add permission check for groups

skyhit · skyhit · commit 3b01230c98dd · 2017-06-01T22:33:18.000+08:00
diff --git a/services/contest_service_facade/src/java/main/com/topcoder/service/facade/contest/ContestServiceFacade.java b/services/contest_service_facade/src/java/main/com/topcoder/service/facade/contest/ContestServiceFacade.java
@@ -1572,5 +1572,5 @@ Set<Long> updatePreRegister(TCSubject tcSubject, SoftwareCompetition contest,
      * @throws ContestServiceException if any database related exception occur
      * @since 1.8.6
      */
-    public ProjectGroup[] getAllProjectGroups() throws ContestServiceException;
+    public ProjectGroup[] getAllProjectGroups(TCSubject tcSubject) throws ContestServiceException;
 }
diff --git a/services/contest_service_facade/src/java/main/com/topcoder/service/facade/contest/ejb/ContestServiceFacadeBean.java b/services/contest_service_facade/src/java/main/com/topcoder/service/facade/contest/ejb/ContestServiceFacadeBean.java
@@ -9312,9 +9312,13 @@ public void cancelSoftwareContestByUser(TCSubject tcSubject, long projectId) thr
      * @throws ContestServiceException if any database related exception occur
      * @since 3.7
      */
-    public ProjectGroup[] getAllProjectGroups() throws ContestServiceException {
+    public ProjectGroup[] getAllProjectGroups(TCSubject tcSubject) throws ContestServiceException {
         logger.debug("getAllProjectGroups");
 
+        if (!isRole(tcSubject, ADMIN_ROLE) && !isRole(tcSubject, TC_STAFF_ROLE)) {
+            return new ProjectGroup[0];
+        }
+
         try {
             return projectServices.getAllProjectGroups();
         } catch (ProjectServicesException e) {
diff --git a/src/java/main/com/topcoder/direct/services/configs/ReferenceDataBean.java b/src/java/main/com/topcoder/direct/services/configs/ReferenceDataBean.java
@@ -9,7 +9,6 @@
 import java.util.List;
 import java.util.Map;
 
-import com.topcoder.management.project.ProjectGroup;
 import com.topcoder.management.project.ProjectPlatform;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
@@ -335,36 +334,6 @@ public Map<Long, List<Category>> getCatalogToCategoriesMap() {
         return catalogToCategoriesMap;
     }
 
-    /**
-     * Getter for {@link #groups}
-     *
-     * @return groups
-     * @since 1.2
-     */
-    public List<ProjectGroup> getGroups() {
-        return groups;
-    }
-
-    /**
-     * Setter for {@link #groups}
-     *
-     * @param groups list of ProjectGroup
-     * @since 1.2
-     */
-    public void setGroups(List<ProjectGroup> groups) {
-        this.groups = groups;
-    }
-
-    /**
-     * Getter for {@link #groupMap}
-     *
-     * @return groupMap
-     * @since 1.2
-     */
-    public Map<Long, ProjectGroup> getGroupMap() {
-        return groupMap;
-    }
-
     /**
      * <p>
      * Initialization function. It will be called by Spring context.
@@ -393,12 +362,6 @@ public void afterPropertiesSet() throws Exception {
             platformMap.put(platform.getId(), platform);
         }
 
-        groups = Arrays.asList(getContestServiceFacade().getAllProjectGroups());
-        groupMap = new HashMap<Long, ProjectGroup>();
-        for (ProjectGroup group : groups) {
-            groupMap.put(group.getId(), group);
-        }
-
         // categories
         categories = new ArrayList<Category>();
         categoryMap = new HashMap<Long, Category>();
diff --git a/src/java/main/com/topcoder/direct/services/view/action/contest/launch/CommonAction.java b/src/java/main/com/topcoder/direct/services/view/action/contest/launch/CommonAction.java
@@ -35,6 +35,7 @@
 import com.topcoder.service.facade.project.DAOFault;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.codehaus.jackson.map.ObjectMapper;
+import com.topcoder.management.project.ProjectGroup;
 
 /**
  * <p>
@@ -324,7 +325,7 @@ public String getContestConfigs() throws Exception {
 
         configs.put("copilotFees", ConfigUtils.getCopilotFees());
         configs.put("billingInfos", getBillingProjectInfos());
-        configs.put("groups", getReferenceDataBean().getGroups());
+        configs.put("groups", getAllProjectGroups());
         setResult(configs);
         return SUCCESS;
     }
@@ -446,6 +447,18 @@ private List<Map<String, Object>> getBillingProjectInfos() throws DAOFault {
         return billings;
     }
 
+    /**
+     * <p>
+     * Gets all project groups
+     * </p>
+     *
+     * @return the billing project information. each project is represented in a map object.
+     * @throws DAOFault if a DAO error occurs
+     */
+    private List<ProjectGroup> getAllProjectGroups() throws DAOFault {
+        return Arrays.asList(getContestServiceFacade().getAllProjectGroups(DirectStrutsActionsHelper.getTCSubjectFromSession()));
+    }
+
 
     /**
      * <p>
diff --git a/src/java/main/com/topcoder/direct/services/view/action/contest/launch/SaveDraftContestAction.java b/src/java/main/com/topcoder/direct/services/view/action/contest/launch/SaveDraftContestAction.java
@@ -1011,11 +1011,18 @@ public boolean evaluate(Object object) {
             populateSoftwareCompetition(softwareCompetition);
         }
 
-        //set group
+        //set groups
         if (groups != null && groups.size() > 0) {
             List<ProjectGroup> groupsList = new ArrayList<ProjectGroup>();
+            // get the TCSubject from session
+            ProjectGroup[] allProjectGroups = getContestServiceFacade().getAllProjectGroups(DirectStrutsActionsHelper.getTCSubjectFromSession());
             for (String groupId : groups) {
-                groupsList.add(getReferenceDataBean().getGroupMap().get(Long.valueOf(groupId)));
+                for (ProjectGroup projectGroup : allProjectGroups) {
+                    if (Long.valueOf(projectGroup.getId()).equals(groupId)) {
+                        groupsList.add(projectGroup);
+                    }
+                }
+
             }
             softwareCompetition.getProjectHeader().setGroups(groupsList);
         } else {

Original file line number	Diff line number	Diff line change
`@@ -1572,5 +1572,5 @@ Set<Long> updatePreRegister(TCSubject tcSubject, SoftwareCompetition contest,`
`1572`	`1572`	`* @throws ContestServiceException if any database related exception occur`
`1573`	`1573`	`* @since 1.8.6`
`1574`	`1574`	`*/`
`1575`		`- public ProjectGroup[] getAllProjectGroups() throws ContestServiceException;`
	`1575`	`+ public ProjectGroup[] getAllProjectGroups(TCSubject tcSubject) throws ContestServiceException;`
`1576`	`1576`	`}`