Private competition register

src/apps/api/views/competitions.py

@@ -103,27 +103,42 @@ def get_queryset(self):
 
             # if `secret_key` is true, this is called for a secret competition
             if secret_key:
-                print(secret_key)
                 qs = qs.filter(Q(secret_key=secret_key))
 
             # Default condition
             # not called from my competitions tab
             # not called from i'm participating in tab
             # not called from search bar
             # not called with a valid secret key
-            # Return the following ---
-            # All competitions which belongs to you (private or public)
-            # And competitions where you are admin
-            # And public competitions
-            # And competitions where you are approved participant
-            # this filters out all private compettions from other users
             if (not mine) and (not participating_in) and (not secret_key) and (not search_query):
-                qs = qs.filter(
+
+                # Return the following ---
+                # All competitions which belongs to you (private or public)
+                # And competitions where you are admin
+                # And public competitions
+                # And competitions where you are approved participant
+                # this filters out all private compettions from other users
+                base_qs = qs.filter(
                     (Q(created_by=self.request.user)) |
                     (Q(collaborators__in=[self.request.user])) |
                     (Q(published=True) & ~Q(created_by=self.request.user)) |
                     (Q(participants__user=self.request.user) & Q(participants__status="approved"))
-                ).distinct()
+                )
+
+                # Additional condition of action
+                # allow private competition when action is register and has valid secret key
+                if self.request.method == 'POST' and self.action == 'register':
+                    # get secret_key from request data
+                    register_secret_key = self.request.data.get('secret_key', None)
+                    # use secret key if available
+                    if register_secret_key:
+                        qs = base_qs | qs.filter(Q(secret_key=register_secret_key))
+                    else:
+                        qs = base_qs
+                else:
+                    qs = base_qs
+                # select distinct competitions
+                qs = qs.distinct()
 
         else:
             # if user is not authenticated only show

src/static/js/ours/client.js

@@ -58,8 +58,10 @@ CODALAB.api = {
     manual_migration: function (phase_pk) {
         return CODALAB.api.request('POST', `${URLS.API}phases/${phase_pk}/manually_migrate/`)
     },
-    submit_competition_registration: function (pk) {
-        return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/register/`)
+    submit_competition_registration: function (pk, secret_key) {
+        // Create an object to hold the data to be sent in the POST request
+        const requestData = {secret_key: secret_key}
+        return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/register/`, requestData)
     },
     email_all_participants: (pk, message) => {
         return CODALAB.api.request('POST', `${URLS.API}competitions/${pk}/email_all_participants/`, {message: message})

src/static/riot/competitions/detail/_registration.tag

@@ -95,7 +95,13 @@
         }
 
         self.submit_registration = () => {
-            CODALAB.api.submit_competition_registration(self.competition_id)
+
+            // Get the value of the 'secret_key' parameter from the URL
+            const url = new URL(window.location.href)
+            const searchParams = new URLSearchParams(url.search)
+            const secretKey = searchParams.get('secret_key')
+
+            CODALAB.api.submit_competition_registration(self.competition_id, secretKey)
                 .done(response => {
                     self.status = response.participant_status
                     if (self.status === 'approved') {