Merge branch 'dev' of github.com:topcoder-platform/challenge-api into dev

jmgasper · jmgasper · commit 220845b40ff6 · 2025-05-28T15:29:48.000+10:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -45,7 +45,7 @@ builddeploy_steps: &builddeploy_steps
       source awsenvconf
       ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar
       source buildenvvar
-      ./master_deploy.sh -d ECS -e $DEPLOY_ENV -t latest -s ${LOGICAL_ENV}-global-appvar,${LOGICAL_ENV}-${APPNAME}-appvar -i ${APPNAME}
+      ./master_deploy.sh -d ECS -e $DEPLOY_ENV -t latest -s ${LOGICAL_ENV}-global-appvar,${LOGICAL_ENV}-${APPNAME}-appvar -i ${APPNAME} -p FARGATE
 jobs:
   # Build & Deploy against development backend
   "build-dev":
diff --git a/.github/workflows/code_reviewer.yml b/.github/workflows/code_reviewer.yml
@@ -0,0 +1,22 @@
+name: AI PR Reviewer
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+permissions:
+  pull-requests: write
+jobs:
+  tc-ai-pr-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: TC AI PR Reviewer
+        uses: topcoder-platform/tc-ai-pr-reviewer@master
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # The GITHUB_TOKEN is there by default so you just need to keep it like it is and not necessarily need to add it as secret as it will throw an error. [More Details](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)
+          LAB45_API_KEY: ${{ secrets.LAB45_API_KEY }}
+          exclude: "**/*.json, **/*.md, **/*.jpg, **/*.png, **/*.jpeg, **/*.bmp, **/*.webp" # Optional: exclude patterns separated by commas
diff --git a/app-constants.js b/app-constants.js
@@ -9,6 +9,7 @@ const UserRoles = {
   Manager: "Connect Manager",
   User: "Topcoder User",
   SelfServiceCustomer: "Self-Service Customer",
+  ProjectManager: "Project Manager",
 };
 
 const prizeSetTypes = {
diff --git a/src/common/helper.js b/src/common/helper.js
@@ -22,7 +22,7 @@ const elasticsearch = require("elasticsearch");
 
 const projectHelper = require("./project-helper");
 const m2mHelper = require("./m2m-helper");
-const { hasAdminRole } = require("./role-helper");
+const { hasAdminRole, hasProjectManagerRole } = require("./role-helper");
 
 // Bus API Client
 let busApiClient;
@@ -960,7 +960,7 @@ async function _ensureAccessibleForTaskChallenge(currentUser, challenge) {
     }
     const canAccesChallenge = _.isUndefined(currentUser)
       ? false
-      : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources);
+      : currentUser.isMachine || hasAdminRole(currentUser) || hasProjectManagerRole(currentUser) || !_.isEmpty(memberResources);
     if (!canAccesChallenge) {
       throw new errors.ForbiddenError(`You don't have access to view this challenge`);
     }
diff --git a/src/common/role-helper.js b/src/common/role-helper.js
@@ -15,6 +15,22 @@ function hasAdminRole(authUser) {
   return false;
 }
 
+/**
+ * Check if the user has project manager role
+ * @param {Object} authUser the user
+ */
+function hasProjectManagerRole(authUser) {
+  if (authUser && authUser.roles) {
+    for (const role of authUser.roles) {
+      if (role.toLowerCase() === constants.UserRoles.ProjectManager.toLowerCase()) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
 module.exports = {
   hasAdminRole,
+  hasProjectManagerRole,
 };
diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
@@ -35,7 +35,7 @@ const PhaseAdvancer = require("../phase-management/PhaseAdvancer");
 const { ChallengeDomain } = require("@topcoder-framework/domain-challenge");
 const { QueryDomain } = require("@topcoder-framework/domain-acl");
 
-const { hasAdminRole } = require("../common/role-helper");
+const { hasAdminRole, hasProjectManagerRole } = require("../common/role-helper");
 const {
   enrichChallengeForResponse,
   sanitizeRepeatedFieldsInUpdateRequest,
@@ -152,6 +152,7 @@ async function searchChallenges(currentUser, criteria) {
   ];
 
   const _hasAdminRole = hasAdminRole(currentUser);
+  const _hasProjectManagerRole = hasProjectManagerRole(currentUser);
 
   const includedTrackIds = _.isArray(criteria.trackIds) ? criteria.trackIds : [];
   const includedTypeIds = _.isArray(criteria.typeIds) ? criteria.typeIds : [];
@@ -588,7 +589,7 @@ async function searchChallenges(currentUser, criteria) {
   // FIXME: Tech Debt
   let excludeTasks = true;
   // if you're an admin or m2m, security rules wont be applied
-  if (currentUser && (_hasAdminRole || _.get(currentUser, "isMachine", false))) {
+  if (currentUser && (_hasAdminRole || _hasProjectManagerRole || _.get(currentUser, "isMachine", false))) {
     excludeTasks = false;
   }
 
