PM- 1612 Copilot Applications should be visible to all with selective data #854
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| module.exports = [ | ||
| permissions('copilotApplications.view'), | ||
| (req, res, next) => { | ||
| const canAccessAllApplications = util.hasRoles(req, ADMIN_ROLES) || util.hasProjectManagerRole(req); |
There was a problem hiding this comment.
Consider checking if req.params.id is a valid integer before using _.parseInt. This can prevent potential errors if the parameter is not a number.
| const enrichedApplications = copilotApplications.map(application => { | ||
| const m = members.find(m => m.userId === application.userId); | ||
| const enrichedApplications = copilotApplications.map((application) => { | ||
| const m = members.find(member => member.userId === application.userId); |
There was a problem hiding this comment.
Consider renaming the variable m to something more descriptive, such as member, to improve code readability.
| @@ -86,13 +79,21 @@ module.exports = [ | |||
| return enriched; | |||
| }); | |||
|
|
|||
| const response = canAccessAllApplications | |||
There was a problem hiding this comment.
Consider renaming canAccessAllApplications to something more descriptive like isAdminOrPM to clarify the condition being checked.
| @@ -86,13 +79,21 @@ module.exports = [ | |||
| return enriched; | |||
| }); | |||
|
|
|||
| const response = canAccessAllApplications | |||
| ? enrichedApplications | |||
There was a problem hiding this comment.
The ternary operation here is clear, but consider adding a brief explanation in the documentation or codebase about the logic behind canAccessAllApplications to improve maintainability.
| status: app.status, | ||
| createdAt: app.createdAt, | ||
| })); | ||
|
|
||
| req.log.debug(`Enriched Applications ${JSON.stringify(enrichedApplications)}`); |
There was a problem hiding this comment.
The debug log statement Enriched Applications should be updated to reflect the new variable response being logged instead of enrichedApplications.
The API should not restrict users, instead we're adding a filter to the response later.
Admins and PMs can view the entire response and the rest of the users can view only handles, status and applied date.