Skip to content
This repository was archived by the owner on Jan 23, 2025. It is now read-only.

Improve challenge visibility control #501

Merged
merged 4 commits into from
Jun 19, 2017
Merged

Improve challenge visibility control #501

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8842134
IMPROVE CHALLENGE VISIBILITY CONTROL
TheOsch Jun 15, 2017
b4a5dc9
Restoring an accidentially modified file
TheOsch Jun 15, 2017
445be50
Fixed the case with a challenge that doesn't have eligibility
TheOsch Jun 16, 2017
16be372
Shared the eligibility verification with challengeRegistration.
TheOsch Jun 18, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 39 additions & 20 deletions actions/challenges.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
/*
* Copyright (C) 2013 - 2014 TopCoder Inc., All Rights Reserved.
*
* @version 1.31
* @version 1.32
* @author Sky_, mekanizumu, TCSASSEMBLER, freegod, Ghost_141, kurtrips, xjtufreeman, ecnu_haozi, hesibo, LazyChild,
* @author isv, muzehyun, bugbuka
* @author isv, muzehyun, bugbuka, GFalcon
* @changes from 1.0
* merged with Member Registration API
* changes in 1.1:
Expand Down Expand Up @@ -79,9 +79,12 @@
* - Update challenge type filter.
* Changes in 1.31:
* - Remove screeningScorecardId and reviewScorecardId from search challenges api.
* Changes in 1.32:
* - validateChallenge function now checks if an user belongs to a group via
* user_group_xref for old challenges and by calling V3 API for new ones.
*/
"use strict";
/*jslint stupid: true, unparam: true, continue: true */
/*jslint stupid: true, unparam: true, continue: true, nomen: true */

require('datejs');
var fs = require('fs');
Expand Down Expand Up @@ -851,7 +854,7 @@ var addFilter = function (sql, filter, isMyChallenges, helper, caller) {
* @since 1.10
*/
function validateChallenge(api, connection, dbConnectionMap, challengeId, isStudio, callback) {
var error, sqlParams, helper = api.helper;
var error, sqlParams, helper = api.helper, userId = (connection.caller.userId || 0);
async.waterfall([
function (cb) {
error = helper.checkPositiveInteger(challengeId, 'challengeId') ||
Expand All @@ -862,31 +865,47 @@ function validateChallenge(api, connection, dbConnectionMap, challengeId, isStud
}
sqlParams = {
challengeId: challengeId,
user_id: connection.caller.userId || 0
user_id: userId
};
async.parallel({
accessibility: function (cbx) {
api.dataAccess.executeQuery('check_user_challenge_accessibility', sqlParams, dbConnectionMap, cbx);
},
exists: function (cbx) {
api.dataAccess.executeQuery('check_challenge_exists', sqlParams, dbConnectionMap, cbx);
}
}, cb);
api.dataAccess.executeQuery('get_challenge_accessibility_and_groups', sqlParams, dbConnectionMap, cb);
}, function (res, cb) {
if (res.exists.length === 0 || Boolean(res.exists[0].is_studio) !== isStudio) {
// If the record with this callengeId doesn't exist in contest_eligibility table
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TheOsch it is possible that there is no records, which mean the challenge is pubic group.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

// or there's a studio/software mismatch
if (res.length === 0 || Boolean(res[0].is_studio) !== isStudio) {
cb(new NotFoundError("Challenge not found."));
return;
}
var access = res.accessibility[0];
if (access.is_private && !access.has_access && connection.caller.accessLevel !== "admin") {
if (connection.caller.accessLevel === "anon") {
// If there's no corresponding record in group_contest_eligibility
// or the user is an admin
if (_.isNull(res[0].challenge_group_ind) || _.isUndefined(res[0].challenge_group_ind) || connection.caller.accessLevel === 'admin') {
cb();
return;
}
error = false;
async.some(res, function (record, cbx) {
if (record.challenge_group_ind === 0) {
cbx(!(_.isNull(record.user_group_xref_found) || _.isUndefined(record.user_group_xref_found)));
} else {
api.v3client.isUserInGroup(connection, userId, record.group_id, function (err, result) {
if (err) {
error = err;
cbx(true);
} else {
cbx(result);
}
});
}
}, function (eligible) {
if (error) {
cb(error);
} else if (eligible) {
cb();
} else if (connection.caller.accessLevel === "anon") {
cb(new UnauthorizedError());
} else {
cb(new ForbiddenError());
}
return;
}
cb();
});
}
], callback);
}
Expand Down
22 changes: 22 additions & 0 deletions db_scripts/test_eligibility.delete.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
DATABASE common_oltp;

DELETE FROM user_group_xref WHERE group_id > 3330000 AND group_id < 3330100;
DELETE FROM security_groups WHERE group_id > 3330000 AND group_id < 3330100;
DELETE FROM group_contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;
DELETE FROM contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;

DATABASE tcs_catalog;

DELETE FROM review_item_comment WHERE review_item_comment_id > 7770000 AND review_item_id < 7770100;
DELETE FROM review_item WHERE review_item_id > 5550000 AND review_item_id < 5550100;
DELETE FROM review WHERE review_id > 4440000 AND review_id < 4440100;
DELETE FROM scorecard_question WHERE scorecard_question_id = 3330333;
DELETE FROM scorecard_section WHERE scorecard_section_id = 3330333;
DELETE FROM scorecard_group WHERE scorecard_group_id = 3330333;
DELETE FROM scorecard WHERE scorecard_id = 3330333;
DELETE FROM submission WHERE submission_id > 2220000 AND submission_id < 2220100;
DELETE FROM prize WHERE project_id > 2220000 AND project_id < 2220100;
DELETE FROM upload WHERE project_id > 2220000 AND project_id < 2220100;
DELETE FROM resource WHERE project_id > 2220000 AND project_id < 2220100;
DELETE FROM project_phase WHERE project_id > 2220000 AND project_id < 2220100;
DELETE FROM project WHERE project_id > 2220000 AND project_id < 2220100;
133 changes: 133 additions & 0 deletions db_scripts/test_eligibility.insert.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
DATABASE tcs_catalog;

INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date)
VALUES (2220001, 1, 14, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date)
VALUES (2220002, 1, 14, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date)
VALUES (2220003, 1, 14, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date)
VALUES (2220004, 1, 14, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date)
VALUES (2220005, 1, 14, "132456", CURRENT, "132456", CURRENT);

INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
VALUES (7770001, 2220001, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
VALUES (7770002, 2220002, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
VALUES (7770003, 2220003, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
VALUES (7770004, 2220004, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
VALUES (7770005, 2220005, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);

INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
VALUES (8880001, 20, 2220001, 7770001, 132456, "132456", CURRENT, "132456", CURRENT);
INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
VALUES (8880002, 20, 2220002, 7770002, 132456, "132456", CURRENT, "132456", CURRENT);
INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
VALUES (8880003, 20, 2220003, 7770003, 132456, "132456", CURRENT, "132456", CURRENT);
INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
VALUES (8880004, 20, 2220004, 7770004, 132456, "132456", CURRENT, "132456", CURRENT);
INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
VALUES (8880005, 20, 2220005, 7770005, 132456, "132456", CURRENT, "132456", CURRENT);

INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
VALUES (9990001, 2220001, 8880001, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
VALUES (9990002, 2220002, 8880002, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
VALUES (9990003, 2220003, 8880003, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
VALUES (9990004, 2220004, 8880004, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
VALUES (9990005, 2220005, 8880005, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);

INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
VALUES (1110001, 2220001, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
VALUES (1110002, 2220002, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
VALUES (1110003, 2220003, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
VALUES (1110004, 2220004, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
VALUES (1110005, 2220005, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);

INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
VALUES (2220001, 9990001, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110001);
INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
VALUES (2220002, 9990002, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110002);
INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
VALUES (2220003, 9990003, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110003);
INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
VALUES (2220004, 9990004, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110004);
INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
VALUES (2220005, 9990005, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110005);

INSERT INTO scorecard (scorecard_id, scorecard_status_id, scorecard_type_id, project_category_id, name, version, min_score, max_score, create_user, create_date, modify_user, modify_date, version_number)
VALUES (3330333, 1, 7, 14, "---", "---", 0, 100, "132456", CURRENT, "132456", CURRENT, 1);

INSERT INTO scorecard_group (scorecard_group_id, scorecard_id, name, weight, sort, create_user, create_date, modify_user, modify_date, version)
VALUES (3330333, 3330333, "---", 100, 1, "132456", CURRENT, "132456", CURRENT, 1);

INSERT INTO scorecard_section (scorecard_section_id, scorecard_group_id, name, weight, sort, create_user, create_date, modify_user, modify_date, version)
VALUES (3330333, 3330333, "---", 100, 1, "132456", CURRENT, "132456", CURRENT, 1);

INSERT INTO scorecard_question (scorecard_question_id, scorecard_question_type_id, scorecard_section_id, description, weight, sort, upload_document, upload_document_required, create_user, create_date, modify_user, modify_date, version)
VALUES (3330333, 1, 3330333, '---', 100, 1, 0, 0, "132456", CURRENT, "132456", CURRENT, 1);

INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
VALUES (4440001, 8880001, 2220001, 7770001, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
VALUES (4440002, 8880002, 2220002, 7770002, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
VALUES (4440003, 8880003, 2220003, 7770003, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
VALUES (4440004, 8880004, 2220004, 7770004, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
VALUES (4440005, 8880005, 2220005, 7770005, 3330333, 1, "132456", CURRENT, "132456", CURRENT);

INSERT INTO review_item (review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
VALUES (5550001, 4440001, 3330333, 9990001, "---", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item (review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
VALUES (5550002, 4440002, 3330333, 9990002, "---", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item (review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
VALUES (5550003, 4440003, 3330333, 9990003, "---", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item (review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
VALUES (5550004, 4440004, 3330333, 9990004, "---", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item (review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
VALUES (5550005, 4440005, 3330333, 9990005, "---", 1, "132456", CURRENT, "132456", CURRENT);


INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
VALUES (7770001, 8880001, 5550001, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
VALUES (7770002, 8880002, 5550002, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
VALUES (7770003, 8880003, 5550003, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
VALUES (7770004, 8880004, 5550004, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
VALUES (7770005, 8880005, 5550005, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);

DATABASE common_oltp;

INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110001, 2220001, 0);
INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110002, 2220002, 0);
INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110003, 2220003, 0);
INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110004, 2220004, 0);
INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110005, 2220005, 0);

INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330001, "Eligibility - Old logic - with user", 0);
INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330002, "Eligibility - Old logic - no users", 0);
INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330003, "Eligibility - New logic - with user", 1);
INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330004, "Eligibility - New logic - no users", 1);

INSERT INTO user_group_xref (user_group_id, login_id, group_id) VALUES (5550001, 132458, 3330001);

INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110002, 3330001);
INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110003, 3330002);
INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110004, 3330003);
INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110005, 3330004);
Binary file added docs/Verification_Guide-Improve Challenge Visibility Control.doc
View file
Open in desktop
Binary file not shown.
Loading