Skip to content

Sai Teja - Add backend support for dedicated pause/resume permission#2161

Merged
one-community merged 13 commits into
OneCommunityGlobal:developmentfrom
saitejakaasoju:sai/pause-user-permission-backend
May 3, 2026
Merged

Sai Teja - Add backend support for dedicated pause/resume permission#2161
one-community merged 13 commits into
OneCommunityGlobal:developmentfrom
saitejakaasoju:sai/pause-user-permission-backend

Conversation

@saitejakaasoju
Copy link
Copy Markdown
Contributor

@saitejakaasoju saitejakaasoju commented Apr 9, 2026
edited
Loading

Description

Implements backend support for the dedicated pause/resume permission flow.

This PR adds support for the interactWithPauseUserButton permission in backend authorization logic, adds a dedicated pause/resume route, and seeds the permission into the expected default roles.

Fixes priority high bug(s):

  • Pause requests returning 404 because the dedicated pause route was missing
  • Pause/resume authorization using stale or inconsistent permission checks
  • Admin/Owner default permissions not including the new pause interaction permission

Related PRs (if any):

This backend PR is related to the frontend PR #5122.
To fully test this backend PR, please also check out frontend PR.

Main changes explained:

  • Update src/routes/userProfileRouter.js to add:
    • PATCH /api/userProfile/:userId/pause
  • Update src/controllers/userProfileController.js to:
    • add dedicated pauseResumeUser controller logic
    • authorize pause/resume using interactWithPauseUserButton
    • allow the new permission in related user status authorization checks
    • allow users with this permission to access the needed user profile list flow
  • Update src/utilities/createInitialPermissions.js to seed interactWithPauseUserButton into:
    • Administrator
    • Owner

How to test:

  1. Check out this branch in HGNRest
  2. Run the matching frontend PR locally from HighestGoodNetworkApp
  3. Start the backend from this branch
  4. Log in through the frontend as an Owner or Administrator with interactWithPauseUserButton
  5. Pause a user from the profile page and verify:
    • request succeeds
    • user becomes inactive / paused
  6. Resume that paused user and verify:
    • request succeeds
    • user becomes active again
  7. Verify the User Management table pause/resume flow also works
  8. Remove the permission from a test Owner/Admin and verify the frontend no longer exposes pause controls
  9. Grant the permission to a non-admin user and verify the backend accepts pause/resume requests from that user
  10. Confirm the paused user cannot log in until reactivated

Screenshots or videos of changes:

Note:

This PR should be tested together with the matching frontend PR. The frontend now uses the dedicated pause endpoint and the new permission key consistently.

Saiteja1703 and others added 5 commits February 25, 2026 12:19
@Saiteja1703
fix: add missing getEmailRecipientsForStatusChange helper
e4da1ee
@saitejakaasoju @claude
fix: resolve forbidden 403 error when Admin/Owner views another user'…
faf4eda 
…s dashboard

Changed logical operator from || to && in permission checks for
getUserNotifications and getUnreadUserNotifications in notificationController.js.

The previous condition (role !== 'Administrator' || role !== 'Owner') was
always true, blocking Admins and Owners from accessing another user's
notification data and causing a 'You are forbidden to access the resource'
popup when viewing other dashboards or clicking a user in the Leaderboard.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saitejakaasoju @claude
test: update notificationController unit tests to reflect fixed permi…
664b87b 
…ssion logic

Updated test cases for getUserNotifications and getUnreadUserNotifications
to correctly reflect the fixed || to && permission check.

- Updated 403 test to use a non-Admin/non-Owner role (Volunteer)
- Added new tests to verify Admins and Owners can access other users' notifications

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saitejakaasoju
fix: add pause user permission support
9be0075
@saitejakaasoju
Merge branch 'development' into sai/pause-user-permission-backend
702ddff
nathanah
nathanah approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@nathanah nathanah left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix the sonar warnings, but looks good to me otherwise.

@saitejakaasoju saitejakaasoju mentioned this pull request Apr 28, 2026
Merged
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
1.5% Duplication on New Code

See analysis details on SonarQube Cloud

@one-community
Copy link
Copy Markdown
Member

one-community commented May 3, 2026

Thank you all, merging!

@one-community one-community merged commit 4e1d402 into OneCommunityGlobal:development May 3, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nathanah nathanah nathanah approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saitejakaasoju @one-community @nathanah @Saiteja1703