Private clans server updates

Only return private clans in lists to owners.
Get for specific private clan still allowed.
Restrict create/join private clan to premium users.
This commit is contained in:
Matt Lott 2015-04-10 16:04:36 -07:00
parent 6d892359c7
commit bc35a27750
3 changed files with 383 additions and 234 deletions

View file

@ -17,13 +17,15 @@ ClanHandler = class ClanHandler extends Handler
hasAccess: (req) -> hasAccess: (req) ->
return true if req.method in ['GET'] return true if req.method in ['GET']
return true if req.user? and not req.user.isAnonymous() return false unless req.user?
return false if req.user.isAnonymous()
return true if req.body.type is 'public' or req.user.isPremium()
false false
hasAccessToDocument: (req, document, method=null) -> hasAccessToDocument: (req, document, method=null) ->
return false unless document? return false unless document?
method = (method or req.method).toLowerCase()
return true if req.user?.isAdmin() return true if req.user?.isAdmin()
method = (method or req.method).toLowerCase()
return true if method is 'get' return true if method is 'get'
return true if document.get('ownerID')?.equals req.user._id return true if document.get('ownerID')?.equals req.user._id
false false
@ -64,12 +66,17 @@ ClanHandler = class ClanHandler extends Handler
clanID = mongoose.Types.ObjectId(clanID) clanID = mongoose.Types.ObjectId(clanID)
catch err catch err
return @sendNotFoundError(res, err) return @sendNotFoundError(res, err)
Clan.findById clanID, (err, clan) =>
return @sendDatabaseError(res, err) if err
return @sendDatabaseError(res, err) unless clan
return @sendDatabaseError(res, err) unless clanType = clan.get('type')
return @sendForbiddenError(res) unless clanType is 'public' or req.user.isPremium()
Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) => Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) =>
return @sendDatabaseError(res, err) if err return @sendDatabaseError(res, err) if err
User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) => User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) =>
return @sendDatabaseError(res, err) if err return @sendDatabaseError(res, err) if err
@sendSuccess(res) @sendSuccess(res)
AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: 'public' AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: clanType
leaveClan: (req, res, clanID) -> leaveClan: (req, res, clanID) ->
return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous() return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous()

View file

@ -543,7 +543,9 @@ UserHandler = class UserHandler extends Handler
@getDocumentForIdOrSlug userIDOrSlug, (err, user) => @getDocumentForIdOrSlug userIDOrSlug, (err, user) =>
return @sendNotFoundError(res) if not user return @sendNotFoundError(res) if not user
clanIDs = user.get('clans') ? [] clanIDs = user.get('clans') ? []
Clan.find {_id: {$in: clanIDs}}, (err, documents) => query = {$and: [{_id: {$in: clanIDs}}]}
query['$and'].push {type: 'public'} unless req.user.id is user.id
Clan.find query, (err, documents) =>
return @sendDatabaseError(res, err) if err return @sendDatabaseError(res, err) if err
@sendSuccess(res, documents) @sendSuccess(res, documents)

View file

@ -6,6 +6,7 @@ mongoose = require 'mongoose'
describe 'Clans', -> describe 'Clans', ->
stripe = require('stripe')(config.stripe.secretKey) stripe = require('stripe')(config.stripe.secretKey)
clanURL = getURL('/db/clan') clanURL = getURL('/db/clan')
userURL = getURL('/db/user')
clanCount = 0 clanCount = 0
createClanName = (name) -> name + clanCount++ createClanName = (name) -> name + clanCount++
@ -41,6 +42,8 @@ describe 'Clans', ->
throw err if err throw err if err
done() done()
describe 'Public', ->
it 'Create clan', (done) -> it 'Create clan', (done) ->
loginNewUser (user1) -> loginNewUser (user1) ->
createClan user1, 'public', 'test description', (clan) -> createClan user1, 'public', 'test description', (clan) ->
@ -56,13 +59,13 @@ describe 'Clans', ->
expect(res.statusCode).toBe(401) expect(res.statusCode).toBe(401)
done() done()
it 'Create clan missing type 422', (done) -> it 'Create clan missing type 403', (done) ->
loginNewUser (user1) -> loginNewUser (user1) ->
requestBody = requestBody =
name: createClanName 'myclan' name: createClanName 'myclan'
request.post {uri: clanURL, json: requestBody }, (err, res, body) -> request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
expect(err).toBeNull() expect(err).toBeNull()
expect(res.statusCode).toBe(422) expect(res.statusCode).toBe(403)
done() done()
it 'Create clan missing name 422', (done) -> it 'Create clan missing name 422', (done) ->
@ -307,3 +310,140 @@ describe 'Clans', ->
expect(err).toBeNull() expect(err).toBeNull()
expect(res.statusCode).toBe(404) expect(res.statusCode).toBe(404)
done() done()
describe 'Private', ->
# Using stripe.free = true to convert users to premium
it 'Create clan', (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'test description', (clan) ->
done()
it 'Create clan when not premium 403', (done) ->
loginNewUser (user1) ->
requestBody =
type: 'private'
name: createClanName 'myclan'
request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(403)
done()
it 'Join clan', (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'test description', (clan) ->
loginNewUser (user2) ->
user2.set 'stripe.free', true
user2.save (err) ->
request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
done()
it 'Join clan when not premium 403', (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'test description', (clan) ->
loginNewUser (user2) ->
user2.save (err) ->
request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(403)
done()
it 'Get public clans after creating a private clan', (done) ->
loginNewUser (user1) ->
createClan user1, 'public', null, (clan1) ->
user1.set 'stripe.free', true
user1.save (err) ->
createClan user1, 'private', 'my private clan', (clan2) ->
request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
clans = JSON.parse(body)
expect(clans.length).toBeGreaterThan(1)
for clan in clans
expect(clan._id).not.toEqual(clan2.id)
done()
it "Getting nother user's clans excludes their private ones", (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'my private clan', (clan1) ->
createClan user1, 'public', 'my public clan', (clan2) ->
loginNewUser (user2) ->
request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
clans = JSON.parse(body)
expect(clans.length).toEqual(1)
for clan in clans
expect(clan._id).toEqual(clan2.id)
expect(clan.type).toEqual('public')
done()
it "Getting own clans includes private ones", (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'my private clan', (clan1) ->
createClan user1, 'public', 'my public clan', (clan2) ->
request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
clans = JSON.parse(body)
expect(clans.length).toEqual(2)
for clan in clans
if clan.type is 'public'
expect(clan._id).toEqual(clan2.id)
else
expect(clan._id).toEqual(clan1.id)
expect(clan.type).toEqual('private')
done()
it "Can get another user's private clan", (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'my private clan', (clan1) ->
loginNewUser (user2) ->
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
clan = JSON.parse(body)
expect(clan._id).toEqual(clan1.id)
expect(clan.name).toEqual(clan1.get('name'))
expect(clan.type).toEqual('private')
expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
expect(clan.description).toEqual(clan1.get('description'))
done()
it "Can get another user's private clan as anonymous", (done) ->
loginNewUser (user1) ->
user1.set 'stripe.free', true
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'my private clan', (clan1) ->
logoutUser ->
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
clan = JSON.parse(body)
expect(clan._id).toEqual(clan1.id)
expect(clan.name).toEqual(clan1.get('name'))
expect(clan.type).toEqual('private')
expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
expect(clan.description).toEqual(clan1.get('description'))
done()