Skip to content

Commit 0d2dd94

Browse files
ThomasKranitsasThomasKranitsas
committed
make challenge id optional
1 parent 2aafe7d commit 0d2dd94

File tree

1 file changed

+32
-15
lines changed

1 file changed

+32
-15
lines changed

src/services/ResourceService.js

Lines changed: 32 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -54,32 +54,49 @@ async function getResources (currentUser, challengeId, roleId, memberId, memberH
5454
perPage = perPage || config.DEFAULT_PAGE_SIZE
5555
sortBy = sortBy || 'created'
5656
sortOrder = sortOrder || 'asc'
57-
if (!validateUUID(challengeId)) {
57+
if (!challengeId && !memberId && !memberHandle) {
58+
throw new errors.BadRequestError('At least one of the following parameters is required: [challengeId, memberId, memberHandle]')
59+
}
60+
if (challengeId && !validateUUID(challengeId)) {
5861
throw new errors.BadRequestError(`Challenge ID ${challengeId} must be a valid v5 Challenge Id (UUID)`)
5962
}
60-
try {
61-
// Verify that the challenge exists
62-
await helper.getRequest(`${config.CHALLENGE_API_URL}/${challengeId}`)
63-
} catch (e) {
64-
throw new errors.NotFoundError(`Challenge ID ${challengeId} not found`)
63+
if (challengeId) {
64+
try {
65+
// Verify that the challenge exists
66+
await helper.getRequest(`${config.CHALLENGE_API_URL}/${challengeId}`)
67+
} catch (e) {
68+
throw new errors.NotFoundError(`Challenge ID ${challengeId} not found`)
69+
}
6570
}
6671

6772
const boolQuery = []
6873
const mustQuery = []
6974
let hasFullAccess
7075

7176
// Check if the user has a resource with full access on the challenge
72-
if (currentUser) {
73-
const resources = await helper.query('Resource', { challengeId })
74-
try {
75-
await checkAccess(currentUser, resources)
76-
hasFullAccess = true
77-
} catch (e) {
78-
hasFullAccess = false
77+
if (currentUser && !helper.hasAdminRole(currentUser) && !hasFullAccess) {
78+
if (challengeId) {
79+
const resources = await helper.query('Resource', { challengeId })
80+
try {
81+
await checkAccess(currentUser, resources)
82+
hasFullAccess = true
83+
} catch (e) {
84+
hasFullAccess = false
85+
}
86+
}
87+
if (memberId && memberId !== currentUser.useId) {
88+
throw new errors.ForbiddenError('You are not allowed to perform this operation!')
89+
}
90+
if (memberHandle && memberHandle !== currentUser.handle) {
91+
throw new errors.ForbiddenError('You are not allowed to perform this operation!')
7992
}
8093
}
8194

82-
boolQuery.push({ match_phrase: { challengeId } })
95+
if (challengeId) {
96+
boolQuery.push({ match_phrase: { challengeId } })
97+
} else if (!currentUser) {
98+
throw new errors.ForbiddenError('You are not allowed to perform this operation!')
99+
}
83100

84101
if (!currentUser) {
85102
// if the user is not logged in, only return resources with submitter role ID
@@ -161,7 +178,7 @@ async function getResources (currentUser, challengeId, roleId, memberId, memberH
161178

162179
getResources.schema = {
163180
currentUser: Joi.any(),
164-
challengeId: Joi.id(),
181+
challengeId: Joi.optionalId(),
165182
roleId: Joi.optionalId(),
166183
memberId: Joi.string(),
167184
memberHandle: Joi.string(),

0 commit comments

Comments
 (0)