From 8701e97c78bbf668503e91a4a9a74962a308a4ba Mon Sep 17 00:00:00 2001 From: Imran Issa Date: Fri, 10 May 2024 12:03:21 +0200 Subject: [PATCH 1/4] added infringements permission check in profile controller --- src/controllers/userProfileController.js | 6 +++++- src/test/createTestPermissions.js | 8 ++++++++ src/utilities/createInitialPermissions.js | 8 ++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 385801f2f..d9e086c25 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -538,8 +538,12 @@ const userProfileController = function (UserProfile) { } if ( req.body.infringements !== undefined && - (await hasPermission(req.body.requestor, 'infringementAuthorizer')) + ((await hasPermission(req.body.requestor, 'infringementAuthorizer')) || + (await hasPermission(req.body.requestor, 'addInfringements')) || + (await hasPermission(req.body.requestor, 'deleteInfringements')) || + (await hasPermission(req.body.requestor, 'editInfringements'))) ) { + console.log('in here'); record.infringements = req.body.infringements; } diff --git a/src/test/createTestPermissions.js b/src/test/createTestPermissions.js index 691f2cd5d..8723e550f 100644 --- a/src/test/createTestPermissions.js +++ b/src/test/createTestPermissions.js @@ -48,6 +48,8 @@ const permissionsRoles = [ 'updatePassword', 'deleteUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', // WBS 'postWbs', 'deleteWbs', @@ -108,6 +110,8 @@ const permissionsRoles = [ 'getProjectMembers', 'putUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'getReporteesLimitRoles', 'updateTask', 'putTeam', @@ -136,6 +140,8 @@ const permissionsRoles = [ 'getProjectMembers', 'putUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'getReporteesLimitRoles', 'getAllInvInProjectWBS', 'postInvInProjectWBS', @@ -194,6 +200,8 @@ const permissionsRoles = [ 'putUserProfileImportantInfo', 'deleteUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'postWbs', 'deleteWbs', 'getAllInvInProjectWBS', diff --git a/src/utilities/createInitialPermissions.js b/src/utilities/createInitialPermissions.js index 23856d03a..41666b5a5 100644 --- a/src/utilities/createInitialPermissions.js +++ b/src/utilities/createInitialPermissions.js @@ -50,6 +50,8 @@ const permissionsRoles = [ 'updatePassword', 'deleteUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', // WBS 'postWbs', 'deleteWbs', @@ -110,6 +112,8 @@ const permissionsRoles = [ 'getProjectMembers', 'putUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'getReporteesLimitRoles', 'updateTask', 'putTeam', @@ -138,6 +142,8 @@ const permissionsRoles = [ 'getProjectMembers', 'putUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'getReporteesLimitRoles', 'getAllInvInProjectWBS', 'postInvInProjectWBS', @@ -196,6 +202,8 @@ const permissionsRoles = [ 'putUserProfileImportantInfo', 'deleteUserProfile', 'infringementAuthorizer', + 'addInfringements', + 'editInfringements', 'postWbs', 'deleteWbs', 'getAllInvInProjectWBS', From 47355488b78ac230d3f9a1002377ab7dc92d3997 Mon Sep 17 00:00:00 2001 From: Imran Issa Date: Sat, 11 May 2024 21:32:41 +0200 Subject: [PATCH 2/4] added infringements permission check in profile controller --- src/controllers/userProfileController.js | 4 +--- src/test/createTestPermissions.js | 8 ++++---- src/utilities/createInitialPermissions.js | 8 ++++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index d9e086c25..942ee660d 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -538,12 +538,10 @@ const userProfileController = function (UserProfile) { } if ( req.body.infringements !== undefined && - ((await hasPermission(req.body.requestor, 'infringementAuthorizer')) || - (await hasPermission(req.body.requestor, 'addInfringements')) || + ((await hasPermission(req.body.requestor, 'addInfringements')) || (await hasPermission(req.body.requestor, 'deleteInfringements')) || (await hasPermission(req.body.requestor, 'editInfringements'))) ) { - console.log('in here'); record.infringements = req.body.infringements; } diff --git a/src/test/createTestPermissions.js b/src/test/createTestPermissions.js index 8723e550f..879951b1f 100644 --- a/src/test/createTestPermissions.js +++ b/src/test/createTestPermissions.js @@ -47,9 +47,9 @@ const permissionsRoles = [ 'changeUserStatus', 'updatePassword', 'deleteUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', // WBS 'postWbs', 'deleteWbs', @@ -109,9 +109,9 @@ const permissionsRoles = [ 'getUserProfiles', 'getProjectMembers', 'putUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'getReporteesLimitRoles', 'updateTask', 'putTeam', @@ -139,9 +139,9 @@ const permissionsRoles = [ 'getUserProfiles', 'getProjectMembers', 'putUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'getReporteesLimitRoles', 'getAllInvInProjectWBS', 'postInvInProjectWBS', @@ -199,9 +199,9 @@ const permissionsRoles = [ 'putUserProfile', 'putUserProfileImportantInfo', 'deleteUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'postWbs', 'deleteWbs', 'getAllInvInProjectWBS', diff --git a/src/utilities/createInitialPermissions.js b/src/utilities/createInitialPermissions.js index 41666b5a5..25eb72506 100644 --- a/src/utilities/createInitialPermissions.js +++ b/src/utilities/createInitialPermissions.js @@ -49,9 +49,9 @@ const permissionsRoles = [ 'changeUserRehireableStatus', 'updatePassword', 'deleteUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', // WBS 'postWbs', 'deleteWbs', @@ -111,9 +111,9 @@ const permissionsRoles = [ 'getUserProfiles', 'getProjectMembers', 'putUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'getReporteesLimitRoles', 'updateTask', 'putTeam', @@ -141,9 +141,9 @@ const permissionsRoles = [ 'getUserProfiles', 'getProjectMembers', 'putUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'getReporteesLimitRoles', 'getAllInvInProjectWBS', 'postInvInProjectWBS', @@ -201,9 +201,9 @@ const permissionsRoles = [ 'putUserProfile', 'putUserProfileImportantInfo', 'deleteUserProfile', - 'infringementAuthorizer', 'addInfringements', 'editInfringements', + 'deleteInfringements', 'postWbs', 'deleteWbs', 'getAllInvInProjectWBS', From 5da634ada46e12ef43eea02fae77eb3cf28cef45 Mon Sep 17 00:00:00 2001 From: Imran Issa Date: Sat, 1 Jun 2024 18:34:50 +0200 Subject: [PATCH 3/4] add endpoints for each bluesquare modification --- src/controllers/userProfileController.js | 121 +++++++++++++++++++++++ src/routes/userProfileRouter.js | 7 ++ 2 files changed, 128 insertions(+) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 942ee660d..3a204b7cd 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -1197,6 +1197,124 @@ const userProfileController = function (UserProfile) { } }; + const addInfringements = async function (req, res) { + if (!(await hasPermission(req.body.requestor, 'addInfringements'))) { + res.status(403).send('You are not authorized to add blue square'); + return; + } + const userid = req.params.userId; + + cache.removeCache(`user-${userid}`); + + if (req.body.blueSquare === undefined) { + res.status(400).send('Invalid Data'); + return; + } + + UserProfile.findById(userid, async (err, record) => { + if (err || !record) { + res.status(404).send('No valid records found'); + return; + } + // find userData in cache + const isUserInCache = cache.hasCache('allusers'); + let allUserData; + let userData; + let userIdx; + if (isUserInCache) { + allUserData = JSON.parse(cache.getCache('allusers')); + userIdx = allUserData.findIndex((users) => users._id === userid); + userData = allUserData[userIdx]; + } + + const originalinfringements = record?.infringements ?? []; + record.infringements = originalinfringements.concat(req.body.blueSquare); + + record + .save() + .then((results) => { + userHelper.notifyInfringements(originalinfringements, results.infringements); + res.status(200).json({ + _id: record._id, + }); + + // update alluser cache if we have cache + if (isUserInCache) { + allUserData.splice(userIdx, 1, userData); + cache.setCache('allusers', JSON.stringify(allUserData)); + } + }) + .catch((error) => res.status(400).send(error)); + }); + }; + + const editInfringements = async function (req, res) { + if (!(await hasPermission(req.body.requestor, 'editInfringements'))) { + res.status(403).send('You are not authorized to edit blue square'); + return; + } + const { userId, blueSquareId } = req.params; + const { dateStamp, summary } = req.body; + + UserProfile.findById(userId, async (err, record) => { + if (err || !record) { + res.status(404).send('No valid records found'); + return; + } + + const originalinfringements = record?.infringements ?? []; + + record.infringements = originalinfringements.map((blueSquare) => { + if (blueSquare._id.equals(blueSquareId)) { + blueSquare.date = dateStamp ?? blueSquare.date; + blueSquare.description = summary ?? blueSquare.description; + } + return blueSquare; + }); + + record + .save() + .then((results) => { + userHelper.notifyInfringements(originalinfringements, results.infringements); + res.status(200).json({ + _id: record._id, + }); + }) + .catch((error) => res.status(400).send(error)); + }); + }; + + const deleteInfringements = async function (req, res) { + if (!(await hasPermission(req.body.requestor, 'deleteInfringements'))) { + res.status(403).send('You are not authorized to delete blue square'); + return; + } + const { userId, blueSquareId } = req.params; + + UserProfile.findById(userId, async (err, record) => { + if (err || !record) { + res.status(404).send('No valid records found'); + return; + } + + const originalinfringements = record?.infringements ?? []; + + record.infringements = originalinfringements.filter( + (infringement) => !infringement._id.equals(blueSquareId), + ); + + record + .save() + .then((results) => { + userHelper.notifyInfringements(originalinfringements, results.infringements); + res.status(200).json({ + _id: record._id, + }); + }) + .catch((error) => res.status(400).send(error)); + }); + }; + return { postUserProfile, getUserProfiles, @@ -1218,6 +1336,9 @@ const userProfileController = function (UserProfile) { getUserByFullName, changeUserRehireableStatus, authorizeUser, + addInfringements, + editInfringements, + deleteInfringements, }; }; diff --git a/src/routes/userProfileRouter.js b/src/routes/userProfileRouter.js index 0f27abe33..2976b37f9 100644 --- a/src/routes/userProfileRouter.js +++ b/src/routes/userProfileRouter.js @@ -87,6 +87,13 @@ const routes = function (userProfile) { .route('/userProfile/authorizeUser/weeeklySummaries') .post(controller.authorizeUser); + userProfileRouter.route('/userProfile/:userId/addInfringement').post(controller.addInfringements); + + userProfileRouter + .route('/userProfile/:userId/infringements/:blueSquareId') + .put(controller.editInfringements) + .delete(controller.deleteInfringements); + return userProfileRouter; }; From 0f177f9020f4319597909315853e297a1d82d4a3 Mon Sep 17 00:00:00 2001 From: Imran Issa Date: Tue, 3 Sep 2024 19:40:10 +0200 Subject: [PATCH 4/4] remove infringement duplicate code in userProfile --- src/controllers/userProfileController.js | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index b48b3d55d..d5cc6edae 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -684,14 +684,7 @@ const userProfileController = function (UserProfile, Project) { userData.startDate = record.startDate.toISOString(); } } - if ( - req.body.infringements !== undefined && - ((await hasPermission(req.body.requestor, 'addInfringements')) || - (await hasPermission(req.body.requestor, 'deleteInfringements')) || - (await hasPermission(req.body.requestor, 'editInfringements'))) - ) { - record.infringements = req.body.infringements; - } + let updatedDiff = null; if (PROTECTED_EMAIL_ACCOUNT.includes(record.email)) { updatedDiff = record.modifiedPaths();