enable add round question answer api for web arena super role

skyhit · skyhit · commit e489e3a37c2a · 2015-01-22T20:29:40.000+08:00
diff --git a/actions/srmRoundQuestions.js b/actions/srmRoundQuestions.js
@@ -19,10 +19,11 @@ var _ = require('underscore');
 var moment = require('moment');
 var IllegalArgumentError = require('../errors/IllegalArgumentError');
 var NotFoundError = require('../errors/NotFoundError');
+var UnauthorizedError = require('../errors/UnauthorizedError');
+var ForbiddenError = require('../errors/ForbiddenError');
 
 var DATE_FORMAT = "YYYY-MM-DD HH:mm";
 
-
 /**
  * Get Round Question Answers.
  *
@@ -362,6 +363,7 @@ function checkAnswerValues(api, text, sortOrder, correct, callback) {
  */
 var addRoundQuestionAnswer = function (api, connection, dbConnectionMap, next) {
     var helper = api.helper,
+        caller = connection.caller,
         sqlParams = {},
         questionId = Number(connection.params.questionId),
         text = connection.params.text,
@@ -370,7 +372,15 @@ var addRoundQuestionAnswer = function (api, connection, dbConnectionMap, next) {
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
+                if (!helper.isMember(caller)) {
+                    cb(new UnauthorizedError("Authorized information needed."));
+                } else {
+                    cb(new ForbiddenError("Admin or web Arena super user only."));
+                }
+            } else {
+                cb();
+            }
         }, function (cb) {
             checkQuestionId(api, dbConnectionMap, questionId, cb);
         }, function (error, cb) {
diff --git a/test/test.srmRoundQuestions.js b/test/test.srmRoundQuestions.js
@@ -29,7 +29,8 @@ var API_ENDPOINT = process.env.API_ENDPOINT || 'http://localhost:8080',
     USER = {
         heffan       : "ad|132456",
         "super"      : "ad|132457",
-        user         : "ad|132458"
+        user         : "ad|132458",
+        ksmith       : "ad|124861"
     };
 
 
@@ -389,14 +390,19 @@ describe('SRM Round Questions APIs', function () {
             assertPostError("/v2/data/srm/questions/306/answers", null, validRequest, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertPostError("/v2/data/srm/questions/306/answers", 'user', validRequest, 403, "Admin access only.", done);
+        it("Admin or web Arena super user only.", function (done) {
+            assertPostError("/v2/data/srm/questions/306/answers", 'user', validRequest, 403, "Admin or web Arena super user only.", done);
         });
 
+        // Only admin or web arena super user can get into this step
         it("questionId should be number.", function (done) {
             assertPostError("/v2/data/srm/questions/aaa/answers", 'heffan', validRequest, 400, "questionId should be number.", done);
         });
 
+        it("questionId should be number.", function (done) {
+            assertPostError("/v2/data/srm/questions/aaa/answers", 'ksmith', validRequest, 400, "questionId should be number.", done);
+        });
+
         it("questionId should be Integer.", function (done) {
             assertPostError("/v2/data/srm/questions/30.6/answers", 'heffan', validRequest, 400, "questionId should be Integer.", done);
         });
@@ -935,4 +941,4 @@ describe('SRM Round Questions APIs', function () {
             ], done);
         });
     });
-});
+});
