chore(be): modify getContests permission for Reviewer#3571
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request restricts contest access by removing the Reviewer role from the allowed list and updates the GraphQL schema with new group tag and study information types. It also corrects character encoding in schema descriptions and transitions the user OAuth field to an array. Feedback focuses on a potential authorization failure in the contest resolver where a guard was incorrectly replaced rather than supplemented, and notes that the API documentation should be updated to reflect the new role restrictions.
There was a problem hiding this comment.
Code Review
This pull request updates the contest access control logic by restricting access to 'Admin' and 'Manager' roles, effectively removing 'Reviewer' access. The changes include updating the contest resolver and service, as well as documentation in the Bruno collection. Additionally, the PR includes significant schema updates, such as the addition of 'GroupTag' and 'StudyInfo' types and modifications to 'UserOAuth', which the reviewer suggests should be separated into a distinct pull request for better maintainability. Feedback highlights the need to synchronize documentation with the updated code and suggests decoupling unrelated schema changes.
There was a problem hiding this comment.
Code Review
This pull request updates the contest access control logic by restricting the 'getContests' query to 'Admin' and 'Manager' roles, removing 'Reviewer' access. The review comments highlight that the corresponding documentation and JSDoc comments still reference 'Reviewer' and should be updated for consistency. Additionally, the reviewer noted that the pull request includes significant schema changes related to 'GroupTag' and 'StudyInfo' that appear unrelated to the primary goal of the PR, suggesting that these should either be removed or explicitly justified in the PR description.
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
EddieDawn
left a comment
EddieDawn
left a comment
There was a problem hiding this comment.
schema.gql에 제미나이 커멘트 말고는 저도 LGTM!
|
근데 다시보니까 이미 리졸버 레벨에서 ContestManagerGuard가 걸려있는 거 아닌가용 일단 머지 ㄴㄴ |
4 participants
Description
admin 단의 contestResolver에는 UseContestRolesGuard(ContestRole.Manager)를 통해 기본적으로 모든 API 요청에 대해 ContestManager이상만 접근 가능한 상황입니다.
GetContests의 경우 @UseDisableContestRolesGuard()를 통해 가드를 비활성화한 후 내부에서 따로 Reviewer를 포함하여 권한 검증을 진행하고 있으나, Contest Reviewer의 경우 Contest 탭에서 해당 대회를 조회할 수 없어야하므로 이를 수정합니다.
Additional context
closes TAS-2712
Before submitting the PR, please make sure you do the following
fixes #123).