[$300] Roles setup for attachments

[jmgasper]

@atelomycterus - One thing we have to check is if we can appropriately handle roles from Topcoder in Vanilla, and have them match up.

For instance, when a user logs in, we should pull their roles from the JWT and ensure those roles are added as available roles in Vanilla, if they aren't already roles in Vanilla. This way we can easily approach permissions using the roles already set up on the Topcoder side. By default, for any new roles added, we won't allow any permissions, but it's expected that the user will have multiple roles, like "member" and "copilot", or "admin" and "copilot".

We'll also need to set up some defaults, for instance:

• Regular members will not be able to attach files to posts
• Copilots will be able to attach files to posts

[jmgasper]

Contest https://www.topcoder.com/challenges/30145275 has been created for this ticket.

This is an automated message for ghostar via Topcoder X

[jmgasper]

Contest https://www.topcoder.com/challenges/30145275 has been updated - it has been assigned to obog.

This is an automated message for ghostar via Topcoder X

[atelomycterus]

@jmgasper Some questions:

1. 'Garden.Uploads.Add' permission

We'll also need to set up some defaults, for instance:
Regular members will not be able to attach files to posts
Copilots will be able to attach files to posts

The 'Garden.Uploads.Add' permission - upload images/attachments

Role without The 'Garden.Uploads.Add' permission:

Role has The 'Garden.Uploads.Add' permission:

So we can set up some defaults.

2. Default Topcoder roles

For instance, when a user logs in, we should pull their roles from the JWT and ensure those roles are added as available roles in Vanilla, if they aren't already roles in Vanilla. This way we can easily approach permissions using the roles already set up on the Topcoder side.

We can set up all default Topcoder roles in advance. Is there Role API to get a list of available roles?

I couldn't find any Role API to get all roles. I found a list of roles in the swagger file, but not sure if this is a complete list of roles:
https://github.com/topcoder-platform/member-api/blob/develop/docs/swagger.yaml#L36-L45

Is there a difference between 'admin' and 'administator' or are both roles the same?

3. Should the roles be synchronized every time an user logs on to Vanilla forums?
   if a role isn't already roles in Vanilla then it is added in Vanilla and to an user.
   Should we delete a role from an user in Vanilla if the role doesn't exist in a payload?

4. Vanilla roles vs Topcoder roles

• Should Vanilla admin and Topcoder admin be separate roles?
• Should Vanilla member and Topcoder member be separate roles?

5. Update Challenge forum processor
   The new task: If a new user is added then get a list of Topcoder roles by a Topcoder handle and add them to an user

[jmgasper]

1. Ok, that should work. Just want to make sure we test it with our updated upload plugin.

2. GET https://api.topcoder-dev.com/v3/roles. Just make sure to set the Authorization header with the M2M token. We need to have scope read:roles, but I think our key / secret we're using does. Let me know if you run into trouble. The roles are a mess for reasons you've already found. I've tried many times to get Topcoder to clarify what all the roles should be for the duplicates, like admin vs. administrator, and they never have. 🤷‍♂️

3. Yeah, we'll want to keep this synchronised, if possible. Is that a lot of extra work? I can adjust payment as needed.

4. Yes, those should be separate roles

5. Correct

[atelomycterus]

@jmgasper Please apply PRs:
#62
topcoder-platform/forums-plugins#33

Notes

Yeah, we'll want to keep this synchronised, if possible. Is that a lot of extra work? I can adjust payment as needed.

I managed it. All Topcoder Roles are synchronized.

Yes, those should be separate roles

Vanilla has several role types (member, administrator, guest and others). Each role has a role type. I added a new role type named 'topcoder'. All Topcoder roles have 'topcoder' role type.
So we can distinguish between Vanilla administrator and Topcoder administrator, both roles named 'administrator' but have different role types. We can use it in the future.

Testing

Disable and enable Topcoder plugin to get all Topcoder roles and set up permissions for member/copilot roles.

Topcoder roles
All roles in Admin:

Roles
The list of all roles for an user is displayed in Profile page:

Member - Vanilla Member role.

Check Permissions
My roles:

I can't upload image/attachment:

TODO

Plan to update challenge forum processor today.

[atelomycterus]

@jmgasper Please apply PR for a challenge forum processor:
topcoder-platform/challenge-forum-processor#34

• Missing Topcoder roles will be added automatically in Vanilla
• Topcoder roles for an user are synced when user is added to a group /removed from a group

[jmgasper]

@atelomycterus - Looks good from the screenshots, thanks! I'll be testing this today.

[jmgasper]

@atelomycterus - Deployed in dev, but now login isn't working properly. We go through the login flow, but the user doesn't appear logged in in the UI. Any ideas?

[jmgasper]

[atelomycterus]

@jmgasper

Please apply PRs:
#62
topcoder-platform/forums-plugins#33

topcoder-platform/forums-plugins#33 has not been merged.

[jmgasper]

@atelomycterus - Done now, sorry about that. 🤦

[atelomycterus]

@jmgasper there is a space in a list of issuers. For quick fix you can update VALID ISSUERS. I'll update a code and remove spaces.

[atelomycterus]

@jmgasper Updated. Now spaces are removed automatically. Please apply PR #63

[jmgasper]

Payment task has been updated: https://software.topcoder.com/review/actions/ViewProjectDetails?pid=30145275

This is an automated message for ghostar via Topcoder X