Merge pull request #2161 from saitejakaasoju/sai/pause-user-permission-backend

Sai Teja - Add backend support for dedicated pause/resume permission

Author: one-community

src/controllers/notificationController.js

@@ -24,7 +24,8 @@ const notificationController = function () {
     }
     if (
       requestor.requestorId !== userId &&
-      (requestor.role !== 'Administrator' || requestor.role !== 'Owner')
+      requestor.role !== 'Administrator' &&
+      requestor.role !== 'Owner'
     ) {
       res.status(403).send({ error: 'Unauthorized request' });
       return;
@@ -55,7 +56,8 @@ const notificationController = function () {
     }
     if (
       requestor.requestorId !== userId &&
-      (requestor.role !== 'Administrator' || requestor.role !== 'Owner')
+      requestor.role !== 'Administrator' &&
+      requestor.role !== 'Owner'
     ) {
       res.status(403).send({ error: 'Unauthorized request' });
       return;

src/controllers/notificationController.spec.js

@@ -24,6 +24,8 @@ const makeSut = () => {
 };
 
 describe('Notification controller Unit Tests', () => {
+  const privilegedRoles = ['Administrator', 'Owner'];
+
   beforeEach(() => {
     mockReq.params.userId = '65cf6c3706d8ac105827bb2e';
     mockReq.body.requestor.role = 'Administrator';
@@ -45,13 +47,27 @@ describe('Notification controller Unit Tests', () => {
       const response = await getUserNotifications(mockReq, mockRes);
       assertResMock(400, errorMsg, response, mockRes);
     });
-    test('Ensures getUserNotifications returns error 403 if userId does not match requestorId', async () => {
+    test('Ensures getUserNotifications returns error 403 if userId does not match requestorId and requestor is not Admin or Owner', async () => {
       const { getUserNotifications } = makeSut();
       const errorMsg = { error: 'Unauthorized request' };
       mockReq.body.requestor.requestorId = 'differentUserId';
+      mockReq.body.requestor.role = 'Volunteer';
       const response = await getUserNotifications(mockReq, mockRes);
       assertResMock(403, errorMsg, response, mockRes);
     });
+    test.each(privilegedRoles)(
+      'Ensures getUserNotifications returns 200 if userId does not match requestorId but requestor is %s',
+      async (role) => {
+        const { getUserNotifications } = makeSut();
+        const mockNotifications = [{ id: '123', message: 'Notification Test 1' }];
+        mockReq.body.requestor.requestorId = 'differentUserId';
+        mockReq.body.requestor.role = role;
+        const mockService = jest.fn().mockResolvedValue(mockNotifications);
+        notificationService.getNotifications = mockService;
+        await expect(getUserNotifications(mockReq, mockRes)).resolves.toBeUndefined();
+        assertResMock(200, mockNotifications, undefined, mockRes);
+      },
+    );
     test('Ensures getUserNotifications returns 200 and notifications data when notifications are fetched successfully', async () => {
       const { getUserNotifications } = makeSut();
       const mockNotifications = [
@@ -82,13 +98,27 @@ describe('Notification controller Unit Tests', () => {
       const response = await getUnreadUserNotifications(mockReq, mockRes);
       assertResMock(400, errorMsg, response, mockRes);
     });
-    test('Ensures getUnreadUserNotifications returns error 403 if userId does not match requestorId', async () => {
+    test('Ensures getUnreadUserNotifications returns error 403 if userId does not match requestorId and requestor is not Admin or Owner', async () => {
       const { getUnreadUserNotifications } = makeSut();
       const errorMsg = { error: 'Unauthorized request' };
       mockReq.body.requestor.requestorId = 'differentUserId';
+      mockReq.body.requestor.role = 'Volunteer';
       const response = await getUnreadUserNotifications(mockReq, mockRes);
       assertResMock(403, errorMsg, response, mockRes);
     });
+    test.each(privilegedRoles)(
+      'Ensures getUnreadUserNotifications returns 200 if userId does not match requestorId but requestor is %s',
+      async (role) => {
+        const { getUnreadUserNotifications } = makeSut();
+        const mockNotifications = [{ id: '123', message: 'Notification Test 1' }];
+        mockReq.body.requestor.requestorId = 'differentUserId';
+        mockReq.body.requestor.role = role;
+        const mockService = jest.fn().mockResolvedValue(mockNotifications);
+        notificationService.getUnreadUserNotifications = mockService;
+        await expect(getUnreadUserNotifications(mockReq, mockRes)).resolves.toBeUndefined();
+        assertResMock(200, mockNotifications, undefined, mockRes);
+      },
+    );
     test('Ensures getUnreadUserNotifications returns 200 and notifications data when notifications are fetched successfully', async () => {
       const { getUnreadUserNotifications } = makeSut();
       const mockNotifications = [

src/controllers/userProfileController.js

@@ -662,7 +662,13 @@ const createControllerMethods = function (UserProfile, Project, cache) {
 
     const hasChangeStatusPermission = await hasPermission(requestor, 'changeUserStatus');
     const hasFinalDayPermission = await hasPermission(requestor, 'setFinalDay');
-    if (!(hasChangeStatusPermission && hasFinalDayPermission && canEditProtectedAccount)) {
+    const hasPausePermission = await hasPermission(requestor, 'interactWithPauseUserButton');
+    if (
+      !(
+        ((hasChangeStatusPermission && hasFinalDayPermission) || hasPausePermission) &&
+        canEditProtectedAccount
+      )
+    ) {
       if (PROTECTED_EMAIL_ACCOUNT.includes(requestor.email)) {
         logger.logInfo(
           `Unauthorized attempt to change protected user status. Requestor: ${requestor.requestorId} Target: ${userId}`,
@@ -929,7 +935,12 @@ const createControllerMethods = function (UserProfile, Project, cache) {
   };
 
   const getUserProfiles = async function (req, res) {
-    if (!(await checkPermission(req, 'getUserProfiles'))) {
+    if (
+      !(
+        (await checkPermission(req, 'getUserProfiles')) ||
+        (await checkPermission(req, 'interactWithPauseUserButton'))
+      )
+    ) {
       return forbidden(res, 'You are not authorized to view all users');
     }
 
@@ -1233,9 +1244,7 @@ const createControllerMethods = function (UserProfile, Project, cache) {
       );
 
       if (verificationUser.bioPosted !== bioPosted) {
-        console.error(
-          `WARNING: Database update failed! Expected: ${bioPosted}, Actual: ${verificationUser.bioPosted}`,
-        );
+        logger.logInfo('Database update failed while verifying bio status change.');
         return res.status(500).json({ error: 'Failed to update bio status in database.' });
       }
 
@@ -1651,7 +1660,7 @@ const createControllerMethods = function (UserProfile, Project, cache) {
 
       await user.save();
 
-      console.log(`✅ Saved ${key} in DB:`, user[key]);
+      logger.logInfo(`Saved ${key} in database.`);
 
       // ================================
       // CACHE INVALIDATION (MERGED)
@@ -1903,7 +1912,6 @@ const createControllerMethods = function (UserProfile, Project, cache) {
     }
     return null;
   };
-
   const changeUserStatus = async function (req, res) {
     const { userId } = req.params;
     const { action, endDate, reactivationDate } = req.body;
@@ -2031,6 +2039,74 @@ const createControllerMethods = function (UserProfile, Project, cache) {
     }
   };
 
+  const pauseResumeUser = async function (req, res) {
+    const { userId } = req.params;
+    const activationDate = req.body.reactivationDate;
+    const status = req.body.status === 'Active';
+
+    if (!mongoose.Types.ObjectId.isValid(userId)) {
+      return res.status(400).send({ error: 'Bad Request' });
+    }
+
+    const canEditProtectedAccount = await canRequestorUpdateUser(
+      req.body.requestor.requestorId,
+      userId,
+    );
+
+    if (
+      !(
+        (await hasPermission(req.body.requestor, 'interactWithPauseUserButton')) &&
+        canEditProtectedAccount
+      )
+    ) {
+      if (PROTECTED_EMAIL_ACCOUNT.includes(req.body.requestor.email)) {
+        logger.logInfo(
+          `Unauthorized attempt to change protected user status. Requestor: ${req.body.requestor.requestorId} Target: ${userId}`,
+        );
+      }
+      return res.status(403).send('You are not authorized to change user status');
+    }
+
+    cache.removeCache(`user-${userId}`);
+
+    try {
+      const user = await UserProfile.findById(userId, 'isActive email firstName lastName');
+      if (!user) {
+        return res.status(404).send({ error: 'User not found' });
+      }
+
+      user.set({
+        isActive: status,
+        reactivationDate: activationDate,
+      });
+
+      await user.save();
+
+      const isUserInCache = cache.hasCache('allusers');
+      if (isUserInCache) {
+        const allUserData = JSON.parse(cache.getCache('allusers'));
+        const userIdx = allUserData.findIndex((u) => u._id === userId);
+        if (userIdx !== -1) {
+          const userData = allUserData[userIdx];
+          userData.isActive = user.isActive;
+          allUserData.splice(userIdx, 1, userData);
+          cache.setCache('allusers', JSON.stringify(allUserData));
+        }
+      }
+
+      auditIfProtectedAccountUpdated({
+        requestorId: req.body.requestor.requestorId,
+        updatedRecordEmail: user.email,
+        actionPerformed: 'UserStatusUpdate',
+      });
+
+      return res.status(200).send({ message: 'status updated' });
+    } catch (error) {
+      logger.logException(error);
+      return res.status(500).send({ error: 'Internal Error' });
+    }
+  };
+
   const changeUserRehireableStatus = async function (req, res) {
     const { userId } = req.params;
     const { isRehireable } = req.body;
@@ -2955,8 +3031,8 @@ const createControllerMethods = function (UserProfile, Project, cache) {
       }
       return res.status(200).json(result.data);
     } catch (error) {
-      console.error('Error fetching skill data:', error);
-      return res.status(500).send({ error: error.message });
+      logger.logException(error);
+      return res.status(500).send({ error: 'Internal Error' });
     }
   };
 
@@ -2976,6 +3052,7 @@ const createControllerMethods = function (UserProfile, Project, cache) {
     getTeamMembersofUser,
     getProjectMembers,
     changeUserStatus,
+    pauseResumeUser,
     resetPassword,
     getUserByName,
     getAllUsersWithFacebookLink,

src/helpers/userHelper.js

@@ -2598,15 +2598,15 @@ const userHelper = function () {
     });
 
     let badgeOfType;
-    for (let i = 0; i < badgeCollection.length; i += 1) {
-      if (badgeCollection[i].badge?.type === 'Lead a team of X+') {
-        if (badgeOfType && badgeOfType.people <= badgeCollection[i].badge.people) {
+    for (const badgeEntry of badgeCollection) {
+      if (badgeEntry.badge?.type === 'Lead a team of X+') {
+        if (badgeOfType && badgeOfType.people <= badgeEntry.badge.people) {
           await removeDupBadge(personId, badgeOfType._id);
-          badgeOfType = badgeCollection[i].badge;
-        } else if (badgeOfType && badgeOfType.people > badgeCollection[i].badge.people) {
-          await removeDupBadge(personId, badgeCollection[i].badge._id);
+          badgeOfType = badgeEntry.badge;
+        } else if (badgeOfType && badgeOfType.people > badgeEntry.badge.people) {
+          await removeDupBadge(personId, badgeEntry.badge._id);
         } else if (!badgeOfType) {
-          badgeOfType = badgeCollection[i].badge;
+          badgeOfType = badgeEntry.badge;
         }
       }
     }

src/routes/userProfileRouter.js

@@ -6,18 +6,7 @@ const routes = function (userProfile, project) {
   const controller = require('../controllers/userProfileController')(userProfile, project);
   const userProfileRouter = express.Router();
 
-  // Skills radar route
-  userProfileRouter.get('/userProfile/:userId/skills-radar', async (req, res) => {
-    try {
-      if (typeof controller.getUserSkillRadarData === 'function') {
-        await controller.getUserSkillRadarData(req, res);
-      } else {
-        res.status(500).send('Controller function not found');
-      }
-    } catch (err) {
-      res.status(500).send({ error: err.message });
-    }
-  });
+  userProfileRouter.get('/userProfile/:userId/skills-radar', controller.getUserSkillRadarData);
 
   // Other routes (unchanged, just formatted for clarity)
   userProfileRouter
@@ -120,6 +109,7 @@ const routes = function (userProfile, project) {
     .patch(controller.changeUserStatus);
 
   userProfileRouter.route('/userProfile/name/:name').get(controller.getUserByName);
+  userProfileRouter.route('/userProfile/:userId/pause').patch(controller.pauseResumeUser);
   userProfileRouter
     .route('/userProfile/:userId/rehireable')
     .patch(controller.changeUserRehireableStatus);

src/utilities/createInitialPermissions.js

@@ -108,6 +108,7 @@ const permissionsRoles = [
       'accessHgnSkillsDashboard',
       'manageFAQs',
       'setFinalDay',
+      'interactWithPauseUserButton',
     ],
   },
   {
@@ -297,6 +298,7 @@ const permissionsRoles = [
       'manageHGNAccessSetup',
       'setFinalDay',
       'resendBlueSquareAndSummaryEmails',
+      'interactWithPauseUserButton',
     ],
   },
 ];

src/utilities/playwrightUtil.js

@@ -1,5 +1,6 @@
 /* eslint-disable no-console */
 const { execSync } = require('node:child_process');
+// eslint-disable-next-line import/no-unresolved
 const { chromium } = require('playwright');
 
 async function ensureBrowserInstalled() {