enable modify round api for web arena super role

Author: skyhit

actions/srmRoundManagement.js

@@ -6,15 +6,18 @@
  *
  * Changes in version 1.1 (Module Assembly - Web Arena - Match Configurations):
  * - Updated ListSRMContestRounds to send UTC time in milliseconds for registration and coding start time
+ * Changes in version 1.2 (First2Finish - TC API - Modify SRM Round API Update):
+ * - updated modifySRMContestRound to support web arena super role
  *
- * @version 1.1
+ * @version 1.2
  * @author TCSASSEMBLER
  */
 /*jslint node: true, nomen: true */
 "use strict";
 var async = require('async');
 var _ = require('underscore');
 var NotFoundError = require('../errors/NotFoundError');
+var ForbiddenError = require('../errors/ForbiddenError');
 
 /**
  * Max value for integer
@@ -613,13 +616,20 @@ exports.modifySRMContestRound = {
             helper.handleNoConnection(api, connection, next);
             return;
         }
+        if (_.isUndefined(params.auto_end)) {
+            params.auto_end = false;
+        }
         async.series([
             function (cb) {
                 console.log("oldRoundId = " + oldRoundId);
                 var error =
-                    helper.checkIdParameter(oldRoundId, 'oldRoundId') ||
-                    checkContestRound(helper, params) ||
-                    helper.checkAdmin(connection, "You need to be authorized first.", "You are forbidden for this API.");
+                        helper.checkIdParameter(oldRoundId, 'oldRoundId') ||
+                        checkContestRound(helper, params) ||
+                        helper.checkAdminOrWebArenaSuper(
+                            connection,
+                            "You need to be authorized first.",
+                            "You are forbidden for this API."
+                        );
                 cb(error);
             },
             // check if modifying round existed.
@@ -630,10 +640,12 @@ exports.modifySRMContestRound = {
                     }, dbConnectionMap),
                     function (result, cbx) {
                         if (result.length === 0) {
-                            cbx(new NotFoundError('modifying round is not existed.'));
-                        } else {
-                            cbx(null);
+                            return cbx(new NotFoundError('modifying round is not existed.'));
+                        }
+                        if (connection.caller.isWebArenaSuper && result[0].creator_id !== connection.caller.userId) {
+                            return cbx(new ForbiddenError('Round was not created by you.'));
                         }
+                        return cbx();
                     }], cb);
             },
             function (cb) {

apiary.apib

@@ -8513,6 +8513,16 @@ Request
             "description":"The request is understood, but it has been refused or access is not allowed."
         }
 
++ Response 403 (application/json)
+
+        {
+            "name":"Forbidden",
+            "value":"403",
+            "description": "The request is understood, but it has been refused or access is not allowed."
+            "details": "Round was not created by you."
+        }
+
+
 + Response 404 (application/json)
 
         {

initializers/helper.js

@@ -6,7 +6,7 @@
 /**
  * This module contains helper functions.
  * @author Sky_, Ghost_141, muzehyun, kurtrips, isv, LazyChild, hesibo, panoptimum, flytoj2ee, TCSASSEMBLER
- * @version 1.41
+ * @version 1.42
  * changes in 1.1:
  * - add mapProperties
  * changes in 1.2:
@@ -110,6 +110,8 @@
  * - Update getLowerCaseList method to use map method.
  * Changes in 1.41:
  * - Update apiName2dbNameMap to add entries for srm schedule API.
+ * Changes in 1.42:
+ * - Add checkAdminOrWebArenaSuper to check if user has web arena super role.
  */
 "use strict";
 
@@ -1412,6 +1414,20 @@ helper.checkAdmin = function (connection, unauthorizedErrMsg, forbiddenErrMsg) {
     return new ForbiddenError();
 };
 
+/**
+ * Check whether given user has web arena super role or not
+ * @param connection - the api connection object
+ * @param {String} unauthorizedErrMsg - the error message for unauthorized error.
+ * @param {String} forbiddenErrMsg - the error message for forbidden error.
+ * @return {Error} if user is not admin or does not have web arena super role.
+ */
+helper.checkAdminOrWebArenaSuper = function (connection, unauthorizedErrMsg, forbiddenErrMsg) {
+    if (connection.caller.isWebArenaSuper) {
+        return null;
+    }
+    return helper.checkAdmin(connection, unauthorizedErrMsg, forbiddenErrMsg);
+};
+
 /**
  * Check if the caller has at least member access level.
  * @param {Object} connection - the connection object.

queries/get_round_onlyid

@@ -1 +1 @@
-select round_id from round where round_id=@round_id@;
+select round_id, creator_id from round where round_id=@round_id@;

test/sqls/srmRoundManagement/informixoltp__insert_rounds

@@ -55,8 +55,8 @@ INSERT INTO contest (contest_id, name, status, group_id) VALUES (30007, "Contest
 INSERT INTO contest (contest_id, name, status, group_id) VALUES (30008, "Contest 8", "A", -1);
 INSERT INTO contest (contest_id, name, status, group_id) VALUES (30009, "Contest 9", "A", -1);
 
-INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational)
-       VALUES (40055, 30006, "Round 7", "A", 11, 'short name 7', 1, 0, 5);
+INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational, creator_id)
+       VALUES (40055, 30006, "Round 7", "A", 11, 'short name 7', 1, 0, 5, 124861);
 INSERT INTO SURVEY(survey_id, name, start_date, end_date, status_id, text)
        VALUES (40055, 'survey2', '2013-10-09 01:50:00', '2013-10-09 02:50:00', 1, 'text 2');
 INSERT INTO round_room_assignment (round_id, coders_per_room, algorithm, by_division, final, by_region, p)
@@ -82,8 +82,8 @@ INSERT INTO round_segment (round_id, segment_id, start_time, end_time, status)
 INSERT INTO room (room_id, round_id, name, division_id, room_type_id) VALUES (499154, 40055, "Admin Room", -1, 1);
 
 
-INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational)
-       VALUES (40060, 30009, "Round 8", "A", 11, 'short name 8', 1, 0, 5);
+INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational, creator_id)
+       VALUES (40060, 30009, "Round 8", "A", 11, 'short name 8', 1, 0, 5, 132456);
 INSERT INTO SURVEY(survey_id, name, start_date, end_date, status_id, text)
        VALUES (40060, 'survey3', '2013-10-09 01:50:00', '2013-10-09 02:50:00', 1, 'text 3');
 INSERT INTO round_room_assignment (round_id, coders_per_room, algorithm, by_division, final, by_region, p)
@@ -128,8 +128,8 @@ INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name
 INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational)
        VALUES (41005, 30010, "Round 5", "A", 10, 'short name 5', 1, 512, 4);
 
-INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational)
-       VALUES (41006, 30011, "Round 6", "A", 11, 'short name 6', 1, 0, 5);
+INSERT INTO round (round_id, contest_id, name, status, round_type_id, short_name, region_id, registration_limit, invitational, creator_id)
+       VALUES (41006, 30011, "Round 6", "A", 11, 'short name 6', 1, 0, 5, 124861);
 INSERT INTO SURVEY(survey_id, name, start_date, end_date, status_id, text)
        VALUES (41006, 'survey1', '2013-10-09 01:50:00', '2013-10-09 02:50:00', 1, 'text 1');
 INSERT INTO round_room_assignment (round_id, coders_per_room, algorithm, by_division, final, by_region, p)

test/test.srmRoundManagement.js

@@ -1,8 +1,12 @@
 /*
  * Copyright (C) 2014 TopCoder Inc., All Rights Reserved.
  *
- * @version 1.0
- * @author TCASSEMBLER
+ * @version 1.1
+ * @author TCASSEMBLER, TCSFINALFIXER
+ *
+ * Changes in 1.1:
+ * - Add tests 'should 403 if web arena super modifies round not his own',
+ *   'should modify own round for web arena super role'
  */
 "use strict";
 /*global describe, it, before, beforeEach, after, afterEach */
@@ -1329,8 +1333,6 @@ describe('SRM Round Management APIs', function () {
                 ], done);
             });
         });
-
-
     });
 
     describe("Modify SRM Contest Round", function () {
@@ -1445,6 +1447,20 @@ describe('SRM Round Management APIs', function () {
                 }, done);
             });
 
+            it(
+                'should 403 if web arena super modifies round not his own',
+                function (done) {
+                    var rrequest = requestClone(goodRequest);
+                    assertFail({
+                        oldRoundId: 40060,
+                        json: rrequest,
+                        status: 403,
+                        auth: testHelper.generateAuthHeader({sub: 'ad|124861'}).substring(7),
+                        message: 'Round was not created by you.'
+                    }, done);
+                }
+            );
+
             it("should return 400 when oldRoundId not a number", function (done) {
                 var rrequest = requestClone(goodRequest);
                 assertFail({
@@ -2219,7 +2235,7 @@ describe('SRM Round Management APIs', function () {
                     short_name: 'modified short name'
                 },
                     fields,
-                    touchingFields = ['invitational', 'region_id', 'registration_limit', 'round_type_id',
+                    touchingFields = ['creator_id', 'invitational', 'region_id', 'registration_limit', 'round_type_id',
                                       'short_name', 'round_id', 'contest_id', 'status'];
 
 
@@ -2257,6 +2273,61 @@ describe('SRM Round Management APIs', function () {
                     }
                 ], done);
             });
+
+
+            it('should modify own round for web arena super role', function (done) {
+                async.waterfall([
+                    _.bind(testHelper.runSqlSelectQuery, testHelper, GET_ROUND_SEQ_SQL, "informixoltp"),
+                    function (results, cb) {
+                        var oldRoundId = 41006,
+                            req = _.clone(goodRequest),
+                            jwt = testHelper.generateAuthHeader({sub: 'ad|124861'});
+                        req.id = oldRoundId;
+                        req.type.id = 24;
+                        req.name = "modify round";
+                        request(API_ENDPOINT)
+                            .put('/v2/data/srm/rounds/' + oldRoundId)
+                            .set('Accept', 'application/json')
+                            .set('Content-Type', 'application/json')
+                            .set('Authorization', jwt)
+                            .expect('Content-Type', /json/)
+                            .expect(200)
+                            .send(req)
+                            .end(function (err, res) {
+                                if (err) {
+                                    return cb(err);
+                                }
+                                testHelper.runSqlSelectQuery(
+                                    "round_id, creator_id, round_type_id, name from round where round_id = " + req.id,
+                                    "informixoltp",
+                                    function (error, results) {
+                                        if (error) {
+                                            return cb(error);
+                                        }
+                                        fs.writeFileSync("/tmp/test.log", JSON.stringify(results));
+                                        assert.ok(results && results.length === 1, "query should have succeeded.");
+                                        assert.equal(
+                                            results[0].creator_id,
+                                            124861,
+                                            "creator should be ksmith"
+                                        );
+                                        assert.equal(
+                                            results[0].round_type_id,
+                                            req.type.id,
+                                            "type should be 'Instant Match'"
+                                        );
+                                        assert.equal(
+                                            results[0].name,
+                                            req.name,
+                                            "name should be modified"
+                                        );
+                                        return cb();
+                                    }
+                                );
+                            });
+                    }
+                ], done);
+            });
         });
 
     });

test/test_files/srmRoundManagement/contest30002.json

@@ -15,7 +15,9 @@
         "id": 11,
         "desc": "Weakest Link Round"
       },
-      "segments": {
+        "segments": {
+        "codingStartTime": 1383958200000,
+        "registrationStartTime": 1381276200000,
         "registrationStart": "Oct 08, 2013 21:50 EDT",
         "registrationLength": 60,
         "registrationStatus": "A",
@@ -78,4 +80,4 @@
       }
     }
   ]
-}
+}

test/test_files/srmRoundManagement/contest30007.json

@@ -49,6 +49,8 @@
         "challengeStatus": "A",
         "codingLength": 60,
         "codingStart": "Nov 08, 2013 20:50 EST",
+        "codingStartTime": 1383958200000,
+          "registrationStartTime": 1381276200000,
         "codingStatus": "A",
         "intermissionLength": 60,
         "intermissionStatus": "A",

test/test_files/srmRoundManagement/contest30011.json

@@ -50,6 +50,8 @@
         "challengeStatus": "A",
         "codingLength": 60,
         "codingStart": "Nov 08, 2013 20:50 EST",
+        "codingStartTime": 1383958200000,
+        "registrationStartTime":1381276200000,
         "codingStatus": "A",
         "intermissionLength": 60,
         "intermissionStatus": "A",
@@ -79,4 +81,4 @@
     }
 
   ]
-}
+}