Avoid unauthorized attempts at fetching ratings if user isn't an admin, judge, or jury

2024-06-30 13:41:57 +02:00 · 2015-12-10 13:01:48 +01:00 · 2015-12-10 13:01:48 +01:00 · 34153c2322
commit 34153c2322
parent dcca228669
1 changed files with 33 additions and 13 deletions
--- a/js/components/whitelabel/prize/simple_prize/components/ascribe_detail/prize_piece_container.js
+++ b/js/components/whitelabel/prize/simple_prize/components/ascribe_detail/prize_piece_container.js
@ -176,8 +176,8 @@ let PieceContainer = React.createClass({

 let NavigationHeader = React.createClass({
    propTypes: {
-        piece: React.PropTypes.object,
-        currentUser: React.PropTypes.object
+        piece: React.PropTypes.object.isRequired,
+        currentUser: React.PropTypes.object.isRequired
    },

    render() {
@ -213,9 +213,9 @@ let NavigationHeader = React.createClass({

 let PrizePieceRatings = React.createClass({
    propTypes: {
-        loadPiece: React.PropTypes.func,
-        piece: React.PropTypes.object,
-        currentUser: React.PropTypes.object
+        loadPiece: React.PropTypes.func.isRequired,
+        piece: React.PropTypes.object.isRequired,
+        currentUser: React.PropTypes.object.isRequired
    },

    getInitialState() {
@ -227,9 +227,15 @@ let PrizePieceRatings = React.createClass({

    componentDidMount() {
        PrizeRatingStore.listen(this.onChange);
-        PrizeRatingActions.fetchOne(this.props.piece.id);
-        PrizeRatingActions.fetchAverage(this.props.piece.id);
        PieceListStore.listen(this.onChange);
+
+        this.fetchRatingsIfAuthorized();
+    },
+
+    componentWillReceiveProps(nextProps) {
+        if (nextProps.currentUser.email !== this.props.currentUser.email) {
+            this.fetchRatingsIfAuthorized();
+        }
    },

    componentWillUnmount() {
@ -258,6 +264,21 @@ let PrizePieceRatings = React.createClass({
        }
    },

+    fetchRatingsIfAuthorized() {
+        const {
+            currentUser: {
+                is_admin: isAdmin,
+                is_judge: isJudge,
+                is_jury: isJury
+            },
+            piece: { id: pieceId } } = this.props;
+
+        if (isAdmin || isJudge || isJury) {
+            PrizeRatingActions.fetchOne(pieceId);
+            PrizeRatingActions.fetchAverage(pieceId);
+        }
+    },
+
    onRatingClick(event, args) {
        event.preventDefault();
        PrizeRatingActions.createRating(this.props.piece.id, args.rating).then(
@ -425,12 +446,11 @@ let PrizePieceRatings = React.createClass({

 let PrizePieceDetails = React.createClass({
    propTypes: {
-        piece: React.PropTypes.object
+        piece: React.PropTypes.object.isRequired
    },

    render() {
-        if (this.props.piece
-            && this.props.piece.prize
+        if (this.props.piece.prize
            && this.props.piece.prize.name
            && Object.keys(this.props.piece.extra_data).length !== 0){
            return (