mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-23 23:58:02 -05:00
Merge pull request #1576 from ThatOtherPerson/fix-misnaming
Renamed sendUnauthorizedUser to sendForbiddenError
This commit is contained in:
Nick Winter
commit
bbb6300f1f
6 changed files with 25 additions and 26 deletions
|
|
@ -16,7 +16,7 @@ class AchievementHandler extends Handler
|
|||
get: (req, res) ->
|
||||
# /db/achievement?related=<ID>
|
||||
if req.query.related
|
||||
return @sendUnauthorizedError(res) if not @hasAccess(req)
|
||||
return @sendForbiddenError(res) if not @hasAccess(req)
|
||||
Achievement.find {related: req.query.related}, (err, docs) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
docs = (@formatEntity(req, doc) for doc in docs)
|
||||
|
|
@ -25,7 +25,7 @@ class AchievementHandler extends Handler
|
|||
super req, res
|
||||
|
||||
delete: (req, res, slugOrID) ->
|
||||
return @sendUnauthorizedError res unless req.user?.isAdmin()
|
||||
return @sendForbiddenError res unless req.user?.isAdmin()
|
||||
@getDocumentForIdOrSlug slugOrID, (err, document) => # Check first
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless document?
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ module.exports = class Handler
|
|||
props
|
||||
|
||||
# sending functions
|
||||
sendUnauthorizedError: (res) -> errors.forbidden(res) #TODO: rename sendUnauthorizedError to sendForbiddenError
|
||||
sendForbiddenError: (res) -> errors.forbidden(res)
|
||||
sendNotFoundError: (res, message) -> errors.notFound(res, message)
|
||||
sendMethodNotAllowed: (res, message) -> errors.badMethod(res, @allowedMethods, message)
|
||||
|
|
@ -86,7 +85,7 @@ module.exports = class Handler
|
|||
|
||||
# generic handlers
|
||||
get: (req, res) ->
|
||||
@sendUnauthorizedError(res) if not @hasAccess(req)
|
||||
@sendForbiddenError(res) if not @hasAccess(req)
|
||||
|
||||
specialParameters = ['term', 'project', 'conditions']
|
||||
|
||||
|
|
@ -150,16 +149,16 @@ module.exports = class Handler
|
|||
@sendSuccess(res, documents)
|
||||
# regular users are only allowed text searches for now, without any additional filters or sorting
|
||||
else
|
||||
return @sendUnauthorizedError(res)
|
||||
return @sendForbiddenError(res)
|
||||
|
||||
getById: (req, res, id) ->
|
||||
# return @sendNotFoundError(res) # for testing
|
||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
||||
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||
|
||||
@getDocumentForIdOrSlug id, (err, document) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless document?
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
|
||||
@sendSuccess(res, @formatEntity(req, document))
|
||||
|
||||
getByRelationship: (req, res, args...) ->
|
||||
|
|
@ -211,7 +210,7 @@ module.exports = class Handler
|
|||
|
||||
setWatching: (req, res, id) ->
|
||||
@getDocumentForIdOrSlug id, (err, document) =>
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document, 'get')
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document, 'get')
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless document?
|
||||
watchers = document.get('watchers') or []
|
||||
|
|
@ -263,7 +262,7 @@ module.exports = class Handler
|
|||
args.push projection
|
||||
@modelClass.findOne(args...).sort(sort).exec (err, doc) =>
|
||||
return @sendNotFoundError(res) unless doc?
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, doc)
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, doc)
|
||||
res.send(doc)
|
||||
res.end()
|
||||
|
||||
|
|
@ -273,12 +272,12 @@ module.exports = class Handler
|
|||
put: (req, res, id) ->
|
||||
return @postNewVersion(req, res) if @modelClass.schema.uses_coco_versions
|
||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
||||
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||
@getDocumentForIdOrSlug req.body._id or id, (err, document) =>
|
||||
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless document?
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, document)
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, document)
|
||||
@doWaterfallChecks req, document, (err, document) =>
|
||||
return @sendError(res, err.code, err.res) if err
|
||||
@saveChangesToDocument req, document, (err) =>
|
||||
|
|
@ -295,7 +294,7 @@ module.exports = class Handler
|
|||
|
||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
||||
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||
document = @makeNewInstance(req)
|
||||
@saveChangesToDocument req, document, (err) =>
|
||||
return @sendBadInputError(res, err.errors) if err?.valid is false
|
||||
|
|
@ -314,7 +313,7 @@ module.exports = class Handler
|
|||
postFirstVersion: (req, res) ->
|
||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||
return @sendBadInputError(res, 'id should not be included.') if req.body._id
|
||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
||||
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||
document = @makeNewInstance(req)
|
||||
document.set('original', document._id)
|
||||
document.set('creator', req.user._id)
|
||||
|
|
@ -337,12 +336,12 @@ module.exports = class Handler
|
|||
"""
|
||||
return @sendBadInputError(res, 'This entity is not versioned') unless @modelClass.schema.uses_coco_versions
|
||||
return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
|
||||
return @sendUnauthorizedError(res) unless @hasAccess(req)
|
||||
return @sendForbiddenError(res) unless @hasAccess(req)
|
||||
@getDocumentForIdOrSlug req.body._id, (err, parentDocument) =>
|
||||
return @sendBadInputError(res, 'Bad id.') if err and err.name is 'CastError'
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless parentDocument?
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, parentDocument)
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, parentDocument)
|
||||
editableProperties = @getEditableProperties req, parentDocument
|
||||
updatedObject = parentDocument.toObject()
|
||||
for prop in editableProperties
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ LevelHandler = class LevelHandler extends Handler
|
|||
@getDocumentForIdOrSlug id, (err, level) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless level?
|
||||
return @sendUnauthorizedError(res) unless @hasAccessToDocument(req, level, 'get')
|
||||
return @sendForbiddenError(res) unless @hasAccessToDocument(req, level, 'get')
|
||||
callback err, level
|
||||
|
||||
getSession: (req, res, id) ->
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class LevelSessionHandler extends Handler
|
|||
return _.omit documentObject, @privateProperties
|
||||
|
||||
getActiveSessions: (req, res) ->
|
||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
||||
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||
start = new Date()
|
||||
start = new Date(start.getTime() - TIMEOUT)
|
||||
query = @modelClass.find({'changed': {$gt: start}})
|
||||
|
|
|
|||
|
|
@ -42,13 +42,13 @@ PatchHandler = class PatchHandler extends Handler
|
|||
targetModel.findOne(query).sort(sort).exec (err, target) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless target?
|
||||
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
|
||||
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'get')
|
||||
|
||||
if newStatus in ['rejected', 'accepted']
|
||||
return @sendUnauthorizedError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
|
||||
return @sendForbiddenError(res) unless targetHandler.hasAccessToDocument(req, target, 'put')
|
||||
|
||||
if newStatus is 'withdrawn'
|
||||
return @sendUnauthorizedError(res) unless req.user.get('_id').equals patch.get('creator')
|
||||
return @sendForbiddenError(res) unless req.user.get('_id').equals patch.get('creator')
|
||||
|
||||
patch.set 'status', newStatus
|
||||
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@ UserHandler = class UserHandler extends Handler
|
|||
super(arguments...)
|
||||
|
||||
agreeToCLA: (req, res) ->
|
||||
return @sendUnauthorizedError(res) unless req.user
|
||||
return @sendForbiddenError(res) unless req.user
|
||||
doc =
|
||||
user: req.user._id+''
|
||||
email: req.user.get 'email'
|
||||
|
|
@ -224,7 +224,7 @@ UserHandler = class UserHandler extends Handler
|
|||
res.end()
|
||||
|
||||
getLevelSessionsForEmployer: (req, res, userID) ->
|
||||
return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
|
||||
return @sendForbiddenError(res) unless req.user._id+'' is userID or req.user.isAdmin() or ('employer' in (req.user.get('permissions') ? []))
|
||||
query = creator: userID, levelID: {$in: ['gridmancer', 'greed', 'dungeon-arena', 'brawlwood', 'gold-rush']}
|
||||
projection = 'levelName levelID team playtime codeLanguage submitted code totalScore teamSpells level'
|
||||
LevelSession.find(query).select(projection).exec (err, documents) =>
|
||||
|
|
@ -281,7 +281,7 @@ UserHandler = class UserHandler extends Handler
|
|||
isMe = userID is req.user._id + ''
|
||||
isAuthorized = isMe or req.user.isAdmin()
|
||||
isAuthorized ||= ('employer' in (req.user.get('permissions') ? [])) and (activityName in ['viewed_by_employer', 'contacted_by_employer'])
|
||||
return @sendUnauthorizedError res unless isAuthorized
|
||||
return @sendForbiddenError res unless isAuthorized
|
||||
updateUser = (user) =>
|
||||
activity = user.trackActivity activityName, increment
|
||||
user.update {activity: activity}, (err) =>
|
||||
|
|
@ -356,7 +356,7 @@ UserHandler = class UserHandler extends Handler
|
|||
true
|
||||
|
||||
getEmployers: (req, res) ->
|
||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
||||
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||
query = {employerAt: {$exists: true, $ne: ''}}
|
||||
selection = 'name firstName lastName email activity signedEmployerAgreement photoURL employerAt'
|
||||
User.find(query).select(selection).lean().exec (err, documents) =>
|
||||
|
|
@ -379,7 +379,7 @@ UserHandler = class UserHandler extends Handler
|
|||
hash.digest('hex')
|
||||
|
||||
getRemark: (req, res, userID) ->
|
||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
||||
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||
query = user: userID
|
||||
projection = null
|
||||
if req.query.project
|
||||
|
|
@ -392,7 +392,7 @@ UserHandler = class UserHandler extends Handler
|
|||
|
||||
searchForUser: (req, res) ->
|
||||
# TODO: also somehow search the CLAs to find a match amongst those fields and to find GitHub ids
|
||||
return @sendUnauthorizedError(res) unless req.user.isAdmin()
|
||||
return @sendForbiddenError(res) unless req.user.isAdmin()
|
||||
search = req.body.search
|
||||
query = email: {$exists: true}, $or: [
|
||||
{emailLower: search}
|
||||
|
|
|
|||
Loading…
Reference in a new issue