Private clans server updates

Only return private clans in lists to owners. Get for specific private clan still allowed. Restrict create/join private clan to premium users.
2024-11-27 09:35:39 -05:00 · 2015-04-10 16:04:36 -07:00 · 2015-04-10 16:04:36 -07:00 · bc35a27750
commit bc35a27750
parent 6d892359c7
3 changed files with 383 additions and 234 deletions
--- a/server/clans/clan_handler.coffee
+++ b/server/clans/clan_handler.coffee
@ -17,13 +17,15 @@ ClanHandler = class ClanHandler extends Handler

  hasAccess: (req) ->
    return true if req.method in ['GET']
-    return true if req.user? and not req.user.isAnonymous()
+    return false unless req.user?
+    return false if req.user.isAnonymous()
+    return true if req.body.type is 'public' or req.user.isPremium()
    false

  hasAccessToDocument: (req, document, method=null) ->
    return false unless document?
-    method = (method or req.method).toLowerCase()
    return true if req.user?.isAdmin()
+    method = (method or req.method).toLowerCase()
    return true if method is 'get'
    return true if document.get('ownerID')?.equals req.user._id
    false
@ -64,12 +66,17 @@ ClanHandler = class ClanHandler extends Handler
      clanID = mongoose.Types.ObjectId(clanID)
    catch err
      return @sendNotFoundError(res, err)
+    Clan.findById clanID, (err, clan) =>
+      return @sendDatabaseError(res, err) if err
+      return @sendDatabaseError(res, err) unless clan
+      return @sendDatabaseError(res, err) unless clanType = clan.get('type')
+      return @sendForbiddenError(res) unless clanType is 'public' or req.user.isPremium()
      Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) =>
        return @sendDatabaseError(res, err) if err
        User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) =>
          return @sendDatabaseError(res, err) if err
          @sendSuccess(res)
-        AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: 'public'
+          AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: clanType

  leaveClan: (req, res, clanID) ->
    return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous()
--- a/server/users/user_handler.coffee
+++ b/server/users/user_handler.coffee
@ -543,7 +543,9 @@ UserHandler = class UserHandler extends Handler
    @getDocumentForIdOrSlug userIDOrSlug, (err, user) =>
      return @sendNotFoundError(res) if not user
      clanIDs = user.get('clans') ? []
-      Clan.find {_id: {$in: clanIDs}}, (err, documents) =>
+      query = {$and: [{_id: {$in: clanIDs}}]}
+      query['$and'].push {type: 'public'} unless req.user.id is user.id
+      Clan.find query, (err, documents) =>
        return @sendDatabaseError(res, err) if err
        @sendSuccess(res, documents)

--- a/test/server/functional/clan.spec.coffee
+++ b/test/server/functional/clan.spec.coffee
@ -6,6 +6,7 @@ mongoose = require 'mongoose'
 describe 'Clans', ->
  stripe = require('stripe')(config.stripe.secretKey)
  clanURL = getURL('/db/clan')
+  userURL = getURL('/db/user')

  clanCount = 0
  createClanName = (name) -> name + clanCount++
@ -41,6 +42,8 @@ describe 'Clans', ->
      throw err if err
      done()

+  describe 'Public', ->
+
    it 'Create clan', (done) ->
      loginNewUser (user1) ->
        createClan user1, 'public', 'test description', (clan) ->
@ -56,13 +59,13 @@ describe 'Clans', ->
          expect(res.statusCode).toBe(401)
          done()

-  it 'Create clan missing type 422', (done) ->
+    it 'Create clan missing type 403', (done) ->
      loginNewUser (user1) ->
        requestBody =
          name: createClanName 'myclan'
        request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
          expect(err).toBeNull()
-        expect(res.statusCode).toBe(422)
+          expect(res.statusCode).toBe(403)
          done()

    it 'Create clan missing name 422', (done) ->
@ -307,3 +310,140 @@ describe 'Clans', ->
          expect(err).toBeNull()
          expect(res.statusCode).toBe(404)
          done()
+
+  describe 'Private', ->
+    #  Using stripe.free = true to convert users to premium
+
+    it 'Create clan', (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'test description', (clan) ->
+            done()
+
+    it 'Create clan when not premium 403', (done) ->
+      loginNewUser (user1) ->
+        requestBody =
+          type: 'private'
+          name: createClanName 'myclan'
+        request.post {uri: clanURL, json: requestBody }, (err, res, body) ->
+          expect(err).toBeNull()
+          expect(res.statusCode).toBe(403)
+          done()
+
+    it 'Join clan', (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'test description', (clan) ->
+            loginNewUser (user2) ->
+              user2.set 'stripe.free', true
+              user2.save (err) ->
+              request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(200)
+                done()
+
+    it 'Join clan when not premium 403', (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'test description', (clan) ->
+            loginNewUser (user2) ->
+              user2.save (err) ->
+              request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(403)
+                done()
+
+    it 'Get public clans after creating a private clan', (done) ->
+      loginNewUser (user1) ->
+        createClan user1, 'public', null, (clan1) ->
+          user1.set 'stripe.free', true
+          user1.save (err) ->
+            createClan user1, 'private', 'my private clan', (clan2) ->
+              request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(200)
+                clans = JSON.parse(body)
+                expect(clans.length).toBeGreaterThan(1)
+                for clan in clans
+                  expect(clan._id).not.toEqual(clan2.id)
+                done()
+
+    it "Getting nother user's clans excludes their private ones", (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'my private clan', (clan1) ->
+            createClan user1, 'public', 'my public clan', (clan2) ->
+              loginNewUser (user2) ->
+                request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
+                  expect(err).toBeNull()
+                  expect(res.statusCode).toBe(200)
+                  clans = JSON.parse(body)
+                  expect(clans.length).toEqual(1)
+                  for clan in clans
+                    expect(clan._id).toEqual(clan2.id)
+                    expect(clan.type).toEqual('public')
+                  done()
+
+    it "Getting own clans includes private ones", (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'my private clan', (clan1) ->
+            createClan user1, 'public', 'my public clan', (clan2) ->
+              request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(200)
+                clans = JSON.parse(body)
+                expect(clans.length).toEqual(2)
+                for clan in clans
+                  if clan.type is 'public'
+                    expect(clan._id).toEqual(clan2.id)
+                  else
+                    expect(clan._id).toEqual(clan1.id)
+                    expect(clan.type).toEqual('private')
+                done()
+
+    it "Can get another user's private clan", (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'my private clan', (clan1) ->
+            loginNewUser (user2) ->
+              request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(200)
+                clan = JSON.parse(body)
+                expect(clan._id).toEqual(clan1.id)
+                expect(clan.name).toEqual(clan1.get('name'))
+                expect(clan.type).toEqual('private')
+                expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
+                expect(clan.description).toEqual(clan1.get('description'))
+                done()
+
+    it "Can get another user's private clan as anonymous", (done) ->
+      loginNewUser (user1) ->
+        user1.set 'stripe.free', true
+        user1.save (err) ->
+          expect(err).toBeNull()
+          createClan user1, 'private', 'my private clan', (clan1) ->
+            logoutUser ->
+              request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
+                expect(err).toBeNull()
+                expect(res.statusCode).toBe(200)
+                clan = JSON.parse(body)
+                expect(clan._id).toEqual(clan1.id)
+                expect(clan.name).toEqual(clan1.get('name'))
+                expect(clan.type).toEqual('private')
+                expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true)
+                expect(clan.description).toEqual(clan1.get('description'))
+                done()