Challenge eligibility updates for v3 groups (#505)

* Improve challenge visibility control (#501)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* improve the query

* update query for groups (#502)

* Update queries (#503)

improve logging for v3 api call

* should use externalToken field name

Author: ajefts

actions/challengeRegistration.js

@@ -3,8 +3,8 @@
  *
  * The APIs to register a challenge (studio category or software category) for the current logged-in user.
  *
- * @version 1.7
- * @author ecnu_haozi, xjtufreeman, bugbuka, flytoj2ee, muzehyun
+ * @version 1.8
+ * @author ecnu_haozi, xjtufreeman, bugbuka, flytoj2ee, muzehyun, GFalcon
  *
  * changes in 1.1:
  * Combine Challenge Registration API(BUGR-11058)
@@ -27,6 +27,9 @@
  *
  * changes in 1.7:
  * Avoid reliability info set if there is none for new user.
+ * 
+ * changes in 1.8:
+ * Added the verification of the challenge's eligibility
  */
 "use strict";
 
@@ -880,19 +883,31 @@ exports.registerChallenge = {
                 } else {                   
                     api.helper.checkUserActivated(connection.caller.handle, api, connection.dbConnectionMap, function (err, inactive) {
                         var fail = err || inactive;
-                        if (fail) cb(fail);
-                        else api.dataAccess.executeQuery('check_challenge_exists', {challengeId: challengeId}, connection.dbConnectionMap, cb);
+                        if (fail) {
+                        	cb(fail);
+                        } else {
+                        	api.dataAccess.executeQuery('check_challenge_exists', {challengeId: challengeId}, connection.dbConnectionMap, cb);
+                        }
                     }, "You must activate your account in order to participate. Please check your e-mail in order to complete the activation process, or contact [email protected] if you did not receive an e-mail.");                    
                 }
-            }, function (result, cb) {
-                if (result.length > 0) {
-                    if (result[0].is_studio) {
-                        registerStudioChallengeAction(api, connection, next);
-                    } else {
-                        registerSoftwareChallengeAction(api, connection, next);
-                    }
-                } else {
+            }, function(result, cb) {
+                // If the challenge is not found in the tcs_catalog:project table, 
+                if (result.length === 0) {
+                    // Do nothing, do not register
                     cb();
+                    return;
+                }
+                var isStudio = result[0].isStudio !== 0;
+                api.challengeHelper.checkUserChallengeEligibility(connection, challengeId, function (err) {
+                    cb(err, isStudio);
+                });
+            }, function (isStudio, cb) {
+                if (_.isUndefined(isStudio)) {
+                	cb();
+                } else if (isStudio) {
+                    registerStudioChallengeAction(api, connection, next);
+                } else {
+                    registerSoftwareChallengeAction(api, connection, next);
                 }
             }
         ], function (err) {

actions/challenges.js

@@ -1,9 +1,9 @@
 /*
  * Copyright (C) 2013 - 2014 TopCoder Inc., All Rights Reserved.
  *
- * @version 1.31
+ * @version 1.32
  * @author Sky_, mekanizumu, TCSASSEMBLER, freegod, Ghost_141, kurtrips, xjtufreeman, ecnu_haozi, hesibo, LazyChild,
- * @author isv, muzehyun, bugbuka
+ * @author isv, muzehyun, bugbuka, GFalcon
  * @changes from 1.0
  * merged with Member Registration API
  * changes in 1.1:
@@ -79,9 +79,12 @@
  * - Update challenge type filter.
  * Changes in 1.31:
  * - Remove screeningScorecardId and reviewScorecardId from search challenges api.
+ * Changes in 1.32:
+ * - validateChallenge function now checks if an user belongs to a group via
+ *   user_group_xref for old challenges and by calling V3 API for new ones.
  */
 "use strict";
-/*jslint stupid: true, unparam: true, continue: true */
+/*jslint stupid: true, unparam: true, continue: true, nomen: true */
 
 require('datejs');
 var fs = require('fs');
@@ -851,7 +854,7 @@ var addFilter = function (sql, filter, isMyChallenges, helper, caller) {
  * @since 1.10
  */
 function validateChallenge(api, connection, dbConnectionMap, challengeId, isStudio, callback) {
-    var error, sqlParams, helper = api.helper;
+    var error, sqlParams, helper = api.helper, userId = (connection.caller.userId || 0);
     async.waterfall([
         function (cb) {
             error = helper.checkPositiveInteger(challengeId, 'challengeId') ||
@@ -862,31 +865,18 @@ function validateChallenge(api, connection, dbConnectionMap, challengeId, isStud
             }
             sqlParams = {
                 challengeId: challengeId,
-                user_id: connection.caller.userId || 0
+                user_id: userId
             };
-            async.parallel({
-                accessibility: function (cbx) {
-                    api.dataAccess.executeQuery('check_user_challenge_accessibility', sqlParams, dbConnectionMap, cbx);
-                },
-                exists:  function (cbx) {
-                    api.dataAccess.executeQuery('check_challenge_exists', sqlParams, dbConnectionMap, cbx);
-                }
-            }, cb);
+            api.dataAccess.executeQuery('check_challenge_exists', sqlParams, dbConnectionMap, cb);
         }, function (res, cb) {
-            if (res.exists.length === 0 || Boolean(res.exists[0].is_studio) !== isStudio) {
+            // If the record with this callengeId doesn't exist in 'project' table
+            // or there's a studio/software mismatch
+            if (res.length === 0 || Boolean(res[0].is_studio) !== isStudio) {
                 cb(new NotFoundError("Challenge not found."));
                 return;
             }
-            var access = res.accessibility[0];
-            if (access.is_private && !access.has_access && connection.caller.accessLevel !== "admin") {
-                if (connection.caller.accessLevel === "anon") {
-                    cb(new UnauthorizedError());
-                } else {
-                    cb(new ForbiddenError());
-                }
-                return;
-            }
-            cb();
+            // Check the eligibility
+            api.challengeHelper.checkUserChallengeEligibility(connection, challengeId, cb);
         }
     ], callback);
 }

db_scripts/test_eligibility.delete.sql

@@ -0,0 +1,39 @@
+DATABASE common_oltp;
+
+DELETE FROM user_group_xref WHERE group_id > 3330000 AND group_id < 3330100;
+DELETE FROM security_groups WHERE group_id > 3330000 AND group_id < 3330100;
+DELETE FROM group_contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;
+DELETE FROM contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;
+
+DATABASE informixoltp;
+
+-- UPDATE coder SET comp_country_code = NULL WHERE user_id = 132458;
+
+DATABASE tcs_catalog;
+
+DELETE FROM notification WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project_result WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project_user_audit WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM component_inquiry WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM resource_info WHERE resource_id IN (SELECT resource_id FROM resource WHERE project_id > 1110000 AND project_id < 1110100);
+DELETE FROM resource WHERE project_id > 1110000 AND project_id < 1110100;
+
+DELETE FROM project_info WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM comp_versions WHERE component_id = 3330333;
+DELETE FROM comp_catalog WHERE component_id = 3330333;
+DELETE FROM project_phase WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project WHERE project_id > 1110000 AND project_id < 1110100;
+
+DELETE FROM review_item_comment WHERE review_item_comment_id > 7770000 AND review_item_id < 7770100;
+DELETE FROM review_item WHERE review_item_id > 5550000 AND review_item_id < 5550100;
+DELETE FROM review WHERE review_id > 4440000 AND review_id < 4440100;
+DELETE FROM scorecard_question WHERE scorecard_question_id = 3330333;
+DELETE FROM scorecard_section WHERE scorecard_section_id = 3330333;
+DELETE FROM scorecard_group WHERE scorecard_group_id = 3330333;
+DELETE FROM scorecard WHERE scorecard_id = 3330333;
+DELETE FROM submission WHERE submission_id > 2220000 AND submission_id < 2220100;
+DELETE FROM prize WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM upload WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM resource WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM project_phase WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM project WHERE project_id > 2220000 AND project_id < 2220100;