Merge pull request #114 from hackaburg/copilot/update-make-project-ratable-endpoint

Merge `allowRating` control into PUT /projects/project/:id; restrict to admins only

Author: sezanzeb

backend/src/controllers/rating-controller.ts

@@ -23,26 +23,6 @@ export class RatingController {
     @Inject(RatingServiceToken) private readonly _ratings: IRatingService,
   ) {}
 
-  /**
-   * Allow users to rate a specific project (if ratings are enabled in the application
-   * settings).
-   *
-   * By using the application setting, admins can prepare the projects that can be
-   * rated, and then allow all of them at the same time. And when the rating is closed,
-   * disable all of them at the same time. This is done in the settings-controller.
-   *
-   * TODO probably move to the project controller, allow changing this setting only
-   *  if an admin
-   *
-   * TODO write test that the attribute cannot be changed by the project put endpoint
-   *  by regular users
-   */
-  @Post("/make-project-ratable")
-  @Authorized(UserRole.Root)
-  public async enableRatingForProject(): Promise<void> {
-    // TODO set allowRating of project
-  }
-
   /**
    * Rate a project
    *

backend/src/services/project-service.ts

@@ -1,3 +1,4 @@
+import { NotFoundError } from "routing-controllers";
 import { Inject, Service, Token } from "typedi";
 import { Repository } from "typeorm";
 import { IService } from ".";
@@ -8,6 +9,7 @@ import {
   convertBetweenEntityAndDTO,
 } from "../controllers/dto";
 import { User } from "../entities/user";
+import { UserRole } from "../entities/user-role";
 
 /**
  * An interface describing user handling.
@@ -72,9 +74,23 @@ export class ProjectService implements IProjectService {
    * @param project The project to update
    */
   public async updateProject(project: Project, user: User): Promise<Project> {
-    // TODO
-    await this.checkPermission(project, user);
-    // TODO allow changing allowRating only if admin
+    const existing = await this._projects.findOneBy({ id: project.id });
+
+    if (!existing) {
+      throw new NotFoundError();
+    }
+
+    await this.checkPermission(existing, user);
+
+    existing.title = project.title;
+    existing.description = project.description;
+
+    // Only admins may change allowRating
+    if (user.role === UserRole.Root) {
+      existing.allowRating = project.allowRating;
+    }
+
+    return this._projects.save(existing);
   }
 
   /**