Skip to content
This repository has been archived by the owner on Jan 23, 2025. It is now read-only.

Commit

Permalink
More eligibility and group updates (#506)
Browse files Browse the repository at this point in the history 
* Improve challenge visibility control (#501)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* improve the query

* update query for groups (#502)

* Update queries (#503)

improve logging for v3 api call

* should use externalToken field name

* update queries for group checking

* Improve challenge visibility control: getChallenge and getRegistrants (#504)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* Improve challenge visibility control: getChallenge and getRegistrants

* revert commit
  • Loading branch information
@ajefts @skyhit
ajefts authored and skyhit committed Jun 20, 2017
1 parent a81d5d7 commit 00bac23
Show file tree
Hide file tree
Showing 7 changed files with 708 additions and 78 deletions.
95 changes: 46 additions & 49 deletions actions/challenges.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@
* Changes in 1.31:
* - Remove screeningScorecardId and reviewScorecardId from search challenges api.
* Changes in 1.32:
* - validateChallenge function now checks if an user belongs to a group via
* user_group_xref for old challenges and by calling V3 API for new ones.
* - validateChallenge, getRegistrants, getChallenge, getSubmissions and getPhases functions now check
* if an user belongs to a group via user_group_xref for old challenges and by calling V3 API for new ones.
*/
"use strict";
/*jslint stupid: true, unparam: true, continue: true, nomen: true */
Expand Down Expand Up @@ -1081,19 +1081,20 @@ var getChallenge = function (api, connection, dbConnectionMap, isStudio, next) {
};

// Do the private check.
api.challengeHelper.checkUserChallengeEligibility(
connection,
connection.params.challengeId,
cb
);
}, function (cb) {
api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
}, function (result, cb) {
if (result[0].is_private && !result[0].has_access) {
cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
return;
}

if (result[0].is_manager) {
isManager = true;
}

// If the user has the access to the challenge or is a resource for the challenge then he is related with this challenge.
if (result[0].has_access || result[0].is_related || isManager || helper.isAdmin(caller)) {
if (result[0].is_private || result[0].is_related || isManager || helper.isAdmin(caller)) {
isRelated = true;
}

Expand Down Expand Up @@ -3342,33 +3343,32 @@ var getRegistrants = function (api, connection, dbConnectionMap, isStudio, next)
};

// Do the private check.
api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
}, function (result, cb) {
if (result[0].is_private && !result[0].has_access) {
cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
return;
}

api.challengeHelper.checkUserChallengeEligibility(
connection,
connection.params.challengeId,
cb
);
}, function (cb) {
api.dataAccess.executeQuery('challenge_registrants', sqlParams, dbConnectionMap, cb);
}, function (results, cb) {
var mapRegistrants = function (results) {
if (!_.isDefined(results)) {
return [];
if (!_.isDefined(results)) {
return [];
}
return _.map(results, function (item) {
var registrant = {
handle: item.handle,
reliability: !_.isDefined(item.reliability) ? "n/a" : item.reliability + "%",
registrationDate: formatDate(item.inquiry_date),
submissionDate: formatDate(item.submission_date)
};
if (!isStudio) {
registrant.rating = item.rating;
registrant.colorStyle = helper.getColorStyle(item.rating);
}
return _.map(results, function (item) {
var registrant = {
handle: item.handle,
reliability: !_.isDefined(item.reliability) ? "n/a" : item.reliability + "%",
registrationDate: formatDate(item.inquiry_date),
submissionDate: formatDate(item.submission_date)
};
if (!isStudio) {
registrant.rating = item.rating;
registrant.colorStyle = helper.getColorStyle(item.rating);
}
return registrant;
});
};
return registrant;
});
};
registrants = mapRegistrants(results);
cb();
}
Expand Down Expand Up @@ -3440,18 +3440,16 @@ var getSubmissions = function (api, connection, dbConnectionMap, isStudio, next)
submission_type: [helper.SUBMISSION_TYPE.challenge.id, helper.SUBMISSION_TYPE.checkpoint.id]
};

async.parallel({
privateCheck: execQuery("check_is_related_with_challenge"),
challengeStatus: execQuery("get_challenge_status")
}, cb);
}, function (result, cb) {
if (result.privateCheck[0].is_private && !result.privateCheck[0].has_access) {
cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
return;
}

api.challengeHelper.checkUserChallengeEligibility(
connection,
connection.params.challengeId,
cb
);
},
execQuery("get_challenge_status"),
function (result, cb) {
// If the caller is not admin and challenge status is still active.
if (!helper.isAdmin(caller) && result.challengeStatus[0].challenge_status_id === 1) {
if (!helper.isAdmin(caller) && result[0].challenge_status_id === 1) {
cb(new BadRequestError("The challenge is not finished."));
return;
}
Expand Down Expand Up @@ -3567,13 +3565,12 @@ var getPhases = function (api, connection, dbConnectionMap, isStudio, next) {
};

// Do the private check.
api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
}, function (result, cb) {
if (result[0].is_private && !result[0].has_access) {
cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
return;
}

api.challengeHelper.checkUserChallengeEligibility(
connection,
connection.params.challengeId,
cb
);
}, function (cb) {
var execQuery = function (name) {
return function (cbx) {
api.dataAccess.executeQuery(name, sqlParams, dbConnectionMap, cbx);
Expand Down
21 changes: 16 additions & 5 deletions db_scripts/test_eligibility.insert.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,16 +151,27 @@ INSERT INTO project_info (project_id, project_info_type_id, value, create_user,
VALUES (1110005, 2, "3330333", "132456", CURRENT, "132456", CURRENT);

INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110001, 6, 3330333, "Not private", CURRENT, "132456", CURRENT);
VALUES (1110001, 6, "Not private", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110002, 6, 3330333, "Old logic - access allowed", CURRENT, "132456", CURRENT);
VALUES (1110002, 6, "Old logic - access allowed", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110003, 6, 3330333, "Old logic - access denied", CURRENT, "132456", CURRENT);
VALUES (1110003, 6, "Old logic - access denied", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110004, 6, 3330333, "New logic - access allowed", CURRENT, "132456", CURRENT);
VALUES (1110004, 6, "New logic - access allowed", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110005, 6, 3330333, "New logic - access denied", CURRENT, "132456", CURRENT);
VALUES (1110005, 6, "New logic - access denied", "132456", CURRENT, "132456", CURRENT);

INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110001, 26, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110002, 26, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110003, 26, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110004, 26, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110005, 26, "---", "132456", CURRENT, "132456", CURRENT);

INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
VALUES (1110001, 79, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
Expand Down
Binary file modified docs/Verification_Guide-Improve Challenge Visibility Control.doc
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion initializers/challengeHelper.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ exports.challengeHelper = function (api, next) {
} else if (connection.caller.accessLevel === "anon") {
next(new UnauthorizedError());
} else {
next(new ForbiddenError());
next(new ForbiddenError('The user is not allowed to visit the challenge.'));
}
});
});
Expand Down
26 changes: 13 additions & 13 deletions queries/check_is_related_with_challenge
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
SELECT
(SELECT
1
max(1)
FROM contest_eligibility ce
INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
INNER JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
WHERE ce.contest_id = @challengeId@
AND ((ugx.login_id = @user_id@ AND gce.group_id < 2000000) OR gce.group_id >= 2000000)) AS has_access
) AS is_private
, (SELECT
1
FROM contest_eligibility ce
WHERE ce.contest_id = @challengeId@) AS is_private
, (
SELECT
decode(max(ri.value), null, null, 1)
FROM resource r
INNER JOIN resource_info ri ON ri.resource_id = r.resource_id AND ri.resource_info_type_id = 1
INNER JOIN resource_info ri ON ri.resource_id = r.resource_id AND ri.resource_info_type_id = 1
WHERE r.project_id = @challengeId@
AND ri.value = @user_id@) AS is_related
, (SELECT max(project_metadata_id) FROM direct_project_metadata m, project p
WHERE metadata_value = @user_id@ AND p.tc_direct_project_id = m.tc_direct_project_id and p.project_id = @challengeId@ AND project_metadata_key_id IN (1, 2, 14)) AS is_manager
AND ri.value = @user_id@
) AS is_related
, (SELECT
max(project_metadata_id)
FROM direct_project_metadata m, project p
WHERE metadata_value = @user_id@
AND p.tc_direct_project_id = m.tc_direct_project_id
AND p.project_id = @challengeId@
AND project_metadata_key_id IN (1, 2, 14)
) AS is_manager
FROM dual
2 changes: 1 addition & 1 deletion queries/check_user_challenge_accessibility
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
SELECT
(SELECT
1
max(1)
FROM contest_eligibility ce
INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
LEFT JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
Expand Down
Loading

0 comments on commit 00bac23

Please sign in to comment.