server/api: add change-user-type to add/remove collaborators

Author: haraldschilly

src/packages/next/lib/api/schema/projects/collaborators/change-user-type.ts

@@ -0,0 +1,36 @@
+import { z } from "../../../framework";
+
+import { FailedAPIOperationSchema, OkAPIOperationSchema } from "../../common";
+
+import { ProjectIdSchema } from "../common";
+import { AccountIdSchema } from "../../accounts/common";
+
+export const UserGroupSchema = z
+  .enum(["owner", "collaborator"])
+  .describe("Project user role (owner or collaborator).");
+
+export const ChangeProjectUserTypeInputSchema = z
+  .object({
+    project_id: ProjectIdSchema,
+    target_account_id: AccountIdSchema.describe(
+      "Account id of the user whose role will be changed.",
+    ),
+    new_group: UserGroupSchema.describe(
+      "New role to assign; must be owner or collaborator.",
+    ),
+  })
+  .describe(
+    "Change a collaborator's role in a project. Only owners can promote or demote users; validation enforces ownership rules (e.g., cannot demote the last owner).",
+  );
+
+export const ChangeProjectUserTypeOutputSchema = z.union([
+  FailedAPIOperationSchema,
+  OkAPIOperationSchema,
+]);
+
+export type ChangeProjectUserTypeInput = z.infer<
+  typeof ChangeProjectUserTypeInputSchema
+>;
+export type ChangeProjectUserTypeOutput = z.infer<
+  typeof ChangeProjectUserTypeOutputSchema
+>;

src/packages/next/pages/api/v2/projects/collaborators/change-user-type.test.ts

@@ -0,0 +1,76 @@
+/** @jest-environment node */
+
+import { createMocks } from "lib/api/test-framework";
+import handler from "./change-user-type";
+
+jest.mock("@cocalc/server/projects/collaborators", () => ({
+  changeUserType: jest.fn(),
+}));
+jest.mock("lib/account/get-account", () => jest.fn());
+
+describe("/api/v2/projects/collaborators/change-user-type", () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test("unauthenticated request returns error", async () => {
+    const getAccountId = require("lib/account/get-account");
+    getAccountId.mockResolvedValue(undefined);
+
+    const { req, res } = createMocks({
+      method: "POST",
+      url: "/api/v2/projects/collaborators/change-user-type",
+      body: {
+        project_id: "00000000-0000-0000-0000-000000000000",
+        target_account_id: "11111111-1111-1111-1111-111111111111",
+        new_group: "owner",
+      },
+    });
+
+    await expect(handler(req, res)).resolves.not.toThrow();
+
+    const collaborators = require("@cocalc/server/projects/collaborators");
+    expect(collaborators.changeUserType).not.toHaveBeenCalled();
+
+    const data = res._getJSONData();
+    expect(data).toHaveProperty("error");
+    expect(data.error).toContain("signed in");
+  });
+
+  test("authenticated request calls changeUserType", async () => {
+    const mockAccountId = "22222222-2222-2222-2222-222222222222";
+    const mockProjectId = "00000000-0000-0000-0000-000000000000";
+    const mockTargetAccountId = "11111111-1111-1111-1111-111111111111";
+
+    const getAccountId = require("lib/account/get-account");
+    getAccountId.mockResolvedValue(mockAccountId);
+
+    const collaborators = require("@cocalc/server/projects/collaborators");
+    collaborators.changeUserType.mockResolvedValue(undefined);
+
+    const { req, res } = createMocks({
+      method: "POST",
+      url: "/api/v2/projects/collaborators/change-user-type",
+      body: {
+        project_id: mockProjectId,
+        target_account_id: mockTargetAccountId,
+        new_group: "collaborator",
+      },
+    });
+
+    await handler(req, res);
+
+    expect(collaborators.changeUserType).toHaveBeenCalledWith({
+      account_id: mockAccountId,
+      opts: {
+        project_id: mockProjectId,
+        target_account_id: mockTargetAccountId,
+        new_group: "collaborator",
+      },
+    });
+
+    const data = res._getJSONData();
+    expect(data).toHaveProperty("status");
+    expect(data.status).toBe("ok");
+  });
+});

src/packages/next/pages/api/v2/projects/collaborators/change-user-type.ts

@@ -0,0 +1,58 @@
+/*
+API endpoint to change a user's collaborator type on an existing project.
+
+Permissions checks are performed by the underlying API call and are NOT
+executed at this stage.
+
+*/
+import { changeUserType } from "@cocalc/server/projects/collaborators";
+
+import getAccountId from "lib/account/get-account";
+import getParams from "lib/api/get-params";
+import { apiRoute, apiRouteOperation } from "lib/api";
+import { OkStatus } from "lib/api/status";
+import {
+  ChangeProjectUserTypeInputSchema,
+  ChangeProjectUserTypeOutputSchema,
+} from "lib/api/schema/projects/collaborators/change-user-type";
+
+async function handle(req, res) {
+  const { project_id, target_account_id, new_group } = getParams(req);
+  const client_account_id = await getAccountId(req);
+
+  try {
+    if (!client_account_id) {
+      throw Error("must be signed in");
+    }
+
+    await changeUserType({
+      account_id: client_account_id,
+      opts: { project_id, target_account_id, new_group },
+    });
+
+    res.json(OkStatus);
+  } catch (err) {
+    res.json({ error: err.message });
+  }
+}
+
+export default apiRoute({
+  changeProjectUserType: apiRouteOperation({
+    method: "POST",
+    openApiOperation: {
+      tags: ["Projects", "Admin"],
+    },
+  })
+    .input({
+      contentType: "application/json",
+      body: ChangeProjectUserTypeInputSchema,
+    })
+    .outputs([
+      {
+        status: 200,
+        contentType: "application/json",
+        body: ChangeProjectUserTypeOutputSchema,
+      },
+    ])
+    .handler(handle),
+});