Made public version of a user's LevelSessions available via endpoint.

2025-03-14 07:00:01 -04:00 · 2014-06-19 08:07:30 -07:00 · 2014-06-19 08:07:30 -07:00 · aa4832791e
commit aa4832791e
parent 548eaefae1
3 changed files with 7 additions and 4 deletions
--- a/headless_client/worker_world.coffee
+++ b/headless_client/worker_world.coffee
@ -148,7 +148,7 @@ work = () ->
      console.log "Non-UserCodeError:", error.toString() + "\n" + error.stack or error.stackTrace
      self.cleanUp()
    return true
-    
+
  self.onWorldLoadProgress = onWorldLoadProgress = (progress) ->
    #console.log "Worker onWorldLoadProgress"
    self.postMessage
--- a/server/levels/sessions/level_session_handler.coffee
+++ b/server/levels/sessions/level_session_handler.coffee
@ -9,6 +9,7 @@ class LevelSessionHandler extends Handler
  editableProperties: ['multiplayer', 'players', 'code', 'codeLanguage', 'completed', 'state',
                       'levelName', 'creatorName', 'levelID', 'screenshot',
                       'chat', 'teamSpells', 'submitted', 'unsubscribed','playtime']
+  privateProperties: ['code', 'submittedCode', 'unsubscribed']
  jsonSchema: require '../../../app/schemas/models/level_session'

  getByRelationship: (req, res, args...) ->
@ -20,7 +21,7 @@ class LevelSessionHandler extends Handler
    if req.user.isAdmin() or req.user.id is document.creator or ('employer' in req.user.get('permissions'))
      return documentObject
    else
-      return _.omit documentObject, ['submittedCode','code']
+      return _.omit documentObject, @privateProperties

  getActiveSessions: (req, res) ->
    return @sendUnauthorizedError(res) unless req.user.isAdmin()
--- a/server/users/user_handler.coffee
+++ b/server/users/user_handler.coffee
@ -236,12 +236,14 @@ UserHandler = class UserHandler extends Handler
      @sendSuccess(res, documents)

  getLevelSessions: (req, res, userID) ->
-    return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin()
    query = creator: userID
+    isAuthorized = req.user._id+'' is userID or req.user.isAdmin()
    projection = null
    if req.query.project
      projection = {}
-      projection[field] = 1 for field in req.query.project.split(',')
+      projection[field] = 1 for field in req.query.project.split(',') when isAuthorized or not (field in LevelSessionHandler.privateProperties)
+    # If no req.query.project, then LevelSessionHandler.formatEntity will remove private properties if needed.
+
    LevelSession.find(query).select(projection).exec (err, documents) =>
      return @sendDatabaseError(res, err) if err
      documents = (LevelSessionHandler.formatEntity(req, doc) for doc in documents)