awards: team awards safe endpoint (!508) · Merge requests · iGEM HQ Tech / iGEM.org Backend

Fabio Maschi requested to merge feat/team-awards-simple into main Sep 09, 2024

All awards data (results) must only be fetched from the AwardsModule, where they will be safe-checked based on the JudgingPhases for the competition. This way, we ensure no awards is leaked between ratification meeting the final day show.

To understand

Previously, we used to query teams data like this (simplified):

function findTeam(teamID: TeamID): Promise<Team> {
  return await this.repository.findOneOrFail({
    where: { id: teamID },
    relations: { awards: true }, // <-- This loads all awards for a team without any restriction
  }
}

Now, backend modules must not query awards indirecly when returning the data publicly (results page, teams page, certificate, etc). For the Frontend, awards data will not be returned alongside any other DTO. To fetch awards, FE must fetch a dedicated request to BE (either GET /competitions/{competitionUUID}/awards/results, or the one in this MR GET teams/{teamID]/awards)

GET teams/{teamID]/awards

export class TeamAwardSimpleDTO {
  decision: AwardDecision
  group?: AwardGroup

  // From Award
  awardTitle: string
  awardIcon?: string
  awardType: AwardType
  awardSubType?: AwardSubType
}

Admin message

awards: team awards safe endpoint

To understand

GET teams/{teamID]/awards

Merge request reports