enable get round question answers api for web arena super role

Author: skyhit

actions/srmRoundQuestions.js

@@ -19,10 +19,11 @@ var _ = require('underscore');
 var moment = require('moment');
 var IllegalArgumentError = require('../errors/IllegalArgumentError');
 var NotFoundError = require('../errors/NotFoundError');
+var UnauthorizedError = require('../errors/UnauthorizedError');
+var ForbiddenError = require('../errors/ForbiddenError');
 
 var DATE_FORMAT = "YYYY-MM-DD HH:mm";
 
-
 /**
  * Get Round Question Answers.
  *
@@ -33,12 +34,21 @@ var DATE_FORMAT = "YYYY-MM-DD HH:mm";
  */
 var getRoundQuestionAnswers = function (api, connection, dbConnectionMap, next) {
     var helper = api.helper,
+        caller = connection.caller,
         result = [],
         questionId = Number(connection.params.questionId);
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
+                if (!helper.isMember(caller)) {
+                    cb(new UnauthorizedError("Authorized information needed."));
+                } else {
+                    cb(new ForbiddenError("Admin or web Arena super user only."));
+                }
+            } else {
+                cb();
+            }
         }, function (cb) {
             cb(helper.checkIdParameter(questionId, "questionId"));
         }, function (cb) {

test/test.srmRoundQuestions.js

@@ -29,7 +29,8 @@ var API_ENDPOINT = process.env.API_ENDPOINT || 'http://localhost:8080',
     USER = {
         heffan       : "ad|132456",
         "super"      : "ad|132457",
-        user         : "ad|132458"
+        user         : "ad|132458",
+        ksmith       : "ad|124861"
     };
 
 
@@ -250,14 +251,19 @@ describe('SRM Round Questions APIs', function () {
             assertError("/v2/data/srm/rounds/1000000/answers", null, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertError("/v2/data/srm/rounds/1000000/answers", 'user', 403, "Admin access only.", done);
+        it("Admin or web arena only.", function (done) {
+            assertError("/v2/data/srm/rounds/1000000/answers", 'user', 403, "Admin or web Arena super user only.", done);
         });
 
+        // Only admin or web arena super user can get into this step
         it("questionId should be number.", function (done) {
             assertError("/v2/data/srm/rounds/aaa/answers", 'heffan', 400, "questionId should be number.", done);
         });
 
+        it("questionId should be number.", function (done) {
+            assertError("/v2/data/srm/rounds/aaa/answers", 'ksmith', 400, "questionId should be number.", done);
+        });
+
         it("questionId should be Integer.", function (done) {
             assertError("/v2/data/srm/rounds/100000.01/answers", 'heffan', 400, "questionId should be Integer.", done);
         });
@@ -935,4 +941,4 @@ describe('SRM Round Questions APIs', function () {
             ], done);
         });
     });
-});
+});