UI updates and better handling of close events.

Author: jmgasper

README.md

@@ -79,5 +79,6 @@ Note: heroku domain should match subdomain of topcoder-dev or topcoder depending
 - setup both git provider to authorize topcoder-x to manage your repo on behalf of you
 - go to project management and create/edit projects, create hook and label
 - go to git access control menu and check list of groups have authorized
-- click get link button to get the shareable link which can be used by topcoder member to self assign to the repository.
+- click get link button to get the shareable link which can be used by topcoder member to self assign to the repository. Click to icon next to url to copy to clipboard.
+- normal member cannot use the application, allowed roles are configured in API, if normal user tries to access the app, error is shown in login page.
 

src/.DS_Store

@@ -1,5 +1,5 @@
 {
-  "extends":"eslint-config-topcoder/nodejs",
+  "extends": "eslint-config-topcoder/nodejs",
   "env": {
     "mocha": true
   },
@@ -10,5 +10,7 @@
       "experimentalObjectRestSpread": true
     }
   },
-  "rules": {  }
+  "rules": {
+    "lodash/prefer-invoke-map": 0
+  }
 }

src/.eslintrc

@@ -44,6 +44,7 @@ _.forEach(routes, (verbs, path) => {
         const decoded = jwtDecode(v3jwt);
         req.currentUser = {
           handle: decoded.handle.toLowerCase(),
+          roles: decoded.roles,
         };
       }
       req.signature = `${def.controller}#${def.method}`;
@@ -61,6 +62,20 @@ _.forEach(routes, (verbs, path) => {
         return res.redirect(`${constants.TOPCODER_VALUES[config.TOPCODER_ENV].TC_LOGIN_URL}?retUrl=${encodeURIComponent(callbackUri)}`);
       });
     }
+    if (!def.allowNormalUser) {
+      actions.push((req, res, next) => {
+        // check if any allowed role is matched with user's roles
+        if (_(req.currentUser.roles).map((i) => i.toLowerCase())
+          .intersection(_.map(config.ALLOWED_TOPCODER_ROLES, (j) => j.toLowerCase())).size() === 0) {
+          const statusCode = 403;
+          return res.status(statusCode).json({
+            code: 'Forbidden',
+            message: 'You are not allowed to access this resource.',
+          });
+        }
+        return next();
+      });
+    }
     actions.push(method);
     app[verb](`/api/${config.API_VERSION}${path}`, actions);
   });

src/app.js

@@ -63,7 +63,7 @@ const GITHUB_OWNER_CALLBACK_URL = '/api/v1/github/owneruser/callback';
 const GITLAB_OWNER_CALLBACK_URL = '/api/v1/gitlab/owneruser/callback';
 
 const OWNER_USER_LOGIN_SUCCESS_URL = '/#/app/settings';
-const USER_ADDED_TO_TEAM_SUCCESS_URL = '/#/app/members';
+const USER_ADDED_TO_TEAM_SUCCESS_URL = '/#/members';
 
 const TC_LOGIN_CALLBACK_URL = '/api/v1/tclogin';
 const JWT_V3_NAME = 'v3jwt';

src/common/constants.js

@@ -34,5 +34,6 @@ module.exports = {
   },
   HOOK_BASE_URL: process.env.HOOK_BASE_URL || 'http://x.topcoder-dev.com/',
   TOPCODER_ENV: process.env.TOPCODER_ENV || 'dev',
-  LABELS: process.env.LABELS || [{ name: 'Open for pickup', color: '112233' }, { name: 'Assigned', color: '445566' }, { name: 'Ready for review', color: '123123' }, { name: 'Paid', color: '456456' }, { name: 'Feedback', color: 'ff0011' }, { name: 'Fix accepted', color: 'aabb11' },]
+  LABELS: process.env.LABELS || [{ name: 'Open for pickup', color: '112233' }, { name: 'Assigned', color: '445566' }, { name: 'Ready for review', color: '123123' }, { name: 'Paid', color: '456456' }, { name: 'Feedback', color: 'ff0011' }, { name: 'Fix accepted', color: 'aabb11' }],
+  ALLOWED_TOPCODER_ROLES: process.env.ALLOWED_TOPCODER_ROLES || ['administrator', 'admin', 'connect manager', 'connect admin'],
 };

src/config.js

@@ -34,11 +34,10 @@ async function update(req) {
 /**
  * get all projects
  * @param {Object} req the request
- * @param {Object} res the response
  * @returns {Array} the result
  */
-async function getAll() {
-  return await ProjectService.getAll();
+async function getAll(req) {
+  return await ProjectService.getAll(req.query.status);
 }
 
 /**

src/controllers/ProjectController.js

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2018 TopCoder, Inc. All rights reserved.
+ */
+
+/**
+ * This controller exposes security related endpoints.
+ *
+ * @author veshu
+ * @version 1.0
+ */
+
+const helper = require('../common/helper');
+const securityService = require('../services/SecurityService');
+
+/**
+ * check if current user is authorized for Topcoder X or not.
+ * @param {Object} req the request
+ * @returns {Object} the result
+ */
+async function isAuthorized(req) {
+  return await securityService.isRolesAllowed(req.currentUser.roles);
+}
+
+module.exports = {
+  isAuthorized,
+};
+
+helper.buildController(module.exports);

src/controllers/SecurityController.js

@@ -0,0 +1 @@
+{"local":{"API_URL":"https://127.0.0.1:8443","ADMIN_TOOL_URL":"http://localhost:8080/api/v2","API_VERSION_PATH":"v3","COOKIES_SECURE":false,"AUTH_URL":"https://accounts.topcoder-dev.com/member","ACCOUNTS_CONNECTOR_URL":"https://accounts.topcoder-dev.com/connector.html","JWT_V3_NAME":"v3jwt","JWT_V2_NAME":"tcjwt","BACKEND_API":"http://localhost:4000","DIRECT_URL_BASE":"https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=","LABELS":["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"],"LABELS_COLOR":["112233","445566","123123","456456","ff0011","aabb11"],"HOOK_BASE_URL":"https://b9602b91.ngrok.io","OWNER_LOGIN_GITHUB_URL":"/api/v1/github/owneruser/login","OWNER_LOGIN_GITLAB_URL":"/api/v1/gitlab/owneruser/login"},"heroku":{"API_URL":"https://api.topcoder-dev.com","ADMIN_TOOL_URL":"https://api.topcoder-dev.com/v2","API_VERSION_PATH":"v3","COOKIES_SECURE":false,"AUTH_URL":"https://accounts.topcoder-dev.com/member","ACCOUNTS_CONNECTOR_URL":"https://accounts.topcoder-dev.com/connector.html","JWT_V3_NAME":"v3jwt","JWT_V2_NAME":"tcjwt","BACKEND_API":"http://topcoder-x-backend-dev.herokuapp.com","DIRECT_URL_BASE":"https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=","LABELS":["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"],"LABELS_COLOR":["112233","445566","123123","456456","ff0011","aabb11"],"HOOK_BASE_URL":"http://x.topcoder-dev.com/","OWNER_LOGIN_GITHUB_URL":"/api/v1/github/owneruser/login","OWNER_LOGIN_GITLAB_URL":"/api/v1/gitlab/owneruser/login"},"dev":{"API_URL":"https://api.topcoder-dev.com","ADMIN_TOOL_URL":"https://api.topcoder-dev.com/v2","API_VERSION_PATH":"v3","COOKIES_SECURE":false,"AUTH_URL":"https://accounts.topcoder-dev.com/member","ACCOUNTS_CONNECTOR_URL":"https://accounts.topcoder-dev.com/connector.html","JWT_V3_NAME":"v3jwt","JWT_V2_NAME":"tcjwt","DIRECT_URL_BASE":"https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=","LABELS":["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"],"LABELS_COLOR":["112233","445566","123123","456456","ff0011","aabb11"],"HOOK_BASE_URL":"https://b9602b91.ngrok.io","OWNER_LOGIN_GITHUB_URL":"/api/v1/github/owneruser/login","OWNER_LOGIN_GITLAB_URL":"/api/v1/gitlab/owneruser/login"},"qa":{"API_URL":"https://api.topcoder-qa.com","ADMIN_TOOL_URL":"https://api.topcoder-qa.com/v2","API_VERSION_PATH":"v3","COOKIES_SECURE":false,"AUTH_URL":"https://accounts.topcoder-qa.com/member","ACCOUNTS_CONNECTOR_URL":"https://accounts.topcoder-qa.com/connector.html","JWT_V3_NAME":"v3jwt","JWT_V2_NAME":"tcjwt","BACKEND_API":"http://localhost:4000","DIRECT_URL_BASE":"https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=","LABELS":["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"],"LABELS_COLOR":["112233","445566","123123","456456","ff0011","aabb11"],"HOOK_BASE_URL":"https://b9602b91.ngrok.io","OWNER_LOGIN_GITHUB_URL":"/api/v1/github/owneruser/login","OWNER_LOGIN_GITLAB_URL":"/api/v1/gitlab/owneruser/login"},"prod":{"API_URL":"https://api.topcoder.com","ADMIN_TOOL_URL":"https://api.topcoder.com/v2","API_VERSION_PATH":"v3","COOKIES_SECURE":false,"AUTH_URL":"https://accounts.topcoder.com/member","ACCOUNTS_CONNECTOR_URL":"https://accounts.topcoder.com/connector.html","JWT_V3_NAME":"v3jwt","JWT_V2_NAME":"tcjwt","BACKEND_API":"http://topcoderx.topcoder.com:80/api/v1","DIRECT_URL_BASE":"https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=","LABELS":["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"],"LABELS_COLOR":["112233","445566","123123","456456","ff0011","aabb11"],"HOOK_BASE_URL":"https://b9602b91.ngrok.io","OWNER_LOGIN_GITHUB_URL":"/api/v1/github/owneruser/login","OWNER_LOGIN_GITLAB_URL":"/api/v1/gitlab/owneruser/login"}}

src/front/config.json

@@ -86,24 +86,26 @@ angular.module('topcoderX', [
           data: { pageTitle: 'Project Management' },
           resolve: { auth: authenticate }
         })
-        .state('app.challenges', {
-          url: '/challenges',
-          templateUrl: 'app/challenges/challenges.html',
-          data: { pageTitle: 'Topcoder Platform' },
-          resolve: { auth: authenticate }
-        })
-        .state('app.tickets', {
-          url: '/tickets',
-          templateUrl: 'app/challenges/tickets.html',
-          data: { pageTitle: 'Git Tickets' },
-          resolve: { auth: authenticate }
-        })
-        .state('app.changelog', {
-          url: '/changelog',
-          templateUrl: 'app/changelog/changelog.html',
-          data: { pageTitle: 'Changelog' },
-          resolve: { auth: authenticate }
-        })
+        // following code is commented to hide the menu
+        // un comment this when pages are developed
+        // .state('app.challenges', {
+        //   url: '/challenges',
+        //   templateUrl: 'app/challenges/challenges.html',
+        //   data: { pageTitle: 'Topcoder Platform' },
+        //   resolve: { auth: authenticate }
+        // })
+        // .state('app.tickets', {
+        //   url: '/tickets',
+        //   templateUrl: 'app/challenges/tickets.html',
+        //   data: { pageTitle: 'Git Tickets' },
+        //   resolve: { auth: authenticate }
+        // })
+        // .state('app.changelog', {
+        //   url: '/changelog',
+        //   templateUrl: 'app/changelog/changelog.html',
+        //   data: { pageTitle: 'Changelog' },
+        //   resolve: { auth: authenticate }
+        // })
         .state('app.settings', {
           url: '/settings',
           templateUrl: 'app/settings/settings.html',
@@ -117,8 +119,9 @@ angular.module('topcoderX', [
           templateUrl: 'app/git-access-control/access-control.html',
           controller: 'GitAccessController',
           controllerAs: 'vm',
+          resolve: { auth: authenticate }
         })
-        .state('app.membersAdded', {
+        .state('membersAdded', {
           url: '/members/:provider',
           templateUrl: 'app/members/member.html',
           controller: 'MemberController',

src/front/src/app/app.js

@@ -14,7 +14,7 @@ angular.module('topcoderX')
 
     // if we come to this page and user is logged in, and we are not loggin out
     // then we shouldn't be on this page so we redirect to index
-    if (AuthService.isLoggedIn() && !AuthService.logginOut) {
+    if (AuthService.isLoggedIn() && !AuthService.logginOut && !AuthService.PermissionDenied) {
       $state.go('app.main');
 
       // if we are loggin out currently, then show "loggin out..." message

src/front/src/app/auth/auth.controller.js

@@ -2,9 +2,9 @@
 
 angular.module('topcoderX')
   .factory('AuthService', [
-    '$q', '$log', 'jwtHelper', '$cookies', '$window', '$state', '$rootScope',
+    '$q', '$log', 'jwtHelper', '$cookies', '$window', '$state', '$rootScope', '$http',
     'COOKIES_SECURE', 'JWT_V3_NAME', 'JWT_V2_NAME', 'Helper',
-    function ($q, $log, jwtHelper, $cookies, $window, $state, $rootScope,
+    function ($q, $log, jwtHelper, $cookies, $window, $state, $rootScope, $http,
       COOKIES_SECURE, JWT_V3_NAME, JWT_V2_NAME, Helper) {
       // these constants are for AuthService internal usage only
       // they don't depend on the environment thus don't have to be placed in global config
@@ -108,8 +108,9 @@ angular.module('topcoderX')
 
       var AuthService = {
         ERROR: {
-          NO_PERMISSIONS: 'Current user doesn\'t have administrator permissions.'
-        }
+          NO_PERMISSIONS: 'Current user doesn\'t have permissions.',
+        },
+        PermissionDenied: false,
       };
 
       /**
@@ -134,13 +135,8 @@ angular.module('topcoderX')
       AuthService.retriveFreshToken = function () {
         return proxyCall(GET_FRESH_TOKEN_REQUEST, GET_FRESH_TOKEN_SUCCESS, GET_FRESH_TOKEN_FAILURE)
           .then(function (data) {
-            var user = jwtHelper.decodeToken(data.token);
-
-            if ($.inArray('administrator', user && user.roles) < 0) {
-              return $q.reject(AuthService.ERROR.NO_PERMISSIONS);
-            } else {
-              AuthService.setTokenV3(data.token);
-            }
+            AuthService.setTokenV3(data.token);
+            return AuthService.isAuthorized();
           });
       }
 
@@ -186,25 +182,31 @@ angular.module('topcoderX')
        * @return {Promise} promise to authenticate
        */
       AuthService.authenticate = function () {
-        return AuthService.ready().then(function () {       
-            if (AuthService.isLoggedIn()) {
-              return $q.resolve();
+        return AuthService.ready().then(function () {
+          if (AuthService.isLoggedIn()) {
+            return AuthService.isAuthorized();
+          } else {
+            if (AuthService.getTokenV2()) {
+              return AuthService.retriveFreshToken();
             } else {
-              if (AuthService.getTokenV2()) {
-                return AuthService.retriveFreshToken().catch(function (err) {
-                  // if error about permission denied we will pass this error through
-                  // otherwise got to login page
-                  if (err !== AuthService.ERROR.NO_PERMISSIONS) {
-                    AuthService.login();
-                  }
-                  return $q.reject(err);
-                });
-              } else {
-                AuthService.login();
-                return $q.reject();
-              }
+              AuthService.login();
+              return $q.reject();
             }
-          });
+          }
+        });
+      }
+
+      /**
+       * checks if current user is allowed to use the app or not
+       */
+      AuthService.isAuthorized = function () {
+        return $http.get(Helper.baseUrl + '/api/v1/security/isAuthorized').then(function (res) {
+          if (res.data === true) {
+            return $q.resolve();
+          }
+          AuthService.PermissionDenied = true;
+          return $q.reject(AuthService.ERROR.NO_PERMISSIONS);
+        }).catch(function (err) { return $q.reject(err); });
       }
 
       /**

src/front/src/app/auth/auth.service.js

@@ -0,0 +1,15 @@
+angular.module('app.constants', [])
+.constant('API_URL', "https://api.topcoder-dev.com")
+.constant('ADMIN_TOOL_URL', "https://api.topcoder-dev.com/v2")
+.constant('API_VERSION_PATH', "v3")
+.constant('COOKIES_SECURE', false)
+.constant('AUTH_URL', "https://accounts.topcoder-dev.com/member")
+.constant('ACCOUNTS_CONNECTOR_URL', "https://accounts.topcoder-dev.com/connector.html")
+.constant('JWT_V3_NAME', "v3jwt")
+.constant('JWT_V2_NAME', "tcjwt")
+.constant('DIRECT_URL_BASE', "https://www.topcoder-dev.com/direct/projectOverview?formData.projectId=")
+.constant('LABELS', ["Open for pickup","Assigned","Ready for review","Paid","Feedback","Fix accepted"])
+.constant('LABELS_COLOR', ["112233","445566","123123","456456","ff0011","aabb11"])
+.constant('HOOK_BASE_URL', "https://b9602b91.ngrok.io")
+.constant('OWNER_LOGIN_GITHUB_URL', "/api/v1/github/owneruser/login")
+.constant('OWNER_LOGIN_GITLAB_URL', "/api/v1/gitlab/owneruser/login");