Merge pull request #1572 from topcoder-platform/PM-4650

PM-4650: show engagements tab for talent managers

Author: jmgasper

src/apps/work/src/lib/components/NavTabs/config/tabs-config.spec.ts

@@ -0,0 +1,33 @@
+import { getTabsConfig } from './tabs-config'
+
+jest.mock('~/config', () => ({
+    AppSubdomain: {
+        work: 'work',
+    },
+    EnvironmentConfig: {
+        SUBDOMAIN: 'work',
+    },
+}), {
+    virtual: true,
+})
+
+jest.mock('../../../utils/permissions.utils', () => ({
+    canViewAllEngagements: (userRoles: string[]) => (
+        userRoles.includes('administrator') || userRoles.includes('talent manager')
+    ),
+}))
+
+describe('getTabsConfig', () => {
+    it('shows the engagements tab for talent managers on the common work page', () => {
+        expect(getTabsConfig(['talent manager'], false)
+            .map(tab => tab.id))
+            .toContain('engagements')
+    })
+
+    it('keeps the engagements tab hidden for project managers without talent manager access', () => {
+        expect(getTabsConfig(['project manager'], false)
+            .map(tab => tab.id))
+            .not
+            .toContain('engagements')
+    })
+})

src/apps/work/src/lib/components/NavTabs/config/tabs-config.ts

@@ -15,6 +15,7 @@ import {
     projectsRouteId,
     taasRouteId,
 } from '../../../../config/routes.config'
+import { canViewAllEngagements } from '../../../utils/permissions.utils'
 
 function hasAnyRole(userRoles: string[], roles: string[]): boolean {
     return userRoles.some(role => roles.includes(role.toLowerCase()))
@@ -26,6 +27,7 @@ export function getTabsConfig(userRoles: string[], isAnonymous: boolean): TabsNa
     }
 
     const isAdmin = hasAnyRole(userRoles, ADMIN_ROLES)
+    const canViewEngagements = canViewAllEngagements(userRoles)
 
     const tabs: TabsNavItem[] = [
         {
@@ -34,7 +36,7 @@ export function getTabsConfig(userRoles: string[], isAnonymous: boolean): TabsNa
         },
     ]
 
-    if (isAdmin) {
+    if (canViewEngagements) {
         tabs.push({
             id: engagementsRouteId,
             title: 'Engagements',

src/apps/work/src/lib/utils/permissions.utils.spec.ts

@@ -4,6 +4,7 @@ import type { Project } from '../models'
 
 import {
     canCreateEngagement,
+    canViewAllEngagements,
     checkCanManageProject,
     checkIsUserInvitedToProject,
     checkProjectMembership,
@@ -78,6 +79,17 @@ describe('permissions.utils project management helpers', () => {
             .toBe(true)
     })
 
+    it('limits all-engagement access to admins and talent managers', () => {
+        expect(canViewAllEngagements(['copilot']))
+            .toBe(false)
+        expect(canViewAllEngagements(['project manager']))
+            .toBe(false)
+        expect(canViewAllEngagements(['administrator']))
+            .toBe(true)
+        expect(canViewAllEngagements(['topcoder talent manager']))
+            .toBe(true)
+    })
+
     it('normalizes project membership checks and role lookups by user id', () => {
         expect(checkProjectMembership(managedProject, '123'))
             .toBe(true)

src/apps/work/src/lib/utils/permissions.utils.ts

@@ -161,6 +161,19 @@ export function canEditTaasProject(userRoles: string[]): boolean {
     return hasAdminRole(userRoles) || hasCopilotRole(userRoles)
 }
 
+/**
+ * Returns whether the supplied user roles can access the common all-engagements view.
+ *
+ * This root work-app page is intended for admins and Talent Managers only.
+ * Project managers still use project-scoped engagement pages.
+ *
+ * @param userRoles caller roles from the decoded auth token or app context.
+ * @returns `true` when the caller can open the all-engagements page; otherwise `false`.
+ */
+export function canViewAllEngagements(userRoles: string[]): boolean {
+    return hasAdminRole(userRoles) || checkTalentManager(userRoles)
+}
+
 /**
  * Returns whether the supplied user roles can create engagements.
  *

src/apps/work/src/work-app.routes.tsx

@@ -42,6 +42,7 @@ import { WORK_MANAGER_ALLOWED_ROLES } from './config/access.config'
 import { ErrorMessage } from './lib/components'
 import { WorkAppContext } from './lib/contexts'
 import { WorkAppContextModel } from './lib/models'
+import { canViewAllEngagements } from './lib/utils'
 
 const WorkApp: LazyLoadedComponent = lazyLoad(() => import('./WorkApp'))
 
@@ -125,10 +126,6 @@ function canManageGroups(contextValue: WorkAppContextModel): boolean {
     return contextValue.isAdmin || contextValue.isCopilot || contextValue.isManager
 }
 
-function canViewAllEngagements(contextValue: WorkAppContextModel): boolean {
-    return contextValue.isAdmin
-}
-
 const GroupsRouteGuard: FC<PropsWithChildren> = (props: PropsWithChildren) => {
     const contextValue: WorkAppContextModel = useContext(WorkAppContext)
 
@@ -142,8 +139,8 @@ const GroupsRouteGuard: FC<PropsWithChildren> = (props: PropsWithChildren) => {
 const EngagementsRouteGuard: FC<PropsWithChildren> = (props: PropsWithChildren) => {
     const contextValue: WorkAppContextModel = useContext(WorkAppContext)
 
-    if (!canViewAllEngagements(contextValue)) {
-        return <ErrorMessage message='You need Admin role to view all engagements.' />
+    if (!canViewAllEngagements(contextValue.userRoles)) {
+        return <ErrorMessage message='You need Admin or Talent Manager role to view all engagements.' />
     }
 
     return <>{props.children}</>