improve logic

Author: eisbilir

src/common/helper.js

@@ -914,6 +914,30 @@ async function listChallengesByMember (memberId) {
   return allIds
 }
 
+/**
+ * Lists resources that given member has in the given challenge.
+ * @param {Number} memberId the member id
+ * @param {String} id the challenge id
+ * @returns {Promise<Array>} an array of resources.
+ */
+async function listResourcesByMemberAndChallenge (memberId, challengeId) {
+  const token = await getM2MToken()
+  let response = {}
+  try {
+    response = await axios.get(config.RESOURCES_API_URL, {
+      headers: { Authorization: `Bearer ${token}` },
+      params: {
+        memberId,
+        challengeId
+      }
+    })
+  } catch (e) {
+    logger.debug(`Failed to get resources on challenge ${challengeId} that memberId ${memberId} has`, e)
+  }
+  const result = response.data || []
+  return result
+}
+
 /**
  * Check if ES refresh method is valid.
  *
@@ -1056,16 +1080,15 @@ async function ensureAccessibleByGroupsAccess (currentUser, challenge) {
  * @param {Object} challenge the challenge to check
  */
 async function _ensureAccessibleForTaskChallenge (currentUser, challenge) {
-  let challengeResourceIds
+  let memberResources
   // Check if challenge is task and apply security rules
   if (_.get(challenge, 'task.isTask', false) && _.get(challenge, 'task.isAssigned', false)) {
     if (currentUser) {
       if (!currentUser.isMachine) {
-        const challengeResources = await getChallengeResources(challenge.id)
-        challengeResourceIds = _.map(challengeResources, r => _.toString(r.memberId))
+        memberResources = await listResourcesByMemberAndChallenge(currentUser.userId, challenge.id)
       }
     }
-    const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine || hasAdminRole(currentUser) || _.includes((challengeResourceIds || []), _.toString(currentUser.userId))
+    const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources)
     if (!canAccesChallenge) {
       throw new errors.ForbiddenError(`You don't have access to view this challenge`)
     }
@@ -1287,6 +1310,7 @@ module.exports = {
   ensureProjectExist,
   calculateChallengeEndDate,
   listChallengesByMember,
+  listResourcesByMemberAndChallenge,
   validateESRefreshMethod,
   getProjectDefaultTerms,
   validateChallengeTerms,

src/services/ChallengeService.js

@@ -118,6 +118,14 @@ async function ensureAcessibilityToModifiedGroups (currentUser, data, challenge)
   }
 }
 
+/**
+ * Search challenges by legacyId
+ * @param {Object} currentUser the user who perform operation
+ * @param {Number} legacyId the legacyId
+ * @param {Number} page the page
+ * @param {Number} perPage the perPage
+ * @returns {Array} the search result
+ */
 async function searchByLegacyId (currentUser, legacyId, page, perPage) {
   const esQuery = {
     index: config.get('ES.ES_INDEX'),
@@ -1217,13 +1225,16 @@ async function getChallenge (currentUser, id, checkIfExists) {
   // delete challenge.typeId
 
   // Remove privateDescription for unregistered users
-  let memberChallengeIds
   if (currentUser) {
     if (!currentUser.isMachine && !helper.hasAdminRole(currentUser)) {
       _.unset(challenge, 'billing')
-      memberChallengeIds = await helper.listChallengesByMember(currentUser.userId)
-      if (!_.includes(memberChallengeIds, challenge.id)) {
+      if (_.isEmpty(challenge.privateDescription)) {
         _.unset(challenge, 'privateDescription')
+      } else if (!_.get(challenge, 'task.isTask', false) || !_.get(challenge, 'task.isAssigned', false)) {
+        const memberResources = await helper.listResourcesByMemberAndChallenge(currentUser.userId, challenge.id)
+        if (_.isEmpty(memberResources)) {
+          _.unset(challenge, 'privateDescription')
+        }
       }
     }
   } else {