enable add round question api for web arena super role

skyhit · skyhit · commit c05286a94f15 · 2015-01-22T20:33:34.000+08:00
diff --git a/actions/srmRoundQuestions.js b/actions/srmRoundQuestions.js
@@ -19,6 +19,8 @@ var _ = require('underscore');
 var moment = require('moment');
 var IllegalArgumentError = require('../errors/IllegalArgumentError');
 var NotFoundError = require('../errors/NotFoundError');
+var UnauthorizedError = require('../errors/UnauthorizedError');
+var ForbiddenError = require('../errors/ForbiddenError');
 
 var DATE_FORMAT = "YYYY-MM-DD HH:mm";
 
@@ -277,6 +279,28 @@ var setRoundSurvey = function (api, connection, dbConnectionMap, next) {
     });
 };
 
+/**
+ * Check if user authorized and is admin or web Arena super user
+ *
+ * @param api the api instance.
+ * @param the connection instance
+ * @param callback the callback method
+ */
+function checkAuthorization(api, connection, callback) {
+    var helper = api.helper,
+        caller = connection.caller;
+
+    if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
+        if (!helper.isMember(caller)) {
+            callback(new UnauthorizedError("Authorized information needed."));
+        } else {
+            callback(new ForbiddenError("Admin or web Arena super user only."));
+        }
+    } else {
+        callback();
+    }
+}
+
 /**
  * Check question id.
  *
@@ -515,7 +539,7 @@ var addRoundQuestion = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            checkAuthorization(api, connection, cb);
         }, function (cb) {
             checkRoundId(api, dbConnectionMap, roundId, cb);
         }, function (error, cb) {
diff --git a/test/test.srmRoundQuestions.js b/test/test.srmRoundQuestions.js
@@ -29,7 +29,8 @@ var API_ENDPOINT = process.env.API_ENDPOINT || 'http://localhost:8080',
     USER = {
         heffan       : "ad|132456",
         "super"      : "ad|132457",
-        user         : "ad|132458"
+        user         : "ad|132458",
+        ksmith       : "ad|124861"
     };
 
 
@@ -454,12 +455,14 @@ describe('SRM Round Questions APIs', function () {
             assertPostError("/v2/data/srm/rounds/13673/questions", null, validRequest, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertPostError("/v2/data/srm/rounds/13673/questions", 'user', validRequest, 403, "Admin access only.", done);
+        it("Admin or web Arena super user only.", function (done) {
+            assertPostError("/v2/data/srm/rounds/13673/questions", 'user', validRequest, 403, "Admin or web Arena super user only.", done);
         });
 
+        // Only admin or web arena super user can get into this step
         it("roundId should be number.", function (done) {
             assertPostError("/v2/data/srm/rounds/aaa/questions", 'heffan', validRequest, 400, "roundId should be number.", done);
+            assertPostError("/v2/data/srm/rounds/aaa/questions", 'ksmith', validRequest, 400, "roundId should be number.", done);
         });
 
         it("roundId should be Integer.", function (done) {
@@ -935,4 +938,4 @@ describe('SRM Round Questions APIs', function () {
             ], done);
         });
     });
-});
+});
