Merge pull request topcoder-platform#244 from topcoder-platform/Issue_243

Issue 243

Author: rootelement

src/common/helper.js

@@ -601,10 +601,21 @@ function * checkGetAccess (authUser, submission) {
  * @returns {Promise}
  */
 function * checkReviewGetAccess (authUser, submission) {
+  let resources
   let challengeDetails
   const token = yield getM2Mtoken()
   const challengeId = yield getV5ChallengeId(submission.challengeId)
 
+  try {
+    resources = yield request.get(`${config.RESOURCEAPI_V5_BASE_URL}/resources?challengeId=${challengeId}`)
+      .set('Authorization', `Bearer ${token}`)
+      .set('Content-Type', 'application/json')
+  } catch (ex) {
+    logger.error(`Error while accessing ${config.RESOURCEAPI_V5_BASE_URL}/resources?challengeId=${challengeId}`)
+    logger.error(ex)
+    throw new errors.HttpStatusError(503, `Could not determine the user's role in the challenge with id ${challengeId}`)
+  }
+
   try {
     challengeDetails = yield request.get(`${config.CHALLENGEAPI_V5_URL}/${challengeId}`)
       .set('Authorization', `Bearer ${token}`)
@@ -615,9 +626,32 @@ function * checkReviewGetAccess (authUser, submission) {
     return false
   }
 
-  if (challengeDetails) {
+  // Get map of role id to role name
+  const resourceRolesMap = yield getRoleIdToRoleNameMap()
+
+  // Check if role id to role name mapping is available. If not user's role cannot be determined.
+  if (resourceRolesMap == null || _.size(resourceRolesMap) === 0) {
+    throw new errors.HttpStatusError(503, `Could not determine the user's role in the challenge with id ${challengeId}`)
+  }
+
+  if (resources && challengeDetails) {
+    // Fetch all roles of the User pertaining to the current challenge
+    const currUserRoles = _.filter(resources.body, { memberHandle: authUser.handle })
+
+    // Populate the role names for the current user role ids
+    _.forEach(currUserRoles, currentUserRole => {
+      currentUserRole.role = resourceRolesMap[currentUserRole.roleId]
+    })
+
     const subTrack = challengeDetails.body.legacy.subTrack
 
+    // Check if the User is a Copilot, Manager or Observer for that contest
+    const validRoles = ['Copilot', 'Manager', 'Observer']
+    const passedRoles = currUserRoles.filter(a => validRoles.includes(a.role))
+    if (passedRoles.length !== 0) {
+      return true
+    }
+
     // For Marathon Match, everyone can access review result
     if (subTrack === 'DEVELOP_MARATHON_MATCH') {
       logger.info('No access check for Marathon match')
@@ -632,6 +666,10 @@ function * checkReviewGetAccess (authUser, submission) {
 
       return true
     }
+  } else {
+    // We don't have enough details to validate the access
+    logger.debug('No enough details to validate the Permissions')
+    throw new errors.HttpStatusError(503, `Not all information could be fetched about challenge with id ${submission.challengeId}`)
   }
 }
 

src/routes/ReviewRoutes.js

@@ -24,7 +24,7 @@ module.exports = {
       controller: 'ReviewController',
       method: 'getReview',
       auth: 'jwt',
-      access: ['Administrator', 'Copilot'],
+      access: ['Administrator', 'Copilot', 'Topcoder User'],
       scopes: ['read:review', 'all:review']
     },
     put: {

src/services/ReviewService.js

@@ -70,7 +70,9 @@ function * getReview (authUser, reviewId) {
     false
   )
   logger.info('Check User access before returning the review')
-  yield helper.checkReviewGetAccess(authUser, submission)
+  if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {
+    yield helper.checkReviewGetAccess(authUser, submission)
+  }
   // Return the review
   return review
 }