fix: challenge task access issue for project manager

.circleci/config.yml

@@ -88,6 +88,7 @@ workflows:
             - dev
             - feature/top-262-projectid-non-mandatory
             - TOP-2364
+            - pm-1139
 
     - "build-qa":
         context: org-global

app-constants.js

@@ -9,6 +9,7 @@ const UserRoles = {
   Manager: "Connect Manager",
   User: "Topcoder User",
   SelfServiceCustomer: "Self-Service Customer",
+  ProjectManager: "Project Manager",
 };
 
 const prizeSetTypes = {

src/common/helper.js

@@ -22,7 +22,7 @@ const elasticsearch = require("elasticsearch");
 
 const projectHelper = require("./project-helper");
 const m2mHelper = require("./m2m-helper");
-const { hasAdminRole } = require("./role-helper");
+const { hasAdminRole, hasProjectManagerRole } = require("./role-helper");
 
 // Bus API Client
 let busApiClient;
@@ -960,7 +960,7 @@ async function _ensureAccessibleForTaskChallenge(currentUser, challenge) {
     }
     const canAccesChallenge = _.isUndefined(currentUser)
       ? false
-      : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources);
+      : currentUser.isMachine || hasAdminRole(currentUser) || hasProjectManagerRole(currentUser) || !_.isEmpty(memberResources);
     if (!canAccesChallenge) {
       throw new errors.ForbiddenError(`You don't have access to view this challenge`);
     }

src/common/role-helper.js

@@ -15,6 +15,22 @@ function hasAdminRole(authUser) {
   return false;
 }
 
+/**
+ * Check if the user has admin role
+ * @param {Object} authUser the user
+ */
+function hasProjectManagerRole(authUser) {
+  if (authUser && authUser.roles) {
+    for (const role of authUser.roles) {
+      if (role.toLowerCase() === constants.UserRoles.ProjectManager.toLowerCase()) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
 module.exports = {
   hasAdminRole,
+  hasProjectManagerRole,
 };

src/services/ChallengeService.js

@@ -35,7 +35,7 @@ const PhaseAdvancer = require("../phase-management/PhaseAdvancer");
 const { ChallengeDomain } = require("@topcoder-framework/domain-challenge");
 const { QueryDomain } = require("@topcoder-framework/domain-acl");
 
-const { hasAdminRole } = require("../common/role-helper");
+const { hasAdminRole, hasProjectManagerRole } = require("../common/role-helper");
 const {
   enrichChallengeForResponse,
   sanitizeRepeatedFieldsInUpdateRequest,
@@ -152,6 +152,7 @@ async function searchChallenges(currentUser, criteria) {
   ];
 
   const _hasAdminRole = hasAdminRole(currentUser);
+  const _hasProjectManagerRole = hasProjectManagerRole(currentUser);
 
   const includedTrackIds = _.isArray(criteria.trackIds) ? criteria.trackIds : [];
   const includedTypeIds = _.isArray(criteria.typeIds) ? criteria.typeIds : [];
@@ -588,7 +589,7 @@ async function searchChallenges(currentUser, criteria) {
   // FIXME: Tech Debt
   let excludeTasks = true;
   // if you're an admin or m2m, security rules wont be applied
-  if (currentUser && (_hasAdminRole || _.get(currentUser, "isMachine", false))) {
+  if (currentUser && (_hasAdminRole || _hasProjectManagerRole || _.get(currentUser, "isMachine", false))) {
     excludeTasks = false;
   }