[72h] Topcoder Project Service - Permission endpoints

Register
Submit a solution
The challenge is finished.

Challenge Overview

Implement endpoint to manage and get permissions from Work Management Permission model.

Please, pay attention to this challenge timeline. Most of the phases are shorter than in regular challenge: submission - 72h, review - 24h, appeals - 12h.

Project Background

Topcoder Project Service is the main backend service of Topcode Connect – client-facing application of Topcoder. Recently, we introduced a new model called WorkManagementPermission. And in this challenge we would like to create a basic set CRUD endpoints to manager this model by admins. These permissions should be also used in the client-side to understand if we should let users to make some actions or no. But we don’t want users to get all the records from this model for security reasons. So instead, we would create a separate endpoint for regular users which would return permission for the logged in user only.

Technology Stack

  • Node.js

  • PostgreSQL

Code access

The work for this challenge has to be done in one repository:
- Project Service repo https://github.com/topcoder-platform/tc-project-service branch dev commit 69177ff045b5f7232349abde0000a2a13b2e3d7d or later.

- Config for local setup is provided on the forum.

- Some demo data for WorkManagementPermission model is provided on the forum.

Individual requirements

1. CRUD admin endpoints

  • We have a model WorkManagementPermission. Create the next endpoints to manage it:
    - create entity: “POST /v4/projects/metadata/workManagementPermission/
    - get list of entities: “GET /v4/projects/metadata/workManagementPermission/?filter=projectTemplateId=123
    - get entity: “GET /v4/projects/metadata/workManagementPermission/:id
    - update entity: “PATCH /v4/projects/metadata/workManagementPermission/
    - (soft) delete entity: “DELETE /v4/projects/metadata/workManagementPermission/

  • Permission to access all these endpoints is projectAdmin

  • For the get list of entities endpoint, we should support filtering by “projectTemplateId” like this “filter=projectTemplateId=123”.
    filter and “projectTemplateId” should be required for the get list of entities. So we cannot get all the entities by one request, we should always filter them by “projectTemplateId”.

2. Project permissions endpoint

  • Implement a new endpoint `GET /v4/projects/{projectId}/permissions` - permission to access this endpoint is projectView.

  • This endpoint should return allowed permissions for the actions in the project for logged in user with “result.content” like this:
    {
        “workStream.edit”: true,
        “work.create”: true,
        “work.edit”: true,
        “workItem.create”: true,
    }

  • Algorithm of work:
    - find project by projectId (return 404 if not found)
    - find all records in WorkManagementPermission model where “workManagementPermission.projectTemplateId = project.templateId” (all permissions of the Project Template associated with the project)
    - For each record determine if the logged in user has that permission or no. We already have a method for checking permissions:
    hasPermission(workManagementPermission.permission, req.authUser, projectMembers)
    You can get “projectMembers” using “models.ProjectMember.getActiveProjectMembers(projectId)
    - Return an object in “result.content” with keys from “workManagementPermission.policy” and values as “true” if user has such permission. Don’t return keys with “false” values, so the user doesn’t know which permissions he doesn’t have.

General requirements

  • Update Swagger file with new endpoints.

  • Update Postman file with new endpoints which should work good for a quick testing.

  • Implement unit tests for new endpoints as we do for other endpoints. In particular, properly verify permissions (positive and negative cases, see other endpoints for reference). Also, check that the functionality like filtering and calculating permissions for projects works correctly.

  • Follow the existent code standards and approaches.

  • Existent unit tests should pass.

  • Lint should pass.



Final Submission Guidelines

  • Git patch.

  • The winner would be required to raise a PR to the repository.

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30099218