Merge branch 'dev' of github.com:cloudspokes/tc-api into dev

skyhit · skyhit · commit f9da51c87830 · 2015-01-22T20:29:56.000+08:00
diff --git a/actions/srmRoundQuestions.js b/actions/srmRoundQuestions.js
@@ -34,12 +34,21 @@ var DATE_FORMAT = "YYYY-MM-DD HH:mm";
  */
 var getRoundQuestionAnswers = function (api, connection, dbConnectionMap, next) {
     var helper = api.helper,
+        caller = connection.caller,
         result = [],
         questionId = Number(connection.params.questionId);
 
     async.waterfall([
         function (cb) {
-            cb(helper.checkAdmin(connection, 'Authorized information needed.', 'Admin access only.'));
+            if (!helper.isAdmin(caller) && !caller.isWebArenaSuper) {
+                if (!helper.isMember(caller)) {
+                    cb(new UnauthorizedError("Authorized information needed."));
+                } else {
+                    cb(new ForbiddenError("Admin or web Arena super user only."));
+                }
+            } else {
+                cb();
+            }
         }, function (cb) {
             cb(helper.checkIdParameter(questionId, "questionId"));
         }, function (cb) {
diff --git a/test/test.srmRoundQuestions.js b/test/test.srmRoundQuestions.js
@@ -251,14 +251,19 @@ describe('SRM Round Questions APIs', function () {
             assertError("/v2/data/srm/rounds/1000000/answers", null, 401, "Authorized information needed.", done);
         });
 
-        it("Admin access only.", function (done) {
-            assertError("/v2/data/srm/rounds/1000000/answers", 'user', 403, "Admin access only.", done);
+        it("Admin or web arena only.", function (done) {
+            assertError("/v2/data/srm/rounds/1000000/answers", 'user', 403, "Admin or web Arena super user only.", done);
         });
 
+        // Only admin or web arena super user can get into this step
         it("questionId should be number.", function (done) {
             assertError("/v2/data/srm/rounds/aaa/answers", 'heffan', 400, "questionId should be number.", done);
         });
 
+        it("questionId should be number.", function (done) {
+            assertError("/v2/data/srm/rounds/aaa/answers", 'ksmith', 400, "questionId should be number.", done);
+        });
+
         it("questionId should be Integer.", function (done) {
             assertError("/v2/data/srm/rounds/100000.01/answers", 'heffan', 400, "questionId should be Integer.", done);
         });
