Skip to content

[HOTFIX] [DEV] Remove billing account permission check #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 29, 2020
Merged

[HOTFIX] [DEV] Remove billing account permission check #18

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
135e253
Merge pull request #10 from topcoder-platform/hotfix/consistent-proje…
Jan 2, 2020
7943d61
fix: permissions for updating billing account
maxceem Sep 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 0 additions & 55 deletions src/services/ProcessorService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ const {
AUDIT_ACTION,
PERMISSION_TYPE,
BUGR_CONTEST_TYPE_ID,
ADMIN_ROLE,
COPILOT_ROLE,
MANAGER_ROLE,
ACCOUNT_MANAGER_ROLE,
Expand Down Expand Up @@ -57,58 +56,6 @@ async function checkBillingAccountExist (connection, billingAccountId) {
}
}

/**
* Check user is admin
* @param {Number} userId the user id.
* @returns {Boolean} true if user is admin, false otherwise
*/
async function checkUserIsAdmin (connection, userId) {
const result = await connection.queryAsync(`select sr.description as role from common_oltp:security_user su, common_oltp:user_role_xref urx, common_oltp:security_roles sr where urx.login_id = su.login_id and sr.role_id = urx.role_id and su.login_id = ${userId}`)
return _.find(result, { role: ADMIN_ROLE }) !== undefined
}

/**
* Get user handle by id
* @param {Number} userId the user id.
* @returns {String} the user handel
*/
async function getUserHandle (connection, userId) {
const handleRes = await connection.queryAsync(`select handle from common_oltp:user where user_id = ${userId}`)
if (handleRes.length === 0) {
throw new Error(`User with id: ${userId} doesn't exist.`)
}
return handleRes[0].handle
}

/**
* Ensure user can access the corresponding billing account
* @param {Object} connection the Informix connection
* @param {Number} billingAccountId the billing account id
* @param {Number} userId the user id
*/
async function checkCanAccessBillingAccount (connection, billingAccountId, userId) {
const isAdmin = await checkUserIsAdmin(connection, userId)
let directAccessIds
if (isAdmin) {
directAccessIds = await connection.queryAsync(`select p.project_id as id from time_oltp:project as p left join time_oltp:client_project as cp on p.project_id = cp.project_id left join time_oltp:client c on c.client_id = cp.client_id and (c.is_deleted = 0 or c.is_deleted is null) where p.active = 1 and p.start_date <= current and current <= p.end_date`)
} else {
const userName = await getUserHandle(connection, userId)

directAccessIds = await connection.queryAsync(`select p.project_id as id from time_oltp:project as p left join time_oltp:client_project as cp on p.project_id = cp.project_id left join time_oltp:client c on c.client_id = cp.client_id and (c.is_deleted = 0 or c.is_deleted is null) where p.active = 1 and p.start_date <= current and current <= p.end_date and p.active = 1 and p.project_id in (SELECT distinct project_id FROM time_oltp:project_manager p, time_oltp:user_account u WHERE p.user_account_id = u.user_account_id and p.active = 1 and upper(u.user_name) = upper('${userName}') union SELECT distinct project_id FROM time_oltp:project_worker p, time_oltp:user_account u WHERE p.start_date <= current and current <= p.end_date and p.active =1 and p.user_account_id = u.user_account_id and upper(u.user_name) = upper('${userName}'))`)
}

if (_.find(directAccessIds, { id: billingAccountId })) {
return
}

// fetch billing account id via security groups the user has permission with
const billingAccountIds = await connection.queryAsync(`select gaba.billing_account_id as id from tcs_catalog:group_associated_billing_accounts gaba, tcs_catalog:customer_group cg where gaba.group_id = cg.group_id and cg.archived<>1 and (cg.client_id in (select ca.client_id from tcs_catalog:customer_administrator ca where ca.user_id=${userId}) or cg.group_id in (select gm.group_id from tcs_catalog:group_member gm, tcs_catalog:customer_group g3 where gm.group_id=g3.group_id and (gm.use_group_default=0 and gm.specific_permission='FULL' or gm.use_group_default=1 and g3.default_permission='FULL') and gm.active=1 and gm.user_id=${userId}))`)

if (!_.find(billingAccountIds, { id: billingAccountId })) {
throw new Error(`You don't have permission to access this billing account`)
}
}

/**
* Check whether the billing account have already associated to the direct project
* @param {Object} connection the Informix connection
Expand Down Expand Up @@ -243,8 +190,6 @@ async function calculateFeeAndCheckAssociate (connection, directProjectId, billi
let fee = {}

await checkBillingAccountExist(connection, billingAccountId)
// check user can access billing account
await checkCanAccessBillingAccount(connection, billingAccountId, userId)

// check whether billing account already associate to this direct project
// not need to perform checking if we are going to create the direct project latter
Expand Down