Remove sendUnauthorizedError, as it merely returned the same value (HTTP 403) as sendForbiddenError

This commit is contained in:
David Beckley 2014-09-19 02:26:18 -07:00
parent 121ff0a4af
commit b9a511155e
6 changed files with 25 additions and 26 deletions

View file

@ -16,7 +16,7 @@ class AchievementHandler extends Handler
get: (req, res) ->
# /db/achievement?related=<ID>
if req.query.related
return @sendUnauthorizedError(res) if not @hasAccess(req)
return @sendForbiddenError(res) if not @hasAccess(req)
Achievement.find {related: req.query.related}, (err, docs) =>
return @sendDatabaseError(res, err) if err
docs = (@formatEntity(req, doc) for doc in docs)
@ -25,7 +25,7 @@ class AchievementHandler extends Handler
super req, res
delete: (req, res, slugOrID) ->
return @sendUnauthorizedError res unless req.user?.isAdmin()
return @sendForbiddenError res unless req.user?.isAdmin()
@getDocumentForIdOrSlug slugOrID, (err, document) => # Check first
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless document?

View file

@ -55,7 +55,6 @@ module.exports = class Handler
props
# sending functions
sendUnauthorizedError: (res) -> errors.forbidden(res) #TODO: rename sendUnauthorizedError to sendForbiddenError
sendForbiddenError: (res) -> errors.forbidden(res)
sendNotFoundError: (res, message) -> errors.notFound(res, message)
sendMethodNotAllowed: (res, message) -> errors.badMethod(res, @allowedMethods, message)
@ -86,7 +85,7 @@ module.exports = class Handler
# generic handlers
get: (req, res) ->
@sendUnauthorizedError(res) if not @hasAccess(req)
@sendForbiddenError(res) if not @hasAccess(req)
specialParameters = ['term', 'project', 'conditions']
@ -150,16 +149,16 @@ module.exports = class Handler
@sendSuccess(res, documents)
# regular users are only allowed text searches for now, without any additional filters or sorting
else
return @sendUnauthorizedError(res)
return @sendForbiddenError(res)
getById: (req, res, id) ->
# return @sendNotFoundError(res) # for testing
return @sendUnauthorizedError(res) unless @hasAccess(req)
return @sendForbiddenError(res) unless @hasAccess(req)
@getDocumentForIdOrSlug id, (err, document) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless document?
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
@sendSuccess(res, @formatEntity(req, document))
getByRelationship: (req, res, args...) ->
@ -211,7 +210,7 @@ module.exports = class Handler
setWatching: (req, res, id) ->
@getDocumentForIdOrSlug id, (err, document) =>
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document, 'get')
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document, 'get')
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless document?
watchers = document.get('watchers') or []
@ -263,7 +262,7 @@ module.exports = class Handler
args.push projection
@modelClass.findOne(args...).sort(sort).exec (err, doc) =>
return @sendNotFoundError(res) unless doc?
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, doc)
return @sendForbiddenError(res) unless @hasAccessToDocument(req, doc)
res.send(doc)
res.end()
@ -273,12 +272,12 @@ module.exports = class Handler
put: (req, res, id) ->
return @postNewVersion(req, res) if @modelClass.schema.uses_coco_versions
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
return @sendUnauthorizedError(res) unless @hasAccess(req)
return @sendForbiddenError(res) unless @hasAccess(req)
@getDocumentForIdOrSlug req.body._id or id, (err, document) =>
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless document?
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
@doWaterfallChecks req, document, (err, document) =>
return @sendError(res, err.code, err.res) if err
@saveChangesToDocument req, document, (err) =>
@ -295,7 +294,7 @@ module.exports = class Handler
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
return @sendBadInputError(res, 'id should not be included.') if req.body._id
return @sendUnauthorizedError(res) unless @hasAccess(req)
return @sendForbiddenError(res) unless @hasAccess(req)
document = @makeNewInstance(req)
@saveChangesToDocument req, document, (err) =>
return @sendBadInputError(res, err.errors) if err?.valid is false
@ -314,7 +313,7 @@ module.exports = class Handler
postFirstVersion: (req, res) ->
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
return @sendBadInputError(res, 'id should not be included.') if req.body._id
return @sendUnauthorizedError(res) unless @hasAccess(req)
return @sendForbiddenError(res) unless @hasAccess(req)
document = @makeNewInstance(req)
document.set('original', document._id)
document.set('creator', req.user._id)
@ -337,12 +336,12 @@ module.exports = class Handler
"""
return @sendBadInputError(res, 'This entity is not versioned') unless @modelClass.schema.uses_coco_versions
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
return @sendUnauthorizedError(res) unless @hasAccess(req)
return @sendForbiddenError(res) unless @hasAccess(req)
@getDocumentForIdOrSlug req.body._id, (err, parentDocument) =>
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless parentDocument?
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, parentDocument)
return @sendForbiddenError(res) unless @hasAccessToDocument(req, parentDocument)
editableProperties = @getEditableProperties req, parentDocument
updatedObject = parentDocument.toObject()
for prop in editableProperties

View file

@ -50,7 +50,7 @@ LevelHandler = class LevelHandler extends Handler
@getDocumentForIdOrSlug id, (err, level) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless level?
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, level, 'get')
return @sendForbiddenError(res) unless @hasAccessToDocument(req, level, 'get')
callback err, level
getSession: (req, res, id) ->

View file

@ -20,7 +20,7 @@ class LevelSessionHandler extends Handler
return _.omit documentObject, @privateProperties
getActiveSessions: (req, res) ->
return @sendUnauthorizedError(res) unless req.user.isAdmin()
return @sendForbiddenError(res) unless req.user.isAdmin()
start = new Date()
start = new Date(start.getTime() - TIMEOUT)
query = @modelClass.find({'changed': {$gt: start}})

View file

@ -42,13 +42,13 @@ PatchHandler = class PatchHandler extends Handler
targetModel.findOne(query).sort(sort).exec (err, target) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless target?
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
if newStatus in ['rejected', 'accepted']
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
if newStatus is 'withdrawn'
return @sendUnauthorizedError(res) unless req.user.get('_id').equals patch.get('creator')
return @sendForbiddenError(res) unless req.user.get('_id').equals patch.get('creator')
patch.set 'status', newStatus

View file

@ -193,7 +193,7 @@ UserHandler = class UserHandler extends Handler
super(arguments...)
agreeToCLA: (req, res) ->
return @sendUnauthorizedError(res) unless req.user
return @sendForbiddenError(res) unless req.user
doc =
user: req.user._id+''
email: req.user.get 'email'
@ -224,7 +224,7 @@ UserHandler = class UserHandler extends Handler
res.end()
getLevelSessionsForEmployer: (req, res, userID) ->
return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
return @sendForbiddenError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
query = creator: userID, levelID: {$in: ['gridmancer', 'greed', 'dungeon-arena', 'brawlwood', 'gold-rush']}
projection = 'levelName levelID team playtime codeLanguage submitted code totalScore teamSpells level'
LevelSession.find(query).select(projection).exec (err, documents) =>
@ -281,7 +281,7 @@ UserHandler = class UserHandler extends Handler
isMe = userID is req.user._id + ''
isAuthorized = isMe or req.user.isAdmin()
isAuthorized ||= ('employer' in (req.user.get('permissions') ? [])) and (activityName in ['viewed_by_employer', 'contacted_by_employer'])
return @sendUnauthorizedError res unless isAuthorized
return @sendForbiddenError res unless isAuthorized
updateUser = (user) =>
activity = user.trackActivity activityName, increment
user.update {activity: activity}, (err) =>
@ -356,7 +356,7 @@ UserHandler = class UserHandler extends Handler
true
getEmployers: (req, res) ->
return @sendUnauthorizedError(res) unless req.user.isAdmin()
return @sendForbiddenError(res) unless req.user.isAdmin()
query = {employerAt: {$exists: true, $ne: ''}}
selection = 'name firstName lastName email activity signedEmployerAgreement photoURL employerAt'
User.find(query).select(selection).lean().exec (err, documents) =>
@ -379,7 +379,7 @@ UserHandler = class UserHandler extends Handler
hash.digest('hex')
getRemark: (req, res, userID) ->
return @sendUnauthorizedError(res) unless req.user.isAdmin()
return @sendForbiddenError(res) unless req.user.isAdmin()
query = user: userID
projection = null
if req.query.project
@ -392,7 +392,7 @@ UserHandler = class UserHandler extends Handler
searchForUser: (req, res) ->
# TODO: also somehow search the CLAs to find a match amongst those fields and to find GitHub ids
return @sendUnauthorizedError(res) unless req.user.isAdmin()
return @sendForbiddenError(res) unless req.user.isAdmin()
search = req.body.search
query = email: {$exists: true}, $or: [
{emailLower: search}