Merge pull request #91 from topcoder-platform/justin-fixes

Justin fixes

Author: jmgasper

app-constants.js

@@ -2,6 +2,7 @@
  * App constants
  */
 const ADMIN_ROLES = ['administrator', 'admin']
+const AUTOCOMPLETE_ROLES = ['copilot', 'administrator', 'admin', 'Connect Copilot', 'Connect Account Manager', 'Connect Admin', 'Account Executive']
 
 const EVENT_ORIGINATOR = 'topcoder-member-api'
 
@@ -26,6 +27,7 @@ const MAMBO_GET_REWARDS_ALLOWED_FIELDS = [
 
 module.exports = {
   ADMIN_ROLES,
+  AUTOCOMPLETE_ROLES,
   EVENT_ORIGINATOR,
   EVENT_MIME_TYPE,
   TOPICS,

src/common/helper.js

@@ -111,6 +111,25 @@ function hasAdminRole (authUser) {
   return false
 }
 
+/**
+ * Check if the user has autocomplete role
+ * @param {Object} authUser the user
+ * @returns {Boolean} whether the user has autocomplete role
+ */
+function hasAutocompleteRole (authUser) {
+  if (!authUser.roles) {
+    return false
+  }
+  for (let i = 0; i < authUser.roles.length; i += 1) {
+    for (let j = 0; j < constants.AUTOCOMPLETE_ROLES.length; j += 1) {
+      if (authUser.roles[i].toLowerCase() === constants.AUTOCOMPLETE_ROLES[j].toLowerCase()) {
+        return true
+      }
+    }
+  }
+  return false
+}
+
 /**
  * Check if exists.
  *
@@ -751,6 +770,7 @@ module.exports = {
   autoWrapExpress,
   checkIfExists,
   hasAdminRole,
+  hasAutocompleteRole,
   getMemberByHandle,
   getEntityByHashKey,
   getEntityByHashRangeKey,

src/routes.js

@@ -28,7 +28,6 @@ module.exports = {
       controller: 'SearchController',
       method: 'autocomplete',
       auth: 'jwt',
-      allowNoToken: true,
       scopes: [MEMBERS.READ, MEMBERS.ALL]
     }
   },
@@ -37,7 +36,6 @@ module.exports = {
       controller: 'SearchController',
       method: 'autocomplete',
       auth: 'jwt',
-      allowNoToken: true,
       scopes: [MEMBERS.READ, MEMBERS.ALL]
     }
   },

src/services/SearchService.js

@@ -14,7 +14,7 @@ const MEMBER_FIELDS = ['userId', 'handle', 'handleLower', 'firstName', 'lastName
   'description', 'email', 'tracks', 'maxRating', 'wins', 'createdAt', 'createdBy',
   'updatedAt', 'updatedBy', 'skills', 'stats']
 
-const MEMBER_AUTOCOMPLETE_FIELDS = ['userId', 'handle', 'handleLower', 'firstName', 'lastName',
+const MEMBER_AUTOCOMPLETE_FIELDS = ['userId', 'handle', 'handleLower',
   'status', 'email', 'createdAt', 'updatedAt']
 
 var MEMBER_STATS_FIELDS = ['userId', 'handle', 'handleLower', 'maxRating',
@@ -124,11 +124,11 @@ searchMembers.schema = {
 async function autocomplete (currentUser, query) {
   // validate and parse fields param
   let fields = helper.parseCommaSeparatedString(query.fields, MEMBER_AUTOCOMPLETE_FIELDS) || MEMBER_AUTOCOMPLETE_FIELDS
-  // // if current user is not admin and not M2M, then exclude the admin/M2M only fields
-  // if (!currentUser || (!currentUser.isMachine && !helper.hasAdminRole(currentUser))) {
-  //   fields = _.without(fields, ...config.SEARCH_SECURE_FIELDS)
-  //   // MEMBER_AUTOCOMPLETE_FIELDS = _.without(MEMBER_AUTOCOMPLETE_FIELDS, ...config.STATISTICS_SECURE_FIELDS)
-  // }
+  // if current user is not autocomplete role and not M2M, then exclude the autocomplete/M2M only fields
+  if (!currentUser || (!currentUser.isMachine && !helper.hasAutocompleteRole(currentUser))) {
+    fields = _.without(fields, ...config.SEARCH_SECURE_FIELDS)
+    // MEMBER_AUTOCOMPLETE_FIELDS = _.without(MEMBER_AUTOCOMPLETE_FIELDS, ...config.STATISTICS_SECURE_FIELDS)
+  }
   // get suggestion based on querys term
   const docsSuggestions = await eshelper.getSuggestion(query, esClient, currentUser)
   if (docsSuggestions.hasOwnProperty('suggest')) {