Merge branch 'dr_cb_joint_comments' into emathew/audit-org-log

Author: emathew5

src/constants/index.js

@@ -44,6 +44,8 @@ function getConstants () {
     USER_ROLES: [
       'ADMIN'
     ],
+    JOINT_APPROVAL_FIELDS: ['short_name', 'long_name'],
+    JOINT_APPROVAL_FIELDS_LEGACY: ['short_name', 'name'],
     USER_ROLE_ENUM: {
       ADMIN: 'ADMIN'
     },

src/controller/conversation.controller/conversation.controller.js

@@ -19,84 +19,38 @@ async function getAllConversations (req, res, next) {
   return res.status(200).json(response)
 }
 
-async function getConversationsForOrg (req, res, next) {
-  const session = await mongoose.startSession()
-
-  try {
-    session.startTransaction()
-
-    const repo = req.ctx.repositories.getConversationRepository()
-    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
-    const requesterOrg = req.ctx.org
-    const targetOrgUUID = req.params.uuid
-
-    // Make sure target org matches user org if not secretariat
-    const isSecretariat = await orgRepo.isSecretariatByShortName(requesterOrg, { session })
-    const requesterOrgUUID = await orgRepo.getOrgUUID(requesterOrg, { session })
-    if (!isSecretariat && (requesterOrgUUID !== targetOrgUUID)) {
-      return res.status(400).json({ message: 'User is not secretariat or admin for target org' })
-    }
-
-    // temporary measure to allow tests to work after fixing #920
-    // tests required changing the global limit to force pagination
-    if (req.TEST_PAGINATOR_LIMIT) {
-      CONSTANTS.PAGINATOR_OPTIONS.limit = req.TEST_PAGINATOR_LIMIT
-    }
-
-    const options = CONSTANTS.PAGINATOR_OPTIONS
-    options.sort = { posted_at: 'desc' }
+async function getConversationsForTargetUUID (req, res, next) {
+  const repo = req.ctx.repositories.getConversationRepository()
+  const targetUUID = req.params.uuid
 
-    const response = await repo.getAllByTargetUUID(targetOrgUUID, options)
-    await session.commitTransaction()
-    return res.status(200).json(response)
-  } catch (err) {
-    if (session && session.inTransaction()) {
-      await session.abortTransaction()
-    }
-    next(err)
-  } finally {
-    if (session && session.id) { // Check if session is still valid before trying to end
-      try {
-        await session.endSession()
-      } catch (sessionEndError) {
-        logger.error({ uuid: req.ctx.uuid, message: 'Error ending session in finally block', error: sessionEndError })
-      }
-    }
-  }
+  const response = await repo.getAllByTargetUUID(targetUUID)
+  return res.status(200).json(response)
 }
 
-async function createConversationForOrg (req, res, next) {
+async function createConversationForTargetUUID (req, res, next) {
   const session = await mongoose.startSession()
 
   try {
     session.startTransaction()
 
     const repo = req.ctx.repositories.getConversationRepository()
-    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
     const userRepo = req.ctx.repositories.getBaseUserRepository()
     const requesterOrg = req.ctx.org
     const requesterUsername = req.ctx.user
-    const targetOrgUUID = req.params.uuid
+    const targetUUID = req.params.uuid
     const body = req.body
 
-    // Make sure target org matches user org if not secretariat
-    const isSecretariat = await orgRepo.isSecretariatByShortName(requesterOrg, { session })
-    const requesterOrgUUID = await orgRepo.getOrgUUID(requesterOrg, { session })
-    if (!isSecretariat && (requesterOrgUUID !== targetOrgUUID)) {
-      return res.status(400).json({ message: 'User is not secretariat or admin for target org' })
-    }
-
     const user = await userRepo.findOneByUsernameAndOrgShortname(requesterUsername, requesterOrg, { session })
 
     if (!body.body) {
       return res.status(400).json({ message: 'Missing required field body' })
     }
 
     const conversationBody = {
-      target_uuid: targetOrgUUID,
+      target_uuid: targetUUID,
       author_id: user.UUID,
       author_name: [user.name.first, user.name.last].join(' '),
-      author_role: isSecretariat ? 'Secretariat' : 'Partner',
+      author_role: 'Secretariat',
       visibility: body.visibility ? body.visibility.toLowerCase() : 'private',
       body: body.body
     }
@@ -129,20 +83,20 @@ async function createConversationForOrg (req, res, next) {
 
 async function updateMessage (req, res, next) {
   const repo = req.ctx.repositories.getConversationRepository()
-  const targetOrgUUID = req.params.uuid
+  const targetUUID = req.params.uuid
   const body = req.body
 
   if (!body.body) {
     return res.status(400).json({ message: 'Missing required field body' })
   }
 
-  const result = await repo.updateConversation(body, targetOrgUUID)
+  const result = await repo.updateConversation(body, targetUUID)
   return res.status(200).json(result)
 }
 
 module.exports = {
   getAllConversations,
-  getConversationsForOrg,
-  createConversationForOrg,
+  getConversationsForTargetUUID,
+  createConversationForTargetUUID,
   updateMessage
 }

src/controller/conversation.controller/index.js

@@ -15,33 +15,22 @@ router.get('/conversation',
   controller.getAllConversations
 )
 
-// Get conversations for all orgs - SEC only
-router.get('/conversation/org',
+// Get all conversations for target UUID - SEC only
+router.get('/conversation/target/:uuid',
   mw.validateUser,
   mw.onlySecretariat,
   query().custom((query) => { return mw.validateQueryParameterNames(query, ['page']) }),
   query(['page']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
   query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
-  controller.getAllConversations // TODO: for now, all conversations are targeted to orgs. Update this when conversations added for other objects
+  controller.getConversationsForTargetUUID
 )
 
-// Get conversations for org - SEC/ADMIN
-router.get('/conversation/org/:uuid',
+// Post conversation for target UUID - SEC only
+router.post('/conversation/target/:uuid',
   mw.validateUser,
-  mw.onlySecretariatOrAdmin,
-  query().custom((query) => { return mw.validateQueryParameterNames(query, ['page']) }),
-  query(['page']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
-  query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
-  param(['uuid']).isUUID(4),
-  controller.getConversationsForOrg
-)
-
-// Post conversation for org - SEC/ADMIN
-router.post('/conversation/org/:uuid',
-  mw.validateUser,
-  mw.onlySecretariatOrAdmin,
+  mw.onlySecretariat,
   param(['uuid']).isUUID(4),
-  controller.createConversationForOrg
+  controller.createConversationForTargetUUID
 )
 
 // Update conversation message - SEC only

src/controller/org.controller/org.controller.js

@@ -249,7 +249,8 @@ async function registryCreateOrg (req, res, next) {
       // If we get here, we know we are good to create
       const userRepo = req.ctx.repositories.getBaseUserRepository()
       const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
-      returnValue = await repo.createOrg(req.ctx.body, { session, upsert: true }, false, requestingUserUUID)
+      const isSecretariat = await repo.isSecretariatByShortName(req.ctx.org, { session })
+      returnValue = await repo.createOrg(req.ctx.body, { session, upsert: true }, false, requestingUserUUID, isSecretariat)
 
       await session.commitTransaction()
       logger.info({
@@ -293,7 +294,10 @@ async function createOrg (req, res, next) {
         await session.abortTransaction()
         return res.status(400).json(error.orgExists(body?.short_name))
       }
-      returnValue = await repo.createOrg(req.ctx.body, { session, upsert: true }, true)
+      const isSecretariat = await repo.isSecretariatByShortName(req.ctx.org, { session })
+      const userRepo = req.ctx.repositories.getBaseUserRepository()
+      const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
+      returnValue = await repo.createOrg(req.ctx.body, { session, upsert: true }, true, requestingUserUUID, isSecretariat)
 
       await session.commitTransaction()
     } catch (error) {
@@ -366,7 +370,9 @@ async function registryUpdateOrg (req, res, next) {
 
       const userRepo = req.ctx.repositories.getBaseUserRepository()
       const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
-      const updatedOrg = await orgRepository.updateOrg(shortNameUrlParameter, queryParametersJson, { session }, false, requestingUserUUID)
+      const isSecretariat = await orgRepository.isSecretariatByShortName(req.ctx.org, { session })
+      const isAdmin = await userRepo.isAdmin(req.ctx.user, req.ctx.org, { session })
+      const updatedOrg = await orgRepository.updateOrg(shortNameUrlParameter, queryParametersJson, { session }, false, requestingUserUUID, isAdmin, isSecretariat)
 
       responseMessage = { message: `${updatedOrg.short_name} organization was successfully updated.`, updated: updatedOrg } // Clarify message
       const payload = { action: 'update_org', change: `${updatedOrg.short_name} organization was successfully updated.`, org: updatedOrg }
@@ -413,9 +419,13 @@ async function updateOrg (req, res, next) {
         return res.status(403).json(error.duplicateShortname(queryParametersJson.new_short_name))
       }
 
-      const updatedOrg = await orgRepository.updateOrg(shortNameUrlParameter, queryParametersJson, { session }, true)
-
       const userRepo = req.ctx.repositories.getBaseUserRepository()
+      const isSecretariat = await orgRepository.isSecretariatByShortName(req.ctx.org, { session })
+      const isAdmin = await userRepo.isAdmin(req.ctx.user, req.ctx.org, { session })
+      const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
+
+      const updatedOrg = await orgRepository.updateOrg(shortNameUrlParameter, queryParametersJson, { session }, true, requestingUserUUID, isAdmin, isSecretariat)
+
       responseMessage = { message: `${updatedOrg.short_name} organization was successfully updated.`, updated: updatedOrg } // Clarify message
       const payload = { action: 'update_org', change: `${updatedOrg.short_name} organization was successfully updated.`, org: updatedOrg }
       payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, updatedOrg.UUID)

src/controller/registry-org.controller/index.js

@@ -213,7 +213,6 @@ router.post('/registryOrg',
   */
   mw.useRegistry(),
   mw.validateUser,
-  mw.onlySecretariat,
   parseError,
   parsePostParams,
   controller.CREATE_ORG
@@ -300,7 +299,6 @@ router.put('/registryOrg/:shortname',
   */
   mw.useRegistry(),
   mw.validateUser,
-  mw.onlySecretariat,
   param(['shortname']).isString().trim(),
   parseError,
   parsePostParams,