adds roles and updates the can() method in authz.ts to account for role permissions when making an action (proper unit tests included)

Author: marceljc3

data/githubDiscordMap.json

@@ -2,76 +2,97 @@
   "AJaccP": {
     "githubUsername": "AJaccP",
     "githubId": "U_kgDOBrIU2w",
-    "discordId": "693093284998021141"
+    "discordId": "693093284998021141",
+    "roles": ["admin"] 
   },
   "eros-mcguire": {
     "githubUsername": "eros-mcguire",
     "githubId": "U_kgDOCLs4uA",
-    "discordId": "981895462992891935"
+    "discordId": "981895462992891935",
+    "roles": ["readonly"] 
   },
   "exkellybur": {
     "githubUsername": "exkellybur",
     "githubId": "U_kgDOBx7TuA",
-    "discordId": "398923451311587338"
+    "discordId": "398923451311587338",
+    "roles": ["readonly"] 
   },
   "JohnLu2004": {
     "githubUsername": "JohnLu2004",
     "githubId": "MDQ6VXNlcjg3NjczMDY4",
-    "discordId": "358054341179080704"
+    "discordId": "358054341179080704",
+    "roles": ["readonly"] 
   },
   "kimiaKR": {
     "githubUsername": "kimiaKR",
     "githubId": "U_kgDOC0aBdw",
-    "discordId": "706977821502865578"
+    "discordId": "706977821502865578",
+    "roles": ["readonly"] 
   },
   "LandonJMM": {
     "githubUsername": "LandonJMM",
     "githubId": "U_kgDOBs5OWw",
-    "discordId": "657607140835328059"
+    "discordId": "657607140835328059",
+    "roles": ["readonly"] 
   },
   "MathyouMB": {
     "githubUsername": "MathyouMB",
     "githubId": "MDQ6VXNlcjQzMjIzNjgy",
-    "discordId": "147881865548791808"
+    "discordId": "147881865548791808",
+    "roles": ["admin"] 
   },
   "MrRibcage": {
     "githubUsername": "MrRibcage",
     "githubId": "MDQ6VXNlcjQzNjU2MTM3",
-    "discordId": "142782738615762944"
+    "discordId": "142782738615762944",
+    "roles": ["readonly"] 
   },
   "Nguyen-HanhNong": {
     "githubUsername": "Nguyen-HanhNong",
     "githubId": "MDQ6VXNlcjgxOTc3MzUw",
-    "discordId": "929100662082531398"
+    "discordId": "929100662082531398",
+    "roles": ["readonly"] 
   },
   "rebeccakempe12": {
     "githubUsername": "rebeccakempe12",
     "githubId": "MDQ6VXNlcjc3MzY4MTky",
-    "discordId": "730876980861599744"
+    "discordId": "730876980861599744",
+    "roles": ["readonly"] 
   },
   "richard-dh-kim": {
     "githubUsername": "richard-dh-kim",
     "githubId": "MDQ6VXNlcjU4OTU5NjQ5",
-    "discordId": "241421629543022592"
+    "discordId": "241421629543022592",
+    "roles": ["readonly"] 
   },
   "rj-sci": {
     "githubUsername": "rj-sci",
-    "githubId": "tbd",
-    "discordId": "327557300497809422"
+    "githubId": "MDQ6VXNlcjcxNTM2MjYy",
+    "discordId": "327557300497809422",
+    "roles": ["readonly"] 
   },
   "ryangchung": {
     "githubUsername": "ryangchung",
     "githubId": "MDQ6VXNlcjg3MDI3OTgx",
-    "discordId": "365948481946517504"
+    "discordId": "365948481946517504",
+    "roles": ["readonly"] 
   },
   "VictorLi5611": {
     "githubUsername": "VictorLi5611",
     "githubId": "MDQ6VXNlcjczMzA1Mjg3",
-    "discordId": "247472197902270465"
+    "discordId": "247472197902270465",
+    "roles": ["readonly"] 
   },
   "VMordvinova": {
     "githubUsername": "VMordvinova",
     "githubId": "U_kgDOCFXXvw",
-    "discordId": "759902786107473932"
+    "discordId": "759902786107473932",
+    "roles": ["readonly"] 
+  },
+  "marceljc3": {
+    "githubUsername": "marceljc3",
+    "githubId": "MDQ6VXNlcjQ2NjkzMzU2", 
+    "discordId": "1180337219400118393",
+    "roles": ["readonly"] 
   }
 }

data/roles.json

@@ -0,0 +1,8 @@
+{
+    "admin": {
+      "permissions": ["githubIssue:write", "githubIssue:read"]
+    },
+    "readonly": {
+      "permissions": ["githubIssue:read"]
+    }
+}

src/infrastructure/discord/authz.ts

@@ -1,22 +1,34 @@
 import githubDiscordMapJson from "../../../data/githubDiscordMap.json";
+import rolesJson from "../../../data/roles.json";
 
 // New structure: map from GitHub username to object with discordId
 const githubDiscordMap: {
   [key: string]: {
     githubUsername: string;
     githubId: string;
     discordId: string;
+    roles: string[];
   };
 } = githubDiscordMapJson;
 
-// TODO: this any should be the generalized discord.js interaction type so that all interactions can leverage this method
-export const can = (interaction: any): boolean => {
-  const userId = interaction.user?.id;
+const roles: {
+  [role: string]: {
+    permissions: string[];
+  };
+} = rolesJson;
+
+export const can = (discordUserID: string, perms: string[]): boolean => {
+  const userEntry = Object.values(githubDiscordMap).find(
+    (entry: any) => entry.discordId === discordUserID
+  );
+
+  if (!userEntry || !userEntry.roles) {
+    return false; 
+  } 
 
-  const discordIds = Object.values(githubDiscordMap).map(
-    (entry) => entry.discordId,
+  const userPermissions = new Set(
+    userEntry.roles.flatMap((role: string) => roles[role]?.permissions || [])
   );
-  const isAuthorized = discordIds.includes(userId);
 
-  return isAuthorized;
-};
+  return perms.every(perm => userPermissions.has(perm));
+};

src/infrastructure/discord/commands/createIssue.ts

@@ -18,7 +18,7 @@ export const data = new SlashCommandBuilder()
   );
 
 export async function execute(interaction: CommandInteraction) {
-  if (!can(interaction)) {
+  if (!can(interaction.user.id, ["githubissue:write"])) {
     await interaction.reply({
       content: "You do not have permission to create an issue.",
       ephemeral: true,

src/infrastructure/discord/commands/myIssues.ts

@@ -26,7 +26,7 @@ export const data = new SlashCommandBuilder()
   );
 
 export async function execute(interaction: CommandInteraction) {
-  if (!can(interaction)) {
+  if (!can(interaction.user.id, ["githubissue:read"])) {
     await interaction.reply({
       content: "You do not have permission to create an issue.",
       ephemeral: true,

src/infrastructure/discord/commands/unassignedIssues.ts

@@ -27,7 +27,7 @@ export const data = new SlashCommandBuilder()
   );
 
 export async function execute(interaction: CommandInteraction) {
-  if (!can(interaction)) {
+  if (!can(interaction.user.id, ["githubissue:read"])) {
     await interaction.reply({
       content: "You do not have permission to view issues.",
       ephemeral: true,

test/infrastructure/discord/tasks/authz.test.ts

@@ -0,0 +1,53 @@
+import { can } from "@infrastructure/discord/authz";
+
+describe("auth tests", () => {
+    it("will accept one role with all permissions", () =>{
+        const discordID = "693093284998021141";
+        jest.mock(
+            "../../../../data/githubDiscordMap.json",
+            () => ({
+                User1: {
+                    discordID: discordID,
+                    roles: ["admin"],
+                },
+            }),
+            { virtual: true },
+        );
+        expect(can(discordID, ["githubIssue:write", "githubIssue:read"])).toBe(true);
+    });
+
+    it("will throw an error if user has no roles", () =>{
+        const discordID = "12345";
+        jest.mock(
+            "../../../../data/githubDiscordMap.json",
+            () => ({
+                User1: {
+                    discordID: discordID,
+                    roles: [],
+                },
+            }),
+            { virtual: true },
+        );
+        expect(can(discordID, ["githubIssue:read", "githubIssue:write"])).toBe(false);
+    });
+
+    it("will throw an error if user does not have all of the required permissions", () =>{
+        const discordID = "142782738615762944";
+        jest.mock(
+            "../../../../data/githubDiscordMap.json",
+            () => ({
+                User1: {
+                    discordID: discordID,
+                    roles: ["readonly"],
+                },
+            }),
+            { virtual: true },
+        );
+        expect(can(discordID, ["githubIssue:read", "githubIssue:write"])).toBe(false);
+    });
+
+    it('will throw an error if the user is not in the map', () => {
+        const id = "12345"; 
+        expect(can(id, ["githubIssue:write", "githubIssue:read"])).toBe(false);
+    });
+});