Merge pull request #66 from ascribe/only-fetch-ratings-if-authorized

Avoid unauthorized attempts at fetching ratings if user isn't an admin, judge, or jury
2016-01-19 16:05:22 +01:00 · 2016-01-19 16:05:22 +01:00 · 77c88cbd0f
parent c27a0ab607 2e8d1faaca
commit 77c88cbd0f
3 changed files with 35 additions and 18 deletions
--- a/js/components/ascribe_forms/form.js
+++ b/js/components/ascribe_forms/form.js
@ -208,7 +208,7 @@ let Form = React.createClass({
        if (this.state.submitted){
            return this.props.spinner;
        }
-        if (this.props.buttons){
+        if ('buttons' in this.props) {
            return this.props.buttons;
        }
        let buttons = null;
--- a/js/components/whitelabel/prize/portfolioreview/components/pr_forms/pr_register_piece_form.js
+++ b/js/components/whitelabel/prize/portfolioreview/components/pr_forms/pr_register_piece_form.js
@ -197,7 +197,7 @@ const PRRegisterPieceForm = React.createClass({
        return (
            <div className="register-piece--form">
                <Form
-                    buttons={{}}
+                    buttons={null}
                    className="ascribe-form-bordered"
                    ref="registerPieceForm">
                    <Property
@ -234,7 +234,7 @@ const PRRegisterPieceForm = React.createClass({
                    </Property>
                </Form>
                <Form
-                    buttons={{}}
+                    buttons={null}
                    className="ascribe-form-bordered"
                    ref="additionalDataForm">
                    <Property
@ -286,7 +286,7 @@ const PRRegisterPieceForm = React.createClass({
                    </Property>
                </Form>
                <Form
-                    buttons={{}}
+                    buttons={null}
                    className="ascribe-form-bordered"
                    ref="uploadersForm">
                    <Property
@ -390,7 +390,7 @@ const PRRegisterPieceForm = React.createClass({
                    </Property>
                </Form>
                <Form
-                    buttons={{}}
+                    buttons={null}
                    className="ascribe-form-bordered">
                    <Property
                        name="terms"
--- a/js/components/whitelabel/prize/simple_prize/components/ascribe_detail/prize_piece_container.js
+++ b/js/components/whitelabel/prize/simple_prize/components/ascribe_detail/prize_piece_container.js
@ -187,8 +187,8 @@ let PrizePieceContainer = React.createClass({

 let NavigationHeader = React.createClass({
    propTypes: {
-        piece: React.PropTypes.object,
-        currentUser: React.PropTypes.object
+        currentUser: React.PropTypes.object.isRequired,
+        piece: React.PropTypes.object.isRequired
    },

    render() {
@ -224,9 +224,10 @@ let NavigationHeader = React.createClass({

 let PrizePieceRatings = React.createClass({
    propTypes: {
-        loadPiece: React.PropTypes.func,
-        piece: React.PropTypes.object,
-        currentUser: React.PropTypes.object,
+        currentUser: React.PropTypes.object.isRequired,
+        loadPiece: React.PropTypes.func.isRequired,
+        piece: React.PropTypes.object.isRequired,
+
        selectedPrizeActionButton: React.PropTypes.func
    },

@ -239,12 +240,18 @@ let PrizePieceRatings = React.createClass({
    },

    componentDidMount() {
-        PieceListStore.listen(this.onChange);
-        PrizeStore.listen(this.onChange);
        PrizeRatingStore.listen(this.onChange);
+        PrizeStore.listen(this.onChange);
+        PieceListStore.listen(this.onChange);

        PrizeActions.fetchPrize();
-        this.fetchPrizeRatings();
+        this.fetchRatingsIfAuthorized();
+    },
+
+    componentWillReceiveProps(nextProps) {
+        if (nextProps.currentUser.email !== this.props.currentUser.email) {
+            this.fetchRatingsIfAuthorized();
+        }
    },

    componentWillUnmount() {
@ -259,7 +266,7 @@ let PrizePieceRatings = React.createClass({
    // with the problem.
    onChange(state) {
        if (state.prize && state.prize.active_round != this.state.prize.active_round) {
-            this.fetchPrizeRatings(state);
+            this.fetchRatingsIfAuthorized(state);
        }

        this.setState(state);
@ -274,9 +281,19 @@ let PrizePieceRatings = React.createClass({
        }
    },

-    fetchPrizeRatings(state = this.state) {
-        PrizeRatingActions.fetchOne(this.props.piece.id, state.prize.active_round);
-        PrizeRatingActions.fetchAverage(this.props.piece.id, state.prize.active_round);
+    fetchRatingsIfAuthorized(state = this.state) {
+        const {
+            currentUser: {
+                is_admin: isAdmin,
+                is_judge: isJudge,
+                is_jury: isJury
+            },
+            piece: { id: pieceId } } = this.props;
+
+        if (state.prize && 'active_round' in state.prize && (isAdmin || isJudge || isJury)) {
+            PrizeRatingActions.fetchOne(pieceId, state.prize.active_round);
+            PrizeRatingActions.fetchAverage(pieceId, state.prize.active_round);
+        }
    },

    onRatingClick(event, args) {
@ -425,7 +442,7 @@ let PrizePieceRatings = React.createClass({

 let PrizePieceDetails = React.createClass({
    propTypes: {
-        piece: React.PropTypes.object
+        piece: React.PropTypes.object.isRequired
    },

    render() {