Consider a copilot to have "full access" to a challenge (PM-2654)

src/services/ResourceService.js

@@ -77,6 +77,12 @@ async function getRestrictedRoleIds () {
  * @param {Array} resources resources of current user for specified challenge id
  */
 async function checkAccess (currentUserResources) {
+  const copilotRoleIds = await getCopilotResourceRoleIds()
+  const hasCopilotRole = _.some(currentUserResources, r => copilotRoleIds.includes(r.roleId))
+  if (hasCopilotRole) {
+    return
+  }
+
   const list = await prisma.resourceRole.findMany({})
   const fullAccessRoles = []
   _.each(list, e => {

test/unit/createResource.test.js

@@ -9,6 +9,7 @@ const { v4: uuid } = require('uuid')
 const service = require('../../src/services/ResourceService')
 const ResourceRolePhaseDependencyService = require('../../src/services/ResourceRolePhaseDependencyService')
 const prisma = require('../../src/common/prisma').getClient()
+const helper = require('../../src/common/helper')
 const ResourceRoleService = require('../../src/services/ResourceRoleService')
 const { requestBody, user } = require('../common/testData')
 const { assertValidationError, assertError, assertResource, getRoleIds, clearDependencies } = require('../common/testHelper')
@@ -264,6 +265,39 @@ module.exports = describe('Create resource', () => {
       await assertResource(ret.id, ret)
     })
 
+    it('copilot can manage resources without full access flags', async () => {
+      const originalRole = await helper.getById('ResourceRole', copilotRoleId)
+      await ResourceRoleService.updateResourceRole(user.admin, copilotRoleId, {
+        name: originalRole.name,
+        fullReadAccess: false,
+        fullWriteAccess: false,
+        isActive: originalRole.isActive,
+        selfObtainable: originalRole.selfObtainable
+      })
+
+      const entity = resources.createBody('diazz', reviewerRoleId, challengeId2)
+      let createdResource
+      try {
+        createdResource = await service.createResource(user.phead, entity)
+        should.equal(createdResource.roleId, entity.roleId)
+        should.equal(createdResource.memberHandle.toLowerCase(), entity.memberHandle.toLowerCase())
+        await assertResource(createdResource.id, createdResource)
+      } finally {
+        if (createdResource && createdResource.id) {
+          await prisma.resource.deleteMany({
+            where: { id: createdResource.id }
+          })
+        }
+        await ResourceRoleService.updateResourceRole(user.admin, copilotRoleId, {
+          name: originalRole.name,
+          fullReadAccess: originalRole.fullReadAccess,
+          fullWriteAccess: originalRole.fullWriteAccess,
+          isActive: originalRole.isActive,
+          selfObtainable: originalRole.selfObtainable
+        })
+      }
+    })
+
     it('create resource for user ghostar 1', async () => {
       const entity = resources.createBody('ghostar', reviewerRoleId, challengeId2)
       const ret = await service.createResource(user.m2m, entity)