Skip to content

Referral Tracking API added#237

Open
Tusharmahajan12 wants to merge 1 commit into
tekdi:aspire-leadersfrom
Tusharmahajan12:new_aspm
Open

Referral Tracking API added#237
Tusharmahajan12 wants to merge 1 commit into
tekdi:aspire-leadersfrom
Tusharmahajan12:new_aspm

Conversation

@Tusharmahajan12
Copy link
Copy Markdown
Collaborator

@Tusharmahajan12 Tusharmahajan12 commented May 15, 2026

No description provided.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 15, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4aba2a50-a761-40f9-86fc-1649bec1faf1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 15, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
97.6% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces several new referral-related API endpoints to the apiConfig.ts file, covering listing, resolving, importing, and updating referrals, as well as service-specific upload and status routes. Feedback focuses on enhancing security by implementing granular PRIVILEGE_CHECK constraints for each new route and ensuring consistency with existing modules. Additionally, the reviewer suggests including these routes in the academic year validation list where applicable and correcting minor comment formatting for better alignment with the codebase style.

Comment thread src/common/middleware/apiConfig.ts
},
}),

//referral API
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For consistency with other module comments in this file (e.g., lines 249, 277, 395), please add a space after the comment slashes.

Suggested change
//referral API
// Referral API

Comment thread src/common/middleware/apiConfig.ts
Comment on lines +704 to +708
'/user/v1/referrals': createRouteObject({
post: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The new referral routes are missing PRIVILEGE_CHECK. To maintain consistency with other modules in this repository (such as LMS, Opportunity, and Cohorts) and to enable granular access control, it is recommended to include privilege checks. Since these routes relate to referral tracking, you can leverage the existing privilegeGroup.tracking definitions.

Additionally, if these referral operations are tied to a specific academic year, these routes should be added to the apiListForAcademicYear array at the end of this file to ensure the academicyearid header is validated by the middleware.

  '/user/v1/referrals': createRouteObject({
    post: {
      ROLE_CHECK: rolesGroup.superadmin_regional_admin,
      PRIVILEGE_CHECK: privilegeGroup.tracking.create,
    },
  }),

Comment thread src/common/middleware/apiConfig.ts
Comment on lines +709 to +713
'/user/v1/referrals/list': createRouteObject({
post: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This list endpoint should include a privilege check for reading tracking data to ensure consistent security across the application.

  '/user/v1/referrals/list': createRouteObject({
    post: {
      ROLE_CHECK: rolesGroup.superadmin_regional_admin,
      PRIVILEGE_CHECK: privilegeGroup.tracking.read,
    },
  }),

Comment thread src/common/middleware/apiConfig.ts
Comment on lines +714 to +718
'/user/v1/referrals/resolve': createRouteObject({
get: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The resolve endpoint should also be protected with a read privilege check.

  '/user/v1/referrals/resolve': createRouteObject({
    get: {
      ROLE_CHECK: rolesGroup.superadmin_regional_admin,
      PRIVILEGE_CHECK: privilegeGroup.tracking.read,
    },
  }),

Comment thread src/common/middleware/apiConfig.ts
Comment on lines +729 to +733
'/user/v1/referrals/:id': createRouteObject({
patch: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The patch endpoint for individual referrals should be protected with the corresponding update privilege.

Suggested change
'/user/v1/referrals/:id': createRouteObject({
patch: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
'/user/v1/referrals/:id': createRouteObject({
patch: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
PRIVILEGE_CHECK: privilegeGroup.tracking.update,
},
}),

Comment thread src/common/middleware/apiConfig.ts
Comment on lines +735 to +739
'/aspirespecific/import-users/referrals/upload': createRouteObject({
post: {
ROLE_CHECK: rolesGroup.superadmin_regional_admin,
},
}),
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The aspire-specific referral upload endpoint should also include a privilege check for consistency and security.

  '/aspirespecific/import-users/referrals/upload': createRouteObject({
    post: {
      ROLE_CHECK: rolesGroup.superadmin_regional_admin,
      PRIVILEGE_CHECK: privilegeGroup.tracking.create,
    },
  }),

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Tusharmahajan12