clean up

ThomasKranitsas · ThomasKranitsas · commit c86a6282cbb0 · 2021-01-29T01:07:40.000+02:00
diff --git a/src/common/helper.js b/src/common/helper.js
@@ -864,20 +864,17 @@ async function ensureAccessibleByGroupsAccess (currentUser, challenge) {
  */
 async function _ensureAccessibleForTaskChallenge (currentUser, challenge) {
   let challengeResourceIds
-  // Remove privateDescription for unregistered users
   if (currentUser) {
     if (!currentUser.isMachine) {
       const challengeResources = await getChallengeResources(challenge.id)
       challengeResourceIds = _.map(challengeResources, r => _.toString(r.memberId))
-      if (!_.includes(challengeResourceIds, _.toString(currentUser.userId))) {
-      }
     }
   }
   // Check if challenge is task and apply security rules
   if (_.get(challenge, 'task.isTask', false) && _.get(challenge, 'task.isAssigned', false)) {
-    const canAccesChallenge = _.isUndefined(currentUser) ? false : _.includes((challengeResourceIds || []), _.toString(currentUser.userId)) || currentUser.isMachine || hasAdminRole(currentUser)
+    const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine || hasAdminRole(currentUser) || _.includes((challengeResourceIds || []), _.toString(currentUser.userId))
     if (!canAccesChallenge) {
-      throw new errors.ForbiddenError(`You don't have access to view this task as you don't have a resource on it`)
+      throw new errors.ForbiddenError(`You don't have access to view this challenge`)
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -864,20 +864,17 @@ async function ensureAccessibleByGroupsAccess (currentUser, challenge) {`
`864`	`864`	`*/`
`865`	`865`	`async function _ensureAccessibleForTaskChallenge (currentUser, challenge) {`
`866`	`866`	`let challengeResourceIds`
`867`		`- // Remove privateDescription for unregistered users`
`868`	`867`	`if (currentUser) {`
`869`	`868`	`if (!currentUser.isMachine) {`
`870`	`869`	`const challengeResources = await getChallengeResources(challenge.id)`
`871`	`870`	`challengeResourceIds = _.map(challengeResources, r => _.toString(r.memberId))`
`872`		`- if (!_.includes(challengeResourceIds, _.toString(currentUser.userId))) {`
`873`		`- }`
`874`	`871`	`}`
`875`	`872`	`}`
`876`	`873`	`// Check if challenge is task and apply security rules`
`877`	`874`	`if (_.get(challenge, 'task.isTask', false) && _.get(challenge, 'task.isAssigned', false)) {`
`878`		`- const canAccesChallenge = _.isUndefined(currentUser) ? false : _.includes((challengeResourceIds \|\| []), _.toString(currentUser.userId)) \|\| currentUser.isMachine \|\| hasAdminRole(currentUser)`
	`875`	`+ const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine \|\| hasAdminRole(currentUser) \|\| _.includes((challengeResourceIds \|\| []), _.toString(currentUser.userId))`
`879`	`876`	`if (!canAccesChallenge) {`
`880`		- throw new errors.ForbiddenError(`You don't have access to view this task as you don't have a resource on it`)
	`877`	+ throw new errors.ForbiddenError(`You don't have access to view this challenge`)
`881`	`878`	`}`
`882`	`879`	`}`
`883`	`880`	`}`