Challenge Overview
Challenge objectives
-
Implement permissions checks for project attachments - frontend and backend
Project Background
Topcoder Connect is client facing application of Topcoder. Customer use Topcoder connect to input requirements of their projects, then managers and copilots take it from there. You can see Topcoder Connect in action here: https://connect.topcoder-dev.com
We're making changes to project attachments - users will be able to specify a list of users that have access to the attachment they are uploading or editing. Project members will see only attachments they have access to. Admin users will be able to see all attachments
Technology Stack
-
ReactJS
-
Redux
-
NodeJS
-
Postgres
Code Access
Base code for frontend can be accessed at https://github.com/appirio-tech/connect-app/ - feature/attachmentPermissions branch should be used as base. For backend, base code is available at https://github.com/topcoder-platform/tc-project-service - use feature/attachmentPermissions branch
NOTE: You need to deploy project service locally and point connect app to use local project service
Individual requirements
1. Update create/update/delete/download attachments api
Scope: project service - src/routes/attachments
Endpoint body.param will have additional field userIds(array) which will contain list of user Ids that can access that attachment. The field should be saved to postgres using int array. When userIds is null, all project members will have access to the attachment. Attachment can be updated/deleted only by the original user that created it or by admin. Create new permissions in src/permissions for project.updateAttachment, project.removeAttachment and project.downloadAttachment and use them in src/permissions/index.js
Update event handlers in src/events/projectAttachments/index.js to save user permissions to elasticsearch.Update the getProjectAttachments method in dev/src/util.js#L246 to return only attachments that the user can access
2. Update Connect application with new UI
At the moment, connect app will upload the file to s3 and call the project api to assign the file to the current project (ie call v4/projects/ID/attachments). We want to show a user selection dialog with these elements
-
Title (“Who do you want to share this file with?”)
-
A button to share the file with all project users (“Share with all project members”)
-
A textbox with autocomplete to enter user handles to share the file with and a button (“Share with selected members”)
Here is a preview of the expected dialog layout (we don’t have the exact designs - use the existing elements in connect app)
There are two ways to upload a file - drag&drop and file selection in the file upload dialog. Both cases should be supported and should display the user selection dialog when the file is uploaded and the file selection dialog is closed (don’t show the dialog if file selection dialog is canceled). File upload is available in 3 places in the app (all 3 should behave similarly):
-
left sidebar in project details,
-
main content in the Scope tab,
-
main content in Project Plan > Phase > Specification.
Editing an attachment is possible only in the scope/specification tabs and is currently showing only file name and description fields. Add another field to enter user handles that have access to the attachment (same as in the user selection dialog). When the field is empty and save changes button is clicked, update permissions so that all users can view it, otherwise set the correct userIds. Use Select component from src/components/Select to select users. Both mobile and desktop views are in scope.
General requirements
Both desktop and mobile views are in scope. All API actions should show toast messages on success/failure. User interface should not allow triggering same action while one API call is in progress (ex disable dialog buttons while API call is in progress). Unit tests for project service are in scope.
What to submit
Submit a git patch with all the required changes
Submit a short verification guide
Final Submission Guidelines
Submit a git patch with all the required changes
Submit a short verification guide