Skip to content

Replaced handle with memberId for challenge createdBy comparison #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Oct 30, 2025
Merged

Replaced handle with memberId for challenge createdBy comparison #1

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a84951a
Replaced handle with memberId for challenge createdBy comparison
rishabhtc Oct 16, 2025
c699a78
prevent submitter and restricted roles from being combined
rishabhtc Oct 29, 2025
1a332b8
Removed DB call to get existingRole for error message
rishabhtc Oct 29, 2025
fb67833
Added constant for restricted roles
rishabhtc Oct 29, 2025
8fc15a5
Cached restrictedRoleIds locally
rishabhtc Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 66 additions & 2 deletions src/services/ResourceService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,20 @@ const prisma = require('../common/prisma').getClient()

const payloadFields = ['id', 'challengeId', 'memberId', 'memberHandle', 'roleId', 'phaseChangeNotifications', 'created', 'createdBy', 'updated', 'updatedBy']

// Restricted roles that cannot be combined with submitter role
const RESTRICTED_ROLE_NAMES = [
'manager',
'copilot',
'reviewer',
'iterative reviewer',
'screener',
'checkpoint screener',
'checkpoint reviewer',
'approver'
]

let copilotResourceRoleIdsCache
let restrictedRoleIdsCache

async function getCopilotResourceRoleIds () {
if (copilotResourceRoleIdsCache) {
Expand All @@ -34,6 +47,31 @@ async function getCopilotResourceRoleIds () {
return copilotResourceRoleIdsCache
}

/**
* Get resource role IDs that are restricted from being combined with submitter role.
* These include: Manager, Copilot, Reviewer, Iterative Reviewer, Screener,
* Checkpoint Screener, Checkpoint Reviewer, and Approver.
* @returns {Promise<Array<String>>} Array of restricted role IDs
*/
async function getRestrictedRoleIds () {
if (restrictedRoleIdsCache) {
return restrictedRoleIdsCache
}
const roles = await prisma.resourceRole.findMany({
where: {
nameLower: {
in: RESTRICTED_ROLE_NAMES
}
},
select: {
id: true,
nameLower: true
}
})
restrictedRoleIdsCache = roles.map(role => role.id)
return restrictedRoleIdsCache
}

/**
* Check whether the user can access resources
* @param {Array} resources resources of current user for specified challenge id
Expand Down Expand Up @@ -291,6 +329,12 @@ async function init (currentUser, challengeId, resource, isCreated) {
const { memberId, email } = memberInfoFromDb
handle = memberInfoFromDb.handle
const userResources = allResources.filter((r) => _.toLower(r.memberHandle) === _.toLower(handle))

let restrictedRoleIds
Copy link

@github-actions github-actions bot Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ maintainability]
The variable restrictedRoleIds is initialized twice when isCreated is true, which is unnecessary and could lead to confusion. Consider initializing it once before the conditional blocks to improve clarity and maintainability.

if (isCreated) {
restrictedRoleIds = await getRestrictedRoleIds()
}

// Retrieve the constraint - Allowed Registrants
if (isCreated && resource.roleId === config.SUBMITTER_RESOURCE_ROLE_ID) {
const allowedRegistrants = _.get(challenge, 'constraints.allowedRegistrants')
Expand All @@ -307,12 +351,20 @@ async function init (currentUser, challengeId, resource, isCreated) {
`User ${handle} is not allowed to register.`
)
}
if (!_.get(challenge, 'task.isTask', false) && (_.toLower(challenge.createdBy) === _.toLower(handle) ||
_.some(userResources, r => r.roleId === config.REVIEWER_RESOURCE_ROLE_ID || r.roleId === config.ITERATIVE_REVIEWER_RESOURCE_ROLE_ID))) {
// Prevent challenge creator from registering as submitter (for non-tasks)
if (!_.get(challenge, 'task.isTask', false) && _.toLower(challenge.createdBy) === _.toLower(memberId)) {
throw new errors.BadRequestError(
`User ${handle} is not allowed to register.`
)
}
// Check if user already has a restricted role (Manager, Copilot, Reviewer, etc.)
const existingRestrictedRole = _.find(userResources, r => restrictedRoleIds.includes(r.roleId))
if (existingRestrictedRole) {
const roleNamesList = RESTRICTED_ROLE_NAMES.slice(0, -1).join(', ') + ', or ' + RESTRICTED_ROLE_NAMES.slice(-1)
throw new errors.BadRequestError(
`User ${handle} is already assigned a restricted role (${roleNamesList}) and cannot be registered as a submitter.`
)
}
}

// Prevent from creating more than 1 submitter resources on tasks
Expand Down Expand Up @@ -344,6 +396,18 @@ async function init (currentUser, challengeId, resource, isCreated) {
// ensure resource role existed
const resourceRole = await getResourceRole(resource.roleId, isCreated)

// Check if user is trying to assign a restricted role and already has submitter role
if (isCreated) {
if (restrictedRoleIds.includes(resource.roleId)) {
const existingSubmitterRole = _.find(userResources, r => r.roleId === config.SUBMITTER_RESOURCE_ROLE_ID)
if (existingSubmitterRole) {
throw new errors.BadRequestError(
`User ${handle} is already registered as a submitter and cannot be assigned a ${resourceRole.name} role.`
)
}
}
}

// Verify the member has agreed to the challenge terms
if (isCreated) {
await helper.checkAgreedTerms(memberId, _.filter(_.get(challenge, 'terms', []), t => t.roleId === resourceRole.id))
Expand Down