#795 Enforce users on same team for tasks

Author: alaneng-neu

src/backend/src/services/deadline-notifications.services.ts

@@ -25,7 +25,6 @@ export default class DeadlineNotificationsService {
       include: {
         assignees: {
           include: {
-            userSecureSettings: true,
             userSettings: true,
             teamAsHead: true,
             teamsAsLead: true,

src/backend/src/services/reimbursement-requests.services.ts

@@ -49,7 +49,7 @@ import {
   vendorTransformer
 } from '../transformers/reimbursement-requests.transformer';
 import reimbursementQueryArgs from '../prisma-query-args/reimbursement.query-args';
-import { UserWithSettings } from '../utils/auth.utils';
+import { UserWithSecureSettings } from '../utils/auth.utils';
 import { sendReimbursementRequestDeniedNotification } from '../utils/slack.utils';
 
 export default class ReimbursementRequestService {
@@ -111,7 +111,7 @@ export default class ReimbursementRequestService {
    * @returns the created reimbursement request
    */
   static async createReimbursementRequest(
-    recipient: UserWithSettings,
+    recipient: UserWithSecureSettings,
     dateOfExpense: Date,
     vendorId: string,
     account: ClubAccount,

src/backend/src/services/tasks.services.ts

@@ -7,7 +7,7 @@ import prisma from '../prisma/prisma';
 import taskTransformer from '../transformers/tasks.transformer';
 import { NotFoundException, AccessDeniedException, HttpException, DeletedException } from '../utils/errors.utils';
 import { hasPermissionToEditTask, sendSlackTaskAssignedNotificationToUsers } from '../utils/tasks.utils';
-import { areUsersPartOfTeams, isUserOnTeam } from '../utils/teams.utils';
+import { allUsersOnTeam, areUsersPartOfTeams, isUserOnTeam } from '../utils/teams.utils';
 import { getUsers } from '../utils/users.utils';
 import { wbsNumOf } from '../utils/utils';
 
@@ -80,6 +80,9 @@ export default class TasksService {
     if (!areUsersPartOfTeams(teams, users))
       throw new HttpException(400, `All assignees must be part of one of the project's team!`);
 
+    if (!teams.some((team) => allUsersOnTeam(team, users)))
+      throw new HttpException(400, 'All assignees must be part of the same team!');
+
     if (!isUnderWordCount(title, 15)) throw new HttpException(400, 'Title must be less than 15 words');
     if (!isUnderWordCount(notes, 250)) throw new HttpException(400, 'Notes must be less than 250 words');
 
@@ -202,6 +205,9 @@ export default class TasksService {
       throw new HttpException(400, "All assignees must be part of one of the project's teams");
     }
 
+    if (!teams.some((team) => allUsersOnTeam(team, assigneeUsers)))
+      throw new HttpException(400, 'All assignees must be part of the same team!');
+
     // retrieve userId for every assignee to update task's assignees in the database
     const transformedAssigneeUsers = assigneeUsers.map((user) => {
       return {

src/backend/src/utils/auth.utils.ts

@@ -107,6 +107,9 @@ export const getCurrentUser = async (res: Response): Promise<User> => {
 
 export type UserWithSettings = User & {
   userSettings: User_Settings | null;
+};
+
+export type UserWithSecureSettings = UserWithSettings & {
   userSecureSettings: User_Secure_Settings | null;
 };
 
@@ -116,7 +119,7 @@ export type UserWithSettings = User & {
  * @returns the user with their user settings
  * @throws if no user with the userId exists
  */
-export const getCurrentUserWithUserSettings = async (res: Response): Promise<UserWithSettings> => {
+export const getCurrentUserWithUserSettings = async (res: Response): Promise<UserWithSecureSettings> => {
   const { userId } = res.locals;
   const user = await prisma.user.findUnique({
     where: { userId },

src/backend/src/utils/deadline-notifications.utils.ts

@@ -19,7 +19,8 @@ export const usersToSlackPings = (users: UserWithSettings[]) => {
 };
 
 /**
- * Gets the team of a task's assignees
+ * Gets the team of a task's assignees.
+ * Assumes all assigness share a team
  * @param users the users of the task
  * @returns the slack id of the team assigned to the task
  */