mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-30 10:56:53 -05:00
Private clans server updates
Only return private clans in lists to owners. Get for specific private clan still allowed. Restrict create/join private clan to premium users.
This commit is contained in:
parent
6d892359c7
commit
bc35a27750
3 changed files with 383 additions and 234 deletions
|
@ -17,13 +17,15 @@ ClanHandler = class ClanHandler extends Handler
|
||||||
|
|
||||||
hasAccess: (req) ->
|
hasAccess: (req) ->
|
||||||
return true if req.method in ['GET']
|
return true if req.method in ['GET']
|
||||||
return true if req.user? and not req.user.isAnonymous()
|
return false unless req.user?
|
||||||
|
return false if req.user.isAnonymous()
|
||||||
|
return true if req.body.type is 'public' or req.user.isPremium()
|
||||||
false
|
false
|
||||||
|
|
||||||
hasAccessToDocument: (req, document, method=null) ->
|
hasAccessToDocument: (req, document, method=null) ->
|
||||||
return false unless document?
|
return false unless document?
|
||||||
method = (method or req.method).toLowerCase()
|
|
||||||
return true if req.user?.isAdmin()
|
return true if req.user?.isAdmin()
|
||||||
|
method = (method or req.method).toLowerCase()
|
||||||
return true if method is 'get'
|
return true if method is 'get'
|
||||||
return true if document.get('ownerID')?.equals req.user._id
|
return true if document.get('ownerID')?.equals req.user._id
|
||||||
false
|
false
|
||||||
|
@ -64,12 +66,17 @@ ClanHandler = class ClanHandler extends Handler
|
||||||
clanID = mongoose.Types.ObjectId(clanID)
|
clanID = mongoose.Types.ObjectId(clanID)
|
||||||
catch err
|
catch err
|
||||||
return @sendNotFoundError(res, err)
|
return @sendNotFoundError(res, err)
|
||||||
|
Clan.findById clanID, (err, clan) =>
|
||||||
|
return @sendDatabaseError(res, err) if err
|
||||||
|
return @sendDatabaseError(res, err) unless clan
|
||||||
|
return @sendDatabaseError(res, err) unless clanType = clan.get('type')
|
||||||
|
return @sendForbiddenError(res) unless clanType is 'public' or req.user.isPremium()
|
||||||
Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) =>
|
Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) =>
|
User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
@sendSuccess(res)
|
@sendSuccess(res)
|
||||||
AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: 'public'
|
AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: clanType
|
||||||
|
|
||||||
leaveClan: (req, res, clanID) ->
|
leaveClan: (req, res, clanID) ->
|
||||||
return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous()
|
return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous()
|
||||||
|
|
|
@ -543,7 +543,9 @@ UserHandler = class UserHandler extends Handler
|
||||||
@getDocumentForIdOrSlug userIDOrSlug, (err, user) =>
|
@getDocumentForIdOrSlug userIDOrSlug, (err, user) =>
|
||||||
return @sendNotFoundError(res) if not user
|
return @sendNotFoundError(res) if not user
|
||||||
clanIDs = user.get('clans') ? []
|
clanIDs = user.get('clans') ? []
|
||||||
Clan.find {_id: {$in: clanIDs}}, (err, documents) =>
|
query = {$and: [{_id: {$in: clanIDs}}]}
|
||||||
|
query['$and'].push {type: 'public'} unless req.user.id is user.id
|
||||||
|
Clan.find query, (err, documents) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return @sendDatabaseError(res, err) if err
|
||||||
@sendSuccess(res, documents)
|
@sendSuccess(res, documents)
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ mongoose = require 'mongoose'
|
||||||
describe 'Clans', ->
|
describe 'Clans', ->
|
||||||
stripe = require('stripe')(config.stripe.secretKey)
|
stripe = require('stripe')(config.stripe.secretKey)
|
||||||
clanURL = getURL('/db/clan')
|
clanURL = getURL('/db/clan')
|
||||||
|
userURL = getURL('/db/user')
|
||||||
|
|
||||||
clanCount = 0
|
clanCount = 0
|
||||||
createClanName = (name) -> name + clanCount++
|
createClanName = (name) -> name + clanCount++
|
||||||
|
@ -41,6 +42,8 @@ describe 'Clans', ->
|
||||||
throw err if err
|
throw err if err
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
describe 'Public', ->
|
||||||
|
|
||||||
it 'Create clan', (done) ->
|
it 'Create clan', (done) ->
|
||||||
loginNewUser (user1) ->
|
loginNewUser (user1) ->
|
||||||
createClan user1, 'public', 'test description', (clan) ->
|
createClan user1, 'public', 'test description', (clan) ->
|
||||||
|
@ -56,13 +59,13 @@ describe 'Clans', ->
|
||||||
expect(res.statusCode).toBe(401)
|
expect(res.statusCode).toBe(401)
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it 'Create clan missing type 422', (done) ->
|
it 'Create clan missing type 403', (done) ->
|
||||||
loginNewUser (user1) ->
|
loginNewUser (user1) ->
|
||||||
requestBody =
|
requestBody =
|
||||||
name: createClanName 'myclan'
|
name: createClanName 'myclan'
|
||||||
request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
|
request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toBe(422)
|
expect(res.statusCode).toBe(403)
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it 'Create clan missing name 422', (done) ->
|
it 'Create clan missing name 422', (done) ->
|
||||||
|
@ -307,3 +310,140 @@ describe 'Clans', ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toBe(404)
|
expect(res.statusCode).toBe(404)
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
describe 'Private', ->
|
||||||
|
# Using stripe.free = true to convert users to premium
|
||||||
|
|
||||||
|
it 'Create clan', (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'test description', (clan) ->
|
||||||
|
done()
|
||||||
|
|
||||||
|
it 'Create clan when not premium 403', (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
requestBody =
|
||||||
|
type: 'private'
|
||||||
|
name: createClanName 'myclan'
|
||||||
|
request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(403)
|
||||||
|
done()
|
||||||
|
|
||||||
|
it 'Join clan', (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'test description', (clan) ->
|
||||||
|
loginNewUser (user2) ->
|
||||||
|
user2.set 'stripe.free', true
|
||||||
|
user2.save (err) ->
|
||||||
|
request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
done()
|
||||||
|
|
||||||
|
it 'Join clan when not premium 403', (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'test description', (clan) ->
|
||||||
|
loginNewUser (user2) ->
|
||||||
|
user2.save (err) ->
|
||||||
|
request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(403)
|
||||||
|
done()
|
||||||
|
|
||||||
|
it 'Get public clans after creating a private clan', (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
createClan user1, 'public', null, (clan1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
createClan user1, 'private', 'my private clan', (clan2) ->
|
||||||
|
request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
clans = JSON.parse(body)
|
||||||
|
expect(clans.length).toBeGreaterThan(1)
|
||||||
|
for clan in clans
|
||||||
|
expect(clan._id).not.toEqual(clan2.id)
|
||||||
|
done()
|
||||||
|
|
||||||
|
it "Getting nother user's clans excludes their private ones", (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'my private clan', (clan1) ->
|
||||||
|
createClan user1, 'public', 'my public clan', (clan2) ->
|
||||||
|
loginNewUser (user2) ->
|
||||||
|
request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
clans = JSON.parse(body)
|
||||||
|
expect(clans.length).toEqual(1)
|
||||||
|
for clan in clans
|
||||||
|
expect(clan._id).toEqual(clan2.id)
|
||||||
|
expect(clan.type).toEqual('public')
|
||||||
|
done()
|
||||||
|
|
||||||
|
it "Getting own clans includes private ones", (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'my private clan', (clan1) ->
|
||||||
|
createClan user1, 'public', 'my public clan', (clan2) ->
|
||||||
|
request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
clans = JSON.parse(body)
|
||||||
|
expect(clans.length).toEqual(2)
|
||||||
|
for clan in clans
|
||||||
|
if clan.type is 'public'
|
||||||
|
expect(clan._id).toEqual(clan2.id)
|
||||||
|
else
|
||||||
|
expect(clan._id).toEqual(clan1.id)
|
||||||
|
expect(clan.type).toEqual('private')
|
||||||
|
done()
|
||||||
|
|
||||||
|
it "Can get another user's private clan", (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'my private clan', (clan1) ->
|
||||||
|
loginNewUser (user2) ->
|
||||||
|
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
clan = JSON.parse(body)
|
||||||
|
expect(clan._id).toEqual(clan1.id)
|
||||||
|
expect(clan.name).toEqual(clan1.get('name'))
|
||||||
|
expect(clan.type).toEqual('private')
|
||||||
|
expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
|
||||||
|
expect(clan.description).toEqual(clan1.get('description'))
|
||||||
|
done()
|
||||||
|
|
||||||
|
it "Can get another user's private clan as anonymous", (done) ->
|
||||||
|
loginNewUser (user1) ->
|
||||||
|
user1.set 'stripe.free', true
|
||||||
|
user1.save (err) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
createClan user1, 'private', 'my private clan', (clan1) ->
|
||||||
|
logoutUser ->
|
||||||
|
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
clan = JSON.parse(body)
|
||||||
|
expect(clan._id).toEqual(clan1.id)
|
||||||
|
expect(clan.name).toEqual(clan1.get('name'))
|
||||||
|
expect(clan.type).toEqual('private')
|
||||||
|
expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
|
||||||
|
expect(clan.description).toEqual(clan1.get('description'))
|
||||||
|
done()
|
||||||
|
|
Loading…
Reference in a new issue