rubberduck-vba
diff --git a/‎rubberduckvba.Server/Api/Admin/AdminController.cs
Lines changed: 7 additions & 7 deletions b/‎rubberduckvba.Server/Api/Admin/AdminController.cs
Lines changed: 7 additions & 7 deletions
diff --git a/‎rubberduckvba.Server/Api/Auth/AuthController.cs
Lines changed: 6 additions & 2 deletions b/‎rubberduckvba.Server/Api/Auth/AuthController.cs
Lines changed: 6 additions & 2 deletions
diff --git a/‎rubberduckvba.Server/Api/Features/FeaturesController.cs
Lines changed: 4 additions & 4 deletions b/‎rubberduckvba.Server/Api/Features/FeaturesController.cs
Lines changed: 4 additions & 4 deletions
diff --git a/‎rubberduckvba.Server/GitHubSettings.cs
Lines changed: 12 additions & 0 deletions b/‎rubberduckvba.Server/GitHubSettings.cs
Lines changed: 12 additions & 0 deletions
diff --git a/‎rubberduckvba.Server/Services/GitHubClientService.cs
Lines changed: 36 additions & 11 deletions b/‎rubberduckvba.Server/Services/GitHubClientService.cs
Lines changed: 36 additions & 11 deletions
diff --git a/‎rubberduckvba.client/rubberduckvba.client.esproj
Lines changed: 2 additions & 0 deletions b/‎rubberduckvba.client/rubberduckvba.client.esproj
Lines changed: 2 additions & 0 deletions
diff --git a/‎rubberduckvba.client/src/app/app.component.ts
Lines changed: 1 addition & 1 deletion b/‎rubberduckvba.client/src/app/app.component.ts
Lines changed: 1 addition & 1 deletion
diff --git a/‎rubberduckvba.client/src/app/app.module.ts
Lines changed: 6 additions & 0 deletions b/‎rubberduckvba.client/src/app/app.module.ts
Lines changed: 6 additions & 0 deletions
diff --git a/‎rubberduckvba.client/src/app/components/audits/audit-box/audit-box.component.html
Lines changed: 67 additions & 0 deletions b/‎rubberduckvba.client/src/app/components/audits/audit-box/audit-box.component.html
Lines changed: 67 additions & 0 deletions
@@ -16,7 +16,7 @@ public class AdminController(ConfigurationOptions options, HangfireLauncherServi
     /// Enqueues a job that updates xmldoc content from the latest release/pre-release tags.
     /// </summary>
     /// <returns>The unique identifier of the enqueued job.</returns>
-    [Authorize("github")]
+    [Authorize("github", Roles = RDConstants.AdminRole)]
     [HttpPost("admin/update/xmldoc")]
     public IActionResult UpdateXmldocContent()
     {
@@ -28,23 +28,23 @@ public IActionResult UpdateXmldocContent()
     /// Enqueues a job that gets the latest release/pre-release tags and their respective assets, and updates the installer download stats.
     /// </summary>
     /// <returns>The unique identifier of the enqueued job.</returns>
-    [Authorize("github")]
+    [Authorize("github", Roles = RDConstants.AdminRole)]
     [HttpPost("admin/update/tags")]
     public IActionResult UpdateTagMetadata()
     {
         var jobId = hangfire.UpdateTagMetadata();
         return Ok(jobId);
     }
 
-    [Authorize("github")]
+    [Authorize("github", Roles = RDConstants.AdminRole)]
     [HttpPost("admin/cache/clear")]
     public IActionResult ClearCache()
     {
         cache.Clear();
         return Ok();
     }
 
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]
     [HttpGet("admin/audits/pending")]
     public async Task<IActionResult> GetPendingAudits()
     {
@@ -54,7 +54,7 @@ public async Task<IActionResult> GetPendingAudits()
         return Ok(new { edits = edits.ToArray(), other = ops.ToArray() });
     }
 
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]
     [HttpGet("admin/audits/{featureId}")]
     public async Task<IActionResult> GetPendingAudits([FromRoute] int featureId)
     {
@@ -64,7 +64,7 @@ public async Task<IActionResult> GetPendingAudits([FromRoute] int featureId)
         return Ok(new { edits = edits.ToArray(), other = ops.ToArray() });
     }
 
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]
     [HttpPost("admin/audits/approve/{id}")]
     public async Task<IActionResult> ApprovePendingAudit([FromRoute] int id)
     {
@@ -100,7 +100,7 @@ public async Task<IActionResult> ApprovePendingAudit([FromRoute] int id)
         return Ok("Operation was approved successfully.");
     }
 
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]
     [HttpPost("admin/audits/reject/{id}")]
     public async Task<IActionResult> RejectPendingAudit([FromRoute] int id)
     {
 
@@ -10,11 +10,13 @@ namespace rubberduckvba.Server.Api.Auth;
 
 public record class UserViewModel
 {
-    public static UserViewModel Anonymous { get; } = new UserViewModel { Name = "(anonymous)", IsAuthenticated = false, IsAdmin = false };
+    public static UserViewModel Anonymous { get; } = new UserViewModel { Name = "(anonymous)", IsAuthenticated = false, IsAdmin = false, IsReviewer = false, IsWriter = false };
 
     public string Name { get; init; } = default!;
     public bool IsAuthenticated { get; init; }
     public bool IsAdmin { get; init; }
+    public bool IsReviewer { get; init; }
+    public bool IsWriter { get; init; }
 }
 
 public record class SignInViewModel
@@ -59,7 +61,9 @@ public IActionResult Index()
                 {
                     Name = name,
                     IsAuthenticated = isAuthenticated,
-                    IsAdmin = role == configuration.Value.OwnerOrg
+                    IsAdmin = role == RDConstants.AdminRole,
+                    IsReviewer = role == RDConstants.AdminRole || role == RDConstants.ReviewerRole,
+                    IsWriter = role == RDConstants.WriterRole || role == RDConstants.AdminRole || role == RDConstants.ReviewerRole,
                 };
 
                 return Ok(model);
 
@@ -152,7 +152,7 @@ public IActionResult QuickFix([FromRoute] string name)
     }
 
     [HttpGet("features/create")]
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]
     public async Task<ActionResult<FeatureEditViewModel>> Create([FromQuery] RepositoryId repository = RepositoryId.Rubberduck, [FromQuery] int? parentId = default)
     {
         var features = await GetFeatureOptions(repository);
@@ -163,7 +163,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Create([FromQuery] Reposit
     }
 
     [HttpPost("features/create")]
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]
     public async Task<ActionResult<FeatureEditViewModel>> Create([FromBody] FeatureEditViewModel model)
     {
         if (model.Id.HasValue || string.IsNullOrWhiteSpace(model.Name) || model.Name.Trim().Length < 3)
@@ -190,7 +190,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Create([FromBody] FeatureE
     }
 
     [HttpPost("features/update")]
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]
     public async Task<ActionResult<FeatureEditViewModel>> Update([FromBody] FeatureEditViewModel model)
     {
         if (model.Id.GetValueOrDefault() == default)
@@ -217,7 +217,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Update([FromBody] FeatureE
     }
 
     [HttpPost("features/delete")]
-    [Authorize("github")]
+    [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]
     public async Task Delete([FromBody] Feature model)
     {
         if (model.Id == default)
 
@@ -13,6 +13,18 @@ public record class ConnectionSettings
     public string HangfireDb { get; set; } = default!;
 }
 
+public static class RDConstants
+{
+    public const int OrganisationId = 12832254;
+    public const string WebAdminTeam = "WebAdmin";
+    public const string ContributorsTeam = "Contributors";
+
+    public const string ReaderRole = "rd-reader";
+    public const string WriterRole = "rd-writer";
+    public const string ReviewerRole = "rd-reviewer";
+    public const string AdminRole = "rd-admin";
+}
+
 public record class GitHubSettings
 {
     public string ClientId { get; set; } = default!;
 
@@ -42,21 +42,46 @@ private class ReleaseComparer : IEqualityComparer<Release>
         var credentials = new Credentials(token);
         var client = new GitHubClient(new ProductHeaderValue(config.UserAgent), new InMemoryCredentialStore(credentials));
 
+        var user = await client.User.Current();
         var orgs = await client.Organization.GetAllForCurrent();
-        var isOrgMember = orgs.Any(e => e.Id == config.RubberduckOrgId);
-        if (!isOrgMember)
+
+        var org = orgs.SingleOrDefault(e => e.Id == RDConstants.OrganisationId);
+        var isOrgMember = org is Organization rdOrg;
+
+        var claims = new List<Claim>
         {
-            return null;
-        }
+            new(ClaimTypes.Name, user.Login),
+            new(ClaimTypes.Authentication, token),
+            new("access_token", token)
+        };
 
-        var user = await client.User.Current();
-        var identity = new ClaimsIdentity(new[]
+        if (isOrgMember && !user.Suspended)
         {
-            new Claim(ClaimTypes.Name, user.Login),
-            new Claim(ClaimTypes.Role, config.OwnerOrg),
-            new Claim(ClaimTypes.Authentication, token),
-            new Claim("access_token", token)
-        }, "github");
+            var teams = await client.Organization.Team.GetAllForCurrent();
+
+            var adminTeam = teams.SingleOrDefault(e => e.Name == RDConstants.WebAdminTeam);
+            if (adminTeam is not null)
+            {
+                // authenticated members of the org who are in the admin team can manage the site and approve their own changes
+                claims.Add(new Claim(ClaimTypes.Role, RDConstants.AdminRole));
+            }
+            else
+            {
+                var contributorsTeam = teams.SingleOrDefault(e => e.Name == RDConstants.ContributorsTeam);
+                if (contributorsTeam is not null)
+                {
+                    // members of the contributors team can review/approve/reject suggested changes
+                    claims.Add(new Claim(ClaimTypes.Role, RDConstants.ReviewerRole));
+                }
+                else
+                {
+                    // authenticated members of the org can submit edits
+                    claims.Add(new Claim(ClaimTypes.Role, RDConstants.WriterRole));
+                }
+            }
+        }
+
+        var identity = new ClaimsIdentity(claims, "github");
         return new ClaimsPrincipal(identity);
     }
 
 
@@ -8,6 +8,8 @@
     <BuildOutputFolder>$(MSBuildProjectDirectory)\dist\rubberduckvba.client\</BuildOutputFolder>
   </PropertyGroup>
   <ItemGroup>
+    <Folder Include="src\app\components\audits\feature-state.review\" />
+    <Folder Include="src\app\components\audits\feature-delete.review\" />
     <Folder Include="src\app\routes\build\" />
   </ItemGroup>
 </Project>
@@ -1,4 +1,4 @@
-import { Component, OnInit } from '@angular/core';
+import { Component } from '@angular/core';
 
 @Component({
   selector: 'app-root',
 
@@ -41,6 +41,9 @@ import { DefaultUrlSerializer, UrlTree } from '@angular/router';
 import { AuthComponent } from './routes/auth/auth.component';
 import { AuthMenuComponent } from './components/auth-menu/auth-menu.component';
 import { AuditsAdminComponent } from './routes/audits/audits.component';
+import { AuditFeatureAdditionComponent } from './components/audits/feature-add.review/feature-add.review.component';
+import { AuditBoxComponent } from './components/audits/audit-box/audit-box.component';
+import { AuditFeatureEditMarkdownComponent } from './components/audits/feature-markdown.review/feature-edit-markdown.review.component';
 
 /**
  * https://stackoverflow.com/a/39560520
@@ -63,6 +66,9 @@ export class LowerCaseUrlSerializer extends DefaultUrlSerializer {
     AuthComponent,
     AuthMenuComponent,
     AuditsAdminComponent,
+    AuditBoxComponent,
+    AuditFeatureAdditionComponent,
+    AuditFeatureEditMarkdownComponent,
     IndenterComponent,
     FeaturesComponent,
     FeatureComponent,
 
@@ -0,0 +1,67 @@
+<div class="card">
+    <div class="card-header">
+        <div *ngIf="isEdit"><h4>{{auditEdit!.fieldName}}</h4></div>
+        <div *ngIf="isCreateOp"><h4>Create</h4><span>{{auditOp!.name}}</span></div>
+        <div *ngIf="isDeleteOp"><h4>Delete</h4><span>{{auditOp!.name}}</span></div>
+        <div>Submitted <strong>{{dateSubmitted}}</strong> by <strong>{{author}}</strong></div>
+        <div class="small text-muted" *ngIf="dateModified.length > 0">, last modified <strong>{{dateModified}}</strong></div>
+    </div>
+    <div class="card-body">
+        <div *ngIf="isCreateOp">
+            <review-feature-add [audit]="auditOp"></review-feature-add>
+        </div>
+        <div *ngIf="isDeleteOp">
+            <p>(todo: delete op)</p>
+            <!-- review-feature-delete [audit]="audit" -->
+        </div>
+        <div *ngIf="isEdit">
+            <review-edit-markdown [audit]="auditEdit"></review-edit-markdown>
+        </div>
+    </div>
+    <div class="card-footer">
+        <div class="text-end">
+            <button type="button" class="btn btn-outline-danger" data-toggle="modal" data-target="#confirmReject"><fa-icon [icon]="['fas','trash-can']"></fa-icon>&nbsp;Reject</button>
+            <button type="button" class="btn btn-outline-success" data-toggle="modal" data-target="#confirmApprove"><fa-icon [icon]="['fas','check']"></fa-icon>&nbsp;Approve</button>
+        </div>
+    </div>
+</div>
+
+<div id="confirmApprove" class="modal" role="dialog" aria-hidden="true">
+    <div class="modal-content" *ngIf="audit">
+        <div class="modal-header align-content-center">
+            <h4><img src="../../assets/vector-ducky-540.png" height="32">&nbsp;Approve this operation</h4>
+            <button type="button" class="btn-close" aria-label="close" data-dismiss="modal"></button>
+        </div>
+        <div class="modal-body my-2 mx-4">
+            <div class="row">
+                <p>Audit record ID <strong>{{audit.id}}</strong> will be marked as approved. Proceed?</p>
+                <hr />
+                <p class="small text-muted"><fa-icon [icon]="'triangle-exclamation'"></fa-icon> This action will be logged and associated to your login.</p>
+            </div>
+        </div>
+        <div class="modal-footer">
+            <button type="button" class="btn btn-outline-primary" data-dismiss="modal">Cancel</button>
+            <button type="button" class="btn btn-outline-success" (click)="onConfirmApprove()">Confirm</button>
+        </div>
+    </div>
+</div>
+
+<div id="confirmReject" class="modal" role="dialog" aria-hidden="true">
+    <div class="modal-content" *ngIf="audit">
+        <div class="modal-header align-content-center">
+            <h4><img src="../../assets/vector-ducky-540.png" height="32">&nbsp;Reject this operation</h4>
+            <button type="button" class="btn-close" aria-label="close" data-dismiss="modal"></button>
+        </div>
+        <div class="modal-body my-2 mx-4">
+            <div class="row">
+                <p>Audit record ID <strong>{{audit.id}}</strong> will be marked as approved. Proceed?</p>
+                <hr />
+                <p class="small text-muted"><fa-icon [icon]="'triangle-exclamation'"></fa-icon> This action will be logged and associated to your login.</p>
+            </div>
+        </div>
+        <div class="modal-footer">
+            <button type="button" class="btn btn-outline-primary" data-dismiss="modal">Cancel</button>
+            <button type="button" class="btn btn-outline-success" (click)="onConfirmReject()">Confirm</button>
+        </div>
+    </div>
+</div>
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public class AdminController(ConfigurationOptions options, HangfireLauncherServi`
`16`	`16`	`/// Enqueues a job that updates xmldoc content from the latest release/pre-release tags.`
`17`	`17`	`/// </summary>`
`18`	`18`	`/// <returns>The unique identifier of the enqueued job.</returns>`
`19`		`- [Authorize("github")]`
	`19`	`+ [Authorize("github", Roles = RDConstants.AdminRole)]`
`20`	`20`	`[HttpPost("admin/update/xmldoc")]`
`21`	`21`	`public IActionResult UpdateXmldocContent()`
`22`	`22`	`{`
`@@ -28,23 +28,23 @@ public IActionResult UpdateXmldocContent()`
`28`	`28`	`/// Enqueues a job that gets the latest release/pre-release tags and their respective assets, and updates the installer download stats.`
`29`	`29`	`/// </summary>`
`30`	`30`	`/// <returns>The unique identifier of the enqueued job.</returns>`
`31`		`- [Authorize("github")]`
	`31`	`+ [Authorize("github", Roles = RDConstants.AdminRole)]`
`32`	`32`	`[HttpPost("admin/update/tags")]`
`33`	`33`	`public IActionResult UpdateTagMetadata()`
`34`	`34`	`{`
`35`	`35`	`var jobId = hangfire.UpdateTagMetadata();`
`36`	`36`	`return Ok(jobId);`
`37`	`37`	`}`
`38`	`38`
`39`		`- [Authorize("github")]`
	`39`	`+ [Authorize("github", Roles = RDConstants.AdminRole)]`
`40`	`40`	`[HttpPost("admin/cache/clear")]`
`41`	`41`	`public IActionResult ClearCache()`
`42`	`42`	`{`
`43`	`43`	`cache.Clear();`
`44`	`44`	`return Ok();`
`45`	`45`	`}`
`46`	`46`
`47`		`- [Authorize("github")]`
	`47`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]`
`48`	`48`	`[HttpGet("admin/audits/pending")]`
`49`	`49`	`public async Task<IActionResult> GetPendingAudits()`
`50`	`50`	`{`
`@@ -54,7 +54,7 @@ public async Task<IActionResult> GetPendingAudits()`
`54`	`54`	`return Ok(new { edits = edits.ToArray(), other = ops.ToArray() });`
`55`	`55`	`}`
`56`	`56`
`57`		`- [Authorize("github")]`
	`57`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]`
`58`	`58`	`[HttpGet("admin/audits/{featureId}")]`
`59`	`59`	`public async Task<IActionResult> GetPendingAudits([FromRoute] int featureId)`
`60`	`60`	`{`
`@@ -64,7 +64,7 @@ public async Task<IActionResult> GetPendingAudits([FromRoute] int featureId)`
`64`	`64`	`return Ok(new { edits = edits.ToArray(), other = ops.ToArray() });`
`65`	`65`	`}`
`66`	`66`
`67`		`- [Authorize("github")]`
	`67`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]`
`68`	`68`	`[HttpPost("admin/audits/approve/{id}")]`
`69`	`69`	`public async Task<IActionResult> ApprovePendingAudit([FromRoute] int id)`
`70`	`70`	`{`
`@@ -100,7 +100,7 @@ public async Task<IActionResult> ApprovePendingAudit([FromRoute] int id)`
`100`	`100`	`return Ok("Operation was approved successfully.");`
`101`	`101`	`}`
`102`	`102`
`103`		`- [Authorize("github")]`
	`103`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole}")]`
`104`	`104`	`[HttpPost("admin/audits/reject/{id}")]`
`105`	`105`	`public async Task<IActionResult> RejectPendingAudit([FromRoute] int id)`
`106`	`106`	`{`
Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ public IActionResult QuickFix([FromRoute] string name)`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`[HttpGet("features/create")]`
`155`		`- [Authorize("github")]`
	`155`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]`
`156`	`156`	`public async Task<ActionResult<FeatureEditViewModel>> Create([FromQuery] RepositoryId repository = RepositoryId.Rubberduck, [FromQuery] int? parentId = default)`
`157`	`157`	`{`
`158`	`158`	`var features = await GetFeatureOptions(repository);`
`@@ -163,7 +163,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Create([FromQuery] Reposit`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`[HttpPost("features/create")]`
`166`		`- [Authorize("github")]`
	`166`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]`
`167`	`167`	`public async Task<ActionResult<FeatureEditViewModel>> Create([FromBody] FeatureEditViewModel model)`
`168`	`168`	`{`
`169`	`169`	`if (model.Id.HasValue \|\| string.IsNullOrWhiteSpace(model.Name) \|\| model.Name.Trim().Length < 3)`
`@@ -190,7 +190,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Create([FromBody] FeatureE`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`[HttpPost("features/update")]`
`193`		`- [Authorize("github")]`
	`193`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]`
`194`	`194`	`public async Task<ActionResult<FeatureEditViewModel>> Update([FromBody] FeatureEditViewModel model)`
`195`	`195`	`{`
`196`	`196`	`if (model.Id.GetValueOrDefault() == default)`
`@@ -217,7 +217,7 @@ public async Task<ActionResult<FeatureEditViewModel>> Update([FromBody] FeatureE`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`[HttpPost("features/delete")]`
`220`		`- [Authorize("github")]`
	`220`	`+ [Authorize("github", Roles = $"{RDConstants.AdminRole},{RDConstants.ReviewerRole},{RDConstants.WriterRole}")]`
`221`	`221`	`public async Task Delete([FromBody] Feature model)`
`222`	`222`	`{`
`223`	`223`	`if (model.Id == default)`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { Component, OnInit } from '@angular/core';`
	`1`	`+import { Component } from '@angular/core';`
`2`	`2`
`3`	`3`	`@Component({`
`4`	`4`	`selector: 'app-root',`