Merge pull request #1914 from Real-Dev-Squad/develop

Dev to main

Author: lakshayman

controllers/users.js

@@ -28,6 +28,8 @@ const {
 } = require("../constants/users");
 const { addLog } = require("../models/logs");
 const { getUserStatus } = require("../models/userStatus");
+const config = require("config");
+const discordDeveloperRoleId = config.get("discordDeveloperRoleId");
 
 const verifyUser = async (req, res) => {
   const userId = req.userData.id;
@@ -243,6 +245,26 @@ const getUsers = async (req, res) => {
   }
 };
 
+const isDeveloper = async (req, res) => {
+  try {
+    const { userData } = req;
+    if (userData.roles.in_discord) {
+      const membersInDiscord = await getDiscordMembers();
+      const discordMember = membersInDiscord.find((member) => member.user.id === userData.discordId);
+      if (discordMember) {
+        const { roles } = discordMember;
+        if (roles) {
+          return res.status(200).json({ developerRoleExistsOnUser: roles.includes(discordDeveloperRoleId) });
+        }
+      }
+    }
+    return res.status(200).json({ developerRoleExistsOnUser: false });
+  } catch (error) {
+    logger.error(`Error while fetching developer tag: ${error}`);
+    return res.boom.serverUnavailable(SOMETHING_WENT_WRONG);
+  }
+};
+
 /**
  * Fetches the data about user with given id
  *
@@ -371,7 +393,7 @@ const getSelfDetails = async (req, res) => {
  */
 const updateSelf = async (req, res) => {
   try {
-    const { id: userId } = req.userData;
+    const { id: userId, roles: userRoles, discordId } = req.userData;
     const { user } = await dataAccess.retrieveUsers({ id: userId });
 
     if (req.body.username) {
@@ -387,6 +409,17 @@ const updateSelf = async (req, res) => {
       }
     }
 
+    if (userRoles.in_discord) {
+      const membersInDiscord = await getDiscordMembers();
+      const discordMember = membersInDiscord.find((member) => member.user.id === discordId);
+      if (discordMember) {
+        const { roles } = discordMember;
+        if (roles && roles.includes(discordDeveloperRoleId)) {
+          return res.boom.forbidden("Developers can't update their profile data. Use profile service for updating.");
+        }
+      }
+    }
+
     const updatedUser = await userQuery.addOrUpdate(req.body, userId);
 
     if (!updatedUser.isNewUser) {
@@ -930,4 +963,5 @@ module.exports = {
   archiveUserIfNotInDiscord,
   usersPatchHandler,
   migrations,
+  isDeveloper,
 };

routes/users.js

@@ -16,6 +16,7 @@ router.get("/userId/:userId", users.getUserById);
 router.patch("/self", authenticate, userValidator.updateUser, users.updateSelf);
 router.get("/", userValidator.getUsers, users.getUsers);
 router.get("/self", authenticate, users.getSelfDetails);
+router.get("/isDeveloper", authenticate, users.isDeveloper);
 router.get("/isUsernameAvailable/:username", authenticate, users.getUsernameAvailabilty);
 router.get("/username", authenticate, userValidator.validateGenerateUsernameQuery, users.generateUsername);
 router.get("/chaincode", authenticate, users.generateChaincode);

test/integration/restricted.test.js

@@ -7,6 +7,8 @@ const authService = require("../../services/authService");
 const cleanDb = require("../utils/cleanDb");
 const userData = require("../fixtures/user/user")();
 const addUser = require("../utils/addUser");
+const sinon = require("sinon");
+const { getDiscordMembers } = require("../fixtures/discordResponse/discord-response");
 
 const cookieName = config.get("userToken.cookieName");
 const unrestrictedUser = userData[0];
@@ -17,15 +19,25 @@ chai.use(chaiHttp);
 describe("checkRestrictedUser", function () {
   let restrictedJwt;
   let unrestrictedJwt;
+  let fetchStub;
 
   before(async function () {
     const restrictedUserId = await addUser(restrictedUser);
     const unrestrictedUserId = await addUser(unrestrictedUser);
     restrictedJwt = authService.generateAuthToken({ userId: restrictedUserId });
     unrestrictedJwt = authService.generateAuthToken({ userId: unrestrictedUserId });
+
+    fetchStub = sinon.stub(global, "fetch");
+    fetchStub.returns(
+      Promise.resolve({
+        status: 200,
+        json: () => Promise.resolve(getDiscordMembers),
+      })
+    );
   });
 
   after(async function () {
+    sinon.restore();
     await cleanDb();
   });
 

test/integration/users.test.js

@@ -15,6 +15,7 @@ const superUser = userData[4];
 const searchParamValues = require("../fixtures/user/search")();
 
 const config = require("config");
+const discordDeveloperRoleId = config.get("discordDeveloperRoleId");
 const { getDiscordMembers } = require("../fixtures/discordResponse/discord-response");
 const joinData = require("../fixtures/user/join");
 const {
@@ -65,6 +66,20 @@ describe("Users", function () {
   });
 
   describe("PATCH /users/self", function () {
+    beforeEach(function () {
+      fetchStub = Sinon.stub(global, "fetch");
+      fetchStub.returns(
+        Promise.resolve({
+          status: 200,
+          json: () => Promise.resolve(getDiscordMembers),
+        })
+      );
+    });
+
+    afterEach(function () {
+      Sinon.restore();
+    });
+
     it("Should update the user", function (done) {
       chai
         .request(app)
@@ -2168,4 +2183,114 @@ describe("Users", function () {
         });
     });
   });
+
+  describe("GET /users/isDeveloper for developers not in_discord", function () {
+    beforeEach(function () {
+      fetchStub = Sinon.stub(global, "fetch");
+      fetchStub.returns(
+        Promise.resolve({
+          status: 200,
+          json: () => Promise.resolve(getDiscordMembers),
+        })
+      );
+    });
+
+    afterEach(function () {
+      Sinon.restore();
+    });
+
+    it("Should return false if user is a developer and not in discord", function (done) {
+      chai
+        .request(app)
+        .get("/users/isDeveloper")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(200);
+          expect(res.body.developerRoleExistsOnUser).to.equal(false);
+
+          return done();
+        });
+    });
+  });
+
+  describe("PATCH /users/self for developers", function () {
+    beforeEach(function () {
+      fetchStub = Sinon.stub(global, "fetch");
+      const discordMembers = [...getDiscordMembers];
+      discordMembers[0].user.id = "12345";
+      discordMembers[0].roles.push(discordDeveloperRoleId);
+      fetchStub.returns(
+        Promise.resolve({
+          status: 200,
+          json: () => Promise.resolve(discordMembers),
+        })
+      );
+    });
+
+    afterEach(function () {
+      Sinon.restore();
+    });
+
+    it("Should not update the user if user is a developer", function (done) {
+      chai
+        .request(app)
+        .patch("/users/self")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send({
+          first_name: "Test first_name",
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(403);
+          expect(res.body.message).to.equal(
+            "Developers can't update their profile data. Use profile service for updating."
+          );
+
+          return done();
+        });
+    });
+  });
+
+  describe("GET /users/isDeveloper for developers", function () {
+    beforeEach(function () {
+      fetchStub = Sinon.stub(global, "fetch");
+      const discordMembers = [...getDiscordMembers];
+      discordMembers[0].user.id = "12345";
+      discordMembers[0].roles.push(discordDeveloperRoleId);
+      fetchStub.returns(
+        Promise.resolve({
+          status: 200,
+          json: () => Promise.resolve(discordMembers),
+        })
+      );
+    });
+
+    afterEach(function () {
+      Sinon.restore();
+    });
+
+    it("Should return true if user is a developer", function (done) {
+      chai
+        .request(app)
+        .get("/users/isDeveloper")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(200);
+          expect(res.body.developerRoleExistsOnUser).to.equal(true);
+
+          return done();
+        });
+    });
+  });
 });

test/unit/middlewares/contentTypeCheck.test.js

@@ -1,6 +1,8 @@
 const chai = require("chai");
 const { expect } = chai;
 const chaiHttp = require("chai-http");
+const { getDiscordMembers } = require("../../fixtures/discordResponse/discord-response");
+const sinon = require("sinon");
 
 const app = require("../../../server");
 const authService = require("../../../services/authService");
@@ -13,13 +15,23 @@ chai.use(chaiHttp);
 
 describe("contentTypeCheck", function () {
   let jwt;
+  let fetchStub;
 
   beforeEach(async function () {
     const userId = await addUser();
     jwt = authService.generateAuthToken({ userId });
+
+    fetchStub = sinon.stub(global, "fetch");
+    fetchStub.returns(
+      Promise.resolve({
+        status: 200,
+        json: () => Promise.resolve(getDiscordMembers),
+      })
+    );
   });
 
   afterEach(async function () {
+    sinon.restore();
     await cleanDb();
   });