Add course level session creation permission checking to level_handler

This commit is contained in:
Scott Erickson 2015-10-06 11:08:03 -07:00
parent ee138660da
commit ff69bb8c89
2 changed files with 90 additions and 0 deletions

View file

@ -8,6 +8,9 @@ mongoose = require 'mongoose'
async = require 'async' async = require 'async'
utils = require '../lib/utils' utils = require '../lib/utils'
log = require 'winston' log = require 'winston'
Campaign = require '../campaigns/Campaign'
Course = require '../courses/Course'
CourseInstance = require '../courses/CourseInstance'
LevelHandler = class LevelHandler extends Handler LevelHandler = class LevelHandler extends Handler
modelClass: Level modelClass: Level
@ -105,11 +108,26 @@ LevelHandler = class LevelHandler extends Handler
Session.findOne(sessionQuery).exec (err, doc) => Session.findOne(sessionQuery).exec (err, doc) =>
return @sendDatabaseError(res, err) if err return @sendDatabaseError(res, err) if err
return @sendSuccess(res, doc) if doc? return @sendSuccess(res, doc) if doc?
if level.get('type') is 'course'
return @makeOrRejectCourseLevelSession(req, res, level, sessionQuery)
requiresSubscription = level.get('requiresSubscription') or (req.user.get('chinaVersion') and level.get('campaign') and not (level.slug in ['dungeons-of-kithgard', 'gems-in-the-deep', 'shadow-guard', 'forgetful-gemsmith', 'signs-and-portents', 'true-names'])) requiresSubscription = level.get('requiresSubscription') or (req.user.get('chinaVersion') and level.get('campaign') and not (level.slug in ['dungeons-of-kithgard', 'gems-in-the-deep', 'shadow-guard', 'forgetful-gemsmith', 'signs-and-portents', 'true-names']))
canPlayAnyway = req.user.isPremium() or level.get 'adventurer' canPlayAnyway = req.user.isPremium() or level.get 'adventurer'
return @sendPaymentRequiredError(res, err) if requiresSubscription and not canPlayAnyway return @sendPaymentRequiredError(res, err) if requiresSubscription and not canPlayAnyway
@createAndSaveNewSession sessionQuery, req, res @createAndSaveNewSession sessionQuery, req, res
makeOrRejectCourseLevelSession: (req, res, level, sessionQuery) ->
CourseInstance.find {members: req.user.get('_id')}, (err, courseInstances) =>
courseIDs = (ci.get('courseID') for ci in courseInstances)
Course.find { _id: { $in: courseIDs }}, (err, courses) =>
campaignIDs = (c.get('campaignID') for c in courses)
Campaign.find { _id: { $in: campaignIDs }}, (err, campaigns) =>
levelOriginals = (_.keys(c.get('levels')) for c in campaigns)
levelOriginals = _.flatten(levelOriginals)
if level.get('original').toString() in levelOriginals
@createAndSaveNewSession(sessionQuery, req, res)
else
return @sendPaymentRequiredError(res, 'You must be in a course which includes this level to play it')
createAndSaveNewSession: (sessionQuery, req, res) => createAndSaveNewSession: (sessionQuery, req, res) =>
initVals = sessionQuery initVals = sessionQuery

View file

@ -29,3 +29,75 @@ describe 'Level', ->
body = JSON.parse(body) body = JSON.parse(body)
expect(body.type).toBeDefined() expect(body.type).toBeDefined()
done() done()
describe 'GET /db/level/<id>/session', ->
describe 'when level is a course level', ->
levelID = null
it 'sets up a course instance', (done) ->
clearModels [Campaign, Course, CourseInstance, Level, User], (err) ->
loginAdmin (admin) ->
url = getURL('/db/level')
body =
name: 'Course Level'
type: 'course'
permissions: simplePermissions
request.post {uri: url, json: body }, (err, res, level) ->
levelID = level._id
url = getURL('/db/campaign')
body =
name: 'Course Campaign'
levels: {}
body.levels[level.original] = { 'original': level.original }
request.post { uri: url, json: body }, (err, res, campaign) ->
course = new Course({
name: 'Test Course'
campaignID: ObjectId(campaign._id)
})
course.save (err) ->
expect(err).toBeNull()
loginJoe (joe) ->
courseInstance = new CourseInstance({
name: 'Course Instance'
members: [
joe.get('_id')
]
courseID: ObjectId(course.id)
})
courseInstance.save (err) ->
expect(err).toBeNull()
done()
it 'creates a new session if the user is in a course with that level', (done) ->
loginJoe (joe) ->
url = getURL("/db/level/#{levelID}/session")
request.get { uri: url }, (err, res, body) ->
expect(res.statusCode).toBe(200)
done()
it 'does not create a new session if the user is not in a course with that level', (done) ->
loginSam (sam) ->
url = getURL("/db/level/#{levelID}/session")
request.get { uri: url }, (err, res, body) ->
expect(res.statusCode).toBe(402)
done()