Github issue#1243, Connect Admin role

— refactoring

Author: Vikas Agarwal

src/constants.js

@@ -33,6 +33,8 @@ export const USER_ROLE = {
   CONNECT_ADMIN: 'Connect Admin',
 };
 
+export const ADMIN_ROLES = [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN];
+
 
 export const EVENT = {
   ROUTING_KEY: {

src/permissions/project.delete.js

@@ -4,7 +4,7 @@
 import _ from 'lodash';
 import util from '../util';
 import models from '../models';
-import { USER_ROLE, PROJECT_MEMBER_ROLE } from '../constants';
+import { PROJECT_MEMBER_ROLE } from '../constants';
 
 /**
  * Super admin, Topcoder Managers are allowed to edit any project
@@ -20,8 +20,7 @@ module.exports = freq => new Promise((resolve, reject) => {
         req.context = req.context || {};
         req.context.currentProjectMembers = members;
         // check if auth user has acecss to this project
-        const hasAccess = util.hasRole(req, USER_ROLE.TOPCODER_ADMIN) ||
-          util.hasRole(req, USER_ROLE.CONNECT_ADMIN) ||
+        const hasAccess = util.hasAdminRole(req) ||
           !_.isUndefined(_.find(members, m => m.userId === req.authUser.userId &&
             ((m.role === PROJECT_MEMBER_ROLE.CUSTOMER && m.isPrimary) ||
               m.role === PROJECT_MEMBER_ROLE.MANAGER)));

src/permissions/project.edit.js

@@ -19,8 +19,7 @@ module.exports = freq => new Promise((resolve, reject) => {
         req.context = req.context || {};
         req.context.currentProjectMembers = members;
         // check if auth user has acecss to this project
-        const hasAccess = util.hasRole(req, USER_ROLE.TOPCODER_ADMIN)
-          || util.hasRole(req, USER_ROLE.CONNECT_ADMIN)
+        const hasAccess = util.hasAdminRole(req)
           || util.hasRole(req, USER_ROLE.MANAGER)
           || !_.isUndefined(_.find(members, m => m.userId === req.authUser.userId));
 

src/permissions/project.view.js

@@ -20,8 +20,7 @@ module.exports = freq => new Promise((resolve, reject) => {
         req.context = req.context || {};
         req.context.currentProjectMembers = members;
         // check if auth user has acecss to this project
-        const hasAccess = util.hasRole(req, USER_ROLE.TOPCODER_ADMIN)
-          || util.hasRole(req, USER_ROLE.CONNECT_ADMIN)
+        const hasAccess = util.hasAdminRole(req)
           || util.hasRole(req, USER_ROLE.MANAGER)
           || !_.isUndefined(_.find(members, m => m.userId === currentUserId));
 

src/permissions/projectMember.delete.js

@@ -2,7 +2,6 @@ import _ from 'lodash';
 import util from '../util';
 import models from '../models';
 import {
-  USER_ROLE,
   PROJECT_MEMBER_ROLE,
 } from '../constants';
 
@@ -25,8 +24,7 @@ module.exports = freq => new Promise((resolve, reject) => {
       const prjMemberId = _.parseInt(req.params.id);
       const memberToBeRemoved = _.find(members, m => m.id === prjMemberId);
       // check if auth user has acecss to this project
-      const hasAccess = util.hasRole(req, USER_ROLE.TOPCODER_ADMIN)
-        || util.hasRole(req, USER_ROLE.CONNECT_ADMIN)
+      const hasAccess = util.hasAdminRole(req)
         || (authMember && memberToBeRemoved && (authMember.role === PROJECT_MEMBER_ROLE.MANAGER ||
           (authMember.role === PROJECT_MEMBER_ROLE.CUSTOMER && authMember.isPrimary &&
             memberToBeRemoved.role === PROJECT_MEMBER_ROLE.CUSTOMER) ||

src/routes/projects/list-db.js

@@ -123,7 +123,7 @@ module.exports = [
     req.log.debug(criteria);
 
     if (!memberOnly
-      && (util.hasRole(req, USER_ROLE.TOPCODER_ADMIN)
+      && (util.hasAdminRole(req)
           || util.hasRole(req, USER_ROLE.MANAGER))) {
       // admins & topcoder managers can see all projects
       return retrieveProjects(req, criteria, sort, req.query.fields)

src/routes/projects/list.js

@@ -217,8 +217,7 @@ module.exports = [
     req.log.info(criteria);
 
     if (!memberOnly
-      && (util.hasRole(req, USER_ROLE.TOPCODER_ADMIN)
-          || util.hasRole(req, USER_ROLE.CONNECT_ADMIN)
+      && (util.hasAdminRole(req)
           || util.hasRole(req, USER_ROLE.MANAGER))) {
       // admins & topcoder managers can see all projects
       return retrieveProjects(req, criteria, sort, req.query.fields)

src/routes/projects/update.js

@@ -82,7 +82,7 @@ const updateProjectValdiations = {
 };
 
 // NOTE- decided to disable all additional checks for now.
-const validateUpdates = (existingProject, updatedProps, authUser) => {
+const validateUpdates = (existingProject, updatedProps, req) => {
   const errors = [];
   switch (existingProject.status) {
     case PROJECT_STATUS.COMPLETED:
@@ -101,7 +101,7 @@ const validateUpdates = (existingProject, updatedProps, authUser) => {
       //   }
   }
   if (_.has(updatedProps, 'directProjectId') &&
-  _.intersection(authUser.roles, [USER_ROLE.MANAGER, USER_ROLE.TOPCODER_ADMIN]).length === 0) {
+    !util.hasRoles(req, [USER_ROLE.MANAGER, USER_ROLE.TOPCODER_ADMIN])) {
     errors.push('Don\'t have permission to update \'directProjectId\' property');
   }
 
@@ -142,7 +142,7 @@ module.exports = [
         }
         previousValue = _.clone(project.get({ plain: true }));
         // run additional validations
-        const validationErrors = validateUpdates(previousValue, updatedProps, req.authUser);
+        const validationErrors = validateUpdates(previousValue, updatedProps, req);
         if (validationErrors.length > 0) {
           const err = new Error('Unable to update project');
           _.assign(err, {
@@ -160,7 +160,7 @@ module.exports = [
         ].map(x => x.toLowerCase());
         const matchRole = role => _.indexOf(validRoles, role.toLowerCase()) >= 0;
         if (updatedProps.status === PROJECT_STATUS.ACTIVE &&
-          (!util.hasRole(req, USER_ROLE.TOPCODER_ADMIN) || !util.hasRole(req, USER_ROLE.CONNECT_ADMIN)) &&
+          !util.hasAdminRole(req) &&
           _.isUndefined(_.find(members,
             m => m.userId === req.authUser.userId && matchRole(m.role)))
         ) {

src/util.js

@@ -17,6 +17,7 @@ import urlencode from 'urlencode';
 import elasticsearch from 'elasticsearch';
 import Promise from 'bluebird';
 import AWS from 'aws-sdk';
+import { ADMIN_ROLES } from './constants';
 
 const exec = require('child_process').exec;
 const models = require('./models').default;
@@ -73,6 +74,27 @@ _.assignIn(util, {
     roles = roles.map(s => s.toLowerCase());
     return _.indexOf(roles, role.toLowerCase()) >= 0;
   },
+  /**
+   * Helper funtion to verify if user has specified roles
+   * @param  {object} req  Request object that should contain authUser
+   * @param  {Array} roles specified roles
+   * @return {boolean}      true/false
+   */
+  hasRoles: (req, roles) => {
+    let authRoles = _.get(req, 'authUser.roles', []);
+    authRoles = authRoles.map(s => s.toLowerCase());
+    return _.intersection(authRoles, roles.map(r => r.toLowerCase())).length > 0;
+  },
+  /**
+   * Helper funtion to verify if user has admin roles
+   * @param  {object} req  Request object that should contain authUser
+   * @return {boolean}      true/false
+   */
+  hasAdminRole: (req) => {
+    let roles = _.get(req, 'authUser.roles', []);
+    roles = roles.map(s => s.toLowerCase());
+    return _.intersection(roles, ADMIN_ROLES.map(r => r.toLowerCase())).length > 0;
+  },
 
   /**
    * Parses query fields and groups them per table
@@ -206,6 +228,7 @@ _.assignIn(util, {
   getSystemUserToken: (logger, id = 'system') => {
     const httpClient = util.getHttpClient({ id, log: logger });
     const url = `${config.get('identityServiceEndpoint')}authorizations`;
+    console.log(url, 'url');
     const formData = `clientId=${config.get('systemUserClientId')}&` +
       `secret=${encodeURIComponent(config.get('systemUserClientSecret'))}`;
     return httpClient.post(url, formData,
@@ -269,8 +292,11 @@ _.assignIn(util, {
    */
   getMemberDetailsByUserIds: Promise.coroutine(function* (userIds, logger, requestId) { // eslint-disable-line func-names
     try {
-      const token = yield this.getSystemUserToken(logger);
+      console.log('getMemberDetailsByUserIds');
+      const token = yield 'farzi';// this.getSystemUserToken(logger);
+      console.log('token', token);
       const httpClient = this.getHttpClient({ id: requestId, log: logger });
+      console.log(config.memberServiceEndpoint, 'config.memberServiceEndpoint');
       return httpClient.get(`${config.memberServiceEndpoint}/_search`, {
         params: {
           query: `${userIds.join(urlencode(' OR ', 'utf8'))}`,