fix: teams access for Topcoder Users

maxceem · maxceem · commit 375479cc5f8a · 2020-12-28T15:17:49.000+02:00
diff --git a/src/services/JobService.js b/src/services/JobService.js
@@ -301,7 +301,7 @@ deleteJob.schema = Joi.object().keys({
 async function searchJobs (currentUser, criteria, options = { returnAll: false }) {
   if (!currentUser.hasManagePermission && !currentUser.isMachine && !currentUser.isConnectManager) {
     // regular user can only search with filtering by "projectId"
-    if (!criteria.projectId) {
+    if (!options.returnAll && !criteria.projectId) {
       throw new errors.ForbiddenError('Not allowed without filtering by "projectId"')
     }
     // check if user can access the project
diff --git a/src/services/ResourceBookingService.js b/src/services/ResourceBookingService.js
@@ -265,7 +265,7 @@ deleteResourceBooking.schema = Joi.object().keys({
 async function searchResourceBookings (currentUser, criteria, options = { returnAll: false }) {
   if (!currentUser.hasManagePermission && !currentUser.isMachine && !currentUser.isConnectManager) {
     // regular user can only search with filtering by "projectId"
-    if (!criteria.projectId) {
+    if (!options.returnAll && !criteria.projectId) {
       throw new errors.ForbiddenError('Not allowed without filtering by "projectId"')
     }
     // check if user can access the project

Original file line number	Diff line number	Diff line change
`@@ -301,7 +301,7 @@ deleteJob.schema = Joi.object().keys({`
`301`	`301`	`async function searchJobs (currentUser, criteria, options = { returnAll: false }) {`
`302`	`302`	`if (!currentUser.hasManagePermission && !currentUser.isMachine && !currentUser.isConnectManager) {`
`303`	`303`	`// regular user can only search with filtering by "projectId"`
`304`		`- if (!criteria.projectId) {`
	`304`	`+ if (!options.returnAll && !criteria.projectId) {`
`305`	`305`	`throw new errors.ForbiddenError('Not allowed without filtering by "projectId"')`
`306`	`306`	`}`
`307`	`307`	`// check if user can access the project`
Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ deleteResourceBooking.schema = Joi.object().keys({`
`265`	`265`	`async function searchResourceBookings (currentUser, criteria, options = { returnAll: false }) {`
`266`	`266`	`if (!currentUser.hasManagePermission && !currentUser.isMachine && !currentUser.isConnectManager) {`
`267`	`267`	`// regular user can only search with filtering by "projectId"`
`268`		`- if (!criteria.projectId) {`
	`268`	`+ if (!options.returnAll && !criteria.projectId) {`
`269`	`269`	`throw new errors.ForbiddenError('Not allowed without filtering by "projectId"')`
`270`	`270`	`}`
`271`	`271`	`// check if user can access the project`