Merge branch 'develop' into infrastructure

Author: chpy04

src/backend/src/controllers/projects.controllers.ts

@@ -437,13 +437,14 @@ export default class ProjectsController {
   static async editLinkType(req: Request, res: Response, next: NextFunction) {
     try {
       const { linkTypeName } = req.params;
-      const { iconName, required } = req.body;
+      const { name: newName, iconName, required } = req.body;
       const linkTypeUpdated = await ProjectsService.editLinkType(
         linkTypeName,
         iconName,
         required,
         req.currentUser,
-        req.organization
+        req.organization,
+        newName
       );
       res.status(200).json(linkTypeUpdated);
     } catch (error: unknown) {

src/backend/src/controllers/reimbursement-requests.controllers.ts

@@ -497,6 +497,25 @@ export default class ReimbursementRequestsController {
     }
   }
 
+  static async setVendorTaxExemptStatus(req: Request, res: Response, next: NextFunction) {
+    try {
+      const { vendorId } = req.params;
+
+      const { taxExempt } = req.body;
+
+      const updatedVendor = await ReimbursementRequestService.setVendorTaxExemptStatus(
+        vendorId,
+        taxExempt,
+        req.currentUser,
+        req.organization
+      );
+
+      res.status(200).json(updatedVendor);
+    } catch (error) {
+      next(error);
+    }
+  }
+
   static async deleteVendor(req: Request, res: Response, next: NextFunction) {
     try {
       const { vendorId } = req.params;

src/backend/src/routes/projects.routes.ts

@@ -29,6 +29,7 @@ projectRouter.post(
 );
 projectRouter.post(
   '/link-types/:linkTypeName/edit',
+  nonEmptyString(body('name').optional()),
   nonEmptyString(body('iconName')),
   body('required').isBoolean(),
   validateInputs,

src/backend/src/routes/reimbursement-requests.routes.ts

@@ -101,6 +101,11 @@ reimbursementRequestsRouter.post(
   ReimbursementRequestController.editVendor
 );
 
+reimbursementRequestsRouter.post(
+  '/vendors/:vendorId/setTaxExemptStatus',
+  ReimbursementRequestController.setVendorTaxExemptStatus
+);
+
 reimbursementRequestsRouter.post('/:vendorId/vendors/delete', ReimbursementRequestController.deleteVendor);
 
 reimbursementRequestsRouter.post(
@@ -167,7 +172,7 @@ reimbursementRequestsRouter.post(
   body('taxExempt').optional().isBoolean(),
   body('twoFactorContacts').optional().isArray(),
   nonEmptyString(body('twoFactorContacts.*')),
-  nonEmptyString(body('notes')).optional(),
+  body('notes').optional().isString(),
   validateInputs,
   ReimbursementRequestController.createVendor
 );

src/backend/src/services/change-requests.services.ts

@@ -178,7 +178,7 @@ export default class ChangeRequestsService {
         dateReviewed: null
       },
       {
-        NOT: { scopeChangeRequest: null }
+        changes: { none: {} }
       }
     ];
 
@@ -666,9 +666,7 @@ export default class ChangeRequestsService {
       include: {
         changeRequests: {
           where: {
-            dateDeleted: {
-              not: null
-            }
+            dateDeleted: null
           },
           include: {
             changes: true
@@ -1143,6 +1141,8 @@ export default class ChangeRequestsService {
         }
       }
 
+      const isCreatingNewProject = projectProposedChanges && projectNumber === 0;
+
       const changes = await prisma.wbs_Proposed_Changes.create({
         data: {
           scopeChangeRequest: {
@@ -1151,7 +1151,7 @@ export default class ChangeRequestsService {
             }
           },
           name,
-          status: WBS_Element_Status.ACTIVE,
+          status: isCreatingNewProject ? WBS_Element_Status.INACTIVE : wbsElement.status,
           links: {
             create: validationResult.links.map((linkInfo) => ({
               url: linkInfo.url,
@@ -1234,11 +1234,13 @@ export default class ChangeRequestsService {
         managerId
       );
 
+      const isCreatingNewWorkPackage = workPackageProposedChanges && workPackageNumber === 0;
+
       const changes = await prisma.wbs_Proposed_Changes.create({
         data: {
           scopeChangeRequest: { connect: { scopeCrId: createdCR.scopeChangeRequest!.scopeCrId } },
           name,
-          status: WBS_Element_Status.INACTIVE,
+          status: isCreatingNewWorkPackage ? WBS_Element_Status.INACTIVE : wbsElement.status,
           proposedDescriptionBulletChanges: {
             create: validationResult.descriptionBullets.map((bullet) => ({
               detail: bullet.detail,

src/backend/src/services/finance.services.ts

@@ -1096,15 +1096,20 @@ export default class FinanceServices {
 
     if (!tier) throw new NotFoundException('Sponsor Tier', sponsorTierId);
 
-    const existingSponsor = await prisma.sponsor.findFirst({
-      where: {
-        name,
-        organizationId: organization.organizationId
-      }
-    });
+    if (name !== oldSponsor.name) {
+      const existingSponsor = await prisma.sponsor.findFirst({
+        where: {
+          name: {
+            equals: name,
+            mode: 'insensitive'
+          },
+          organizationId: organization.organizationId
+        }
+      });
 
-    if (existingSponsor) {
-      throw new HttpException(400, `A sponsor with the name "${name}" already exists.`);
+      if (existingSponsor) {
+        throw new HttpException(400, `A sponsor with the name "${name}" already exists.`);
+      }
     }
 
     const updatedSponsor = await prisma.sponsor.update({

src/backend/src/services/projects.services.ts

@@ -621,7 +621,8 @@ export default class ProjectsService {
     iconName: string,
     required: boolean,
     submitter: User,
-    organization: Organization
+    organization: Organization,
+    newName?: string
   ): Promise<LinkType> {
     if (!(await userHasPermission(submitter.userId, organization.organizationId, isAdmin)))
       throw new AccessDeniedException('Only an admin can update the linkType');
@@ -638,11 +639,25 @@ export default class ProjectsService {
 
     if (!linkType) throw new NotFoundException('Link Type', linkName);
 
+    // If attempting to rename, ensure new name does not conflict with an existing LinkType
+    if (newName && newName !== linkName) {
+      const existingWithNewName = await prisma.link_Type.findUnique({
+        where: {
+          uniqueLinkType: {
+            name: newName,
+            organizationId: organization.organizationId
+          }
+        }
+      });
+
+      if (existingWithNewName) throw new HttpException(400, 'LinkType with that name already exists in this organization.');
+    }
+
     // update the LinkType
     const linkTypeUpdated = await prisma.link_Type.update({
       where: { id: linkType.id },
       data: {
-        name: linkName,
+        name: newName && newName ? newName : linkName,
         iconName,
         required
       }

src/backend/src/services/reimbursement-requests.services.ts

@@ -1544,6 +1544,42 @@ export default class ReimbursementRequestService {
     return vendorTransformer(vendor);
   }
 
+  static async setVendorTaxExemptStatus(
+    vendorId: string,
+    taxExempt: boolean,
+    submitter: User,
+    organization: Organization
+  ): Promise<Vendor> {
+    const existingVendor = await prisma.vendor.findUnique({
+      where: { vendorId, dateDeleted: null },
+      include: { twoFactorContacts: { select: { userId: true } } }
+    });
+
+    if (!existingVendor) {
+      throw new NotFoundException('Vendor', vendorId);
+    }
+
+    if (existingVendor.organizationId !== organization.organizationId) {
+      throw new InvalidOrganizationException('Vendor');
+    }
+
+    const isUserAuthorized =
+      existingVendor.addedByUserId === submitter.userId ||
+      (await isUserOnFinanceTeam(submitter, organization.organizationId)) ||
+      (await userHasPermission(submitter.userId, organization.organizationId, isHead));
+    if (!isUserAuthorized) {
+      throw new AccessDeniedException(`You are not a member of the finance team!`);
+    }
+
+    const updatedVendor = await prisma.vendor.update({
+      where: { vendorId },
+      data: { taxExempt },
+      ...getVendorQueryArgs(organization.organizationId)
+    });
+
+    return vendorTransformer(updatedVendor);
+  }
+
   /**
    * Deletes the vendor
    *

src/backend/src/services/tasks.services.ts

@@ -266,8 +266,11 @@ export default class TasksService {
 
     // this checks the current users permissions
     const isLead = wbsElement.leadId === currentUser.userId || wbsElement.managerId === currentUser.userId;
-    if (!(await userHasPermission(currentUser.userId, organization.organizationId, isAdmin)) && !isLead) {
-      throw new AccessDeniedException('Only admin, app-admins, project leads, and project managers can delete tasks');
+    const isCreator = task.createdByUserId === currentUser.userId;
+    if (!(await userHasPermission(currentUser.userId, organization.organizationId, isAdmin)) && !isLead && !isCreator) {
+      throw new AccessDeniedException(
+        'Only admin, app-admins, project leads, project managers, and the task creator can delete tasks'
+      );
     }
 
     const deletedTask = await prisma.task.update({