Merge pull request #824 from topcoder-platform/pm-1273

fix(PM-1273): Send canApplyAsCopilot to check if the user can apply for the opportunity

Author: kkartunov

.circleci/config.yml

@@ -149,7 +149,7 @@ workflows:
           context : org-global
           filters:
             branches:
-              only: ['develop', 'migration-setup', 'pm-1356']
+              only: ['develop', 'migration-setup', 'pm-1273']
       - deployProd:
           context : org-global
           filters:

src/models/projectMember.js

@@ -34,6 +34,10 @@ module.exports = function defineProjectMember(sequelize, DataTypes) {
     ],
   });
 
+  ProjectMember.associate = (models) => {
+    ProjectMember.belongsTo(models.Project, { foreignKey: 'projectId' });
+  };
+
   ProjectMember.getProjectIdsForUser = userId => ProjectMember.findAll({
     where: {
       deletedAt: { $eq: null },

src/routes/copilotOpportunity/get.js

@@ -20,12 +20,30 @@ module.exports = [
           model: models.Project,
           as: 'project',
           attributes: ['name'],
+          include: [
+            {
+              model: models.ProjectMember,
+              as: 'members',
+              attributes: ['id', 'userId', 'role'],
+            },
+          ]
         },
       ],
     })
       .then((copilotOpportunity) => {
         const plainOpportunity = copilotOpportunity.get({ plain: true });
-        const formattedOpportunity = Object.assign({}, plainOpportunity,
+        req.log.info("authUser", req.authUser);
+        const memberIds = plainOpportunity.project.members && plainOpportunity.project.members.map((member) => member.userId);
+        let canApplyAsCopilot = false;
+        if (req.authUser) {
+          canApplyAsCopilot = !memberIds.includes(req.authUser.userId)
+        }
+        // This shouldn't be exposed to the clientside
+        delete plainOpportunity.project.members;
+        const formattedOpportunity = Object.assign({
+          members: memberIds,
+          canApplyAsCopilot,
+        }, plainOpportunity,
           plainOpportunity.copilotRequest ? plainOpportunity.copilotRequest.data : {},
           { copilotRequest: undefined },
         );

src/routes/index.js

@@ -35,9 +35,14 @@ const jwtAuth = require('tc-core-library-js').middleware.jwtAuthenticator;
 router.all(
   RegExp(`\\/${apiVersion}\\/(copilots|projects|timelines|orgConfig|customer-payments)(?!\\/health).*`),
   (req, res, next) => {
-    if (publicRoutes.some(routeRegex => routeRegex.test(req.path))) {
+    let token
+    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+      token = req.headers.authorization.split(' ')[1]
+    }
+    if (publicRoutes.some(routeRegex => routeRegex.test(req.path)) && !token) {
       return next();
     }
+    req.log.info("token available", token);
     // JWT authentication
     return jwtAuth(config)(req, res, next);
   },