feat: can only edit draft opportunities (#3182)

Author: capJavert

__tests__/schema/opportunity.ts

@@ -125,6 +125,7 @@ describe('query opportunityById', () => {
       opportunityById(id: $id) {
         id
         type
+        state
         title
         tldr
         content {
@@ -202,6 +203,7 @@ describe('query opportunityById', () => {
     expect(res.data.opportunityById).toEqual({
       id: '550e8400-e29b-41d4-a716-446655440001',
       type: 1,
+      state: 2,
       title: 'Senior Full Stack Developer',
       tldr: 'Join our team as a Senior Full Stack Developer',
       content: {
@@ -1782,6 +1784,17 @@ describe('mutation uploadEmploymentAgreement', () => {
 });
 
 describe('mutation editOpportunity', () => {
+  beforeEach(async () => {
+    await con.getRepository(OpportunityJob).update(
+      {
+        id: opportunitiesFixture[0].id,
+      },
+      {
+        state: OpportunityState.DRAFT,
+      },
+    );
+  });
+
   const MUTATION = /* GraphQL */ `
     mutation EditOpportunity($id: ID!, $payload: OpportunityEditInput!) {
       editOpportunity(id: $id, payload: $payload) {
@@ -2232,6 +2245,30 @@ describe('mutation editOpportunity', () => {
 
     expect(res.errors).toBeFalsy();
   });
+
+  it('should throw error when opportunity is not draft', async () => {
+    loggedUser = '1';
+
+    await con
+      .getRepository(OpportunityJob)
+      .update(
+        { id: opportunitiesFixture[0].id },
+        { state: OpportunityState.LIVE },
+      );
+
+    await testMutationErrorCode(
+      client,
+      {
+        mutation: MUTATION,
+        variables: {
+          id: opportunitiesFixture[0].id,
+          payload: { title: 'Does not matter' },
+        },
+      },
+      'CONFLICT',
+      'Only opportunities in draft state can be edited',
+    );
+  });
 });
 
 describe('mutation recommendOpportunityScreeningQuestions', () => {

src/common/opportunity/accessControl.ts

@@ -2,10 +2,14 @@ import { AuthenticationError, ForbiddenError } from 'apollo-server-errors';
 import type { EntityManager } from 'typeorm';
 import { OpportunityUser } from '../../entity/opportunities/user';
 import { OpportunityUserType } from '../../entity/opportunities/types';
-import { NotFoundError } from '../../errors';
+import { ConflictError, NotFoundError } from '../../errors';
+import { Opportunity } from '../../entity/opportunities/Opportunity';
+import { OpportunityState } from '@dailydotdev/schema';
 
 export enum OpportunityPermissions {
   Edit = 'opportunity_edit',
+  UpdateState = 'opportunity_update_state',
+  ViewDraft = 'opportunity_view_draft',
 }
 
 export const ensureOpportunityPermissions = async ({
@@ -27,16 +31,42 @@ export const ensureOpportunityPermissions = async ({
     throw new NotFoundError('Not found!');
   }
 
-  if ([OpportunityPermissions.Edit].includes(permission)) {
-    const opportunityUser = await con.getRepository(OpportunityUser).findOne({
-      where: {
-        userId,
-        type: OpportunityUserType.Recruiter,
-        opportunityId,
-      },
-    });
+  if (
+    [
+      OpportunityPermissions.Edit,
+      OpportunityPermissions.UpdateState,
+      OpportunityPermissions.ViewDraft,
+    ].includes(permission)
+  ) {
+    const opportunityUserQb = con
+      .getRepository(OpportunityUser)
+      .createQueryBuilder('ou')
+      .select('ou.type', 'userType')
+      .where('"userId" = :userId', { userId })
+      .andWhere('"opportunityId" = :opportunityId', { opportunityId })
+      .andWhere('ou.type = :type', { type: OpportunityUserType.Recruiter });
+
+    if (permission === OpportunityPermissions.Edit) {
+      opportunityUserQb
+        .innerJoin(Opportunity, 'o', 'o.id = ou."opportunityId"')
+        .addSelect('o.state', 'state');
+    }
+
+    const opportunityUser = await opportunityUserQb.getRawOne<{
+      userType: OpportunityUserType;
+      state?: OpportunityState;
+    }>();
 
     if (opportunityUser) {
+      if (
+        permission === OpportunityPermissions.Edit &&
+        opportunityUser.state !== OpportunityState.DRAFT
+      ) {
+        throw new ConflictError(
+          'Only opportunities in draft state can be edited',
+        );
+      }
+
       return;
     }
   }

src/schema/opportunity.ts

@@ -132,6 +132,7 @@ export const typeDefs = /* GraphQL */ `
   type Opportunity {
     id: ID!
     type: ProtoEnumValue!
+    state: ProtoEnumValue!
     title: String!
     tldr: String
     content: OpportunityContent!
@@ -386,7 +387,7 @@ export const resolvers: IResolvers<unknown, BaseContext> = traceResolvers<
           con: ctx.con.manager,
           userId: ctx.userId,
           opportunityId: id,
-          permission: OpportunityPermissions.Edit,
+          permission: OpportunityPermissions.ViewDraft,
         });
       }
 
@@ -883,7 +884,7 @@ export const resolvers: IResolvers<unknown, BaseContext> = traceResolvers<
         con: ctx.con.manager,
         userId: ctx.userId,
         opportunityId: id,
-        permission: OpportunityPermissions.Edit,
+        permission: OpportunityPermissions.UpdateState,
       });
 
       const opportunity = await ctx.con