mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-27 09:35:39 -05:00
Add course level session creation permission checking to level_handler
This commit is contained in:
parent
ee138660da
commit
ff69bb8c89
2 changed files with 90 additions and 0 deletions
|
@ -8,6 +8,9 @@ mongoose = require 'mongoose'
|
|||
async = require 'async'
|
||||
utils = require '../lib/utils'
|
||||
log = require 'winston'
|
||||
Campaign = require '../campaigns/Campaign'
|
||||
Course = require '../courses/Course'
|
||||
CourseInstance = require '../courses/CourseInstance'
|
||||
|
||||
LevelHandler = class LevelHandler extends Handler
|
||||
modelClass: Level
|
||||
|
@ -105,11 +108,26 @@ LevelHandler = class LevelHandler extends Handler
|
|||
Session.findOne(sessionQuery).exec (err, doc) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendSuccess(res, doc) if doc?
|
||||
if level.get('type') is 'course'
|
||||
return @makeOrRejectCourseLevelSession(req, res, level, sessionQuery)
|
||||
requiresSubscription = level.get('requiresSubscription') or (req.user.get('chinaVersion') and level.get('campaign') and not (level.slug in ['dungeons-of-kithgard', 'gems-in-the-deep', 'shadow-guard', 'forgetful-gemsmith', 'signs-and-portents', 'true-names']))
|
||||
canPlayAnyway = req.user.isPremium() or level.get 'adventurer'
|
||||
return @sendPaymentRequiredError(res, err) if requiresSubscription and not canPlayAnyway
|
||||
@createAndSaveNewSession sessionQuery, req, res
|
||||
|
||||
makeOrRejectCourseLevelSession: (req, res, level, sessionQuery) ->
|
||||
CourseInstance.find {members: req.user.get('_id')}, (err, courseInstances) =>
|
||||
courseIDs = (ci.get('courseID') for ci in courseInstances)
|
||||
Course.find { _id: { $in: courseIDs }}, (err, courses) =>
|
||||
campaignIDs = (c.get('campaignID') for c in courses)
|
||||
Campaign.find { _id: { $in: campaignIDs }}, (err, campaigns) =>
|
||||
levelOriginals = (_.keys(c.get('levels')) for c in campaigns)
|
||||
levelOriginals = _.flatten(levelOriginals)
|
||||
if level.get('original').toString() in levelOriginals
|
||||
@createAndSaveNewSession(sessionQuery, req, res)
|
||||
else
|
||||
return @sendPaymentRequiredError(res, 'You must be in a course which includes this level to play it')
|
||||
|
||||
createAndSaveNewSession: (sessionQuery, req, res) =>
|
||||
initVals = sessionQuery
|
||||
|
||||
|
|
|
@ -29,3 +29,75 @@ describe 'Level', ->
|
|||
body = JSON.parse(body)
|
||||
expect(body.type).toBeDefined()
|
||||
done()
|
||||
|
||||
|
||||
describe 'GET /db/level/<id>/session', ->
|
||||
|
||||
describe 'when level is a course level', ->
|
||||
|
||||
levelID = null
|
||||
|
||||
it 'sets up a course instance', (done) ->
|
||||
|
||||
clearModels [Campaign, Course, CourseInstance, Level, User], (err) ->
|
||||
|
||||
loginAdmin (admin) ->
|
||||
|
||||
url = getURL('/db/level')
|
||||
body =
|
||||
name: 'Course Level'
|
||||
type: 'course'
|
||||
permissions: simplePermissions
|
||||
|
||||
request.post {uri: url, json: body }, (err, res, level) ->
|
||||
levelID = level._id
|
||||
|
||||
url = getURL('/db/campaign')
|
||||
body =
|
||||
name: 'Course Campaign'
|
||||
levels: {}
|
||||
body.levels[level.original] = { 'original': level.original }
|
||||
|
||||
request.post { uri: url, json: body }, (err, res, campaign) ->
|
||||
|
||||
course = new Course({
|
||||
name: 'Test Course'
|
||||
campaignID: ObjectId(campaign._id)
|
||||
})
|
||||
|
||||
course.save (err) ->
|
||||
|
||||
expect(err).toBeNull()
|
||||
|
||||
loginJoe (joe) ->
|
||||
|
||||
courseInstance = new CourseInstance({
|
||||
name: 'Course Instance'
|
||||
members: [
|
||||
joe.get('_id')
|
||||
]
|
||||
courseID: ObjectId(course.id)
|
||||
})
|
||||
|
||||
courseInstance.save (err) ->
|
||||
|
||||
expect(err).toBeNull()
|
||||
done()
|
||||
|
||||
it 'creates a new session if the user is in a course with that level', (done) ->
|
||||
loginJoe (joe) ->
|
||||
|
||||
url = getURL("/db/level/#{levelID}/session")
|
||||
|
||||
request.get { uri: url }, (err, res, body) ->
|
||||
expect(res.statusCode).toBe(200)
|
||||
done()
|
||||
|
||||
it 'does not create a new session if the user is not in a course with that level', (done) ->
|
||||
loginSam (sam) ->
|
||||
|
||||
url = getURL("/db/level/#{levelID}/session")
|
||||
|
||||
request.get { uri: url }, (err, res, body) ->
|
||||
expect(res.statusCode).toBe(402)
|
||||
done()
|
||||
|
|
Loading…
Reference in a new issue