mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-27 17:45:40 -05:00
Remove sendUnauthorizedError, as it merely returned the same value (HTTP 403) as sendForbiddenError
This commit is contained in:
parent
121ff0a4af
commit
b9a511155e
6 changed files with 25 additions and 26 deletions
|
@ -16,7 +16,7 @@ class AchievementHandler extends Handler
|
||||||
get: (req, res) ->
|
get: (req, res) ->
|
||||||
# /db/achievement?related=<ID>
|
# /db/achievement?related=<ID>
|
||||||
if req.query.related
|
if req.query.related
|
||||||
return @sendUnauthorizedError(res) if not @hasAccess(req)
|
return @sendForbiddenError(res) if not @hasAccess(req)
|
||||||
Achievement.find {related: req.query.related}, (err, docs) =>
|
Achievement.find {related: req.query.related}, (err, docs) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
docs = (@formatEntity(req, doc) for doc in docs)
|
docs = (@formatEntity(req, doc) for doc in docs)
|
||||||
|
@ -25,7 +25,7 @@ class AchievementHandler extends Handler
|
||||||
super req, res
|
super req, res
|
||||||
|
|
||||||
delete: (req, res, slugOrID) ->
|
delete: (req, res, slugOrID) ->
|
||||||
return @sendUnauthorizedError res unless req.user?.isAdmin()
|
return @sendForbiddenError res unless req.user?.isAdmin()
|
||||||
@getDocumentForIdOrSlug slugOrID, (err, document) => # Check first
|
@getDocumentForIdOrSlug slugOrID, (err, document) => # Check first
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless document?
|
return @sendNotFoundError(res) unless document?
|
||||||
|
|
|
@ -55,7 +55,6 @@ module.exports = class Handler
|
||||||
props
|
props
|
||||||
|
|
||||||
# sending functions
|
# sending functions
|
||||||
sendUnauthorizedError: (res) -> errors.forbidden(res) #TODO: rename sendUnauthorizedError to sendForbiddenError
|
|
||||||
sendForbiddenError: (res) -> errors.forbidden(res)
|
sendForbiddenError: (res) -> errors.forbidden(res)
|
||||||
sendNotFoundError: (res, message) -> errors.notFound(res, message)
|
sendNotFoundError: (res, message) -> errors.notFound(res, message)
|
||||||
sendMethodNotAllowed: (res, message) -> errors.badMethod(res, @allowedMethods, message)
|
sendMethodNotAllowed: (res, message) -> errors.badMethod(res, @allowedMethods, message)
|
||||||
|
@ -86,7 +85,7 @@ module.exports = class Handler
|
||||||
|
|
||||||
# generic handlers
|
# generic handlers
|
||||||
get: (req, res) ->
|
get: (req, res) ->
|
||||||
@sendUnauthorizedError(res) if not @hasAccess(req)
|
@sendForbiddenError(res) if not @hasAccess(req)
|
||||||
|
|
||||||
specialParameters = ['term', 'project', 'conditions']
|
specialParameters = ['term', 'project', 'conditions']
|
||||||
|
|
||||||
|
@ -150,16 +149,16 @@ module.exports = class Handler
|
||||||
@sendSuccess(res, documents)
|
@sendSuccess(res, documents)
|
||||||
# regular users are only allowed text searches for now, without any additional filters or sorting
|
# regular users are only allowed text searches for now, without any additional filters or sorting
|
||||||
else
|
else
|
||||||
return @sendUnauthorizedError(res)
|
return @sendForbiddenError(res)
|
||||||
|
|
||||||
getById: (req, res, id) ->
|
getById: (req, res, id) ->
|
||||||
# return @sendNotFoundError(res) # for testing
|
# return @sendNotFoundError(res) # for testing
|
||||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||||
|
|
||||||
@getDocumentForIdOrSlug id, (err, document) =>
|
@getDocumentForIdOrSlug id, (err, document) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless document?
|
return @sendNotFoundError(res) unless document?
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
|
||||||
@sendSuccess(res, @formatEntity(req, document))
|
@sendSuccess(res, @formatEntity(req, document))
|
||||||
|
|
||||||
getByRelationship: (req, res, args...) ->
|
getByRelationship: (req, res, args...) ->
|
||||||
|
@ -211,7 +210,7 @@ module.exports = class Handler
|
||||||
|
|
||||||
setWatching: (req, res, id) ->
|
setWatching: (req, res, id) ->
|
||||||
@getDocumentForIdOrSlug id, (err, document) =>
|
@getDocumentForIdOrSlug id, (err, document) =>
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document, 'get')
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document, 'get')
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless document?
|
return @sendNotFoundError(res) unless document?
|
||||||
watchers = document.get('watchers') or []
|
watchers = document.get('watchers') or []
|
||||||
|
@ -263,7 +262,7 @@ module.exports = class Handler
|
||||||
args.push projection
|
args.push projection
|
||||||
@modelClass.findOne(args...).sort(sort).exec (err, doc) =>
|
@modelClass.findOne(args...).sort(sort).exec (err, doc) =>
|
||||||
return @sendNotFoundError(res) unless doc?
|
return @sendNotFoundError(res) unless doc?
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, doc)
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, doc)
|
||||||
res.send(doc)
|
res.send(doc)
|
||||||
res.end()
|
res.end()
|
||||||
|
|
||||||
|
@ -273,12 +272,12 @@ module.exports = class Handler
|
||||||
put: (req, res, id) ->
|
put: (req, res, id) ->
|
||||||
return @postNewVersion(req, res) if @modelClass.schema.uses_coco_versions
|
return @postNewVersion(req, res) if @modelClass.schema.uses_coco_versions
|
||||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||||
@getDocumentForIdOrSlug req.body._id or id, (err, document) =>
|
@getDocumentForIdOrSlug req.body._id or id, (err, document) =>
|
||||||
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless document?
|
return @sendNotFoundError(res) unless document?
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
|
||||||
@doWaterfallChecks req, document, (err, document) =>
|
@doWaterfallChecks req, document, (err, document) =>
|
||||||
return @sendError(res, err.code, err.res) if err
|
return @sendError(res, err.code, err.res) if err
|
||||||
@saveChangesToDocument req, document, (err) =>
|
@saveChangesToDocument req, document, (err) =>
|
||||||
|
@ -295,7 +294,7 @@ module.exports = class Handler
|
||||||
|
|
||||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||||
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
||||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||||
document = @makeNewInstance(req)
|
document = @makeNewInstance(req)
|
||||||
@saveChangesToDocument req, document, (err) =>
|
@saveChangesToDocument req, document, (err) =>
|
||||||
return @sendBadInputError(res, err.errors) if err?.valid is false
|
return @sendBadInputError(res, err.errors) if err?.valid is false
|
||||||
|
@ -314,7 +313,7 @@ module.exports = class Handler
|
||||||
postFirstVersion: (req, res) ->
|
postFirstVersion: (req, res) ->
|
||||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||||
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
||||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||||
document = @makeNewInstance(req)
|
document = @makeNewInstance(req)
|
||||||
document.set('original', document._id)
|
document.set('original', document._id)
|
||||||
document.set('creator', req.user._id)
|
document.set('creator', req.user._id)
|
||||||
|
@ -337,12 +336,12 @@ module.exports = class Handler
|
||||||
"""
|
"""
|
||||||
return @sendBadInputError(res, 'This entity is not versioned') unless @modelClass.schema.uses_coco_versions
|
return @sendBadInputError(res, 'This entity is not versioned') unless @modelClass.schema.uses_coco_versions
|
||||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||||
@getDocumentForIdOrSlug req.body._id, (err, parentDocument) =>
|
@getDocumentForIdOrSlug req.body._id, (err, parentDocument) =>
|
||||||
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless parentDocument?
|
return @sendNotFoundError(res) unless parentDocument?
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, parentDocument)
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, parentDocument)
|
||||||
editableProperties = @getEditableProperties req, parentDocument
|
editableProperties = @getEditableProperties req, parentDocument
|
||||||
updatedObject = parentDocument.toObject()
|
updatedObject = parentDocument.toObject()
|
||||||
for prop in editableProperties
|
for prop in editableProperties
|
||||||
|
|
|
@ -50,7 +50,7 @@ LevelHandler = class LevelHandler extends Handler
|
||||||
@getDocumentForIdOrSlug id, (err, level) =>
|
@getDocumentForIdOrSlug id, (err, level) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless level?
|
return @sendNotFoundError(res) unless level?
|
||||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, level, 'get')
|
return @sendForbiddenError(res) unless @hasAccessToDocument(req, level, 'get')
|
||||||
callback err, level
|
callback err, level
|
||||||
|
|
||||||
getSession: (req, res, id) ->
|
getSession: (req, res, id) ->
|
||||||
|
|
|
@ -20,7 +20,7 @@ class LevelSessionHandler extends Handler
|
||||||
return _.omit documentObject, @privateProperties
|
return _.omit documentObject, @privateProperties
|
||||||
|
|
||||||
getActiveSessions: (req, res) ->
|
getActiveSessions: (req, res) ->
|
||||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||||
start = new Date()
|
start = new Date()
|
||||||
start = new Date(start.getTime() - TIMEOUT)
|
start = new Date(start.getTime() - TIMEOUT)
|
||||||
query = @modelClass.find({'changed': {$gt: start}})
|
query = @modelClass.find({'changed': {$gt: start}})
|
||||||
|
|
|
@ -42,13 +42,13 @@ PatchHandler = class PatchHandler extends Handler
|
||||||
targetModel.findOne(query).sort(sort).exec (err, target) =>
|
targetModel.findOne(query).sort(sort).exec (err, target) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
return @sendNotFoundError(res) unless target?
|
return @sendNotFoundError(res) unless target?
|
||||||
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
|
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
|
||||||
|
|
||||||
if newStatus in ['rejected', 'accepted']
|
if newStatus in ['rejected', 'accepted']
|
||||||
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
|
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
|
||||||
|
|
||||||
if newStatus is 'withdrawn'
|
if newStatus is 'withdrawn'
|
||||||
return @sendUnauthorizedError(res) unless req.user.get('_id').equals patch.get('creator')
|
return @sendForbiddenError(res) unless req.user.get('_id').equals patch.get('creator')
|
||||||
|
|
||||||
patch.set 'status', newStatus
|
patch.set 'status', newStatus
|
||||||
|
|
||||||
|
|
|
@ -193,7 +193,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
super(arguments...)
|
super(arguments...)
|
||||||
|
|
||||||
agreeToCLA: (req, res) ->
|
agreeToCLA: (req, res) ->
|
||||||
return @sendUnauthorizedError(res) unless req.user
|
return @sendForbiddenError(res) unless req.user
|
||||||
doc =
|
doc =
|
||||||
user: req.user._id+''
|
user: req.user._id+''
|
||||||
email: req.user.get 'email'
|
email: req.user.get 'email'
|
||||||
|
@ -224,7 +224,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
res.end()
|
res.end()
|
||||||
|
|
||||||
getLevelSessionsForEmployer: (req, res, userID) ->
|
getLevelSessionsForEmployer: (req, res, userID) ->
|
||||||
return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
|
return @sendForbiddenError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
|
||||||
query = creator: userID, levelID: {$in: ['gridmancer', 'greed', 'dungeon-arena', 'brawlwood', 'gold-rush']}
|
query = creator: userID, levelID: {$in: ['gridmancer', 'greed', 'dungeon-arena', 'brawlwood', 'gold-rush']}
|
||||||
projection = 'levelName levelID team playtime codeLanguage submitted code totalScore teamSpells level'
|
projection = 'levelName levelID team playtime codeLanguage submitted code totalScore teamSpells level'
|
||||||
LevelSession.find(query).select(projection).exec (err, documents) =>
|
LevelSession.find(query).select(projection).exec (err, documents) =>
|
||||||
|
@ -281,7 +281,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
isMe = userID is req.user._id + ''
|
isMe = userID is req.user._id + ''
|
||||||
isAuthorized = isMe or req.user.isAdmin()
|
isAuthorized = isMe or req.user.isAdmin()
|
||||||
isAuthorized ||= ('employer' in (req.user.get('permissions') ? [])) and (activityName in ['viewed_by_employer', 'contacted_by_employer'])
|
isAuthorized ||= ('employer' in (req.user.get('permissions') ? [])) and (activityName in ['viewed_by_employer', 'contacted_by_employer'])
|
||||||
return @sendUnauthorizedError res unless isAuthorized
|
return @sendForbiddenError res unless isAuthorized
|
||||||
updateUser = (user) =>
|
updateUser = (user) =>
|
||||||
activity = user.trackActivity activityName, increment
|
activity = user.trackActivity activityName, increment
|
||||||
user.update {activity: activity}, (err) =>
|
user.update {activity: activity}, (err) =>
|
||||||
|
@ -356,7 +356,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
true
|
true
|
||||||
|
|
||||||
getEmployers: (req, res) ->
|
getEmployers: (req, res) ->
|
||||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||||
query = {employerAt: {$exists: true, $ne: ''}}
|
query = {employerAt: {$exists: true, $ne: ''}}
|
||||||
selection = 'name firstName lastName email activity signedEmployerAgreement photoURL employerAt'
|
selection = 'name firstName lastName email activity signedEmployerAgreement photoURL employerAt'
|
||||||
User.find(query).select(selection).lean().exec (err, documents) =>
|
User.find(query).select(selection).lean().exec (err, documents) =>
|
||||||
|
@ -379,7 +379,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
hash.digest('hex')
|
hash.digest('hex')
|
||||||
|
|
||||||
getRemark: (req, res, userID) ->
|
getRemark: (req, res, userID) ->
|
||||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||||
query = user: userID
|
query = user: userID
|
||||||
projection = null
|
projection = null
|
||||||
if req.query.project
|
if req.query.project
|
||||||
|
@ -392,7 +392,7 @@ UserHandler = class UserHandler extends Handler
|
||||||
|
|
||||||
searchForUser: (req, res) ->
|
searchForUser: (req, res) ->
|
||||||
# TODO: also somehow search the CLAs to find a match amongst those fields and to find GitHub ids
|
# TODO: also somehow search the CLAs to find a match amongst those fields and to find GitHub ids
|
||||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||||
search = req.body.search
|
search = req.body.search
|
||||||
query = email: {$exists: true}, $or: [
|
query = email: {$exists: true}, $or: [
|
||||||
{emailLower: search}
|
{emailLower: search}
|
||||||
|
|
Loading…
Reference in a new issue