Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Navneeth create see teams management tab custom permission #556

Closed
wants to merge 10 commits into from
Closed

Navneeth create see teams management tab custom permission #556

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
f141a4a
updated permission checks in teamController.js
navneeeth Sep 30, 2023
c670700
Merge branch 'development' of https://github.com/OneCommunityGlobal/H…
navneeeth Oct 4, 2023
8fd7f4a
add comments to define permission checks
navneeeth Oct 4, 2023
c1a0146
Merge branch 'development' into navneeth-create-see-teams-management-…
navneeeth Oct 14, 2023
d1c2801
update permissions as per latest updates in permissions management fi…
navneeeth Nov 16, 2023
f4cbcb3
merged latest changes from development and testing features
navneeeth Nov 18, 2023
786de0f
merged latest barnch by fixing conflicts
navneeeth Nov 18, 2023
65f5247
updated branch to pull changes from development
navneeeth Nov 21, 2023
ddce25c
updated function calls to hasPermission and updated teamCode regex ch…
navneeeth Nov 28, 2023
d2989bb
merge latest changes from development
navneeeth Nov 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion src/controllers/projectController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ const projectController = function (Project) {
};

const deleteProject = function (req, res) {
// verify if the requestor has the necessary permissions

if (!hasPermission(req.body.requestor.role, 'deleteProject')
&& !hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) {
res.status(403).send({ error: 'You are not authorized to delete projects.' });
Expand Down Expand Up @@ -47,6 +49,9 @@ const projectController = function (Project) {
};

const postProject = async function (req, res) {
// verify if the requestor has the necessary permissions and if the projectName and isActie fields
// are present in the request body

if (!await hasPermission(req.body.requestor.role, 'postProject')
&& !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) {
res.status(403).send({ error: 'You are not authorized to create new projects.' });
Expand Down Expand Up @@ -79,6 +84,8 @@ const projectController = function (Project) {


const putProject = async function (req, res) {
// verify if the requestor has the necessary permissions

if (!await hasPermission(req.body.requestor.role, 'putProject')
&& !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) {
res.status(403).send('You are not authorized to make changes in the projects.');
Expand Down Expand Up @@ -125,7 +132,7 @@ const projectController = function (Project) {
};

const assignProjectToUsers = async function (req, res) {
// verify requestor is administrator, projectId is passed in request params and is valid mongoose objectid, and request body contains an array of users
// verify requestor is administrator or has necessary permissions, projectId is passed in request params and is valid mongoose objectid, and request body contains an array of users

if (!await hasPermission(req.body.requestor.role, 'assignProjectToUsers')) {
if (!await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')
Expand Down
26 changes: 20 additions & 6 deletions src/controllers/teamController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
const mongoose = require('mongoose');
const userProfile = require('../models/userProfile');
const { hasPermission } = require('../utilities/permissions');
const { hasPermission, hasIndividualPermission } = require('../utilities/permissions');
const cache = require('../utilities/nodeCache')();


const teamcontroller = function (Team) {
const getAllTeams = function (req, res) {
Team.find({})
Expand All @@ -18,7 +19,11 @@ const teamcontroller = function (Team) {
.catch(error => res.send(error).status(404));
};
const postTeam = async function (req, res) {
if (!await hasPermission(req.body.requestor.role, 'postTeam')) {
// verify if the requestor has the necessary permissions

if (!await hasPermission(req.body.requestor.role, 'postTeam') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagement') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagementTab')) {
res.status(403).send({ error: 'You are not authorized to create teams.' });
return;
}
Expand All @@ -35,7 +40,10 @@ const teamcontroller = function (Team) {
.catch(error => res.send(error).status(404));
};
const deleteTeam = async function (req, res) {
if (!await hasPermission(req.body.requestor.role, 'deleteTeam')) {
// verify if the requestor has the necessary permissions and if the teamId is valid

if (!await hasPermission(req.body.requestor.role, 'deleteTeam') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagement')) {
res.status(403).send({ error: 'You are not authorized to delete teams.' });
return;
}
Expand All @@ -58,7 +66,11 @@ const teamcontroller = function (Team) {
});
};
const putTeam = async function (req, res) {
if (!await hasPermission(req.body.requestor.role, 'putTeam')) {
// verify if the requestor has the necessary permissions

if (!await hasPermission(req.body.requestor.role, 'putTeam') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagement') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagementTab')) {
res.status(403).send('You are not authorized to make changes in the teams.');
return;
}
Expand All @@ -83,9 +95,11 @@ const teamcontroller = function (Team) {
};

const assignTeamToUsers = async function (req, res) {
// verify requestor is administrator, teamId is passed in request params and is valid mongoose objectid, and request body contains an array of users
// verify requestor is administrator or has the necessary permissions, teamId is passed in request params and is valid mongoose objectid, and request body contains an array of users

if (!await hasPermission(req.body.requestor.role, 'assignTeamToUsers')) {
if (!await hasPermission(req.body.requestor.role, 'assignTeamToUsers') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagement') &&
!await hasIndividualPermission(req.body.requestor.requestorId, 'seeTeamsManagementTab')) {
res.status(403).send({ error: 'You are not authorized to perform this operation' });
return;
}
Expand Down
4 changes: 4 additions & 0 deletions src/controllers/wbsController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ const wbsController = function (WBS) {
};

const postWBS = async function (req, res) {
// verify if the requestor has the necessary permissions

if (!await hasPermission(req.body.requestor.role, 'postWbs')
&& !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')
&& !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagementTab')) {
Expand All @@ -36,6 +38,8 @@ const wbsController = function (WBS) {
};

const deleteWBS = async function (req, res) {
// verify if the requestor has the necessary permissions

if (!await hasPermission(req.body.requestor.role, 'deleteWbs')
&& !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) {
res.status(403).send({ error: 'You are not authorized to delete projects.' });
Expand Down
Loading