enable round question apis for web arena super role

Author: cheuk-fung

actions/srmRoundQuestions.js

@@ -19,11 +19,16 @@ var _ = require('underscore');
 var moment = require('moment');
 var IllegalArgumentError = require('../errors/IllegalArgumentError');
 var NotFoundError = require('../errors/NotFoundError');
-var UnauthorizedError = require('../errors/UnauthorizedError');
-var ForbiddenError = require('../errors/ForbiddenError');
 
 var DATE_FORMAT = "YYYY-MM-DD HH:mm";
 
+/**
+ * Error messages
+ */
+var NON_ADMIN_MESSAGE = "Admin access only.",
+    NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE = "Admin or web Arena super user only.",
+    UNAUTHORIZED_MESSAGE = "Authorized information needed.";
+
 /**
  * Get Round Question Answers.
  *
@@ -40,15 +45,7 @@ var getRoundQuestionAnswers = function (api, connection, dbConnectionMap, next)
 
     async.waterfall([
         function (cb) {
-            if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
-                if (!helper.isMember(caller)) {
-                    cb(new UnauthorizedError("Authorized information needed."));
-                } else {
-                    cb(new ForbiddenError("Admin or web Arena super user only."));
-                }
-            } else {
-                cb();
-            }
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             cb(helper.checkIdParameter(questionId, "questionId"));
         }, function (cb) {
@@ -88,7 +85,7 @@ var getRoundQuestions = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             cb(helper.checkIdParameter(roundId, "roundId"));
         }, function (cb) {
@@ -287,28 +284,6 @@ var setRoundSurvey = function (api, connection, dbConnectionMap, next) {
     });
 };
 
-/**
- * Check if user authorized and is admin or web Arena super user
- *
- * @param api the api instance.
- * @param the connection instance
- * @param callback the callback method
- */
-function checkAuthorization(api, connection, callback) {
-    var helper = api.helper,
-        caller = connection.caller;
-
-    if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
-        if (!helper.isMember(caller)) {
-            callback(new UnauthorizedError("Authorized information needed."));
-        } else {
-            callback(new ForbiddenError("Admin or web Arena super user only."));
-        }
-    } else {
-        callback();
-    }
-}
-
 /**
  * Check question id.
  *
@@ -403,15 +378,7 @@ var addRoundQuestionAnswer = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
-                if (!helper.isMember(caller)) {
-                    cb(new UnauthorizedError("Authorized information needed."));
-                } else {
-                    cb(new ForbiddenError("Admin or web Arena super user only."));
-                }
-            } else {
-                cb();
-            }
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             checkQuestionId(api, dbConnectionMap, questionId, cb);
         }, function (error, cb) {
@@ -556,7 +523,7 @@ var addRoundQuestion = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            checkAuthorization(api, connection, cb);
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             checkRoundId(api, dbConnectionMap, roundId, cb);
         }, function (error, cb) {
@@ -620,7 +587,7 @@ var modifyRoundQuestion = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             checkQuestionId(api, dbConnectionMap, questionId, cb);
         }, function (error, cb) {
@@ -659,7 +626,7 @@ var deleteRoundQuestion = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             checkQuestionId(api, dbConnectionMap, questionId, cb);
         }, function (error, cb) {
@@ -731,7 +698,7 @@ var modifyRoundQuestionAnswer = function (api, connection, dbConnectionMap, next
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             checkAnswerValues(api, text, sortOrder, correct, cb);
         }, function (error, cb) {
@@ -768,7 +735,7 @@ var deleteRoundQuestionAnswer = function (api, connection, dbConnectionMap, next
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            cb(helper.checkAdminOrWebArenaSuper(connection, UNAUTHORIZED_MESSAGE, NON_ADMIN_OR_WEB_ARENA_SUPER_MESSAGE));
         }, function (cb) {
             cb(helper.checkIdParameter(answerId, 'answerId'));
         }, function (cb) {

test/test.srmRoundQuestions.js

@@ -30,7 +30,7 @@ var API_ENDPOINT = process.env.API_ENDPOINT || 'http://localhost:8080',
         heffan       : "ad|132456",
         "super"      : "ad|132457",
         user         : "ad|132458",
-        ksmith       : "ad|124861"
+        ksmith       : "ad|124861" // web arena super user
     };
 
 
@@ -70,7 +70,7 @@ function createRequest(queryString, user) {
  */
 function createPostRequest(queryString, user) {
     var req = request(API_ENDPOINT)
-        .put(queryString)
+        .post(queryString)
         .set("Accept", "application/json")
         .expect("Content-Type", /json/);
     if (user) {
@@ -222,14 +222,18 @@ describe('SRM Round Questions APIs', function () {
             assertError("/v2/data/srm/rounds/13673/questions", null, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertError("/v2/data/srm/rounds/13673/questions", 'user', 403, "Admin access only.", done);
+        it("Admin or web Arena super user only.", function (done) {
+            assertError("/v2/data/srm/rounds/13673/questions", 'user', 403, "Admin or web Arena super user only.", done);
         });
 
         it("roundId should be number.", function (done) {
             assertError("/v2/data/srm/rounds/roundId/questions", 'heffan', 400, "roundId should be number.", done);
         });
 
+        it("roundId should be number (with web Arena super user).", function (done) {
+            assertError("/v2/data/srm/rounds/roundId/questions", 'ksmith', 400, "roundId should be number.", done);
+        });
+
         it("roundId should be Integer.", function (done) {
             assertError("/v2/data/srm/rounds/13673.01/questions", 'heffan', 400, "roundId should be Integer.", done);
         });
@@ -255,12 +259,11 @@ describe('SRM Round Questions APIs', function () {
             assertError("/v2/data/srm/rounds/1000000/answers", 'user', 403, "Admin or web Arena super user only.", done);
         });
 
-        // Only admin or web arena super user can get into this step
         it("questionId should be number.", function (done) {
             assertError("/v2/data/srm/rounds/aaa/answers", 'heffan', 400, "questionId should be number.", done);
         });
 
-        it("questionId should be number.", function (done) {
+        it("questionId should be number (with web Arena super user).", function (done) {
             assertError("/v2/data/srm/rounds/aaa/answers", 'ksmith', 400, "questionId should be number.", done);
         });
 
@@ -399,12 +402,11 @@ describe('SRM Round Questions APIs', function () {
             assertPostError("/v2/data/srm/questions/306/answers", 'user', validRequest, 403, "Admin or web Arena super user only.", done);
         });
 
-        // Only admin or web arena super user can get into this step
         it("questionId should be number.", function (done) {
             assertPostError("/v2/data/srm/questions/aaa/answers", 'heffan', validRequest, 400, "questionId should be number.", done);
         });
 
-        it("questionId should be number.", function (done) {
+        it("questionId should be number (with web Arena super user).", function (done) {
             assertPostError("/v2/data/srm/questions/aaa/answers", 'ksmith', validRequest, 400, "questionId should be number.", done);
         });
 
@@ -469,9 +471,11 @@ describe('SRM Round Questions APIs', function () {
             assertPostError("/v2/data/srm/rounds/13673/questions", 'user', validRequest, 403, "Admin or web Arena super user only.", done);
         });
 
-        // Only admin or web arena super user can get into this step
         it("roundId should be number.", function (done) {
             assertPostError("/v2/data/srm/rounds/aaa/questions", 'heffan', validRequest, 400, "roundId should be number.", done);
+        });
+
+        it("roundId should be number (with web Arena super user).", function (done) {
             assertPostError("/v2/data/srm/rounds/aaa/questions", 'ksmith', validRequest, 400, "roundId should be number.", done);
         });
 
@@ -587,14 +591,18 @@ describe('SRM Round Questions APIs', function () {
             assertPostError("/v2/data/srm/rounds/306/question", null, validRequest, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertPostError("/v2/data/srm/rounds/306/question", 'user', validRequest, 403, "Admin access only.", done);
+        it("Admin or web Arena super user only.", function (done) {
+            assertPostError("/v2/data/srm/rounds/306/question", 'user', validRequest, 403, "Admin or web Arena super user only.", done);
         });
 
         it("questionId should be number.", function (done) {
             assertPostError("/v2/data/srm/rounds/aaa/question", 'heffan', validRequest, 400, "questionId should be number.", done);
         });
 
+        it("questionId should be number (with web Arena super user).", function (done) {
+            assertPostError("/v2/data/srm/rounds/aaa/question", 'ksmith', validRequest, 400, "questionId should be number.", done);
+        });
+
         it("questionId should be Integer.", function (done) {
             assertPostError("/v2/data/srm/rounds/30.6/question", 'heffan', validRequest, 400, "questionId should be Integer.", done);
         });
@@ -697,14 +705,18 @@ describe('SRM Round Questions APIs', function () {
             assertDeleteError("/v2/data/srm/rounds/306/question", null, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertDeleteError("/v2/data/srm/rounds/306/question", 'user', 403, "Admin access only.", done);
+        it("Admin or web Arena super user only.", function (done) {
+            assertDeleteError("/v2/data/srm/rounds/306/question", 'user', 403, "Admin or web Arena super user only.", done);
         });
 
         it("questionId should be number.", function (done) {
             assertDeleteError("/v2/data/srm/rounds/aaa/question", 'heffan', 400, "questionId should be number.", done);
         });
 
+        it("questionId should be number  (with web Arena super user).", function (done) {
+            assertDeleteError("/v2/data/srm/rounds/aaa/question", 'ksmith', 400, "questionId should be number.", done);
+        });
+
         it("questionId should be Integer.", function (done) {
             assertDeleteError("/v2/data/srm/rounds/30.6/question", 'heffan', 400, "questionId should be Integer.", done);
         });