Permissions

[maxceem]

Let's sum up permission rules here.

Endpoint	Topcoder User	Booking Manager	Connect Manager
GET /taas-teams	☑️ Only when member of the project	✅ All	✅ All
GET /taas-teams/:teamId	☑️ Only when member of the project	✅	✅
GET /taas-teams/:teamId/jobs/:jobId	☑️ Only when member of the project	✅	✅
Jobs	Topcoder User	Booking Manager	Connect Manager
GET /jobs	☑️❗ Only if filter by "projectId" and is member of that project	✅	✅
GET /jobs/:id	☑️ Only when member of the project	✅	✅
POST /jobs/	☑️ Only when member of the project	✅	❌
PUT/PATCH /jobs/:id	☑️ Only when member of the project AND if they created particular job	✅	❌
DELETE /jobs/:id	❌	✅	❌
JobsCandidates	Topcoder User	Booking Manager	Connect Manager
GET /jobsCandidates	☑️❗ Only if filter by "jobId" and member of the project of that Job	✅	✅
GET /jobsCandidates/:id	☑️ Only when member of the project	✅	✅
POST /jobs/	❌	✅	❌
PUT/PATCH /jobs/:jobId	☑️ Only when member of the project	✅	❌
DELETE /jobs/:jobId	❌	✅	❌
ResourceBookings	Topcoder User	Booking Manager	Connect Manager
GET /resourceBookings	☑️❗ Only if filter by "projectId" and member of that project	✅	✅
GET /resourceBookings/:id	☑️ Only when member of the project	✅	✅
POST /jobs/	❌	✅	❌
PUT/PATCH /resourceBookings/:id	❌	✅	❌
DELETE /resourceBookings/:id	❌	✅	❌
WorkPeriods	Topcoder User	Booking Manager	Connect Manager
GET /workPeriods	☑️❗ Only if filter by "projectId" and member of that project	✅	✅
GET /workPeriods/:id	☑️ Only when member of the project	✅	✅
POST /workPeriods/	❌	✅	❌
PUT/PATCH /workPeriods/:id	❌	✅	❌
DELETE /workPeriods/:id	❌	✅	❌
WorkPeriodPayments	Topcoder User	Booking Manager	Connect Manager
GET /workPeriods	❌	✅	❌
GET /workPeriods/:id	❌	✅	❌
POST /workPeriods/	❌	✅	❌
PUT/PATCH /workPeriods/:id	❌	✅	❌
DELETE /workPeriods/:id	not supported	not supported	not supported

NOTES

• We can also perform these operations using M2M token with corresponding scopes, as per [$100] Support M2M tokens #40
• administrator users should have all the permissions like Booking Manager users.

[SathyaJayabal]

@maxceem, should the connect manager have basic topcoder user privileges for projects that they are a member of ?

Example for projects that they have created and not projects they have access to because of connect manager role.

[maxceem]

@maxceem, should the connect manager have basic topcoder user privileges for projects that they are a member of ?
Example for projects that they have created and not projects they have access to because of connect manager role.

This is already working as you've described.

I. e. if Connect Manager creates a project then for that project Connect Manager user would have permissions from both columns as Topcoder User and as Connect Manager.

[SathyaJayabal]

@maxceem ,this was not the case. Connect manager was not able create jobs for a project they created. Let me retest again and post with examples tomorrow.

[SathyaJayabal]

@maxceem , example for above case
user: TCConManager (roles: "Topcoder User","Connect Manager")
project/team : https://connect.topcoder-dev.com/projects/16830

User is not able to create/update jobs, candidates, resources for the project they belong to.

[maxceem]

Thanks, @SathyaJayabal. This is a good catch, we would fix it.

[SathyaJayabal]

@maxceem, during recent tests, we noticed one discrepancy. The Connect Manager was able to create jobs in projects that they are not a member of (in prod)
project : 18831
user: TCConManager

cc @lakshmiathreya @nkumar-topcoder