From 618480b49f13f1620439fe4cd8a5f8e9a59fe6be Mon Sep 17 00:00:00 2001
From: Behzad Rabiei <53224485+Behzad-rabiei@users.noreply.github.com>
Date: Mon, 15 Apr 2024 11:06:12 +0400
Subject: [PATCH 1/4] update tests for PATCH /community/:communityId

---
 __tests__/integration/community.test.ts | 88 +++++++++++++++++--------
 1 file changed, 61 insertions(+), 27 deletions(-)

diff --git a/__tests__/integration/community.test.ts b/__tests__/integration/community.test.ts
index 78f6f59..6446501 100644
--- a/__tests__/integration/community.test.ts
+++ b/__tests__/integration/community.test.ts
@@ -1,28 +1,28 @@
-// import request from 'supertest';
-// import httpStatus from 'http-status';
-// import app from '../../src/app';
-// import setupTestDB, { cleanUpTenantDatabases } from '../utils/setupTestDB';
-// import { userOne, insertUsers, userTwo, userThree } from '../fixtures/user.fixture';
-// import { userOneAccessToken, userTwoAccessToken } from '../fixtures/token.fixture';
-// import { User, Community, ICommunityUpdateBody, DatabaseManager } from '@togethercrew.dev/db';
-// import { communityOne, communityTwo, communityThree, insertCommunities } from '../fixtures/community.fixture';
-// import {
-//   platformOne,
-//   platformTwo,
-//   platformThree,
-//   platformFour,
-//   platformFive,
-//   insertPlatforms,
-// } from '../fixtures/platform.fixture';
-// import { discordRole1, discordRole2, discordRole3, discordRole4, insertRoles } from '../fixtures/discord/roles.fixture';
-// import {
-//   discordGuildMember1,
-//   discordGuildMember2,
-//   discordGuildMember3,
-//   discordGuildMember4,
-//   insertGuildMembers,
-// } from '../fixtures/discord/guildMember.fixture';
-// import { Connection } from 'mongoose';
+import request from 'supertest';
+import httpStatus from 'http-status';
+import app from '../../src/app';
+import setupTestDB, { cleanUpTenantDatabases } from '../utils/setupTestDB';
+import { userOne, insertUsers, userTwo, userThree } from '../fixtures/user.fixture';
+import { userOneAccessToken, userTwoAccessToken } from '../fixtures/token.fixture';
+import { User, Community, ICommunityUpdateBody, DatabaseManager } from '@togethercrew.dev/db';
+import { communityOne, communityTwo, communityThree, insertCommunities } from '../fixtures/community.fixture';
+import {
+  platformOne,
+  platformTwo,
+  platformThree,
+  platformFour,
+  platformFive,
+  insertPlatforms,
+} from '../fixtures/platform.fixture';
+import { discordRole1, discordRole2, discordRole3, discordRole4, insertRoles } from '../fixtures/discord/roles.fixture';
+import {
+  discordGuildMember1,
+  discordGuildMember2,
+  discordGuildMember3,
+  discordGuildMember4,
+  insertGuildMembers,
+} from '../fixtures/discord/guildMember.fixture';
+import { Connection } from 'mongoose';
 
 // setupTestDB();
 
@@ -372,7 +372,7 @@
 //           identifierValues: [{
 //             discordId: discordGuildMember2.discordId,
 //             username: discordGuildMember2.username,
-//             ngu: discordGuildMember2.nickname,
+//             // ngu: discordGuildMember2.nickname,
 //             discriminator: discordGuildMember2.discriminator,
 //             nickname: discordGuildMember2.nickname,
 //             globalName: discordGuildMember2.globalName,
@@ -388,7 +388,7 @@
 //           identifierValues: [{
 //             discordId: discordGuildMember2.discordId,
 //             username: discordGuildMember2.username,
-//             ngu: discordGuildMember2.nickname,
+//             // ngu: discordGuildMember2.nickname,
 //             discriminator: discordGuildMember2.discriminator,
 //             nickname: discordGuildMember2.nickname,
 //             globalName: discordGuildMember2.globalName,
@@ -619,6 +619,40 @@
 //         .expect(httpStatus.FORBIDDEN);
 //     });
 
+//     test('should return 400 when admin users trys to revoke admin role from themselves', async () => {
+//       await insertCommunities([communityOne, communityTwo, communityThree]);
+//       await insertUsers([userOne, userTwo]);
+//       await insertPlatforms([platformOne, platformTwo, platformThree]);
+//       await insertGuildMembers(
+//         [discordGuildMember1, discordGuildMember2, discordGuildMember3, discordGuildMember4],
+//         connection,
+//       );
+//       await insertRoles([discordRole1, discordRole2, discordRole3, discordRole4], connection);
+
+//       const res1 = await request(app)
+//         .patch(`/api/v1/communities/${communityOne._id}`)
+//         .set('Authorization', `Bearer ${userTwoAccessToken}`)
+//         .send({ roles: [] })
+//         .expect(httpStatus.BAD_REQUEST);
+
+//       const res2 = await request(app)
+//         .patch(`/api/v1/communities/${communityOne._id}`)
+//         .set('Authorization', `Bearer ${userTwoAccessToken}`)
+//         .send({
+//           roles: [{
+//             roleType: 'admin',
+//             source: {
+//               platform: 'discord',
+//               identifierType: 'member',
+//               identifierValues: [userOne.discordId],
+//               platformId: platformOne._id,
+//             },
+//           },]
+//         })
+//         .expect(httpStatus.BAD_REQUEST);
+
+//     });
+
 //     test('should return 400 error if communityId is not a valid mongo id', async () => {
 //       await insertUsers([userOne]);
 

From b906d91b47878aab5f0d3ffbbc8bb4129d1e63d2 Mon Sep 17 00:00:00 2001
From: Behzad Rabiei <53224485+Behzad-rabiei@users.noreply.github.com>
Date: Mon, 15 Apr 2024 11:06:48 +0400
Subject: [PATCH 2/4] validate the community role changes to stop admins to
 revoke admin role from themeselvs

---
 src/controllers/community.controller.ts |  3 +++
 src/services/community.service.ts       | 34 +++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/controllers/community.controller.ts b/src/controllers/community.controller.ts
index 60f24ce..fb521f5 100644
--- a/src/controllers/community.controller.ts
+++ b/src/controllers/community.controller.ts
@@ -43,6 +43,9 @@ const getCommunity = catchAsync(async function (req: IAuthRequest, res: Response
   res.send(community);
 });
 const updateCommunity = catchAsync(async function (req: IAuthRequest, res: Response) {
+  if (req.body.roles && req.community) {
+    await communityService.validateRoleChanges(req.user, req.community, req.body.roles);
+  }
   const community = await communityService.updateCommunityByFilter({ _id: req.params.communityId }, req.body);
   res.send(community);
 });
diff --git a/src/services/community.service.ts b/src/services/community.service.ts
index 7b4fad6..4c609da 100644
--- a/src/services/community.service.ts
+++ b/src/services/community.service.ts
@@ -1,7 +1,15 @@
 import { HydratedDocument, Types } from 'mongoose';
 import httpStatus from 'http-status';
-import { Community, ICommunity, DatabaseManager, GuildMember, IRole } from '@togethercrew.dev/db';
-import ApiError from '../utils/ApiError';
+import {
+  Community,
+  ICommunity,
+  DatabaseManager,
+  GuildMember,
+  IRole,
+  IUser,
+  ICommunityRoles,
+} from '@togethercrew.dev/db';
+import { ApiError, roleUtil } from '../utils';
 import guildMemberService from './discord/guildMember.service';
 import roleService from './discord/role.service';
 import platformService from './platform.service';
@@ -147,6 +155,27 @@ const populateRoles = async (community: HydratedDocument<ICommunity>): Promise<H
   return community;
 };
 
+/**
+ * Validates role changes to ensure an admin cannot revoke their own admin role
+ * @param {HydratedDocument<IUser>} user - The user object representing the current user
+ * @param {HydratedDocument<ICommunity>} community - The community document
+ * @param {string[]} newRoles - The new roles to be assigned to the community
+ * @throws {ApiError} If an admin tries to revoke their own admin role
+ */
+const validateRoleChanges = async (
+  user: HydratedDocument<IUser>,
+  community: HydratedDocument<ICommunity>,
+  newRoles: ICommunityRoles[],
+): Promise<void> => {
+  const initialUserRoles: string[] = await roleUtil.getUserRolesForCommunity(user, community);
+  const originalRoles = community.roles;
+  community.roles = newRoles;
+  const updatedUserRoles: string[] = await roleUtil.getUserRolesForCommunity(user, community);
+  community.roles = originalRoles;
+  if (initialUserRoles.includes('admin') && !updatedUserRoles.includes('admin')) {
+    throw new ApiError(httpStatus.BAD_REQUEST, 'Admin role cannot be revoked by the user themselves.');
+  }
+};
 export default {
   createCommunity,
   queryCommunities,
@@ -157,4 +186,5 @@ export default {
   deleteCommunityByFilter,
   addPlatformToCommunityById,
   populateRoles,
+  validateRoleChanges,
 };

From 3ab0d93192e1890e78af533b200397687e29316c Mon Sep 17 00:00:00 2001
From: Behzad Rabiei <53224485+Behzad-rabiei@users.noreply.github.com>
Date: Mon, 15 Apr 2024 11:07:29 +0400
Subject: [PATCH 3/4] disable the tests

---
 __tests__/integration/community.test.ts | 50 ++++++++++++-------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/__tests__/integration/community.test.ts b/__tests__/integration/community.test.ts
index 6446501..79b135a 100644
--- a/__tests__/integration/community.test.ts
+++ b/__tests__/integration/community.test.ts
@@ -1,28 +1,28 @@
-import request from 'supertest';
-import httpStatus from 'http-status';
-import app from '../../src/app';
-import setupTestDB, { cleanUpTenantDatabases } from '../utils/setupTestDB';
-import { userOne, insertUsers, userTwo, userThree } from '../fixtures/user.fixture';
-import { userOneAccessToken, userTwoAccessToken } from '../fixtures/token.fixture';
-import { User, Community, ICommunityUpdateBody, DatabaseManager } from '@togethercrew.dev/db';
-import { communityOne, communityTwo, communityThree, insertCommunities } from '../fixtures/community.fixture';
-import {
-  platformOne,
-  platformTwo,
-  platformThree,
-  platformFour,
-  platformFive,
-  insertPlatforms,
-} from '../fixtures/platform.fixture';
-import { discordRole1, discordRole2, discordRole3, discordRole4, insertRoles } from '../fixtures/discord/roles.fixture';
-import {
-  discordGuildMember1,
-  discordGuildMember2,
-  discordGuildMember3,
-  discordGuildMember4,
-  insertGuildMembers,
-} from '../fixtures/discord/guildMember.fixture';
-import { Connection } from 'mongoose';
+// import request from 'supertest';
+// import httpStatus from 'http-status';
+// import app from '../../src/app';
+// import setupTestDB, { cleanUpTenantDatabases } from '../utils/setupTestDB';
+// import { userOne, insertUsers, userTwo, userThree } from '../fixtures/user.fixture';
+// import { userOneAccessToken, userTwoAccessToken } from '../fixtures/token.fixture';
+// import { User, Community, ICommunityUpdateBody, DatabaseManager } from '@togethercrew.dev/db';
+// import { communityOne, communityTwo, communityThree, insertCommunities } from '../fixtures/community.fixture';
+// import {
+//   platformOne,
+//   platformTwo,
+//   platformThree,
+//   platformFour,
+//   platformFive,
+//   insertPlatforms,
+// } from '../fixtures/platform.fixture';
+// import { discordRole1, discordRole2, discordRole3, discordRole4, insertRoles } from '../fixtures/discord/roles.fixture';
+// import {
+//   discordGuildMember1,
+//   discordGuildMember2,
+//   discordGuildMember3,
+//   discordGuildMember4,
+//   insertGuildMembers,
+// } from '../fixtures/discord/guildMember.fixture';
+// import { Connection } from 'mongoose';
 
 // setupTestDB();
 

From ccb2fd7826c989f5ba1d2f7275b270105cc5a8c5 Mon Sep 17 00:00:00 2001
From: Behzad Rabiei <53224485+Behzad-rabiei@users.noreply.github.com>
Date: Mon, 15 Apr 2024 12:14:09 +0400
Subject: [PATCH 4/4] update mongo-lib package

---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 444518f..e62724d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
         "@discordjs/rest": "^1.7.0",
         "@notionhq/client": "^2.2.3",
         "@sentry/node": "^7.50.0",
-        "@togethercrew.dev/db": "^3.0.42",
+        "@togethercrew.dev/db": "^3.0.51",
         "@togethercrew.dev/tc-messagebroker": "^0.0.45",
         "@types/express-session": "^1.17.7",
         "@types/morgan": "^1.9.5",
@@ -3359,9 +3359,9 @@
       "dev": true
     },
     "node_modules/@togethercrew.dev/db": {
-      "version": "3.0.42",
-      "resolved": "https://registry.npmjs.org/@togethercrew.dev/db/-/db-3.0.42.tgz",
-      "integrity": "sha512-bZLPZ6OQAYSK8b0fDYqO8/vxBOTJQDXYzoaq4FVq54s3imXOdxoqaa1+Sjlk5l4rp6MT3eWeb38JEVtoZLckMQ==",
+      "version": "3.0.51",
+      "resolved": "https://registry.npmjs.org/@togethercrew.dev/db/-/db-3.0.51.tgz",
+      "integrity": "sha512-vmQV0tLnR4nSnzxRz1VvbD2RxgXjlJSOnBLBfD3vMsmnp3i6scyQFVRV/MaUIY1p1ZcXDpfQmd8JYNre1TTVQA==",
       "dependencies": {
         "discord.js": "^14.7.1",
         "joi": "^17.7.0",
diff --git a/package.json b/package.json
index b667837..0eeb36a 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
     "@discordjs/rest": "^1.7.0",
     "@notionhq/client": "^2.2.3",
     "@sentry/node": "^7.50.0",
-    "@togethercrew.dev/db": "^3.0.42",
+    "@togethercrew.dev/db": "^3.0.51",
     "@togethercrew.dev/tc-messagebroker": "^0.0.45",
     "@types/express-session": "^1.17.7",
     "@types/morgan": "^1.9.5",