feat: acknowledge OOO request

Author: surajmaity1

constants/progresses.ts

@@ -22,6 +22,8 @@ const PROGRESSES_SIZE = 20;
 const PROGRESSES_PAGE_SIZE = 0;
 const VALID_PROGRESS_TYPES = ["task", "user"];
 
+const UNAUTHORIZED_WRITE = "Unauthorized to write progress of task";
+
 module.exports = {
   PROGRESSES_RESPONSE_MESSAGES,
   MILLISECONDS_IN_DAY,
@@ -31,4 +33,5 @@ module.exports = {
   PROGRESS_VALID_SORT_FIELDS,
   PROGRESSES_SIZE,
   PROGRESSES_PAGE_SIZE,
+  UNAUTHORIZED_WRITE,
 };

controllers/extensionRequests.js

@@ -204,20 +204,21 @@ const getSelfExtensionRequests = async (req, res) => {
 const updateExtensionRequest = async (req, res) => {
   const { dev } = req.query;
   const isDev = dev === "true";
+  const isSuperUser = req.userData?.roles.super_user;
   try {
     const extensionRequest = await extensionRequestsQuery.fetchExtensionRequest(req.params.id);
     if (!extensionRequest.extensionRequestData) {
       return res.boom.notFound("Extension Request not found");
     }
 
-    if (
-      isDev &&
-      !req.userData?.roles.super_user &&
-      extensionRequest.extensionRequestData.status !== EXTENSION_REQUEST_STATUS.PENDING
-    ) {
+    if (isDev && !isSuperUser && extensionRequest.extensionRequestData.status !== EXTENSION_REQUEST_STATUS.PENDING) {
       return res.boom.badRequest("Only pending extension request can be updated");
     }
 
+    if (isDev && !isSuperUser && extensionRequest.extensionRequestData.assigneeId !== req.userData.id) {
+      return res.boom.forbidden("You don't have permission to update the extension request");
+    }
+
     if (req.body.assignee) {
       const { taskData: task } = await tasks.fetchTask(extensionRequest.extensionRequestData.taskId);
       if (task.assignee !== (await getUsername(req.body.assignee))) {

controllers/progresses.js

@@ -5,6 +5,7 @@ const {
   INTERNAL_SERVER_ERROR_MESSAGE,
   PROGRESSES_SIZE,
   PROGRESSES_PAGE_SIZE,
+  UNAUTHORIZED_WRITE,
 } = require("../constants/progresses");
 const { sendTaskUpdate } = require("../utils/sendTaskUpdate");
 const { PROGRESS_DOCUMENT_RETRIEVAL_SUCCEEDED, PROGRESS_DOCUMENT_CREATED_SUCCEEDED } = PROGRESSES_RESPONSE_MESSAGES;
@@ -45,6 +46,10 @@ const { PROGRESS_DOCUMENT_RETRIEVAL_SUCCEEDED, PROGRESS_DOCUMENT_CREATED_SUCCEED
  */
 
 const createProgress = async (req, res) => {
+  if (req.userData.roles.archived) {
+    return res.boom.forbidden(UNAUTHORIZED_WRITE);
+  }
+
   const {
     body: { type, completed, planned, blockers, taskId },
   } = req;

middlewares/validators/oooRequests.ts

@@ -39,11 +39,19 @@ export const createOooStatusRequestValidator = async (
   await schema.validateAsync(req.body, { abortEarly: false });
 };
 
+/**
+ * Middleware to validate the acknowledge Out-Of-Office (OOO) request payload.
+ * 
+ * @param {AcknowledgeOOORequest} req - The request object containing the body to be validated.
+ * @param {OooRequestResponse} res - The response object used to send error responses if validation fails.
+ * @param {NextFunction} next - The next middleware function to call if validation succeeds.
+ * @returns {Promise<void>} Resolves or sends errors.
+ */
 export const acknowledgeOOORequestsValidator = async (
   req: AcknowledgeOOORequest,
   res: OooRequestResponse,
   next: NextFunction
-) => {
+): Promise<void> => {
   const schema = joi
   .object()
   .strict()

services/oooRequest.ts

@@ -16,11 +16,17 @@ import {
 } from "../constants/requests";
 import { getRequests, updateRequest } from "../models/requests";
 import { AcknowledgeOOORequestBody } from "../types/oooRequest";
-import { statusState } from "../constants/userStatus";
-import { createUserFutureStatus } from "../models/userFutureStatus";
 import { addFutureStatus } from "../models/userStatus";
 const requestModel = firestore.collection("requests");
 
+/**
+ * Validates an Out-Of-Office (OOO) acknowledge request
+ * 
+ * @param {string} requestId - The unique identifier of the request.
+ * @param {string} requestType - The type of the request (expected to be 'OOO').
+ * @param {string} requestStatus - The current status of the request.
+ * @throws {Error} Throws an error if an issue occurs during validation.
+ */
 export const validateOOOAcknowledgeRequest = async (
     requestId: string,
     requestType: string,
@@ -58,6 +64,15 @@ export const validateOOOAcknowledgeRequest = async (
     }
 }
 
+/**
+ * Acknowledges an Out-of-Office (OOO) request
+ * 
+ * @param {string} requestId - The ID of the OOO request to acknowledge.
+ * @param {AcknowledgeOOORequestBody} body - The acknowledgement body containing acknowledging details.
+ * @param {string} userId - The unique identifier of the superuser user.
+ * @returns {Promise<object>} The acknowledged OOO request.
+ * @throws {Error} Throws an error if an issue occurs during acknowledgment process.
+ */
 export const acknowledgeOOORequest = async (
     requestId: string,
     body: AcknowledgeOOORequestBody,
@@ -106,17 +121,15 @@ export const acknowledgeOOORequest = async (
             const requestData = await getRequests({ id: requestId });
 
             if (requestData) {
-                const { from, until, requestedBy, comment } = requestData as any;
+                const { from, until, userId, comment } = requestData as any;
                 const userFutureStatusData = {
                     requestId,
-                    status: REQUEST_TYPE.OOO,
-                    state: statusState.UPCOMING,
+                    state: REQUEST_TYPE.OOO,
                     from,
                     endsOn: until,
-                    userId: requestedBy,
+                    userId: userId,
                     message: comment,
                 };
-                await createUserFutureStatus(userFutureStatusData);
                 await addFutureStatus(userFutureStatusData);
             }
         }

test/integration/extensionRequests.test.js

@@ -22,7 +22,7 @@ const user = userData[6];
 const appOwner = userData[3];
 const superUser = userData[4];
 
-let appOwnerjwt, superUserJwt, jwt, superUserId, extensionRequestId5;
+let appOwnerjwt, superUserJwt, jwt, user2Jwt, superUserId, extensionRequestId5;
 
 describe("Extension Requests", function () {
   let taskId0,
@@ -40,13 +40,15 @@ describe("Extension Requests", function () {
 
   before(async function () {
     const userId = await addUser(user);
+    const userId2 = await addUser(userData[5]);
     user.id = userId;
     const appOwnerUserId = await addUser(appOwner);
     appOwner.id = appOwnerUserId;
     superUserId = await addUser(superUser);
     appOwnerjwt = authService.generateAuthToken({ userId: appOwnerUserId });
     superUserJwt = authService.generateAuthToken({ userId: superUserId });
     jwt = authService.generateAuthToken({ userId: userId });
+    user2Jwt = authService.generateAuthToken({ userId: userId2 });
 
     const taskData = [
       {
@@ -1094,6 +1096,26 @@ describe("Extension Requests", function () {
         });
     });
 
+    it("should return forbidden response if superuser or request owner does not update the request when dev is enabled", function (done) {
+      chai
+        .request(app)
+        .patch(`/extension-requests/${extensionRequestId4}?dev=true`)
+        .set("cookie", `${cookieName}=${user2Jwt}`)
+        .send({
+          title: "new-title",
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+          expect(res).to.have.status(403);
+          expect(res.body)
+            .to.have.property("message")
+            .that.equals("You don't have permission to update the extension request");
+          return done();
+        });
+    });
+
     it("Should return 400 if assignee of the extensionrequest is upated with a different user", function (done) {
       chai
         .request(app)

test/integration/progressesTasks.test.js

@@ -16,7 +16,7 @@ const {
 
 const userData = require("../fixtures/user/user")();
 const taskData = require("../fixtures/tasks/tasks")();
-const { INTERNAL_SERVER_ERROR_MESSAGE } = require("../../constants/progresses");
+const { INTERNAL_SERVER_ERROR_MESSAGE, UNAUTHORIZED_WRITE } = require("../../constants/progresses");
 const cookieName = config.get("userToken.cookieName");
 const { expect } = chai;
 
@@ -32,6 +32,8 @@ describe("Test Progress Updates API for Tasks", function () {
     let taskId1;
     let taskId2;
     let fetchMock;
+    let archivedUserId;
+    let archivedUserToken;
 
     beforeEach(async function () {
       fetchMock = sinon.stub(global, "fetch");
@@ -40,6 +42,8 @@ describe("Test Progress Updates API for Tasks", function () {
         toFake: ["Date"],
       });
       userId = await addUser(userData[1]);
+      archivedUserId = await addUser(userData[5]);
+      archivedUserToken = authService.generateAuthToken({ userId: archivedUserId });
       userToken = authService.generateAuthToken({ userId: userId });
       const taskObject1 = await tasks.updateTask(taskData[0]);
       taskId1 = taskObject1.taskId;
@@ -165,6 +169,22 @@ describe("Test Progress Updates API for Tasks", function () {
           return done();
         });
     });
+
+    it("should return forbidden response when user is not in discord", function (done) {
+      chai
+        .request(app)
+        .post("/progresses")
+        .set("Cookie", `${cookieName}=${archivedUserToken}`)
+        .send(taskProgressDay1("1111"))
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+          expect(res.statusCode).to.equal(403);
+          expect(res.body.message).to.equal(UNAUTHORIZED_WRITE);
+          return done();
+        });
+    });
   });
 
   describe("Verify the GET progress records", function () {