diff --git a/src/apps/api/views/competitions.py b/src/apps/api/views/competitions.py index 945c4f2e3..3e3622cc2 100644 --- a/src/apps/api/views/competitions.py +++ b/src/apps/api/views/competitions.py @@ -103,7 +103,6 @@ def get_queryset(self): # if `secret_key` is true, this is called for a secret competition if secret_key: - print(secret_key) qs = qs.filter(Q(secret_key=secret_key)) # Default condition @@ -111,19 +110,35 @@ def get_queryset(self): # not called from i'm participating in tab # not called from search bar # not called with a valid secret key - # Return the following --- - # All competitions which belongs to you (private or public) - # And competitions where you are admin - # And public competitions - # And competitions where you are approved participant - # this filters out all private compettions from other users if (not mine) and (not participating_in) and (not secret_key) and (not search_query): - qs = qs.filter( + + # Return the following --- + # All competitions which belongs to you (private or public) + # And competitions where you are admin + # And public competitions + # And competitions where you are approved participant + # this filters out all private compettions from other users + base_qs = qs.filter( (Q(created_by=self.request.user)) | (Q(collaborators__in=[self.request.user])) | (Q(published=True) & ~Q(created_by=self.request.user)) | (Q(participants__user=self.request.user) & Q(participants__status="approved")) - ).distinct() + ) + + # Additional condition of action + # allow private competition when action is register and has valid secret key + if self.request.method == 'POST' and self.action == 'register': + # get secret_key from request data + register_secret_key = self.request.data.get('secret_key', None) + # use secret key if available + if register_secret_key: + qs = base_qs | qs.filter(Q(secret_key=register_secret_key)) + else: + qs = base_qs + else: + qs = base_qs + # select distinct competitions + qs = qs.distinct() else: # if user is not authenticated only show diff --git a/src/static/js/ours/client.js b/src/static/js/ours/client.js index 166db1bfa..764fb109a 100644 --- a/src/static/js/ours/client.js +++ b/src/static/js/ours/client.js @@ -58,8 +58,10 @@ CODALAB.api = { manual_migration: function (phase_pk) { return CODALAB.api.request('POST', `${URLS.API}phases/${phase_pk}/manually_migrate/`) }, - submit_competition_registration: function (pk) { - return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/register/`) + submit_competition_registration: function (pk, secret_key) { + // Create an object to hold the data to be sent in the POST request + const requestData = {secret_key: secret_key} + return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/register/`, requestData) }, email_all_participants: (pk, message) => { return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/email_all_participants/`, {message: message}) diff --git a/src/static/riot/competitions/detail/_registration.tag b/src/static/riot/competitions/detail/_registration.tag index 6bfe16511..f66d2146b 100644 --- a/src/static/riot/competitions/detail/_registration.tag +++ b/src/static/riot/competitions/detail/_registration.tag @@ -95,7 +95,13 @@ } self.submit_registration = () => { - CODALAB.api.submit_competition_registration(self.competition_id) + + // Get the value of the 'secret_key' parameter from the URL + const url = new URL(window.location.href) + const searchParams = new URLSearchParams(url.search) + const secretKey = searchParams.get('secret_key') + + CODALAB.api.submit_competition_registration(self.competition_id, secretKey) .done(response => { self.status = response.participant_status if (self.status === 'approved') {