Skip to content

Commit b37ca8a

Browse files
author
Vikas Agarwal
committed
Opened LIST and GET endpoints for projectTemplates, productTemplates and projectTypes
Restricted write endpoints to only connect admin and topcoder admins
1 parent 1d3b1b8 commit b37ca8a

File tree

8 files changed

+66
-45
lines changed

8 files changed

+66
-45
lines changed

src/permissions/index.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,14 +26,14 @@ module.exports = () => {
2626
Authorizer.setPolicy('project.updateMember', projectEdit);
2727
Authorizer.setPolicy('project.admin', projectAdmin);
2828

29-
Authorizer.setPolicy('projectTemplate.create', connectManagerOrAdmin);
30-
Authorizer.setPolicy('projectTemplate.edit', connectManagerOrAdmin);
31-
Authorizer.setPolicy('projectTemplate.delete', connectManagerOrAdmin);
29+
Authorizer.setPolicy('projectTemplate.create', projectAdmin);
30+
Authorizer.setPolicy('projectTemplate.edit', projectAdmin);
31+
Authorizer.setPolicy('projectTemplate.delete', projectAdmin);
3232
Authorizer.setPolicy('projectTemplate.view', true);
3333

34-
Authorizer.setPolicy('productTemplate.create', connectManagerOrAdmin);
35-
Authorizer.setPolicy('productTemplate.edit', connectManagerOrAdmin);
36-
Authorizer.setPolicy('productTemplate.delete', connectManagerOrAdmin);
34+
Authorizer.setPolicy('productTemplate.create', projectAdmin);
35+
Authorizer.setPolicy('productTemplate.edit', projectAdmin);
36+
Authorizer.setPolicy('productTemplate.delete', projectAdmin);
3737
Authorizer.setPolicy('productTemplate.view', true);
3838

3939
Authorizer.setPolicy('project.addProjectPhase', copilotAndAbove);

src/routes/index.js

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,21 @@ router.get(`/${apiVersion}/projects/health`, (req, res) => {
2626
// All project service endpoints need authentication
2727
const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
2828

29+
router.route('/v4/projectTemplates')
30+
.get(require('./projectTemplates/list'));
31+
router.route('/v4/projectTemplates/:templateId(\\d+)')
32+
.get(require('./projectTemplates/get'));
33+
34+
router.route('/v4/productTemplates')
35+
.get(require('./productTemplates/list'));
36+
router.route('/v4/productTemplates/:templateId(\\d+)')
37+
.get(require('./productTemplates/get'));
38+
39+
router.route('/v4/projectTypes')
40+
.get(require('./projectTypes/list'));
41+
router.route('/v4/projectTypes/:key')
42+
.get(require('./projectTypes/get'));
43+
2944
router.all(
3045
RegExp(`\\/${apiVersion}\\/(projects|projectTemplates|productTemplates|projectTypes)(?!\\/health).*`),
3146
jwtAuth());
@@ -71,20 +86,16 @@ router.route('/v4/projects/:projectId(\\d+)/upgrade')
7186
.post(require('./projectUpgrade/create'));
7287

7388
router.route('/v4/projectTemplates')
74-
.post(require('./projectTemplates/create'))
75-
.get(require('./projectTemplates/list'));
89+
.post(require('./projectTemplates/create'));
7690

7791
router.route('/v4/projectTemplates/:templateId(\\d+)')
78-
.get(require('./projectTemplates/get'))
7992
.patch(require('./projectTemplates/update'))
8093
.delete(require('./projectTemplates/delete'));
8194

8295
router.route('/v4/productTemplates')
83-
.post(require('./productTemplates/create'))
84-
.get(require('./productTemplates/list'));
96+
.post(require('./productTemplates/create'));
8597

8698
router.route('/v4/productTemplates/:templateId(\\d+)')
87-
.get(require('./productTemplates/get'))
8899
.patch(require('./productTemplates/update'))
89100
.delete(require('./productTemplates/delete'));
90101

@@ -107,11 +118,9 @@ router.route('/v4/projects/:projectId(\\d+)/phases/:phaseId(\\d+)/products/:prod
107118
.delete(require('./phaseProducts/delete'));
108119

109120
router.route('/v4/projectTypes')
110-
.post(require('./projectTypes/create'))
111-
.get(require('./projectTypes/list'));
121+
.post(require('./projectTypes/create'));
112122

113123
router.route('/v4/projectTypes/:key')
114-
.get(require('./projectTypes/get'))
115124
.patch(require('./projectTypes/update'))
116125
.delete(require('./projectTypes/delete'));
117126

src/routes/productTemplates/get.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -56,11 +56,6 @@ describe('GET product template', () => {
5656
after(testUtil.clearDb);
5757

5858
describe('GET /productTemplates/{templateId}', () => {
59-
it('should return 403 if user is not authenticated', (done) => {
60-
request(server)
61-
.get(`/v4/productTemplates/${templateId}`)
62-
.expect(403, done);
63-
});
6459

6560
it('should return 404 for non-existed template', (done) => {
6661
request(server)
@@ -112,6 +107,12 @@ describe('GET product template', () => {
112107
});
113108
});
114109

110+
it('should return 200 even if user is not authenticated', (done) => {
111+
request(server)
112+
.get(`/v4/productTemplates/${templateId}`)
113+
.expect(200, done);
114+
});
115+
115116
it('should return 200 for connect admin', (done) => {
116117
request(server)
117118
.get(`/v4/productTemplates/${templateId}`)

src/routes/productTemplates/list.spec.js

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -92,11 +92,6 @@ describe('LIST product templates', () => {
9292
after(testUtil.clearDb);
9393

9494
describe('GET /productTemplates', () => {
95-
it('should return 403 if user is not authenticated', (done) => {
96-
request(server)
97-
.get('/v4/productTemplates')
98-
.expect(403, done);
99-
});
10095

10196
it('should return 200 for admin', (done) => {
10297
request(server)
@@ -113,6 +108,18 @@ describe('LIST product templates', () => {
113108
});
114109
});
115110

111+
it('should return 200 even if user is not authenticated', (done) => {
112+
request(server)
113+
.get('/v4/productTemplates')
114+
.expect(200)
115+
.end((err, res) => {
116+
const resJson = res.body.result.content;
117+
validateProductTemplates(2, resJson, templates);
118+
resJson[0].id.should.be.eql(templateId);
119+
done();
120+
});
121+
});
122+
116123
it('should return 200 for connect admin', (done) => {
117124
request(server)
118125
.get('/v4/productTemplates')

src/routes/projectTemplates/get.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,6 @@ describe('GET project template', () => {
5858
after(testUtil.clearDb);
5959

6060
describe('GET /projectTemplates/{templateId}', () => {
61-
it('should return 403 if user is not authenticated', (done) => {
62-
request(server)
63-
.get(`/v4/projectTemplates/${templateId}`)
64-
.expect(403, done);
65-
});
6661

6762
it('should return 404 for non-existed template', (done) => {
6863
request(server)
@@ -110,6 +105,12 @@ describe('GET project template', () => {
110105
done();
111106
});
112107
});
108+
109+
it('should return 200 even if user is not authenticated', (done) => {
110+
request(server)
111+
.get(`/v4/projectTemplates/${templateId}`)
112+
.expect(200, done);
113+
});
113114

114115
it('should return 200 for connect admin', (done) => {
115116
request(server)

src/routes/projectTemplates/list.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -75,11 +75,6 @@ describe('LIST project templates', () => {
7575
after(testUtil.clearDb);
7676

7777
describe('GET /projectTemplates', () => {
78-
it('should return 403 if user is not authenticated', (done) => {
79-
request(server)
80-
.get('/v4/projectTemplates')
81-
.expect(403, done);
82-
});
8378

8479
it('should return 200 for admin', (done) => {
8580
request(server)
@@ -110,6 +105,12 @@ describe('LIST project templates', () => {
110105
});
111106
});
112107

108+
it('should return 200 for anonymous user', (done) => {
109+
request(server)
110+
.get('/v4/projectTemplates')
111+
.expect(200, done);
112+
});
113+
113114
it('should return 200 for connect admin', (done) => {
114115
request(server)
115116
.get('/v4/projectTemplates')

src/routes/projectTypes/get.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,6 @@ describe('GET project type', () => {
3333
after(testUtil.clearDb);
3434

3535
describe('GET /projectTypes/{key}', () => {
36-
it('should return 403 if user is not authenticated', (done) => {
37-
request(server)
38-
.get(`/v4/projectTypes/${key}`)
39-
.expect(403, done);
40-
});
4136

4237
it('should return 404 for non-existed type', (done) => {
4338
request(server)
@@ -88,6 +83,12 @@ describe('GET project type', () => {
8883
});
8984
});
9085

86+
it('should return 200 even if user is not authenticated', (done) => {
87+
request(server)
88+
.get(`/v4/projectTypes/${key}`)
89+
.expect(200, done);
90+
});
91+
9192
it('should return 200 for connect admin', (done) => {
9293
request(server)
9394
.get(`/v4/projectTypes/${key}`)

src/routes/projectTypes/list.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -46,11 +46,6 @@ describe('LIST project types', () => {
4646
after(testUtil.clearDb);
4747

4848
describe('GET /projectTypes', () => {
49-
it('should return 403 if user is not authenticated', (done) => {
50-
request(server)
51-
.get('/v4/projectTypes')
52-
.expect(403, done);
53-
});
5449

5550
it('should return 200 for admin', (done) => {
5651
request(server)
@@ -83,6 +78,12 @@ describe('LIST project types', () => {
8378
});
8479
});
8580

81+
it('should return 200 even if user is not authenticated', (done) => {
82+
request(server)
83+
.get('/v4/projectTypes')
84+
.expect(200, done);
85+
});
86+
8687
it('should return 200 for connect admin', (done) => {
8788
request(server)
8889
.get('/v4/projectTypes')

0 commit comments

Comments
 (0)