From c2311d9eeae4d05349f36b53428a0eda5d252c21 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Tue, 29 Apr 2025 17:44:51 +0200 Subject: [PATCH 1/4] fix: challenge task access issue for project manager --- .circleci/config.yml | 1 + app-constants.js | 1 + src/common/helper.js | 4 ++-- src/common/role-helper.js | 16 ++++++++++++++++ src/services/ChallengeService.js | 5 +++-- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 80b0f55a..e132efce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -88,6 +88,7 @@ workflows: - dev - feature/top-262-projectid-non-mandatory - TOP-2364 + - pm-1139 - "build-qa": context: org-global diff --git a/app-constants.js b/app-constants.js index 718e2e9c..ae541bc8 100644 --- a/app-constants.js +++ b/app-constants.js @@ -9,6 +9,7 @@ const UserRoles = { Manager: "Connect Manager", User: "Topcoder User", SelfServiceCustomer: "Self-Service Customer", + ProjectManager: "Project Manager", }; const prizeSetTypes = { diff --git a/src/common/helper.js b/src/common/helper.js index eaaa0579..b376390e 100644 --- a/src/common/helper.js +++ b/src/common/helper.js @@ -22,7 +22,7 @@ const elasticsearch = require("elasticsearch"); const projectHelper = require("./project-helper"); const m2mHelper = require("./m2m-helper"); -const { hasAdminRole } = require("./role-helper"); +const { hasAdminRole, hasProjectManagerRole } = require("./role-helper"); // Bus API Client let busApiClient; @@ -960,7 +960,7 @@ async function _ensureAccessibleForTaskChallenge(currentUser, challenge) { } const canAccesChallenge = _.isUndefined(currentUser) ? false - : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources); + : currentUser.isMachine || hasAdminRole(currentUser) || hasProjectManagerRole(currentUser) || !_.isEmpty(memberResources); if (!canAccesChallenge) { throw new errors.ForbiddenError(`You don't have access to view this challenge`); } diff --git a/src/common/role-helper.js b/src/common/role-helper.js index f30720f9..a47817fe 100644 --- a/src/common/role-helper.js +++ b/src/common/role-helper.js @@ -15,6 +15,22 @@ function hasAdminRole(authUser) { return false; } +/** + * Check if the user has admin role + * @param {Object} authUser the user + */ +function hasProjectManagerRole(authUser) { + if (authUser && authUser.roles) { + for (const role of authUser.roles) { + if (role.toLowerCase() === constants.UserRoles.ProjectManager.toLowerCase()) { + return true; + } + } + } + return false; +} + module.exports = { hasAdminRole, + hasProjectManagerRole, }; diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js index 8bd5e33e..79d9ea22 100644 --- a/src/services/ChallengeService.js +++ b/src/services/ChallengeService.js @@ -35,7 +35,7 @@ const PhaseAdvancer = require("../phase-management/PhaseAdvancer"); const { ChallengeDomain } = require("@topcoder-framework/domain-challenge"); const { QueryDomain } = require("@topcoder-framework/domain-acl"); -const { hasAdminRole } = require("../common/role-helper"); +const { hasAdminRole, hasProjectManagerRole } = require("../common/role-helper"); const { enrichChallengeForResponse, sanitizeRepeatedFieldsInUpdateRequest, @@ -152,6 +152,7 @@ async function searchChallenges(currentUser, criteria) { ]; const _hasAdminRole = hasAdminRole(currentUser); + const _hasProjectManagerRole = hasProjectManagerRole(currentUser); const includedTrackIds = _.isArray(criteria.trackIds) ? criteria.trackIds : []; const includedTypeIds = _.isArray(criteria.typeIds) ? criteria.typeIds : []; @@ -588,7 +589,7 @@ async function searchChallenges(currentUser, criteria) { // FIXME: Tech Debt let excludeTasks = true; // if you're an admin or m2m, security rules wont be applied - if (currentUser && (_hasAdminRole || _.get(currentUser, "isMachine", false))) { + if (currentUser && (_hasAdminRole || _hasProjectManagerRole || _.get(currentUser, "isMachine", false))) { excludeTasks = false; } From b1202f4e42c5427aebcbc7ba424047893e7f9464 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Wed, 30 Apr 2025 07:52:36 +0200 Subject: [PATCH 2/4] removed circle config changes --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e132efce..80b0f55a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -88,7 +88,6 @@ workflows: - dev - feature/top-262-projectid-non-mandatory - TOP-2364 - - pm-1139 - "build-qa": context: org-global From 26c4ad29e09ad4003fe088806054821d2c3337c3 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Wed, 30 Apr 2025 07:53:48 +0200 Subject: [PATCH 3/4] comment --- src/common/role-helper.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/role-helper.js b/src/common/role-helper.js index a47817fe..dd98efbb 100644 --- a/src/common/role-helper.js +++ b/src/common/role-helper.js @@ -16,7 +16,7 @@ function hasAdminRole(authUser) { } /** - * Check if the user has admin role + * Check if the user has project manager role * @param {Object} authUser the user */ function hasProjectManagerRole(authUser) { From 644226a4a33066879cabfc4c1f01a18f5a78e21c Mon Sep 17 00:00:00 2001 From: Kiril Kartunov Date: Wed, 30 Apr 2025 14:48:54 +0300 Subject: [PATCH 4/4] adds AI Review Buddy --- .github/workflows/code_reviewer.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/code_reviewer.yml diff --git a/.github/workflows/code_reviewer.yml b/.github/workflows/code_reviewer.yml new file mode 100644 index 00000000..1d313051 --- /dev/null +++ b/.github/workflows/code_reviewer.yml @@ -0,0 +1,22 @@ +name: AI PR Reviewer + +on: + pull_request: + types: + - opened + - synchronize +permissions: + pull-requests: write +jobs: + tc-ai-pr-review: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: TC AI PR Reviewer + uses: topcoder-platform/tc-ai-pr-reviewer@master + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # The GITHUB_TOKEN is there by default so you just need to keep it like it is and not necessarily need to add it as secret as it will throw an error. [More Details](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret) + LAB45_API_KEY: ${{ secrets.LAB45_API_KEY }} + exclude: "**/*.json, **/*.md, **/*.jpg, **/*.png, **/*.jpeg, **/*.bmp, **/*.webp" # Optional: exclude patterns separated by commas