Merged
Conversation
janekhuong
force-pushed
the
feat/auto-emails
branch
from
d84cee2 to
54a66c4
Compare
routes/api/emails.js
Outdated
| */ | ||
| automatedEmailRouter.route("/automated/status/:status/count").get( | ||
| Middleware.Auth.ensureAuthenticated(), | ||
| // Middleware.Auth.ensureAuthorized(), |
Contributor
There was a problem hiding this comment.
In the future we can include the handling for the :status parameter for ensureAuthorized in auth.service.js. i'm assuming since it's commented out, currently any hacker can send batch emails using the API bc there's no check to see if api/email/automated/... route is included in the executing user's role.
Contributor
There was a problem hiding this comment.
can we test this? log in as a hacker and try to execute the route in the console. we definitely need to have validation there
Contributor
There was a problem hiding this comment.
we can add permissions for this route to the staff role in the database, and then it should be fine. @janekhuong did you try that? do you need help figuring that out?
joshuazhou744
approved these changes
Nov 7, 2025
Contributor
joshuazhou744
left a comment
joshuazhou744
left a comment
There was a problem hiding this comment.
Looks good, I also tested it once locally. Only thing is there's no user validation for who can use this route (api/email/...)
joshuazhou744
approved these changes
Nov 8, 2025
Contributor
joshuazhou744
left a comment
joshuazhou744
left a comment
There was a problem hiding this comment.
Looks good and works now, I tested on both an authorized and unauthorized account
joshuazhou744
had a problem deploying
to
testing
GitHub Actions
Failure
This reverts commit 481d303.
joshuazhou744
added a commit
that referenced
this pull request
Jan 15, 2026
* Update email templates with tentative dates * Create service for sending automated status emails * Created function to find hacker by their status * API routing for automated emails * Cleaner code * API routing for getStatusCount function * Added emails.js logic to middleware and controller files * fixed authorization bug * Added hackboard role support * Revert "Added hackboard role support" This reverts commit 481d303. * update email dates --------- Co-authored-by: Joshua Zhou <joshuazhou744@gmail.com> Co-authored-by: Mika Vohl <mikavohl@gmail.com> Co-authored-by: Tavi Pollard <tavienpollard@gmail.com>
tektaxi
added a commit
that referenced
this pull request
Jan 17, 2026
#974) * Create checkin form submit endpoint * Finish hacker checkin form submit endpoint * Change checkin form spreadsheet * api route for checking in teams * Add devpost and discord tag field validation * Update db with devpost url * Add url validation: * added team checkin form status to settings * remove workshops * more validation * test * Updated email template dates and header logo * Added hackboard role support * Revert "Added hackboard role support" This reverts commit 481d303. * Feat/auto emails (#949) * Update email templates with tentative dates * Create service for sending automated status emails * Created function to find hacker by their status * API routing for automated emails * Cleaner code * API routing for getStatusCount function * Added emails.js logic to middleware and controller files * fixed authorization bug * Added hackboard role support * Revert "Added hackboard role support" This reverts commit 481d303. * update email dates --------- Co-authored-by: Joshua Zhou <joshuazhou744@gmail.com> Co-authored-by: Mika Vohl <mikavohl@gmail.com> Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> * Feat/create application review (#944) * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * Fixed Application Error: implemented reviewers values from feat/review_filter and fixed the default value errors for reviewer status, name, and comments * Fixed Application Error: implemented reviewers values from feat/review_filter and fixed the default value errors for reviewer status, name, and comments * fixed authorization issues by adding all routes to routes.constant.js with unique IDs * disable emails on status change by admin --------- Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> Co-authored-by: Tavi Pollard <45189395+tektaxi@users.noreply.github.com> * fixed merge issue with objectIDs * Added hackboard role support (#955) * Added hackboard role support * minor edits to hackboard permissions --------- Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> * Updated account invitation email content * Feat/assign reviewers (#959) * Assign 2 reviewers per unreviewed Hacker submitted before cutoff time. Will need a cleaning for documentation * removed to requirement that the reviewer name has to be empty (now it's just filtering if hacker was created before cutoff) * clean * Use string[] parameter instead of hardcoded names --------- Co-authored-by: JAMIE XIAO <jamie.xiao.ca@gmail.com> * Added script for sending interest form emails (#954) * Added script for sending interest form emails * Usage comments * quick fixes to assignReviewers (#961) * quick fixes to assignreviewers * fixed non existant fields conditional statements for assignReviewers * need to fix: reviewer1 & 2 have same name * fixed duplicate names * cut off to dec 1 11:59 pm * update cutoff * date fix?? * add hacker id to team api response schema * new acceptance email * updated Marriott booking deadline * round 2 acceptance email template * updated rejection email * updated wording * added volunteer link * added applied status to validateStatus function * overrode email template to send declined emails to hackers with applied status (#972) * Finish hacker checkin form submit endpoint * format sheet name * remove checkin router dup * fix --------- Co-authored-by: Joshua Zhou <j.zhou11@share.epsb.ca> Co-authored-by: janekhuong <janekhuong05@gmail.com> Co-authored-by: Mika Vohl <mikavohl@gmail.com> Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> Co-authored-by: Jamie Xiao <141690843+JamieXiao@users.noreply.github.com> Co-authored-by: Tavi Pollard <45189395+tektaxi@users.noreply.github.com> Co-authored-by: Mika Vohl <103958325+MikaVohl@users.noreply.github.com> Co-authored-by: JAMIE XIAO <jamie.xiao.ca@gmail.com> Co-authored-by: Mubeen Mohammed <mubeen.mohammed@mail.mcgill.ca>
16 tasks
tektaxi
added a commit
that referenced
this pull request
Jan 17, 2026
#974) * Create checkin form submit endpoint * Finish hacker checkin form submit endpoint * Change checkin form spreadsheet * api route for checking in teams * Add devpost and discord tag field validation * Update db with devpost url * Add url validation: * added team checkin form status to settings * remove workshops * more validation * test * Updated email template dates and header logo * Added hackboard role support * Revert "Added hackboard role support" This reverts commit 481d303. * Feat/auto emails (#949) * Update email templates with tentative dates * Create service for sending automated status emails * Created function to find hacker by their status * API routing for automated emails * Cleaner code * API routing for getStatusCount function * Added emails.js logic to middleware and controller files * fixed authorization bug * Added hackboard role support * Revert "Added hackboard role support" This reverts commit 481d303. * update email dates --------- Co-authored-by: Joshua Zhou <joshuazhou744@gmail.com> Co-authored-by: Mika Vohl <mikavohl@gmail.com> Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> * Feat/create application review (#944) * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * remove uneccessary comments * not finished create app rev * Reviewer status: 1/2 works (needs to enter twice??) * Hacker Reviewer Feature * Cleaner code * Fixed Application Error: implemented reviewers values from feat/review_filter and fixed the default value errors for reviewer status, name, and comments * Fixed Application Error: implemented reviewers values from feat/review_filter and fixed the default value errors for reviewer status, name, and comments * fixed authorization issues by adding all routes to routes.constant.js with unique IDs * disable emails on status change by admin --------- Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> Co-authored-by: Tavi Pollard <45189395+tektaxi@users.noreply.github.com> * fixed merge issue with objectIDs * Added hackboard role support (#955) * Added hackboard role support * minor edits to hackboard permissions --------- Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> * Updated account invitation email content * Feat/assign reviewers (#959) * Assign 2 reviewers per unreviewed Hacker submitted before cutoff time. Will need a cleaning for documentation * removed to requirement that the reviewer name has to be empty (now it's just filtering if hacker was created before cutoff) * clean * Use string[] parameter instead of hardcoded names --------- Co-authored-by: JAMIE XIAO <jamie.xiao.ca@gmail.com> * Added script for sending interest form emails (#954) * Added script for sending interest form emails * Usage comments * quick fixes to assignReviewers (#961) * quick fixes to assignreviewers * fixed non existant fields conditional statements for assignReviewers * need to fix: reviewer1 & 2 have same name * fixed duplicate names * cut off to dec 1 11:59 pm * update cutoff * date fix?? * add hacker id to team api response schema * new acceptance email * updated Marriott booking deadline * round 2 acceptance email template * updated rejection email * updated wording * added volunteer link * added applied status to validateStatus function * overrode email template to send declined emails to hackers with applied status (#972) * Finish hacker checkin form submit endpoint * format sheet name * remove checkin router dup * fix --------- Co-authored-by: Joshua Zhou <j.zhou11@share.epsb.ca> Co-authored-by: janekhuong <janekhuong05@gmail.com> Co-authored-by: Mika Vohl <mikavohl@gmail.com> Co-authored-by: Tavi Pollard <tavienpollard@gmail.com> Co-authored-by: Jamie Xiao <141690843+JamieXiao@users.noreply.github.com> Co-authored-by: Tavi Pollard <45189395+tektaxi@users.noreply.github.com> Co-authored-by: Mika Vohl <103958325+MikaVohl@users.noreply.github.com> Co-authored-by: JAMIE XIAO <jamie.xiao.ca@gmail.com> Co-authored-by: Mubeen Mohammed <mubeen.mohammed@mail.mcgill.ca>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tickets:
List of changes:
Type of change
How has this been tested?
Create test hackers with valid email addresses. In staff dashboard, change their statuses to accepted/declined. Click "Send Emails" button, choose to send acceptance or declined emails, and then confirm.
Questions for code reviewers?
Checklist: