Merge branch 'master' of https://github.com/codecombat/codecombat

app/templates/play/ladder.jade

@@ -14,30 +14,33 @@ block content
           span Play 
           span= team.name
 
-        table.table.table-bordered.table-condensed
+        table.table.table-bordered.table-condensed.table-hover
           tr
             th(colspan=3, style="color: #{team.primaryColor}")
               span= team.name
               span  Leaderboard
+          tr
+            th Score
+            th Name
 
           for session in team.leaderboard.topPlayers.models
             - var myRow = session.get('creator') == me.id
             tr(class=myRow ? "success" : "")
               td.score-cell= session.get('totalScore').toFixed(2)
-              td= session.get('creatorName')
+              td= session.get('creatorName') || "Anonymous"
               td
                 if(!myRow)
-                  a(href="/play/level/#{level.get('slug') || level.id}/?team=#{team.otherTeam}&opponent=#{session.id}") COMPETE
+                  a(href="/play/level/#{level.get('slug') || level.id}/?team=#{team.otherTeam}&opponent=#{session.id}") Compete!
                 else
                   a(href="/play/ladder/#{levelID}/team/#{team.id}") View details
 
   unless me.attributes.anonymous
     hr
     button.btn.btn-warning.btn-lg.highlight#simulate-button(style="margin-bottom:10px;") Simulate Games!
-    p(style="display:inline; margin-left:10px;")
+    p(id="simulationStatusText", style="display:inline; margin-left:10px;")
       if simulationStatus
         | #{simulationStatus}
       else
         | By simulating games you can get your game ranked faster!
   if me.isAdmin()
-    button.btn.btn-warning.btn-lg.highlight#simulate-all-button(style="margin-bottom:10px; float: right;") RESET AND SIMULATE GAMES
+    button.btn.btn-danger.btn-lg.highlight#simulate-all-button(style="margin-bottom:10px; float: right;") RESET AND SIMULATE GAMES

app/templates/play/level/modal/multiplayer.jade

@@ -29,7 +29,8 @@
       if me.get('anonymous')
         p Sign in or create an account and get your solution on the leaderboard!
       else
-        #submit-session-button.btn.btn-primary Update Ladder Score
+        a#go-to-leaderboard-button.btn.btn-primary(href="/play/ladder/#{levelSlug}/team/#{team}") Go to the leaderboard!
+        p You can submit your game to be ranked from the leaderboard page.
   
   .modal-footer
     a(href='#', data-dismiss="modal", aria-hidden="true", data-i18n="modal.close").btn.btn-primary Close

app/views/play/ladder_view.coffee

@@ -53,7 +53,7 @@ module.exports = class LadderView extends RootView
         @simulationStatus += "..."
     catch e
       console.log "There was a problem with the named simulation status: #{e}"
-    @render()
+    $("#simulationStatusText").text @simulationStatus
 
 
   constructor: (options, @levelID) ->

app/views/play/level/modal/multiplayer_modal.coffee

@@ -9,7 +9,7 @@ module.exports = class MultiplayerModal extends View
   events:
     'click textarea': 'onClickLink'
     'change #multiplayer': 'updateLinkSection'
-    'click #submit-session-button': 'submitSession'
+
 
   constructor: (options) ->
     super(options)
@@ -24,6 +24,8 @@ module.exports = class MultiplayerModal extends View
       '?session=' +
       @session.id)
     c.multiplayer = @session.get('multiplayer')
+    c.team = @session.get 'team'
+    c.levelSlug = @level?.get('slug')
     c.playableTeams = @playableTeams
     c.ladderGame = @level?.get('name') is 'Project DotA' and not me.get('isAnonymous')
     c
@@ -41,13 +43,6 @@ module.exports = class MultiplayerModal extends View
     la.toggle Boolean(multiplayer)
     true
 
-  submitSession: ->
-    $.ajax('/queue/scoring', {
-      method: 'POST'
-      data:
-        session: @session.id
-    })
-
   onHidden: ->
     multiplayer = Boolean(@$el.find('#multiplayer').prop('checked'))
     @session.set('multiplayer', multiplayer)

server/queues/scoring.coffee

@@ -26,7 +26,10 @@ connectToScoringQueue = ->
 
 module.exports.createNewTask = (req, res) ->
   requestSessionID = req.body.session
-  if isUserAnonymous req then return errors.forbidden res, "You need to be logged in to be added to the leaderboard"
+  validatePermissions req, requestSessionID, (error, permissionsAreValid) ->
+    if err? then return errors.serverError res, "There was an error validating permissions"
+    unless permissionsAreValid then return errors.forbidden res, "You do not have the permissions to submit that game to the leaderboard"
+
     return errors.badInput res, "The session ID is invalid" unless typeof requestSessionID is "string"
 
     fetchSessionToSubmit requestSessionID, (err, sessionToSubmit) ->
@@ -95,6 +98,14 @@ module.exports.processTaskResult = (req, res) ->
             console.log "Sending response object"
             sendResponseObject req, res, {"message":"The scores were updated successfully!"}
 
+validatePermissions = (req, sessionID, callback) ->
+  if isUserAnonymous req then return callback null, false
+  if isUserAdmin req then return callback null, true
+  LevelSession.findOne(_id:sessionID).select('creator submittedCode code').lean().exec (err, retrievedSession) ->
+    if err? then return callback err, retrievedSession
+    code = retrievedSession.code
+    submittedCode = retrievedSession.submittedCode
+    callback null, (retrievedSession.creator is req.user?.id and not _.isEqual(code, submittedCode))
 
 addMatchToSessions = (clientResponseObject, newScoreObject, callback) ->
   matchObject = {}
@@ -175,6 +186,8 @@ getUserIDFromRequest = (req) -> if req.user? then return req.user._id else retur
 
 isUserAnonymous = (req) -> if req.user? then return req.user.get('anonymous') else return true
 
+isUserAdmin = (req) -> return Boolean(req.user?.isAdmin())
+
 parseTaskQueueMessage = (req, res, message) ->
   try
     if typeof message.getBody() is "object" then return message.getBody()