Apply restrictions to all challenges

vas3a · vas3a · commit 5da0c7bf1ea1 · 2025-02-27T13:36:56.000+02:00
diff --git a/src/common/helper.js b/src/common/helper.js
@@ -550,7 +550,7 @@ async function checkCreateAccess (authUser, memberId, challengeDetails) {
  * @param {Object} authUser the user
  * @param {Array} resources the challenge resources
  */
-const getChallengeAccessLevel = async (authUser, challengeId) => {
+async function getChallengeAccessLevel (authUser, challengeId) {
   if (authUser.isMachine) {
     return { hasFullAccess: true }
   }
diff --git a/src/services/ArtifactService.js b/src/services/ArtifactService.js
@@ -44,16 +44,9 @@ async function downloadArtifact (authUser, submissionId, fileName) {
   // Check the validness of Submission ID
   const submission = await HelperService._checkRef({ submissionId })
 
-  let challenge
-  try {
-    challenge = await commonHelper.getChallenge(submission.challengeId)
-  } catch (e) {
-    throw new errors.NotFoundError(`Could not load challenge: ${submission.challengeId}.\n Details: ${_.get(e, 'message')}`)
-  }
-
   const { hasFullAccess, isSubmitter, hasNoAccess } = await commonHelper.getChallengeAccessLevel(authUser, submission.challengeId)
 
-  if (hasNoAccess || (isSubmitter && challenge.isMM && submission.memberId.toString() !== authUser.userId.toString())) {
+  if (hasNoAccess || (isSubmitter && submission.memberId.toString() !== authUser.userId.toString())) {
     throw new errors.HttpStatusError(403, 'You are not allowed to download this submission artifact.')
   }
 
@@ -94,16 +87,9 @@ async function listArtifacts (authUser, submissionId) {
   // Check the validness of Submission ID
   const submission = await HelperService._checkRef({ submissionId })
 
-  let challenge
-  try {
-    challenge = await commonHelper.getChallenge(submission.challengeId)
-  } catch (e) {
-    throw new errors.NotFoundError(`Could not load challenge: ${submission.challengeId}.\n Details: ${_.get(e, 'message')}`)
-  }
-
   const { hasFullAccess, isSubmitter, hasNoAccess } = await commonHelper.getChallengeAccessLevel(authUser, submission.challengeId)
 
-  if (hasNoAccess || (isSubmitter && challenge.isMM && submission.memberId.toString() !== authUser.userId.toString())) {
+  if (hasNoAccess || (isSubmitter && submission.memberId.toString() !== authUser.userId.toString())) {
     throw new errors.HttpStatusError(403, 'You are not allowed to access this submission artifact.')
   }
 

Original file line number	Diff line number	Diff line change
`@@ -550,7 +550,7 @@ async function checkCreateAccess (authUser, memberId, challengeDetails) {`
`550`	`550`	`* @param {Object} authUser the user`
`551`	`551`	`* @param {Array} resources the challenge resources`
`552`	`552`	`*/`
`553`		`-const getChallengeAccessLevel = async (authUser, challengeId) => {`
	`553`	`+async function getChallengeAccessLevel (authUser, challengeId) {`
`554`	`554`	`if (authUser.isMachine) {`
`555`	`555`	`return { hasFullAccess: true }`
`556`	`556`	`}`