-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[$150] Fix copilotAndAbove permission to check that users is a member of the project #332
Comments
|
@vikasrohit last question, what about admins? Should they also be members of the project to add phases? |
No, Connect Admin and administrators can do any change to any project. |
To sum up:
|
@maxceem will it be open soon? |
@vikasrohit to confirm, should |
@PrakashDurlabhji yes, it will be opened as soon as all the details are clarified. Note, as per this Bug Bash rules we do not allow to reserve issues. As soon as this issue is open for pick up, the first who comments will take it. |
@maxceem sure i understand, whoever comments first when it is opened, issue goes to them |
No, they are restricted to manage the projecgt plan. |
This issue is now open for pick up. Issue summary is provided at the comment #332 (comment). |
Please assign to me |
give to me thanks |
Assigned to @romitgit as he was the first one to comment on this. |
@maxceem please unassign as I'm not able to finish this. |
Thanks for update @romitgit. This issue is now open for pick up. |
@maxceem is this issue open for public? If yes I want to work on this |
Yes, @mfikria, it's a part of Bug Bash https://www.topcoder.com/challenges/30095031. Assigned you. |
@maxceem I've made a PR in #336
|
Thanks, @mfikria.
Can we also test 2 cases that a user with I'm not sure what is the limitations in https://github.com/topcoder-platform/tc-project-service/blob/dev/src/tests/util.js to add such tests. |
@maxceem do we need a jwt token with "no expiration" for test? |
yes, we have them in the https://github.com/topcoder-platform/tc-project-service/blob/dev/src/tests/util.js: |
@maxceem actually i used those tokens in the unit tests |
Yep so now we have cases:
And would like to also have opposite cases:
|
@maxceem the case "Users with copilot roles CAN do actions when they are members" is not needed since the existing successful unit test using copilot token |
Ok, then only |
@maxceem the PR has been updated. |
Fix copilotAndAbove permission to check that users is a member of the project #332
@vikasrohit this issue has been fixed and deployed with the release 2.4.13. |
From @vikasrohit
I see that permission
copilotAndAbove
doesn't check if the user is a member of a project or no, only user role of Topcoder, see https://github.com/topcoder-platform/tc-project-service/blob/challenge%2F30095006/src/permissions/copilotAndAbove.js#L11This rule is used for all the CRUD endpoints for phases and products, see https://github.com/topcoder-platform/tc-project-service/blob/challenge%2F30095006/src/permissions/index.js#L43-L48
@vikasrohit
The text was updated successfully, but these errors were encountered: