Merge branch 'voting-feature' into copilot/fix-typecheck-issues

Author: sezanzeb

backend/src/services/rating-service.ts

@@ -223,6 +223,10 @@ export class RatingService implements IRatingService {
    * Check if the user is permitted to create/modify/delete this rating.
    */
   private async checkPermission(rating: Rating, user: User): Promise<void> {
+    if (!user.admitted) {
+      throw new ForbiddenError("Only admitted users may rate projects");
+    }
+
     const settings = await this._settings.getSettings();
     if (!settings.application.allowRatingProjects) {
       throw new ForbiddenError(

backend/test/services/rating-service.spec.ts

@@ -58,6 +58,7 @@ describe("RatingService", () => {
     ratingUser.verifyToken = "";
     ratingUser.tokenSecret = "";
     ratingUser.forgotPasswordToken = "";
+    ratingUser.admitted = true;
 
     // A user who is a member of the project team
     teamMember = new User();
@@ -69,6 +70,7 @@ describe("RatingService", () => {
     teamMember.verifyToken = "";
     teamMember.tokenSecret = "";
     teamMember.forgotPasswordToken = "";
+    teamMember.admitted = true;
 
     [ratingUser, teamMember] = await userRepo.save([ratingUser, teamMember]);
 
@@ -98,6 +100,23 @@ describe("RatingService", () => {
 
   describe("checkPermission", () => {
     describe("via upsertRating", () => {
+      it("throws ForbiddenError if user is not admitted", async () => {
+        expect.assertions(1);
+
+        ratingUser.admitted = false;
+
+        const rating = Object.assign(new Rating(), {
+          project: mockProject,
+          user: ratingUser,
+          criterion: mockCriterion,
+          rating: 3,
+        });
+
+        await expect(
+          ratingService.upsertRating(rating, ratingUser),
+        ).rejects.toThrow(ForbiddenError);
+      });
+
       it("throws ForbiddenError when rating is globally disabled", async () => {
         expect.assertions(1);
 

frontend/src/components/pages/view-project.tsx

@@ -90,14 +90,16 @@ const EditProject = ({ project }: { project: ProjectDTO }) => {
     event.preventDefault();
   }, []);
 
+  const isAdmin = user?.role == UserRole.Root;
+
   return (
     <Page>
       <PageHeader
         pageTitle={`Edit Project - ${project?.title}`}
         buttonText="Save Changes"
         buttonOnClick={sendSaveProjectRequest}
         buttonLoading={updateProjectInProgress}
-        subTitle="You are part of the team of this project"
+        subTitle={isAdmin ? null : "You are part of the team of this project"}
       />
       {updateProjectError && (
         <div style={{ marginBottom: "1rem" }}>