topcoder-platform · rakibansary · Mar 26, 2023 · Mar 23, 2023 · Mar 23, 2023 · Mar 23, 2023
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -82,6 +82,7 @@ workflows:
           branches:
             only:
             - refactor/domain-challenge-dev
+            - refactor/challenge-update
 
     - "build-qa":
         context: org-global

diff --git a/package.json b/package.json
@@ -42,15 +42,16 @@
   "dependencies": {
     "@grpc/grpc-js": "^1.8.12",
     "@opensearch-project/opensearch": "^2.2.0",
-    "@topcoder-framework/domain-challenge": "^0.7.3",
-    "@topcoder-framework/lib-common": "^0.7.3",
+    "@topcoder-framework/domain-challenge": "^0.10.13",
+    "@topcoder-framework/lib-common": "^0.10.13",
     "aws-sdk": "^2.1145.0",
     "axios": "^0.19.0",
     "axios-retry": "^3.4.0",
     "bluebird": "^3.5.1",
     "body-parser": "^1.15.1",
     "config": "^3.0.1",
     "cors": "^2.7.1",
+    "deep-equal": "^2.2.0",
     "dotenv": "^8.2.0",
     "dynamoose": "^1.11.1",
     "elasticsearch": "^16.7.3",

diff --git a/src/common/challenge-helper.js b/src/common/challenge-helper.js
@@ -10,6 +10,7 @@ const constants = require("../../app-constants");
 const axios = require("axios");
 const { getM2MToken } = require("./m2m-helper");
 const { hasAdminRole } = require("./role-helper");
+const { ensureAcessibilityToModifiedGroups } = require("./group-helper");
 
 class ChallengeHelper {
   /**
@@ -45,7 +46,7 @@ class ChallengeHelper {
    * @param {String} projectId the project id
    * @param {String} currentUser the user
    */
-  async ensureProjectExist(projectId, currentUser) {
+  static async ensureProjectExist(projectId, currentUser) {
     let token = await getM2MToken();
     const url = `${config.PROJECTS_API_URL}/${projectId}`;
     try {
@@ -98,6 +99,252 @@ class ChallengeHelper {
     // check groups authorization
     await helper.ensureAccessibleByGroupsAccess(currentUser, challenge);
   }
+
+  async validateChallengeUpdateRequest(currentUser, challenge, data) {
+    if (process.env.LOCAL != "true") {
+      await helper.ensureUserCanModifyChallenge(currentUser, challenge);
+    }
+
+    helper.ensureNoDuplicateOrNullElements(data.tags, "tags");
+    helper.ensureNoDuplicateOrNullElements(data.groups, "groups");
+
+    if (data.projectId) {
+      await ChallengeHelper.ensureProjectExist(data.projectId, currentUser);
+    }
+
+    // check groups access to be updated group values
+    if (data.groups) {
+      await ensureAcessibilityToModifiedGroups(currentUser, data, challenge);
+    }
+
+    // Ensure descriptionFormat is either 'markdown' or 'html'
+    if (data.descriptionFormat && !_.includes(["markdown", "html"], data.descriptionFormat)) {
+      throw new errors.BadRequestError("The property 'descriptionFormat' must be either 'markdown' or 'html'");
+    }
+
+    // Ensure unchangeable fields are not changed
+    if (
+      _.get(challenge, "legacy.track") &&
+      _.get(data, "legacy.track") &&
+      _.get(challenge, "legacy.track") !== _.get(data, "legacy.track")
+    ) {
+      throw new errors.ForbiddenError("Cannot change legacy.track");
+    }
+
+    if (
+      _.get(challenge, "trackId") &&
+      _.get(data, "trackId") &&
+      _.get(challenge, "trackId") !== _.get(data, "trackId")
+    ) {
+      throw new errors.ForbiddenError("Cannot change trackId");
+    }
+
+    if (
+      _.get(challenge, "typeId") &&
+      _.get(data, "typeId") &&
+      _.get(challenge, "typeId") !== _.get(data, "typeId")
+    ) {
+      throw new errors.ForbiddenError("Cannot change typeId");
+    }
+
+    if (
+      _.get(challenge, "legacy.pureV5Task") &&
+      _.get(data, "legacy.pureV5Task") &&
+      _.get(challenge, "legacy.pureV5Task") !== _.get(data, "legacy.pureV5Task")
+    ) {
+      throw new errors.ForbiddenError("Cannot change legacy.pureV5Task");
+    }
+
+    if (
+      _.get(challenge, "legacy.pureV5") &&
+      _.get(data, "legacy.pureV5") &&
+      _.get(challenge, "legacy.pureV5") !== _.get(data, "legacy.pureV5")
+    ) {
+      throw new errors.ForbiddenError("Cannot change legacy.pureV5");
+    }
+
+    if (
+      _.get(challenge, "legacy.selfService") &&
+      _.get(data, "legacy.selfService") &&
+      _.get(challenge, "legacy.selfService") !== _.get(data, "legacy.selfService")
+    ) {
+      throw new errors.ForbiddenError("Cannot change legacy.selfService");
+    }
+
+    if (
+      (challenge.status === constants.challengeStatuses.Completed ||
+        challenge.status === constants.challengeStatuses.Cancelled) &&
+      data.status &&
+      data.status !== challenge.status &&
+      data.status !== constants.challengeStatuses.CancelledClientRequest
+    ) {
+      throw new errors.BadRequestError(
+        `Cannot change ${challenge.status} challenge status to ${data.status} status`
+      );
+    }
+
+    if (
+      data.winners &&
+      data.winners.length > 0 &&
+      challenge.status !== constants.challengeStatuses.Completed &&
+      data.status !== constants.challengeStatuses.Completed
+    ) {
+      throw new errors.BadRequestError(
+        `Cannot set winners for challenge with non-completed ${challenge.status} status`
+      );
+    }
+  }
+
+  sanitizeRepeatedFieldsInUpdateRequest(data) {
+    if (data.winners != null) {
+      data.winnerUpdate = {
+        winners: data.winners,
+      };
+      delete data.winners;
+    }
+
+    if (data.discussions != null) {
+      data.discussionUpdate = {
+        discussions: data.discussions,
+      };
+      delete data.discussions;
+    }
+
+    if (data.metadata != null) {
+      data.metadataUpdate = {
+        metadata: data.metadata,
+      };
+      delete data.metadata;
+    }
+
+    if (data.phases != null) {
+      data.phaseUpdate = {
+        phases: data.phases,
+      };
+      delete data.phases;
+    }
+
+    if (data.events != null) {
+      data.eventUpdate = {
+        events: data.events,
+      };
+      delete data.events;
+    }
+
+    if (data.terms != null) {
+      data.termUpdate = {
+        terms: data.terms,
+      };
+      delete data.terms;
+    }
+
+    if (data.prizeSets != null) {
+      data.prizeSetUpdate = {
+        prizeSets: data.prizeSets,
+      };
+      delete data.prizeSets;
+    }
+
+    if (data.tags != null) {
+      data.tagUpdate = {
+        tags: data.tags,
+      };
+      delete data.tags;
+    }
+
+    if (data.attachments != null) {
+      data.attachmentUpdate = {
+        attachments: data.attachments,
+      };
+      delete data.attachments;
+    }
+
+    if (data.groups != null) {
+      data.groupUpdate = {
+        groups: data.groups,
+      };
+      delete data.groups;
+    }
+
+    return data;
+  }
+
+  enrichChallengeForResponse(challenge, track, type) {
+    if (challenge.phases && challenge.phases.length > 0) {
+      const registrationPhase = _.find(challenge.phases, (p) => p.name === "Registration");
+      const submissionPhase = _.find(challenge.phases, (p) => p.name === "Submission");
+
+      challenge.currentPhase = challenge.phases
+        .slice()
+        .reverse()
+        .find((phase) => phase.isOpen);
+
+      challenge.currentPhaseNames = _.map(
+        _.filter(challenge.phases, (p) => p.isOpen === true),
+        "name"
+      );
+
+      if (registrationPhase) {
+        challenge.registrationStartDate =
+          registrationPhase.actualStartDate || registrationPhase.scheduledStartDate;
+        challenge.registrationEndDate =
+          registrationPhase.actualEndDate || registrationPhase.scheduledEndDate;
+      }
+      if (submissionPhase) {
+        challenge.submissionStartDate =
+          submissionPhase.actualStartDate || submissionPhase.scheduledStartDate;
+
+        challenge.submissionEndDate =
+          submissionPhase.actualEndDate || submissionPhase.scheduledEndDate;
+      }
+    }
+
+    challenge.created = new Date(challenge.created).toISOString();
+    challenge.updated = new Date(challenge.updated).toISOString();
+    challenge.startDate = new Date(challenge.startDate).toISOString();
+    challenge.endDate = new Date(challenge.endDate).toISOString();
+
+    if (track) {
+      challenge.track = track.name;
+    }
+
+    if (type) {
+      challenge.type = type.name;
+    }
+
+    challenge.metadata = challenge.metadata.map((m) => {
+      try {
+        m.value = JSON.stringify(JSON.parse(m.value)); // when we update how we index data, make this a JSON field
+      } catch (err) {
+        // do nothing
+      }
+      return m;
+    });
+  }
+
+  convertPrizeSetValuesToCents(prizeSets) {
+    prizeSets.forEach((prizeSet) => {
+      prizeSet.prizes.forEach((prize) => {
+        prize.amountInCents = prize.value * 100;
+        delete prize.value;
+      });
+    });
+  }
+
+  convertPrizeSetValuesToDollars(prizeSets, overview) {
+    prizeSets.forEach((prizeSet) => {
+      prizeSet.prizes.forEach((prize) => {
+        if (prize.amountInCents != null) {
+          prize.value = prize.amountInCents / 100;
+          delete prize.amountInCents;
+        }
+      });
+    });
+    if (overview && overview.totalPrizesInCents) {
+      overview.totalPrizes = overview.totalPrizesInCents / 100;
+      delete overview.totalPrizesInCents;
+    }
+  }
 }
 
 module.exports = new ChallengeHelper();
diff --git a/src/common/group-helper.js b/src/common/group-helper.js
@@ -0,0 +1,36 @@
+const _ = require("lodash");
+const errors = require("./errors");
+const helper = require("./helper");
+
+const { hasAdminRole } = require("./role-helper");
+
+class GroupHelper {
+  /**
+   * Ensure the user can access the groups being updated to
+   * @param {Object} currentUser the user who perform operation
+   * @param {Object} data the challenge data to be updated
+   * @param {String} challenge the original challenge data
+   */
+  async ensureAcessibilityToModifiedGroups(currentUser, data, challenge) {
+    const needToCheckForGroupAccess = !currentUser
+      ? true
+      : !currentUser.isMachine && !hasAdminRole(currentUser);
+    if (!needToCheckForGroupAccess) {
+      return;
+    }
+    const userGroups = await helper.getUserGroups(currentUser.userId);
+    const userGroupsIds = _.map(userGroups, (group) => group.id);
+    const updatedGroups = _.difference(
+      _.union(challenge.groups, data.groups),
+      _.intersection(challenge.groups, data.groups)
+    );
+    const filtered = updatedGroups.filter((g) => !userGroupsIds.includes(g));
+    if (filtered.length > 0) {
+      throw new errors.ForbiddenError(
+        "ensureAcessibilityToModifiedGroups :: You don't have access to this group!"
+      );
+    }
+  }
+}
+
+module.exports = new GroupHelper();
diff --git a/src/common/helper.js b/src/common/helper.js
@@ -450,16 +450,19 @@ axiosRetry(axios, {
  * @param {String} token The token
  * @returns
  */
-async function createSelfServiceProject(name, description, type, token) {
+async function createSelfServiceProject(name, description, type) {
   const projectObj = {
     name,
     description,
     type,
   };
+
+  const token = await m2mHelper.getM2MToken();
   const url = `${config.PROJECTS_API_URL}`;
   const res = await axios.post(url, projectObj, {
     headers: { Authorization: `Bearer ${token}` },
   });
+
   return _.get(res, "data.id");
 }
 
@@ -942,7 +945,7 @@ async function listChallengesByMember(memberId) {
  * @returns {Promise<Array>} an array of resources.
  */
 async function listResourcesByMemberAndChallenge(memberId, challengeId) {
-  const token = await getM2MToken();
+  const token = await m2mHelper.getM2MToken();
   let response = {};
   try {
     response = await axios.get(config.RESOURCES_API_URL, {
@@ -1123,7 +1126,7 @@ async function ensureUserCanViewChallenge(currentUser, challenge) {
  *
  * @param {Object} currentUser the user who perform operation
  * @param {Object} challenge the challenge to check
- * @returns {undefined}
+ * @returns {Promise}
  */
 async function ensureUserCanModifyChallenge(currentUser, challenge) {
   // check groups authorization

diff --git a/src/common/m2m-helper.js b/src/common/m2m-helper.js
@@ -3,15 +3,17 @@ const config = require("config");
 const m2mAuth = require("tc-core-library-js").auth.m2m;
 
 class M2MHelper {
+  static m2m = null;
+
   constructor() {
-    this.m2m = m2mAuth(_.pick(config, ["AUTH0_URL", "AUTH0_AUDIENCE", "TOKEN_CACHE_TIME"]));
+    M2MHelper.m2m = m2mAuth(_.pick(config, ["AUTH0_URL", "AUTH0_AUDIENCE", "TOKEN_CACHE_TIME"]));
   }
   /**
    * Get M2M token.
    * @returns {Promise<String>} the M2M token
    */
-  async getM2MToken() {
-    return this.m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET);
+  getM2MToken() {
+    return M2MHelper.m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET);
   }
 }