Challenge Overview
Previously, we introduced a new way to manage users in groups different from using tables like security_groups, user_group_xref. Instead, we uses Groups APIs to determine if a user belong to a group.
For this challenge, we'd like to add the logic to check group permissions when adding challenge resources in Online Review's Edit Project page.
the logic is similar as https://github.com/appirio-tech/tc-api/blob/dev/initializers/challengeHelper.js#L328
First, it will query against the security_groups, user_group_xref and contest_eligibility tables to check challenge groups assignment, if there are no groups associated with the challenge, it is allowed to add the resources.
Second, if groups are associated with the challenge, then do check the challenge_group_ind field, if it is false, which means it is the old Challenge Groups approach, it will check by looking up in common_oltp:user_group_xref
Third, if challenge_group_ind field is true, we need to call V3 Group API in order check if the user to add is in the given group. If the user is in the group, proceed to add the user, if the user is not in the group, please properly show the error message indicating the given user is not in the desired group.
Notes, In order to call the V3 Groups API, V3 Jwt Token is required, you can get from the cookie with name v3jwt token, if not, please get the tcjwt token, then exchange for a v3 jwt token. similar logic can be found at https://github.com/appirio-tech/direct-app/blob/dev/src/java/main/com/topcoder/direct/services/view/action/ServiceBackendDataTablesAction.java#L333
About Testing Environment
* In order to properly test the functionality, you need to have direct app, online review and mock services (for group apis) up. Please check
- https://github.com/appirio-tech/tc-common-tutorials/tree/master/docker/direct-app
- https://github.com/topcoder-platform/mock-services
* Please add a new group in security_groups table with challenge_group_ind be true in order to assign groups to challenge.
* Please properly test with different cases, like challenge with old groups, challenge with new groups etc to make sure the challenge is proper.
- Verification Steps
For this challenge, we'd like to add the logic to check group permissions when adding challenge resources in Online Review's Edit Project page.
the logic is similar as https://github.com/appirio-tech/tc-api/blob/dev/initializers/challengeHelper.js#L328
First, it will query against the security_groups, user_group_xref and contest_eligibility tables to check challenge groups assignment, if there are no groups associated with the challenge, it is allowed to add the resources.
Second, if groups are associated with the challenge, then do check the challenge_group_ind field, if it is false, which means it is the old Challenge Groups approach, it will check by looking up in common_oltp:user_group_xref
Third, if challenge_group_ind field is true, we need to call V3 Group API in order check if the user to add is in the given group. If the user is in the group, proceed to add the user, if the user is not in the group, please properly show the error message indicating the given user is not in the desired group.
Notes, In order to call the V3 Groups API, V3 Jwt Token is required, you can get from the cookie with name v3jwt token, if not, please get the tcjwt token, then exchange for a v3 jwt token. similar logic can be found at https://github.com/appirio-tech/direct-app/blob/dev/src/java/main/com/topcoder/direct/services/view/action/ServiceBackendDataTablesAction.java#L333
About Testing Environment
* In order to properly test the functionality, you need to have direct app, online review and mock services (for group apis) up. Please check
- https://github.com/appirio-tech/tc-common-tutorials/tree/master/docker/direct-app
- https://github.com/topcoder-platform/mock-services
* Please add a new group in security_groups table with challenge_group_ind be true in order to assign groups to challenge.
* Please properly test with different cases, like challenge with old groups, challenge with new groups etc to make sure the challenge is proper.
* The change should be based on the dev branch of online review (https://github.com/topcoder-platform/tc-online-review/tree/dev/)
Final Submission Guidelines
- Code Changes For the New Group Permission Check Logic- Verification Steps