Fixed #1750: Unexpected behavior when updation of talawa admin members profile.

[Devesh326]

What kind of change does this PR introduce?

bugfix

Issue Number:

Fixes #1750

Did you add tests for your changes?

No

Snapshots/Videos:

Palisadoes.Foundation.Talawa.Members.mp4

Summary

Solves the following issues:

1. When attempting to update a member's profile, it required changing the email ID.
2. Despite updating the profile, the member's actual profile remained unchanged. Instead, the user's (your) profile credentials w were updated to match the member's credentials.

Have you read the contributing guide?

Yes

[github-actions]

Our Pull Request Approval Process

We have these basic policies to make the approval process smoother for our volunteer team.

Testing Your Code

Please make sure your code passes all tests. Our test code coverage system will fail if these conditions occur:

1. The overall code coverage drops below the target threshold of the repository
2. Any file in the pull request has code coverage levels below the repository threshold
3. Merge conflicts

The process helps maintain the overall reliability of the code base and is a prerequisite for getting your PR approved. Assigned reviewers regularly review the PR queue and tend to focus on PRs that are passing.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[github-actions]

Congratulations on making your first PR! 🎊 If you haven't already, check out our Contributing Guidelines and PR Reporting Guidelines to ensure that you are following our guidelines for contributing and creating PR.

[Cioppolo14]

@EshaanAgg @xoldyckk Can you review this PR?

[xoldd]

why would you allow anyone to update any user's profile they want to?

[SiddheshKukade]

I think this api call would be done by the admin only.

[xoldd]

this restriction isn't put in place, right now it allows any user to call this mutation

[palisadoes]

This needs to be resolved. Only the profile's user, Admins and Super Admins must be able to edit profile settings.

[Devesh326]

Sure, on it

[xoldd]

appLanguageCode

[Devesh326]

Hey,

Regarding the variable name; that the frontend uses applangcode, so should I change it there also, otherwise it would give errors?

[SiddheshKukade]

Yes please do that @Devesh326

[xoldd]

@Devesh326 stop using abbreviations, it helps no one reading abbreviations to make sense of things, most of the time your code should be self documenting

in that light actually make it applicationLanguageCode

if frontend makes wrong assumptions about things, it doesn't mean it will be enforced on the backend design, if frontend wants to make changes it has to first open an issue/feature request

[xoldd]

args.data?.appLanguageCode

[xoldd]

this hasn't been resolved still

[xoldd]

rename input UpdateUserInput to input UpdateUserProfileInput

make following changes for mutation:-

type UpdateUserProfilePayload {
  user: User
}

type Mutation {
  updateUserProfile(input: UpdateUserProfileInput!): UpdateUserProfilePayload
}

[SiddheshKukade]

Please renamed to suit the conventions @Devesh326

[Devesh326]

Done

[xoldd]

remove the id field from here, the update will only be applied for a user with _id === context.userId

[xoldd]

if this mutation is to be allowed to be triggered by both normal users and superadmins, some changes have to be made:-

1. if args.input.id is not provided(it is null or undefined), the update will be carried out on the user with user._id equals to context.userId

2. if args.input.id is provided, there are two scenarios:-

   1. if it's a normal user, context.userId must be equal to args.input.id
   2. if it's a superadmin there are no restrictions, they can update any user with user._id equals to args.input.id

some things to confirm with @palisadoes :-

1. can one superadmin update other superadmin's user data?
2. is this allowed only for superadmins, or admins of organizations too? the thing to remember is that a user is not tied to any one organization, they can be members/admins of many organizations simultaneously, this functionality doesn't exist in talawa-api right now because of existence of userType === "ADMIN" field on a user object, when in actuality the relationship between a user and an organization should exist on a junction between them, joining table in sql it is called

[palisadoes]

1. @xoldyckk is correct on the userType to organization relationship. This should be fixed in this issue.
   1. API: Fix the usage of userType #1711
2. Senior usertypes should be able to edit or demote users of junior rank. They should be able to promote junior ranks to no more than their rank. Super Admins will need privileges to do this for everyone. I'm broadly basing this on Google's guidelines for their apps.
   1. https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F1219251%3Fhl%3Den&assistant_event=welcome&assistant_id=usermasterbot&product_context=1219251&product_name=UnuFlow&trigger_context=a

[Devesh326]

Hey @xoldyckk,

I included the id in the mutation because during the API call to edit a specific user, in the backend context.userId only contained the id of the logged-in user. As a result, the profile being updated was that of the current user rather than the intended one. To address this, I passed the id of the user that requires editing/updating in the API call.

Following this logic, if args.input.id is null, it indicates the root user; otherwise, it's the id of the user whose profile needs updating.

[SiddheshKukade]

ok. then it looks fine.

[xoldd]

@Devesh326 take some time and contemplate about what i said previously, the current logic as it stands allows a normal user to update user fields of any other user, they just need to pass in the other user's id in the input, frontend application can't prevent normal users from making these requests

understand the authentication/authorization flows, self review your code and possible edge cases, only then ask for reviews from other contributers

[Devesh326]

Yes noted.

[SiddheshKukade]

This is not required

[Devesh326]

Yeah apologies, I dont know why was this a part of the commit, i'll do the necessary changes. Thanks!

[akhilender-bongirwar]

@Devesh326, please make the reviewed changes ASAP? All the PRs in the talawa-admin repo are failing the graphql- introspection workflow.

[Devesh326]

Sorry for the delayed response. I was travelling, so I wasn't able to make changes to the PR. Will update and resolve the requested changes ASAP.
Apologies again for the delay.

[palisadoes]

NOTE Read very carefully

1. We just merged this PR which upgraded the prettier package.
   1. Upgraded prettier from version 2.8,8 to 3.2.5. #1840
2. It reformatted over 400 files. This will put your PR at risk of extensive merge conflicts.
3. I suggest that before you merge your code to the latest upstream, or manually fix these merge conflicts that you:
   1. upgrade your prettier in your local branch to the same version
   2. run prettier

This will help to reduce the number of future merge conflicts for your PR.

[SiddheshKukade]

Please fix the small changes in comments. Then it's ready to be merged.

[codecov]

Codecov Report

Attention: Patch coverage is 80.00000% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 98.32%. Comparing base (9cb6272) to head (bbed653).
Report is 4 commits behind head on develop.

Files	Patch %	Lines
src/resolvers/Mutation/updateUserProfile.ts	80.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1762   +/-   ##
========================================
  Coverage    98.32%   98.32%           
========================================
  Files          322      322           
  Lines        20296    20299    +3     
  Branches      1606     1631   +25     
========================================
+ Hits         19956    19959    +3     
+ Misses         323      322    -1     
- Partials        17       18    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[akhilender-bongirwar]

@Devesh326, are you still actively working on this? The completion of this pull request is crucial, as it is causing failures in the workflow checks for all pull requests in the admin. Please prioritize and resolve this issue as soon as possible.

// @Cioppolo14

[Devesh326]

Please fix the small changes in comments. Then it's ready to be merged.

yeah okay, fixing the necessary changes

[palisadoes]

This needs to be resolved. Only the profile's user, Admins and Super Admins must be able to edit profile settings.

[xoldd]

@palisadoes if one user could join multiple organizations under the same user profile, why would admin of any one organization be able to edit their user profile? that profile change would be reflected in all other organizations for that particular user. shouldn't this only be allowed to superadmins?

[palisadoes]

The design philosophy of making users become members of any organization means that operationally if a member asks an admin to update their information, such as a phone number (or possibly in the future credit card information) the admin won’t be able to do it for them.

At some future date we’ll need to think of ways of restricting this to superadmins on a per organization basis.

[palisadoes]

Please try to get the code coverage for the patch closer to that of the repository

[palisadoes]

We would like to merge this PR, however you haven’t addressed the reviewer questions. Please address each one and mark them as resolved when the work is completed. Only then will they be able to approve your work so that it can be merged into the code base.

Please also try to get the code coverage for the patch higher. 80% coverage is much lower than the 98% enjoyed by the project

[palisadoes]

This is an update on the PR merging freeze:

1. In the next few hours we will be merging the develop-userTypeFix branch into the develop branch.
2. The develop-userTypeFix branch was created to fix a long standing design flaw where Admins were Admins of all organizations, not specific ones.
3. The userType field has been removed from the User collection and it has been replaced by an appUserProfileId field.
   1. This field is null if the user isn’t registered to use the apps. This will help people to add users manually during the event checkin process, or if an Admin wants to manually add someone in the Admin dashboard.
   2. When not null the AppUserProfileID will reference a AppUserProfile collection with App related information such as the organizations for which a user may be an Admin.
   3. The updated schema can be found here https://github.com/PalisadoesFoundation/talawa-api/blob/develop-userTypeFix/schema.graphql
   4. This is the parent issue that we have been using to track progress:
      1. PARENT ISSUE: Fix the usage of userType #1965
4. This merge will cause some conflicts in your PR.

We decided to do this at the beginning of the weekend to give us all time to adjust PR code and create bug fixes that may arise.

Update your code at or after midnight GMT on the morning of March 23, 2024. (5:30am IST).

If your PRs have already been approved, request a re-review after fixing the conflicts and refactoring to the new AppUserProfileID methodology.

[palisadoes]

The PR merging freeze is lifted.

1. We are working on bug fixes that may arise. These should be few and are being tracked here:
   1. https://github.com/orgs/PalisadoesFoundation/projects/24
2. Please update your PRs and local repos. Fix any new merge conflicts that may have occurred.

Background:

1. The develop-userTypeFix branch was created to fix a long standing design flaw where Admins were Admins of all organizations, not specific ones.
2. The userType field has been removed from the User collection and it has been replaced by an appUserProfileId field.
   1. This field is null if the user isn’t registered to use the apps. This will help people to add users manually during the event checkin process, or if an Admin wants to manually add someone in the Admin dashboard.
   2. When not null the AppUserProfileID will reference a AppUserProfile collection with App related information such as the organizations for which a user may be an Admin.
   3. The updated schema can be found here https://github.com/PalisadoesFoundation/talawa-api/blob/develop-userTypeFix/schema.graphql
   4. This is the parent issue that we have been using to track progress:
      1. PARENT ISSUE: Fix the usage of userType #1965
3. If your PRs have already been approved, request a re-review after fixing the conflicts and refactoring to the new AppUserProfileID methodology.

[Cioppolo14]

@Devesh326 Please fix the conflicting files.

[palisadoes]

I'm going to close this as abandoned. There have been no commits for over a month.