Fixed the logic for determining the manager and admin users

Vikas Agarwal · Vikas Agarwal · commit 94473a3aec68 · 2019-08-12T12:23:10.000+05:30
diff --git a/src/routes/projectReports/LookRun.js b/src/routes/projectReports/LookRun.js
@@ -38,13 +38,13 @@ LookApi.prototype.findProjectRegSubmissions = function (directProjectId) {
   return this.runQueryWithFilter(queryId, view, fields, filters);
 };
 
-LookApi.prototype.findProjectBudget = function (connectProjectId, isManager) {
+LookApi.prototype.findProjectBudget = function (connectProjectId, isManager, isAdmin) {
   const queryId = config.lookerConfig.QUERIES.BUDGET;
 
   const fields = ['project_stream.total_invoiced_amount', 'project_stream.remaining_invoiced_budget'];
 
   // Manager roles have access to more fields.
-  if (isManager) {
+  if (isManager || isAdmin) {
     fields.push('project_stream.total_actual_challenge_fee', 'project_stream.total_actual_member_payment');
   }
   const view = 'project_stream';
diff --git a/src/routes/projectReports/getReport.js b/src/routes/projectReports/getReport.js
@@ -7,7 +7,7 @@ import models from '../../models';
 import LookApi from './LookRun';
 import mock from './mock';
 import util from '../../util';
-import { PROJECT_MEMBER_MANAGER_ROLES } from '../../constants';
+import { PROJECT_MEMBER_MANAGER_ROLES, USER_ROLE } from '../../constants';
 
 const permissions = tcMiddleware.permissions;
 
@@ -37,15 +37,18 @@ module.exports = [
 
     try {
       // check if auth user has acecss to this project
-      const isManager = util.hasRoles(req, PROJECT_MEMBER_MANAGER_ROLES);
+      const members = req.context.currentProjectMembers;
+      const member = _.find(members, m => m.userId === req.authUser.userId);
+      const isManager = member && PROJECT_MEMBER_MANAGER_ROLES.indexOf(member.role) > -1;
+      const isAdmin = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN]);
       // pick the report based on its name
       let result = {};
       switch (reportName) {
         case 'summary':
           result = await lookApi.findProjectRegSubmissions(directProjectId);
           break;
         case 'projectBudget':
-          result = await lookApi.findProjectBudget(projectId, isManager);
+          result = await lookApi.findProjectBudget(projectId, isManager, isAdmin);
           break;
         default:
           return res.status(404).send('Report not found');
