Merge pull request topcoder-platform#80 from sharathkumaranbu/Issue_4

callmekatootie · web-flow · commit 83f2a9d644c3 · 2018-10-18T10:50:58.000+05:30
Remove role check for M2M tokens
diff --git a/src/services/SubmissionService.js b/src/services/SubmissionService.js
@@ -89,10 +89,10 @@ function * getSubmission (authUser, submissionId) {
     throw new errors.HttpStatusError(404, `Submission with ID = ${submissionId} is not found`)
   }
 
-//  logger.info('Check User access before returning the submission')
-//  if (_.intersection(authUser.roles, ['Administrator']).length === 0) {
-//    yield helper.checkGetAccess(authUser, submissionRecord)
-//  }
+  logger.info('Check User access before returning the submission')
+  if (_.intersection(authUser.roles, ['Administrator']).length === 0 && !authUser.scopes) {
+    yield helper.checkGetAccess(authUser, submissionRecord)
+  }
 
   // Return the retrieved submission
   logger.info(`getSubmission: returning data for submissionId: ${submissionId}`)
@@ -205,7 +205,7 @@ function * createSubmission (authUser, files, entity) {
   }
 
   logger.info('Check User access before creating the submission')
-  if (_.intersection(authUser.roles, ['Administrator']).length === 0) {
+  if (_.intersection(authUser.roles, ['Administrator']).length === 0 && !authUser.scopes) {
     yield helper.checkCreateAccess(authUser, item)
   }
 

Original file line number	Diff line number	Diff line change
`@@ -89,10 +89,10 @@ function * getSubmission (authUser, submissionId) {`
`89`	`89`	throw new errors.HttpStatusError(404, `Submission with ID = ${submissionId} is not found`)
`90`	`90`	`}`
`91`	`91`
`92`		`-// logger.info('Check User access before returning the submission')`
`93`		`-// if (_.intersection(authUser.roles, ['Administrator']).length === 0) {`
`94`		`-// yield helper.checkGetAccess(authUser, submissionRecord)`
`95`		`-// }`
	`92`	`+ logger.info('Check User access before returning the submission')`
	`93`	`+ if (_.intersection(authUser.roles, ['Administrator']).length === 0 && !authUser.scopes) {`
	`94`	`+ yield helper.checkGetAccess(authUser, submissionRecord)`
	`95`	`+ }`
`96`	`96`
`97`	`97`	`// Return the retrieved submission`
`98`	`98`	logger.info(`getSubmission: returning data for submissionId: ${submissionId}`)
`@@ -205,7 +205,7 @@ function * createSubmission (authUser, files, entity) {`
`205`	`205`	`}`
`206`	`206`
`207`	`207`	`logger.info('Check User access before creating the submission')`
`208`		`- if (_.intersection(authUser.roles, ['Administrator']).length === 0) {`
	`208`	`+ if (_.intersection(authUser.roles, ['Administrator']).length === 0 && !authUser.scopes) {`
`209`	`209`	`yield helper.checkCreateAccess(authUser, item)`
`210`	`210`	`}`
`211`	`211`