Merge branch 'master' into 10794-replication-fails

# Conflicts:
#	api/tests/mocha/controllers/replication-limit-log.spec.js
#	api/tests/mocha/controllers/users.spec.js

Author: dianabarsan

.github/workflows/build.yml

@@ -167,11 +167,11 @@ jobs:
         with:
           mask-password: 'true'
 
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
-      - uses: actions/checkout@v4
 
       - name: Set system ulimit
         uses: ./.github/actions/bump-system-ulimit
@@ -294,11 +294,11 @@ jobs:
       with:
         mask-password: 'true'
 
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ env.NODE_VERSION }}
       uses: actions/setup-node@v4
       with:
         node-version: ${{ env.NODE_VERSION }}
-    - uses: actions/checkout@v4
     - name: Download docker images artifacts
       uses: actions/download-artifact@v4
       with:

admin/src/js/controllers/edit-user.js

@@ -2,12 +2,14 @@ const moment = require('moment');
 const passwordTester = require('simple-password-tester');
 const phoneNumber = require('@medic/phone-number');
 const CHT = require('@medic/cht-datasource');
+const constants = require('@medic/constants');
+const USER_ROLES = constants.USER_ROLES;
 const PASSWORD_MINIMUM_LENGTH = 8;
 const PASSWORD_MINIMUM_SCORE = 50;
 const SHOW_PASSWORD_ICON = '/login/images/show-password.svg';
 const HIDE_PASSWORD_ICON = '/login/images/hide-password.svg';
 const USERNAME_ALLOWED_CHARS = /^[a-z0-9_-]+$/;
-const ADMIN_ROLE = '_admin';
+const ADMIN_ROLE = USER_ROLES.COUCHDB_ADMIN;
 const FIELDS_TO_IGNORE = [
   'currentPassword',
   'passwordConfirm',

admin/src/js/controllers/images-branding.js

@@ -1,3 +1,6 @@
+const constants = require('@medic/constants');
+const DOC_IDS = constants.DOC_IDS;
+
 angular.module('controllers').controller('ImagesBrandingCtrl',
   function(
     $log,
@@ -11,7 +14,7 @@ angular.module('controllers').controller('ImagesBrandingCtrl',
     'ngInject';
     'use strict';
 
-    const DOC_ID = 'branding';
+    const DOC_ID = DOC_IDS.BRANDING;
     const MAX_FILE_SIZE = 100000; // 100KB
 
     $('#images-branding .choose').on('click', ev => {

admin/src/js/filters/resource-icon.js

@@ -21,7 +21,7 @@ angular.module('inboxFilters').filter('headerLogo',
     'use strict';
     'ngInject';
     return function(name) {
-      return $sce.trustAsHtml(ResourceIcons.getImg(name, 'branding'));
+      return $sce.trustAsHtml(ResourceIcons.getImg(name, DOC_IDS.BRANDING));
     };
   });
 

admin/src/js/services/resource-icons.js

@@ -12,7 +12,7 @@ angular.module('inboxServices').factory('ResourceIcons',
     'ngInject';
 
     const CSS_CLASS = ['resource-icon', 'header-logo', 'partner-image'];
-    const ICON_DOC_IDS = [DOC_IDS.RESOURCES, 'branding', DOC_IDS.PARTNERS];
+    const ICON_DOC_IDS = [DOC_IDS.RESOURCES, DOC_IDS.BRANDING, DOC_IDS.PARTNERS];
 
     const cache = {
       resources: {

admin/src/js/services/session.js

@@ -1,7 +1,8 @@
 const _ = require('lodash/core');
 const constants = require('@medic/constants');
+const USER_ROLES = constants.USER_ROLES;
 const COOKIE_NAME = 'userCtx';
-const ONLINE_ROLE = constants.USER_ROLES.ONLINE;
+const ONLINE_ROLE = USER_ROLES.ONLINE;
 
 (function () {
 
@@ -96,7 +97,7 @@ const ONLINE_ROLE = constants.USER_ROLES.ONLINE;
 
       const isAdmin = function(userCtx) {
         userCtx = userCtx || getUserCtx();
-        return hasRole(userCtx, '_admin');
+        return hasRole(userCtx, USER_ROLES.COUCHDB_ADMIN);
       };
 
       return {

admin/tests/unit/controllers/images-branding.spec.js

@@ -1,3 +1,5 @@
+const { DOC_IDS } = require('@medic/constants');
+
 describe('ImagesBrandingCtrl', function () {
 
   'use strict';
@@ -40,7 +42,7 @@ describe('ImagesBrandingCtrl', function () {
     //https://github.com/medic/cht-core/issues/8026
     it('should not fail when branding doc is empty', async () => {
 
-      db.get.withArgs('branding', {attachments: true}).resolves({});
+      db.get.withArgs(DOC_IDS.BRANDING, {attachments: true}).resolves({});
       $translate.resolves('some message');
       Translate.fieldIsRequired.resolves('some validation messsage');
 
@@ -52,7 +54,7 @@ describe('ImagesBrandingCtrl', function () {
     });
     it('should not fail when resources is null', async () => {
 
-      db.get.withArgs('branding', {attachments: true}).resolves({resources: null});
+      db.get.withArgs(DOC_IDS.BRANDING, {attachments: true}).resolves({resources: null});
       $translate.resolves('some message');
       Translate.fieldIsRequired.resolves('some validation messsage');
 

admin/tests/unit/services/auth.spec.js

@@ -1,3 +1,5 @@
+const { USER_ROLES: { COUCHDB_ADMIN } } = require('@medic/constants');
+
 describe('Auth service', function() {
 
   'use strict';
@@ -58,7 +60,7 @@ describe('Auth service', function() {
     });
 
     it('true when user is db admin', async () => {
-      userCtx.returns({ roles: ['_admin'] });
+      userCtx.returns({ roles: [COUCHDB_ADMIN] });
       Settings.resolves({ permissions: { can_edit: [ 'chw' ] } });
       const result = await service.has(['can_backup_facilities']);
       chai.expect(result).to.be.true;
@@ -176,7 +178,7 @@ describe('Auth service', function() {
     });
 
     it('false when admin and !permission', async () => {
-      userCtx.returns({ roles: ['_admin'] });
+      userCtx.returns({ roles: [COUCHDB_ADMIN] });
       Settings.resolves({ permissions: {} });
       const result = await service.has(['!can_backup_facilities']);
       chai.expect(result).to.be.false;
@@ -246,21 +248,21 @@ describe('Auth service', function() {
     });
 
     it('true when admin and no disallowed permissions', async () => {
-      userCtx.returns({ roles: ['_admin'] });
+      userCtx.returns({ roles: [COUCHDB_ADMIN] });
       Settings.resolves({ permissions: { can_edit: [ 'chw' ] } });
       const result = await service.any([['can_backup_facilities'], ['can_export_messages'], ['somepermission']]);
       chai.expect(result).to.be.true;
     });
 
     it('true when admin and some disallowed permissions', async () => {
-      userCtx.returns({ roles: ['_admin'] });
+      userCtx.returns({ roles: [COUCHDB_ADMIN] });
       Settings.resolves({ permissions: { can_edit: [ 'chw' ] } });
       const result = await service.any([['!can_backup_facilities'], ['!can_export_messages'], ['somepermission']]);
       chai.expect(result).to.be.true;
     });
 
     it('false when admin and all disallowed permissions', async () => {
-      userCtx.returns({ roles: ['_admin'] });
+      userCtx.returns({ roles: [COUCHDB_ADMIN] });
       Settings.resolves({ permissions: {} });
       const result = await service.any([['!can_backup_facilities'], ['!can_export_messages'], ['!somepermission']]);
       chai.expect(result).to.be.false;

admin/tests/unit/services/session.spec.js

@@ -1,6 +1,7 @@
 describe('Session service', function() {
 
   'use strict';
+  const { USER_ROLES: { COUCHDB_ADMIN } } = require('@medic/constants');
 
   let service;
   let ipCookie;
@@ -149,7 +150,7 @@ describe('Session service', function() {
     });
 
     it('returns true for _admin', function(done) {
-      ipCookie.returns({ roles: [ '_admin' ] });
+      ipCookie.returns({ roles: [COUCHDB_ADMIN] });
       const actual = service.isAdmin();
       chai.expect(actual).to.equal(true);
       done();

api/Dockerfile

@@ -18,6 +18,7 @@ COPY --chown=root:root --chmod=755  api ./api
 RUN chown -R root:1000 /service/api/build/static/webapp && \
     chmod -R 775 /service/api/build/static/webapp
 
+ENV NODE_ENV=production
 ENV NODE_PATH=/service/api/node_modules
 USER 1000
 ENTRYPOINT ["/bin/bash", "/service/api/docker-entrypoint.sh", "main"]