#175 Fix review comments

callmekatootie · callmekatootie · commit a338b46d677b · 2020-05-05T11:54:18.000+05:30
diff --git a/config/test.js b/config/test.js
@@ -27,6 +27,7 @@ module.exports = {
   AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID,
   AUTH0_CLIENT_SECRET: process.env.AUTH0_CLIENT_SECRET,
   USER_TOKEN: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6IlNoYXJhdGhrdW1hcjkyIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDA0OTMwNTAiLCJpYXQiOjE1MzAxOTg2NTksImVtYWlsIjoiU2hhcmF0aGt1bWFyOTJAdG9wY29kZXIuY29tIiwianRpIjoiYzNhYzYwOGEtNTZiZS00NWQwLThmNmEtMzFmZTk0Yjk1NjFjIn0.2gtNJwhcv7MYc-muX3Nv-B0RdWbhMRl7-xrwFUsLazM',
+  ANOTHER_USER_TOKEN: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6IlNoYXJhdGhrdW1hcjkyIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDE0OTM1MCIsImlhdCI6MTUzMDE5ODY1OSwiZW1haWwiOiJmb29AYmFyLmNvbSIsImp0aSI6IjZmNzg4MWQ0LThlOTctMTFlYS1iYzU1LTAyNDJhYzEzMDAwMyJ9.Sou5VYEq8dV6AS8OX_fW_xHHUn2qObGHwoEk9L34Jaw',
   COPILOT_TOKEN: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJDb3BpbG90Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6ImNhbGxtZWthdG9vdGllIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDA0OTMwMTIiLCJpYXQiOjE1MzAxOTg2NTksImVtYWlsIjoiY2FsbG1la2F0b290aWVAdG9wY29kZXIuY29tIiwianRpIjoiYzNhYzYwOGEtNTZiZS00NWQwLThmNmEtMzFmZTk0Yjk1NjFjIn0.AR1-A7zm8Rur-P36De4GUsSO1FsSb2CWby8KUZ66Dm0',
   ADMIN_TOKEN: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJBZG1pbmlzdHJhdG9yIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6IlRvbnlKIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDA0MzMyODgiLCJpYXQiOjE1MzAxOTg2NTksImVtYWlsIjoiYWRtaW5AdG9wY29kZXIuY29tIiwianRpIjoiYzNhYzYwOGEtNTZiZS00NWQwLThmNmEtMzFmZTk0Yjk1NjFjIn0.pIHUtMwIV07ZgfaUk9916X49rgjKclM9kzQP419LBo0',
   USER_NO_ROLE_TOKEN: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS50b3Bjb2Rlci5jb20iLCJoYW5kbGUiOiJTaGFyYXRoa3VtYXI5MiIsImV4cCI6NTU1MzAxOTkyNTksInVzZXJJZCI6IjQwNDkzMDUwIiwiaWF0IjoxNTMwMTk4NjU5LCJlbWFpbCI6IlNoYXJhdGhrdW1hcjkyQHRvcGNvZGVyLmNvbSIsImp0aSI6ImMzYWM2MDhhLTU2YmUtNDVkMC04ZjZhLTMxZmU5NGI5NTYxYyJ9.ZqEx54a157u1LaNjYwa_oWzp6nIuR_80jw6u7fXE7QQ',
diff --git a/docs/Submission API.postman_collection.json b/docs/Submission API.postman_collection.json
@@ -2914,7 +2914,7 @@
 					"response": []
 				},
 				{
-					"name": "Delete Submission as a copilot - 403",
+					"name": "Delete submission as a copilot - 403",
 					"request": {
 						"method": "DELETE",
 						"header": [
@@ -2937,6 +2937,30 @@
 					},
 					"response": []
 				},
+				{
+					"name": "Delete another user's submission - 403",
+					"request": {
+						"method": "DELETE",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "Bearer {{ANOTHER_USER_TOKEN}}",
+								"type": "text"
+							}
+						],
+						"url": {
+							"raw": "{{URL}}/submissions/{{submissionID}}",
+							"host": [
+								"{{URL}}"
+							],
+							"path": [
+								"submissions",
+								"{{submissionID}}"
+							]
+						}
+					},
+					"response": []
+				},
 				{
 					"name": "Delete Submission as a user",
 					"request": {
diff --git a/docs/submission-api.postman_environment.json b/docs/submission-api.postman_environment.json
@@ -1,6 +1,6 @@
 {
-	"id": "9f46d01c-0036-4350-aa00-c6860b4450de",
-	"name": "submission-api",
+	"id": "93a58dd4-67e4-4f7b-b84b-4484feb509fc",
+	"name": "Submission API",
 	"values": [
 		{
 			"key": "URL",
@@ -22,30 +22,28 @@
 			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6IlNoYXJhdGhrdW1hcjkyIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDA0OTMwNTAiLCJpYXQiOjE1MzAxOTg2NTksImVtYWlsIjoiU2hhcmF0aGt1bWFyOTJAdG9wY29kZXIuY29tIiwianRpIjoiYzNhYzYwOGEtNTZiZS00NWQwLThmNmEtMzFmZTk0Yjk1NjFjIn0.2gtNJwhcv7MYc-muX3Nv-B0RdWbhMRl7-xrwFUsLazM",
 			"enabled": true
 		},
+		{
+			"key": "ANOTHER_USER_TOKEN",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLmNvbSIsImhhbmRsZSI6IlNoYXJhdGhrdW1hcjkyIiwiZXhwIjo1NTUzMDE5OTI1OSwidXNlcklkIjoiNDE0OTM1MCIsImlhdCI6MTUzMDE5ODY1OSwiZW1haWwiOiJmb29AYmFyLmNvbSIsImp0aSI6IjZmNzg4MWQ0LThlOTctMTFlYS1iYzU1LTAyNDJhYzEzMDAwMyJ9.Sou5VYEq8dV6AS8OX_fW_xHHUn2qObGHwoEk9L34Jaw",
+			"enabled": true
+		},
 		{
 			"key": "submissionID",
 			"value": "a12a4180-65aa-42ec-a945-5fd21dec0505",
-			"description": {
-				"content": "",
-				"type": "text/plain"
-			},
 			"enabled": true
 		},
 		{
 			"key": "artifactID",
 			"value": "c56a4180-65aa-42ec-a945-5fd21dec0503",
-			"description": "",
 			"enabled": true
 		},
 		{
 			"key": "filename",
 			"value": "sampleFileName",
-			"type": "text",
-			"description": "",
 			"enabled": true
 		}
 	],
 	"_postman_variable_scope": "environment",
-	"_postman_exported_at": "2019-08-11T08:59:27.296Z",
-	"_postman_exported_using": "Postman/6.7.4"
+	"_postman_exported_at": "2020-05-05T06:23:03.562Z",
+	"_postman_exported_using": "Postman/7.23.0"
 }
diff --git a/src/routes/SubmissionRoutes.js b/src/routes/SubmissionRoutes.js
@@ -45,7 +45,7 @@ module.exports = {
       controller: 'SubmissionController',
       method: 'deleteSubmission',
       auth: 'jwt',
-      access: ['Administrator', 'Topcoder User', 'Copilot'],
+      access: ['Administrator', 'Topcoder User'],
       scopes: ['delete:submission', 'all:submission']
     }
   },
diff --git a/src/services/SubmissionService.js b/src/services/SubmissionService.js
@@ -585,6 +585,7 @@ patchSubmission.schema = {
 
 /**
  * Function to delete submission
+ * @param {Object} authUser Authenticated user (that is making the request)
  * @param {String} submissionId submissionId which need to be deleted
  * @param {Object} span the Span object
  * @return {Promise}
diff --git a/test/e2e/SubmissionService.test.js b/test/e2e/SubmissionService.test.js
@@ -655,10 +655,10 @@ describe('Submission Service tests', () => {
         })
     }).timeout(20000)
 
-    it('Deleting submission with copilot token should throw 403', (done) => {
+    it('Deleting submission that the user does not own should throw 403', (done) => {
       chai.request(app)
         .delete(`${config.API_VERSION}/submissions/${userSubmissionId}`)
-        .set('Authorization', `Bearer ${config.COPILOT_TOKEN}`)
+        .set('Authorization', `Bearer ${config.ANOTHER_USER_TOKEN}`)
         .end((err, res) => {
           res.should.have.status(403)
           res.body.message.should.be.eql('You cannot access other member\'s submission')
diff --git a/test/unit/SubmissionService.test.js b/test/unit/SubmissionService.test.js
@@ -534,10 +534,10 @@ describe('Submission Service tests', () => {
     })
 
     // Non admin users should not be able to delete submissions that they don't own
-    it('Deleting submission with copilot token should throw 403', (done) => {
+    it('Deleting submission that the user does not own should throw 403', (done) => {
       chai.request(app)
         .delete(`${config.API_VERSION}/submissions/${testSubmission.Item.id}`)
-        .set('Authorization', `Bearer ${config.COPILOT_TOKEN}`)
+        .set('Authorization', `Bearer ${config.ANOTHER_USER_TOKEN}`)
         .end((err, res) => {
           res.should.have.status(403)
           res.body.message.should.be.eql('You cannot access other member\'s submission')

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ module.exports = {`
`45`	`45`	`controller: 'SubmissionController',`
`46`	`46`	`method: 'deleteSubmission',`
`47`	`47`	`auth: 'jwt',`
`48`		`- access: ['Administrator', 'Topcoder User', 'Copilot'],`
	`48`	`+ access: ['Administrator', 'Topcoder User'],`
`49`	`49`	`scopes: ['delete:submission', 'all:submission']`
`50`	`50`	`}`
`51`	`51`	`},`