Merge pull request #545 from OneCommunityGlobal/navneeth-create-see-p…

…roject-management-tab-custom-permission Navneeth create see project management tab custom permission
OneCommunityGlobal · Oct 1, 2023 · dcf2973 · dcf2973
2 parents f47a832 + 2cecd59
commit dcf2973
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 11 deletions.
diff --git a/src/controllers/projectController.js b/src/controllers/projectController.js
@@ -2,7 +2,7 @@ const mongoose = require('mongoose');
 const timeentry = require('../models/timeentry');
 const userProfile = require('../models/userProfile');
 const userProject = require('../helpers/helperModels/userProjects');
-const { hasPermission } = require('../utilities/permissions');
+const { hasPermission, hasIndividualPermission } = require('../utilities/permissions');
 const escapeRegex = require('../utilities/escapeRegex');
 
 
@@ -15,7 +15,8 @@ const projectController = function (Project) {
   };
 
   const deleteProject = function (req, res) {
-    if (!hasPermission(req.body.requestor.role, 'deleteProject')) {
+    if (!hasPermission(req.body.requestor.role, 'deleteProject')
+    && !hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) { 
       res.status(403).send({ error: 'You are not authorized to delete projects.' });
       return;
     }
@@ -46,7 +47,8 @@ const projectController = function (Project) {
   };
 
   const postProject = async function (req, res) {
-    if (!await hasPermission(req.body.requestor.role, 'postProject')) {
+    if (!await hasPermission(req.body.requestor.role, 'postProject') 
+    && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) { 
       res.status(403).send({ error: 'You are not authorized to create new projects.' });
       return;
     }
@@ -77,7 +79,8 @@ const projectController = function (Project) {
 
 
   const putProject = async function (req, res) {
-    if (!await hasPermission(req.body.requestor.role, 'putProject')) {
+    if (!await hasPermission(req.body.requestor.role, 'putProject')
+    && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) { 
       res.status(403).send('You are not authorized to make changes in the projects.');
       return;
     }
@@ -125,8 +128,11 @@ const projectController = function (Project) {
     // verify requestor is administrator, projectId is passed in request params and is valid mongoose objectid, and request body contains  an array of users
 
     if (!await hasPermission(req.body.requestor.role, 'assignProjectToUsers')) {
+      if (!await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement') 
+        && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagementTab')) {
       res.status(403).send({ error: 'You are not authorized to perform this operation' });
       return;
+        }
     }
 
     if (!req.params.projectId || !mongoose.Types.ObjectId.isValid(req.params.projectId) || !req.body.users || (req.body.users.length === 0)) {

diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js
@@ -12,7 +12,7 @@ const Badge = require('../models/badge');
 const userProfile = require('../models/userProfile');
 const yearMonthDayDateValidator = require('../utilities/yearMonthDayDateValidator');
 const cache = require('../utilities/nodeCache')();
-const { hasPermission, canRequestorUpdateUser } = require('../utilities/permissions');
+const { hasPermission, hasIndividualPermission, canRequestorUpdateUser } = require('../utilities/permissions');
 const escapeRegex = require('../utilities/escapeRegex');
 const config = require('../config');
 
@@ -52,14 +52,16 @@ async function ValidatePassword(req, res) {
 
 const userProfileController = function (UserProfile) {
   const getUserProfiles = async function (req, res) {
-    if (
-      !(await hasPermission(req.body.requestor.role, "getUserProfiles")) &&
+    if (!await hasPermission(req.body.requestor.role, 'getUserProfiles') &&
       !req.body.requestor.permissions?.frontPermissions.includes(
         "putUserProfilePermissions"
       )
     ) {
-      res.status(403).send("You are not authorized to view all users");
+      if (!await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement') 
+        && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagementTab')) {
+      res.status(403).send('You are not authorized to view all users');
       return;
+      }
     }
 
     if (cache.getCache("allusers")) {

diff --git a/src/controllers/wbsController.js b/src/controllers/wbsController.js
@@ -1,4 +1,4 @@
-const { hasPermission } = require('../utilities/permissions');
+const { hasPermission, hasIndividualPermission } = require('../utilities/permissions');
 
 const wbsController = function (WBS) {
   const getAllWBS = function (req, res) {
@@ -11,7 +11,9 @@ const wbsController = function (WBS) {
   };
 
   const postWBS = async function (req, res) {
-    if (!await hasPermission(req.body.requestor.role, 'postWbs')) {
+    if (!await hasPermission(req.body.requestor.role, 'postWbs')
+    && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')
+    && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagementTab')) { 
       res.status(403).send({ error: 'You are not authorized to create new projects.' });
       return;
     }
@@ -34,7 +36,8 @@ const wbsController = function (WBS) {
   };
 
   const deleteWBS = async function (req, res) {
-    if (!await hasPermission(req.body.requestor.role, 'deleteWbs')) {
+    if (!await hasPermission(req.body.requestor.role, 'deleteWbs')
+    && !await hasIndividualPermission(req.body.requestor.requestorId, 'seeProjectManagement')) {
       res.status(403).send({ error: 'You are  not authorized to delete projects.' });
       return;
     }