Challenge Overview
For this challenge, we'd like to update the TC API's logic for challenge visibility checking.
We are going to use a different approach to manage challenge visibility based on groups. that is saying,
if a challenge belongs to a group, and the user is not in that group, the challenge will not be visible to the user. to get the groups that a challenge belongs to, we can query the contest_eligibility and group_contest_eligibility tables.
then we need to use v3 groups API to check if the user has access to these groups.
For this challenge, we'd like to apply this logic to https://github.com/appirio-tech/tc-api/blob/master/actions/challenges.js#L869, instead of checking the user-group relation in user_group_xref table.
So we'd like to revise the logic as following
1. Get the challenge group ids by querying contest_eligibility, group_contest_eligibility, and security_group table.
2. If there is no group for this challenge (means public challenge), just pass and return a valid response.
3. IF there are groups for this challenge,
3.1 If the corresponding challenge_ind field for group is 0, use the user_group_xref table to determine the challenge visibility for old challenges (compatibility)
3.2 if he challenge_ind field is 1, apply the new logic as following
4. Use the v3 groups API to check if user is accessible to groups
4.1 in order to call v3 groups API, we need v3 JWT token, in order to get this, it needs to call the POST v3/authorization endpoint to exchange the v3 token by using v2 token.
4.2 then use the v3 token to call the groups API.
Use Mock Service For V3 APIs
To simplify the development process, we'd like to use mock approach to mock the v3/authorization api the check user groups api, the detail specification will be posted in forum.
you can follow https://github.com/appirio-tech/tc-common-tutorials/tree/master/submission-system/docker/s3_mock_api to create similar mock api.
Source Code To Modify
- Please use the dev branch of https://github.com/appirio-tech/tc-api for development.
- You can use the docker environment to setup the dependent services, please check https://github.com/appirio-tech/tc-common-tutorials, let me know if you need any help.
- Setup and Verification Steps
We are going to use a different approach to manage challenge visibility based on groups. that is saying,
if a challenge belongs to a group, and the user is not in that group, the challenge will not be visible to the user. to get the groups that a challenge belongs to, we can query the contest_eligibility and group_contest_eligibility tables.
then we need to use v3 groups API to check if the user has access to these groups.
For this challenge, we'd like to apply this logic to https://github.com/appirio-tech/tc-api/blob/master/actions/challenges.js#L869, instead of checking the user-group relation in user_group_xref table.
So we'd like to revise the logic as following
1. Get the challenge group ids by querying contest_eligibility, group_contest_eligibility, and security_group table.
2. If there is no group for this challenge (means public challenge), just pass and return a valid response.
3. IF there are groups for this challenge,
3.1 If the corresponding challenge_ind field for group is 0, use the user_group_xref table to determine the challenge visibility for old challenges (compatibility)
3.2 if he challenge_ind field is 1, apply the new logic as following
4. Use the v3 groups API to check if user is accessible to groups
4.1 in order to call v3 groups API, we need v3 JWT token, in order to get this, it needs to call the POST v3/authorization endpoint to exchange the v3 token by using v2 token.
4.2 then use the v3 token to call the groups API.
Use Mock Service For V3 APIs
To simplify the development process, we'd like to use mock approach to mock the v3/authorization api the check user groups api, the detail specification will be posted in forum.
you can follow https://github.com/appirio-tech/tc-common-tutorials/tree/master/submission-system/docker/s3_mock_api to create similar mock api.
Source Code To Modify
- Please use the dev branch of https://github.com/appirio-tech/tc-api for development.
- You can use the docker environment to setup the dependent services, please check https://github.com/appirio-tech/tc-common-tutorials, let me know if you need any help.
Final Submission Guidelines
- Code Changes- Setup and Verification Steps