Skip to content

Comments

Consider a copilot to have "full access" to a challenge (PM-2654)#6

Merged
jmgasper merged 1 commit intodevelopfrom
PM-2654
Nov 1, 2025
Merged

Consider a copilot to have "full access" to a challenge (PM-2654)#6
jmgasper merged 1 commit intodevelopfrom
PM-2654

Conversation

@jmgasper
Copy link
Contributor

@jmgasper jmgasper commented Oct 30, 2025

No description provided.

@jmgasper jmgasper requested a review from kkartunov October 30, 2025 19:54
github-actions[bot]
github-actions bot reviewed Oct 30, 2025
View reviewed changes
src/services/ResourceService.js
* @param {Array} resources resources of current user for specified challenge id
*/
async function checkAccess (currentUserResources) {
const copilotRoleIds = await getCopilotResourceRoleIds()
Copy link

@github-actions github-actions bot Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ performance]
Consider caching the result of getCopilotResourceRoleIds() if it is expected to be called frequently. This could improve performance by reducing database queries.

src/services/ResourceService.js
*/
async function checkAccess (currentUserResources) {
const copilotRoleIds = await getCopilotResourceRoleIds()
const hasCopilotRole = _.some(currentUserResources, r => copilotRoleIds.includes(r.roleId))
Copy link

@github-actions github-actions bot Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[💡 performance]
The use of _.some with includes is correct, but ensure that currentUserResources and copilotRoleIds are not excessively large, as this could impact performance. If they are, consider optimizing the data structure or approach.

github-actions[bot]
github-actions bot reviewed Oct 30, 2025
View reviewed changes
test/unit/createResource.test.js
})

it('copilot can manage resources without full access flags', async () => {
const originalRole = await helper.getById('ResourceRole', copilotRoleId)
Copy link

@github-actions github-actions bot Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[⚠️ correctness]
The test case modifies the ResourceRole to have no full access flags and then attempts to create a resource with a user that might not have the necessary permissions. Ensure that the test setup accurately reflects the intended permissions and that the test case is valid under the new role configuration.

test/unit/createResource.test.js
await assertResource(createdResource.id, createdResource)
} finally {
if (createdResource && createdResource.id) {
await prisma.resource.deleteMany({
Copy link

@github-actions github-actions bot Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[💡 maintainability]
Consider using delete instead of deleteMany if you are certain that only one resource will be deleted. This can prevent accidental deletion of multiple resources if the query conditions are not as expected.

@jmgasper jmgasper merged commit ea06535 into develop Nov 1, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@kkartunov kkartunov Awaiting requested review from kkartunov

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmgasper