From 0e27793d259d0a8e0133378e71f22c24f40e63bd Mon Sep 17 00:00:00 2001 From: Howl Date: Sat, 24 Sep 2016 19:45:07 +0200 Subject: [PATCH] make rank_requests/status auth-free --- app/start.go | 2 +- app/v1/beatmap_requests.go | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/app/start.go b/app/start.go index c820334..50d6d0b 100644 --- a/app/start.go +++ b/app/start.go @@ -91,12 +91,12 @@ func Start(conf common.Conf, dbO *sqlx.DB) *gin.Engine { gv1.GET("/blog/posts", Method(v1.BlogPostsGET)) gv1.GET("/blog/posts/content", Method(v1.BlogPostsContentGET)) gv1.GET("/scores", Method(v1.ScoresGET)) + gv1.GET("/beatmaps/rank_requests/status", Method(v1.BeatmapRankRequestsStatusGET)) // ReadConfidential privilege required gv1.GET("/friends", Method(v1.FriendsGET, common.PrivilegeReadConfidential)) gv1.GET("/friends/with", Method(v1.FriendsWithGET, common.PrivilegeReadConfidential)) gv1.GET("/users/self/donor_info", Method(v1.UsersSelfDonorInfoGET, common.PrivilegeReadConfidential)) - gv1.GET("/beatmaps/rank_requests/status", Method(v1.BeatmapRankRequestsStatusGET, common.PrivilegeReadConfidential)) // Write privilege required gv1.GET("/friends/add", Method(v1.FriendsAddGET, common.PrivilegeWrite)) diff --git a/app/v1/beatmap_requests.go b/app/v1/beatmap_requests.go index fb0e560..51c5c7a 100644 --- a/app/v1/beatmap_requests.go +++ b/app/v1/beatmap_requests.go @@ -29,7 +29,10 @@ func BeatmapRankRequestsStatusGET(md common.MethodData) common.CodeMessager { return Err500 } var r rankRequestsStatusResponse - if md.ID() != 0 { + // if it's not auth-free access and we have got ReadConfidential, we can + // know if this user can submit beatmaps or not. + hasConfid := md.ID() != 0 && md.User.TokenPrivileges&common.PrivilegeReadConfidential > 0 + if hasConfid { r.SubmittedByUser = new(int) } isFirst := true @@ -45,7 +48,7 @@ func BeatmapRankRequestsStatusGET(md common.MethodData) common.CodeMessager { } // if the user submitted this rank request, increase the number of // rank requests submitted by this user - if user == md.ID() { + if user == md.ID() && r.SubmittedByUser != nil { (*r.SubmittedByUser)++ } // also, if this is the first result, it means it will be the next to @@ -59,7 +62,7 @@ func BeatmapRankRequestsStatusGET(md common.MethodData) common.CodeMessager { } r.QueueSize = c.RankQueueSize r.MaxPerUser = c.BeatmapRequestsPerUser - if md.ID() != 0 { + if hasConfid { x := r.Submitted < r.QueueSize && *r.SubmittedByUser < r.MaxPerUser r.CanSubmit = &x }