Merge pull request #359 from topcoder-platform/develop

jmgasper · web-flow · commit c81edf12f8ad · 2024-05-20T05:30:15.000Z
Add 'tgadmin' to administrator auth checks for Topgear
diff --git a/src/services/ReviewService.js b/src/services/ReviewService.js
@@ -165,7 +165,7 @@ async function createReview (authUser, entity) {
     entity
   )
 
-  if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {
+  if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {
     if (entity.reviewedDate) {
       throw new errors.HttpStatusError(403, 'You are not allowed to set the `reviewedDate` attribute on a review')
     }
diff --git a/src/services/ReviewSummationService.js b/src/services/ReviewSummationService.js
@@ -102,7 +102,7 @@ async function createReviewSummation (authUser, entity) {
     item.isFinal = entity.isFinal
   }
 
-  if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {
+  if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {
     if (entity.reviewedDate) {
       throw new errors.HttpStatusError(403, 'You are not allowed to set the `reviewedDate` attribute on a review summation')
     }
diff --git a/src/services/SubmissionService.js b/src/services/SubmissionService.js
@@ -403,7 +403,7 @@ async function createSubmission (authUser, files, entity) {
   }
 
   logger.info('Check User access before creating the submission')
-  if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {
+  if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {
     await helper.checkCreateAccess(authUser, item.memberId, challenge)
 
     if (entity.submittedDate) {

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ async function createReview (authUser, entity) {`
`165`	`165`	`entity`
`166`	`166`	`)`
`167`	`167`
`168`		`- if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {`
	`168`	`+ if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {`
`169`	`169`	`if (entity.reviewedDate) {`
`170`	`170`	throw new errors.HttpStatusError(403, 'You are not allowed to set the `reviewedDate` attribute on a review')
`171`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ async function createReviewSummation (authUser, entity) {`
`102`	`102`	`item.isFinal = entity.isFinal`
`103`	`103`	`}`
`104`	`104`
`105`		`- if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {`
	`105`	`+ if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {`
`106`	`106`	`if (entity.reviewedDate) {`
`107`	`107`	throw new errors.HttpStatusError(403, 'You are not allowed to set the `reviewedDate` attribute on a review summation')
`108`	`108`	`}`
Original file line number	Diff line number	Diff line change
`@@ -403,7 +403,7 @@ async function createSubmission (authUser, files, entity) {`
`403`	`403`	`}`
`404`	`404`
`405`	`405`	`logger.info('Check User access before creating the submission')`
`406`		`- if (_.intersection(authUser.roles, ['Administrator', 'administrator']).length === 0 && !authUser.scopes) {`
	`406`	`+ if (_.intersection(authUser.roles, ['Administrator', 'administrator', 'tgadmin']).length === 0 && !authUser.scopes) {`
`407`	`407`	`await helper.checkCreateAccess(authUser, item.memberId, challenge)`
`408`	`408`
`409`	`409`	`if (entity.submittedDate) {`