whitelist emails leaking handled

[ihsaan-ullah]

@ mention of reviewers

@Didayolo

A brief description of the purpose of the changes contained in this PR.

• Whitelist emails were leaked in API. Now it is handled in a way that only loggedin users and API calls from inside codabench can access it.
• fixed a console error
• removed console prints

Issues this PR resolves

• White list emails leaked #1366

A checklist for hand testing

• before deploying this change access http://localhost/api/competitions/1/ and check that whitelist_emails is there
• after deploying, you should not see whitelist_emails

Checklist

• Code review by me
• Hand tested by me
• I'm proud of my work
• Code review by reviewer
• Hand tested by reviewer
• CircleCi tests are passing
• Ready to merge

[ihsaan-ullah]

this was giving an error in the console. Fixed it by adding competition.files to the condition

[ihsaan-ullah]

Problems

1. Accessing the competition via API does not show whitelist emails but there is an update view that shows the emails

Comments

1. The main problem is the way this API is designed. there is one endpoint /competitions/ and then everything is handled in it.
2. To simplify things, we should have small readable and straightforward apis.
3. We should also disable the django view of the apis so that we can control things (not sure if that is possible because the default views come with the django rest-framework)

Edit

We are going to get more similar issues. I suggest that we start redesiging the apis step by step and also update the documentation with it and add tests with each api

[ihsaan-ullah]

Benjamin ideas:

• only admin should be able to get white-lists

Isabell ideas:

• just create participants from whitelist emails and remove
• rename whitelist to approved list
• a problem when whitelist person is not a participants.

[ihsaan-ullah]

Solved in #1560