
       const mockHttpClient = _.merge(testUtil.mockHttpClient, {
         post: () => Promise.resolve({

From 9edbfa66157dc2991345994f223065178c2dd4a6 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 18 Jun 2018 15:17:32 +0530
Subject: [PATCH 57/59] updated sql for disabled and hidden fields in templates

---
 migrations/20180608_project_add_templateId_and_new_tables.sql | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/migrations/20180608_project_add_templateId_and_new_tables.sql b/migrations/20180608_project_add_templateId_and_new_tables.sql
index 04d7e993..c6409077 100644
--- a/migrations/20180608_project_add_templateId_and_new_tables.sql
+++ b/migrations/20180608_project_add_templateId_and_new_tables.sql
@@ -139,6 +139,8 @@ CREATE TABLE product_templates (
     details character varying(255) NOT NULL,
     aliases json NOT NULL,
     template json NOT NULL,
+    disabled: boolean DEFAULT false,
+    hidden: boolean DEFAULT false,
     "deletedAt" timestamp with time zone,
     "createdAt" timestamp with time zone,
     "updatedAt" timestamp with time zone,
@@ -204,6 +206,8 @@ CREATE TABLE project_templates (
     aliases json NOT NULL,
     scope json NOT NULL,
     phases json NOT NULL,
+    disabled: boolean DEFAULT false,
+    hidden: boolean DEFAULT false,
     "deletedAt" timestamp with time zone,
     "createdAt" timestamp with time zone,
     "updatedAt" timestamp with time zone,

From af3922bd69d61336f5dc27383164360081ddc6c8 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Mon, 18 Jun 2018 15:17:53 +0530
Subject: [PATCH 58/59] Updating version of the project to v2 when template id
 is not supplied

---
 src/routes/projects/create.js      | 4 ++++
 src/routes/projects/create.spec.js | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
index e5524b2a..da3e9e5d 100644
--- a/src/routes/projects/create.js
+++ b/src/routes/projects/create.js
@@ -238,6 +238,10 @@ module.exports = [
         createdBy: req.authUser.userId,
       }],
     });
+    // backward compatibility for releasing the service before releasing the front end
+    if (!project.templateId) {
+      project.version = 'v2';
+    }
     models.sequelize.transaction(() => {
       let newProject = null;
       let newPhases;
diff --git a/src/routes/projects/create.spec.js b/src/routes/projects/create.spec.js
index e0384a13..b365f58d 100644
--- a/src/routes/projects/create.spec.js
+++ b/src/routes/projects/create.spec.js
@@ -367,7 +367,7 @@ describe('Project create', () => {
             resJson.directProjectId.should.be.eql(128);
             resJson.status.should.be.eql('draft');
             resJson.type.should.be.eql(body.param.type);
-            resJson.version.should.be.eql('v3');
+            resJson.version.should.be.eql('v2');
             resJson.members.should.have.lengthOf(1);
             resJson.members[0].role.should.be.eql('customer');
             resJson.members[0].userId.should.be.eql(40051331);

From 4de8417537a16e424c088ef352a1b4fe30677338 Mon Sep 17 00:00:00 2001
From: Vikas Agarwal <vikas.agarwal@topcoder.com>
Date: Tue, 19 Jun 2018 10:25:05 +0530
Subject: [PATCH 59/59] Allowed zero in budget, spentBudget, progress and
 duration

---
 src/routes/phases/create.js      |  8 +++---
 src/routes/phases/create.spec.js | 43 +++++++++++++++++++++++++++-----
 src/routes/phases/update.js      |  8 +++---
 src/routes/phases/update.spec.js | 41 +++++++++++++++++++++++++-----
 4 files changed, 80 insertions(+), 20 deletions(-)

diff --git a/src/routes/phases/create.js b/src/routes/phases/create.js
index ddc20d0e..f4a7a9b6 100644
--- a/src/routes/phases/create.js
+++ b/src/routes/phases/create.js
@@ -16,10 +16,10 @@ const addProjectPhaseValidations = {
       status: Joi.string().required(),
       startDate: Joi.date().max(Joi.ref('endDate')).optional(),
       endDate: Joi.date().optional(),
-      duration: Joi.number().positive().optional(),
-      budget: Joi.number().positive().optional(),
-      spentBudget: Joi.number().positive().optional(),
-      progress: Joi.number().positive().optional(),
+      duration: Joi.number().min(0).optional(),
+      budget: Joi.number().min(0).optional(),
+      spentBudget: Joi.number().min(0).optional(),
+      progress: Joi.number().min(0).optional(),
       details: Joi.any().optional(),
     }).required(),
   },
diff --git a/src/routes/phases/create.spec.js b/src/routes/phases/create.spec.js
index 1e9d35f8..ff5de77e 100644
--- a/src/routes/phases/create.spec.js
+++ b/src/routes/phases/create.spec.js
@@ -15,11 +15,22 @@ const body = {
   endDate: '2018-05-15T12:00:00Z',
   budget: 20.0,
   progress: 1.23456,
+  spentBudget: 10.0,
+  duration: 10,
   details: {
     message: 'This can be any json',
   },
 };
 
+const validatePhase = (resJson, expectedPhase) => {
+  should.exist(resJson);
+  resJson.name.should.be.eql(expectedPhase.name);
+  resJson.status.should.be.eql(expectedPhase.status);
+  resJson.budget.should.be.eql(expectedPhase.budget);
+  resJson.progress.should.be.eql(expectedPhase.progress);
+  resJson.details.should.be.eql(expectedPhase.details);
+};
+
 describe('Project Phases', () => {
   let projectId;
   const memberUser = {
@@ -190,12 +201,32 @@ describe('Project Phases', () => {
             done(err);
           } else {
             const resJson = res.body.result.content;
-            should.exist(resJson);
-            resJson.name.should.be.eql(body.name);
-            resJson.status.should.be.eql(body.status);
-            resJson.budget.should.be.eql(body.budget);
-            resJson.progress.should.be.eql(body.progress);
-            resJson.details.should.be.eql(body.details);
+            validatePhase(resJson, body);
+            done();
+          }
+        });
+    });
+
+    it('should return 201 if payload is valid (0 for non negative numbers)', (done) => {
+      const bodyWithZeros = _.cloneDeep(body);
+      bodyWithZeros.duration = 0;
+      bodyWithZeros.spentBudget = 0.0;
+      bodyWithZeros.budget = 0.0;
+      bodyWithZeros.progress = 0.0;
+      request(server)
+        .post(`/v4/projects/${projectId}/phases/`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: bodyWithZeros })
+        .expect('Content-Type', /json/)
+        .expect(201)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            validatePhase(resJson, bodyWithZeros);
             done();
           }
         });
diff --git a/src/routes/phases/update.js b/src/routes/phases/update.js
index f05b8a9a..c64d2313 100644
--- a/src/routes/phases/update.js
+++ b/src/routes/phases/update.js
@@ -17,10 +17,10 @@ const updateProjectPhaseValidation = {
       status: Joi.string().optional(),
       startDate: Joi.date().optional(),
       endDate: Joi.date().optional(),
-      duration: Joi.number().positive().optional(),
-      budget: Joi.number().positive().optional(),
-      spentBudget: Joi.number().positive().optional(),
-      progress: Joi.number().positive().optional(),
+      duration: Joi.number().min(0).optional(),
+      budget: Joi.number().min(0).optional(),
+      spentBudget: Joi.number().min(0).optional(),
+      progress: Joi.number().min(0).optional(),
       details: Joi.any().optional(),
     }).required(),
   },
diff --git a/src/routes/phases/update.spec.js b/src/routes/phases/update.spec.js
index 3412a2fc..5ff80b7a 100644
--- a/src/routes/phases/update.spec.js
+++ b/src/routes/phases/update.spec.js
@@ -34,6 +34,15 @@ const updateBody = {
   },
 };
 
+const validatePhase = (resJson, expectedPhase) => {
+  should.exist(resJson);
+  resJson.name.should.be.eql(expectedPhase.name);
+  resJson.status.should.be.eql(expectedPhase.status);
+  resJson.budget.should.be.eql(expectedPhase.budget);
+  resJson.progress.should.be.eql(expectedPhase.progress);
+  resJson.details.should.be.eql(expectedPhase.details);
+};
+
 describe('Project Phases', () => {
   let projectId;
   let phaseId;
@@ -187,12 +196,32 @@ describe('Project Phases', () => {
             done(err);
           } else {
             const resJson = res.body.result.content;
-            should.exist(resJson);
-            resJson.name.should.be.eql(updateBody.name);
-            resJson.status.should.be.eql(updateBody.status);
-            resJson.budget.should.be.eql(updateBody.budget);
-            resJson.progress.should.be.eql(updateBody.progress);
-            resJson.details.should.be.eql(updateBody.details);
+            validatePhase(resJson, updateBody);
+            done();
+          }
+        });
+    });
+
+    it('should return updated phase when parameters are valid (0 for non -ve numbers)', (done) => {
+      const bodyWithZeros = _.cloneDeep(updateBody);
+      bodyWithZeros.duration = 0;
+      bodyWithZeros.spentBudget = 0.0;
+      bodyWithZeros.budget = 0.0;
+      bodyWithZeros.progress = 0.0;
+      request(server)
+        .patch(`/v4/projects/${projectId}/phases/${phaseId}`)
+        .set({
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
+        })
+        .send({ param: bodyWithZeros })
+        .expect('Content-Type', /json/)
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            done(err);
+          } else {
+            const resJson = res.body.result.content;
+            validatePhase(resJson, bodyWithZeros);
             done();
           }
         });