Merge branch 'develop' into #1310-enforce-secure-settings-on-create-RR-form

Author: sharonyang16

src/backend/src/services/tasks.services.ts

@@ -94,7 +94,10 @@ export default class TasksService {
    */
   static async editTask(user: User, taskId: string, title: string, notes: string, priority: Task_Priority, deadline: Date) {
     const hasPermission = await hasPermissionToEditTask(user, taskId);
-    if (!hasPermission) throw new AccessDeniedException();
+    if (!hasPermission)
+      throw new AccessDeniedException(
+        'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
+      );
 
     const originalTask = await prisma.task.findUnique({ where: { taskId } });
     if (!originalTask) throw new NotFoundException('Task', taskId);
@@ -129,7 +132,7 @@ export default class TasksService {
     const hasPermission = await hasPermissionToEditTask(user, taskId);
     if (!hasPermission)
       throw new AccessDeniedException(
-        'Only admins, app admins, task creators, project leads, project managers, or project assignees can edit a task'
+        'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
       );
 
     const updatedTask = await prisma.task.update({ where: { taskId }, data: { status }, ...taskQueryArgs });
@@ -158,7 +161,7 @@ export default class TasksService {
     const hasPermission = await hasPermissionToEditTask(user, taskId);
     if (!hasPermission)
       throw new AccessDeniedException(
-        'Only admins, app admins, task creators, project leads, project managers, or project assignees can edit a task'
+        'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
       );
 
     // this throws if any of the users aren't found

src/backend/tests/tasks.test.ts

@@ -201,7 +201,7 @@ describe('Tasks', () => {
       // Try updating from IN_PROGRESS to IN_BACKLOG
       await expect(() => TasksService.editTaskStatus(aquaman, taskId, Task_Status.IN_BACKLOG)).rejects.toThrow(
         new AccessDeniedException(
-          'Only admins, app admins, task creators, project leads, project managers, or project assignees can edit a task'
+          'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
         )
       );
     });
@@ -216,7 +216,7 @@ describe('Tasks', () => {
       // Aquaman is a leader, but did not create this task
       await expect(() => TasksService.editTaskStatus(aquaman, taskId, Task_Status.IN_BACKLOG)).rejects.toThrow(
         new AccessDeniedException(
-          'Only admins, app admins, task creators, project leads, project managers, or project assignees can edit a task'
+          'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
         )
       );
     });
@@ -288,7 +288,7 @@ describe('Tasks', () => {
         TasksService.editTaskAssignees(aquaman, taskId, [superman.userId, wonderwoman.userId])
       ).rejects.toThrow(
         new AccessDeniedException(
-          'Only admins, app admins, task creators, project leads, project managers, or project assignees can edit a task'
+          'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
         )
       );
     });
@@ -391,7 +391,11 @@ describe('Tasks', () => {
       vi.spyOn(taskUtils, 'hasPermissionToEditTask').mockResolvedValue(false);
       await expect(() =>
         TasksService.editTask(wonderwoman, taskId, fakeTitle, fakeNotes, fakePriority, fakeDeadline)
-      ).rejects.toThrow(new AccessDeniedException());
+      ).rejects.toThrow(
+        new AccessDeniedException(
+          'Only admins, app admins, heads, task creators, project leads, project managers, or project assignees can edit a task'
+        )
+      );
     });
 
     test('Task not found', async () => {

src/frontend/src/apis/change-requests.api.ts

@@ -141,3 +141,12 @@ export const addProposedSolution = (
     budgetImpact
   });
 };
+
+/**
+ * Request reviewers in change request
+ * @param crId The ID of the associated change request.
+ * @param crReviewData The data to request reviewers
+ */
+export const requestCRReview = (crId: string, crReviewData: { userIds: number[] }) => {
+  return axios.post<{ message: string }>(apiUrls.changeRequestRequestReviewer(crId), crReviewData);
+};

src/frontend/src/components/ActionsMenu.tsx

@@ -2,20 +2,22 @@ import { Box } from '@mui/system';
 import { ReactElement, useState } from 'react';
 import { NERButton } from './NERButton';
 import { ArrowDropDown } from '@mui/icons-material';
-import { ListItemIcon, Menu, MenuItem } from '@mui/material';
+import { Divider, ListItemIcon, Menu, MenuItem } from '@mui/material';
 
 export type ButtonInfo = {
   title: string;
   onClick: () => void;
   disabled?: boolean;
   icon?: ReactElement;
+  dividerTop?: boolean;
 };
 
 interface ActionsMenuProps {
   buttons: ButtonInfo[];
+  title?: string;
 }
 
-const ActionsMenu: React.FC<ActionsMenuProps> = ({ buttons }) => {
+const ActionsMenu: React.FC<ActionsMenuProps> = ({ buttons, title = 'Actions' }) => {
   const [anchorEl, setAnchorEl] = useState<null | HTMLElement>(null);
 
   const handleClick = (event: React.MouseEvent<HTMLElement>) => {
@@ -36,22 +38,25 @@ const ActionsMenu: React.FC<ActionsMenuProps> = ({ buttons }) => {
         id="reimbursement-request-actions-dropdown"
         onClick={handleClick}
       >
-        Actions
+        {title}
       </NERButton>
       <Menu open={dropdownOpen} anchorEl={anchorEl} onClose={handleDropdownClose}>
-        {buttons.map((button, index) => (
-          <MenuItem
-            key={index}
-            onClick={() => {
-              handleDropdownClose();
-              button.onClick();
-            }}
-            disabled={button.disabled}
-          >
-            <ListItemIcon>{button.icon}</ListItemIcon>
-            {button.title}
-          </MenuItem>
-        ))}
+        {buttons.flatMap((button, index) => {
+          return [
+            button.dividerTop && <Divider key={`${index}-divider`} />,
+            <MenuItem
+              key={index}
+              onClick={() => {
+                handleDropdownClose();
+                button.onClick();
+              }}
+              disabled={button.disabled}
+            >
+              <ListItemIcon>{button.icon}</ListItemIcon>
+              {button.title}
+            </MenuItem>
+          ];
+        })}
       </Menu>
     </Box>
   );

src/frontend/src/components/CheckList.tsx

@@ -14,6 +14,7 @@ import { Tooltip } from '@mui/material';
 import { User } from 'shared';
 import NERModal from './NERModal';
 import { fullNamePipe } from '../utils/pipes';
+import { useToast } from '../hooks/toasts.hooks';
 
 export type CheckListItem = {
   id: number;
@@ -34,14 +35,21 @@ const CheckList: React.FC<CheckListProps> = ({ title, items, isDisabled }) => {
   const { isLoading, mutateAsync } = useCheckDescriptionBullet();
   const [showConfirm, setShowConfirm] = useState<boolean>(false);
   const [currIdx, setCurrIdx] = useState<number>(-1);
+  const toast = useToast();
 
   const handleUncheck = async (idx: number) => {
     await handleCheck(idx);
     setShowConfirm(false);
   };
 
   const handleCheck = async (idx: number) => {
-    await mutateAsync({ userId: auth.user!.userId, descriptionId: items[idx].id });
+    try {
+      await mutateAsync({ userId: auth.user!.userId, descriptionId: items[idx].id });
+    } catch (e) {
+      if (e instanceof Error) {
+        toast.error(e.message);
+      }
+    }
   };
 
   items.sort((a: CheckListItem, b: CheckListItem) => {

src/frontend/src/components/NERFormModal.tsx

@@ -28,21 +28,24 @@ const NERFormModal = ({
    */
   const onSubmitWrapper = async (data: any) => {
     await onFormSubmit(data);
-    reset({ confirmDone: false });
+    reset();
   };
 
   return (
     <NERModal
       open={open}
-      onHide={onHide}
+      onHide={() => {
+        onHide();
+        reset();
+      }}
       formId={formId}
       title={title}
       cancelText={cancelText ? cancelText : 'Cancel'}
       submitText={submitText ? submitText : 'Submit'}
       disabled={disabled}
       showCloseButton={showCloseButton}
     >
-      <form id={formId} onSubmit={handleUseFormSubmit(onSubmitWrapper)}>
+      <form id={formId} onSubmit={handleUseFormSubmit(onSubmitWrapper)} noValidate>
         {children}
       </form>
     </NERModal>

src/frontend/src/hooks/change-requests.hooks.ts

@@ -13,7 +13,8 @@ import {
   getSingleChangeRequest,
   reviewChangeRequest,
   addProposedSolution,
-  deleteChangeRequest
+  deleteChangeRequest,
+  requestCRReview
 } from '../apis/change-requests.api';
 
 /**
@@ -153,3 +154,22 @@ export const useCreateProposeSolution = () => {
     }
   );
 };
+
+/**
+ * Custom React hook to request cr reviewers
+ */
+export const useRequestCRReview = (crId: string) => {
+  const queryClient = useQueryClient();
+  return useMutation<{ message: string }, Error, any>(
+    ['change requests', 'review'],
+    async (crReviewPayload: { userIds: number[] }) => {
+      const { data } = await requestCRReview(crId, crReviewPayload);
+      return data;
+    },
+    {
+      onSuccess: () => {
+        queryClient.invalidateQueries(['change requests']);
+      }
+    }
+  );
+};

src/frontend/src/pages/AdminToolsPage/FinanceConfig/AccountCodeFormModal.tsx

@@ -2,14 +2,14 @@ import { ExpenseType } from 'shared';
 import { ExpenseTypePayload } from '../../../hooks/finance.hooks';
 import { Controller, useForm } from 'react-hook-form';
 import NERFormModal from '../../../components/NERFormModal';
-import { Checkbox, FormControl, FormLabel } from '@mui/material';
+import { Checkbox, FormControl, FormLabel, FormHelperText } from '@mui/material';
 import ReactHookTextField from '../../../components/ReactHookTextField';
 import { useToast } from '../../../hooks/toasts.hooks';
 import * as yup from 'yup';
 import { yupResolver } from '@hookform/resolvers/yup';
 
 const schema = yup.object().shape({
-  code: yup.number().required('Account Code is Required'),
+  code: yup.number().typeError('Account Code must be a number').required('Account Code is Required'),
   name: yup.string().required('Account Name is Required'),
   allowed: yup.boolean().required('Allowed is Required')
 });
@@ -26,10 +26,9 @@ const AccountCodeFormModal = ({ showModal, handleClose, defaultValues, onSubmit
   const {
     handleSubmit,
     control,
-    formState: { isValid },
-    reset
+    reset,
+    formState: { errors }
   } = useForm({
-    mode: 'onChange',
     resolver: yupResolver(schema),
     defaultValues: {
       code: defaultValues?.code,
@@ -54,20 +53,21 @@ const AccountCodeFormModal = ({ showModal, handleClose, defaultValues, onSubmit
       open={showModal}
       onHide={handleClose}
       title={!!defaultValues ? 'Edit Account Code' : 'Create Account Code'}
-      reset={reset}
+      reset={() => reset({ name: '', code: undefined, allowed: false })}
       handleUseFormSubmit={handleSubmit}
       onFormSubmit={onFormSubmit}
       formId={!!defaultValues ? 'edit-vendor-form' : 'create-vendor-form'}
-      disabled={!isValid}
       showCloseButton
     >
       <FormControl fullWidth>
         <FormLabel>Account Name</FormLabel>
         <ReactHookTextField name="name" control={control} fullWidth />
+        <FormHelperText error>{errors.name?.message}</FormHelperText>
       </FormControl>
       <FormControl fullWidth>
         <FormLabel>Account Code</FormLabel>
         <ReactHookTextField name="code" control={control} fullWidth />
+        <FormHelperText error>{errors.code?.message}</FormHelperText>
       </FormControl>
       <FormControl>
         <FormLabel>Allowed?</FormLabel>

src/frontend/src/pages/AdminToolsPage/FinanceConfig/AccountCodesTable.tsx

@@ -49,7 +49,10 @@ const AccountCodesTable = () => {
       {clickedAccountCode && (
         <EditAccountCodeModal
           showModal={showEditModal}
-          handleClose={() => setShowEditModal(false)}
+          handleClose={() => {
+            setShowEditModal(false);
+            setClickedAccountCode(undefined);
+          }}
           accountCode={clickedAccountCode}
         />
       )}

src/frontend/src/pages/AdminToolsPage/FinanceConfig/CreateVendorModal.tsx

@@ -1,6 +1,6 @@
 import { useForm } from 'react-hook-form';
 import NERFormModal from '../../../components/NERFormModal';
-import { FormControl, FormLabel } from '@mui/material';
+import { FormControl, FormLabel, FormHelperText } from '@mui/material';
 import ReactHookTextField from '../../../components/ReactHookTextField';
 import { useCreateVendor } from '../../../hooks/finance.hooks';
 import { useToast } from '../../../hooks/toasts.hooks';
@@ -10,7 +10,7 @@ import * as yup from 'yup';
 import { yupResolver } from '@hookform/resolvers/yup';
 
 const schema = yup.object().shape({
-  name: yup.string().required('Account Name is Required')
+  name: yup.string().required('Vendor Name is Required')
 });
 
 interface NewVendorProps {
@@ -36,10 +36,9 @@ const CreateVendorModal = ({ showModal, handleClose }: NewVendorProps) => {
   const {
     handleSubmit,
     control,
-    formState: { isValid },
-    reset
+    reset,
+    formState: { errors }
   } = useForm({
-    mode: 'onChange',
     resolver: yupResolver(schema),
     defaultValues: {
       name: ''
@@ -54,16 +53,16 @@ const CreateVendorModal = ({ showModal, handleClose }: NewVendorProps) => {
       open={showModal}
       onHide={handleClose}
       title="New Vendor"
-      reset={reset}
+      reset={() => reset({ name: '' })}
       handleUseFormSubmit={handleSubmit}
       onFormSubmit={onSubmit}
       formId="new-vendor-form"
-      disabled={!isValid}
       showCloseButton
     >
       <FormControl>
         <FormLabel>Vendor Name</FormLabel>
         <ReactHookTextField name="name" control={control} sx={{ width: 1 }} />
+        <FormHelperText error>{errors.name?.message}</FormHelperText>
       </FormControl>
     </NERFormModal>
   );