From 0ab234a61c41677af5b8a972b230ac75a7e9824a Mon Sep 17 00:00:00 2001
From: Vyacheslav V Sokolov <deathless@t-sk.ru>
Date: Mon, 19 Jun 2017 21:52:23 +0700
Subject: [PATCH 01/17] Improve challenge visibility control (#501)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.
---
 actions/challengeRegistration.js              |  39 +-
 actions/challenges.js                         |  38 +-
 db_scripts/test_eligibility.delete.sql        |  39 ++
 db_scripts/test_eligibility.insert.sql        | 219 ++++++++++
 ...e-Improve Challenge Visibility Control.doc | Bin 0 -> 52736 bytes
 initializers/challengeHelper.js               |  77 +++-
 initializers/middleware.js                    |   7 +-
 initializers/v3client.js                      | 143 +++++++
 package.json                                  |   2 +
 queries/challenge_registration_validations    |  10 -
 .../get_challenge_accessibility_and_groups    |  21 +
 ...et_challenge_accessibility_and_groups.json |   5 +
 ...Visibility_Control.postman_collection.json | 386 ++++++++++++++++++
 ...isibility_Control.postman_environment.json |  34 ++
 test/scripts/mock_v3.js                       |  73 ++++
 15 files changed, 1037 insertions(+), 56 deletions(-)
 create mode 100644 db_scripts/test_eligibility.delete.sql
 create mode 100644 db_scripts/test_eligibility.insert.sql
 create mode 100644 docs/Verification_Guide-Improve Challenge Visibility Control.doc
 create mode 100644 initializers/v3client.js
 create mode 100644 queries/get_challenge_accessibility_and_groups
 create mode 100644 queries/get_challenge_accessibility_and_groups.json
 create mode 100644 test/postman/New_Challenge_Visibility_Control.postman_collection.json
 create mode 100644 test/postman/New_Challenge_Visibility_Control.postman_environment.json
 create mode 100644 test/scripts/mock_v3.js

diff --git a/actions/challengeRegistration.js b/actions/challengeRegistration.js
index f50077b66..9424951ef 100644
--- a/actions/challengeRegistration.js
+++ b/actions/challengeRegistration.js
@@ -3,8 +3,8 @@
  *
  * The APIs to register a challenge (studio category or software category) for the current logged-in user.
  *
- * @version 1.7
- * @author ecnu_haozi, xjtufreeman, bugbuka, flytoj2ee, muzehyun
+ * @version 1.8
+ * @author ecnu_haozi, xjtufreeman, bugbuka, flytoj2ee, muzehyun, GFalcon
  *
  * changes in 1.1:
  * Combine Challenge Registration API(BUGR-11058)
@@ -27,6 +27,9 @@
  *
  * changes in 1.7:
  * Avoid reliability info set if there is none for new user.
+ * 
+ * changes in 1.8:
+ * Added the verification of the challenge's eligibility
  */
 "use strict";
 
@@ -880,19 +883,31 @@ exports.registerChallenge = {
                 } else {                   
                     api.helper.checkUserActivated(connection.caller.handle, api, connection.dbConnectionMap, function (err, inactive) {
                         var fail = err || inactive;
-                        if (fail) cb(fail);
-                        else api.dataAccess.executeQuery('check_challenge_exists', {challengeId: challengeId}, connection.dbConnectionMap, cb);
+                        if (fail) {
+                        	cb(fail);
+                        } else {
+                        	api.dataAccess.executeQuery('check_challenge_exists', {challengeId: challengeId}, connection.dbConnectionMap, cb);
+                        }
                     }, "You must activate your account in order to participate. Please check your e-mail in order to complete the activation process, or contact support@topcoder.com if you did not receive an e-mail.");                    
                 }
-            }, function (result, cb) {
-                if (result.length > 0) {
-                    if (result[0].is_studio) {
-                        registerStudioChallengeAction(api, connection, next);
-                    } else {
-                        registerSoftwareChallengeAction(api, connection, next);
-                    }
-                } else {
+            }, function(result, cb) {
+                // If the challenge is not found in the tcs_catalog:project table, 
+                if (result.length === 0) {
+                    // Do nothing, do not register
                     cb();
+                    return;
+                }
+                var isStudio = result[0].isStudio !== 0;
+                api.challengeHelper.checkUserChallengeEligibility(connection, challengeId, function (err) {
+                    cb(err, isStudio);
+                });
+            }, function (isStudio, cb) {
+                if (_.isUndefined(isStudio)) {
+                	cb();
+                } else if (isStudio) {
+                    registerStudioChallengeAction(api, connection, next);
+                } else {
+                    registerSoftwareChallengeAction(api, connection, next);
                 }
             }
         ], function (err) {
diff --git a/actions/challenges.js b/actions/challenges.js
index 0c40bbf2b..53266e7a8 100755
--- a/actions/challenges.js
+++ b/actions/challenges.js
@@ -1,9 +1,9 @@
 /*
  * Copyright (C) 2013 - 2014 TopCoder Inc., All Rights Reserved.
  *
- * @version 1.31
+ * @version 1.32
  * @author Sky_, mekanizumu, TCSASSEMBLER, freegod, Ghost_141, kurtrips, xjtufreeman, ecnu_haozi, hesibo, LazyChild,
- * @author isv, muzehyun, bugbuka
+ * @author isv, muzehyun, bugbuka, GFalcon
  * @changes from 1.0
  * merged with Member Registration API
  * changes in 1.1:
@@ -79,9 +79,12 @@
  * - Update challenge type filter.
  * Changes in 1.31:
  * - Remove screeningScorecardId and reviewScorecardId from search challenges api.
+ * Changes in 1.32:
+ * - validateChallenge function now checks if an user belongs to a group via
+ *   user_group_xref for old challenges and by calling V3 API for new ones.
  */
 "use strict";
-/*jslint stupid: true, unparam: true, continue: true */
+/*jslint stupid: true, unparam: true, continue: true, nomen: true */
 
 require('datejs');
 var fs = require('fs');
@@ -851,7 +854,7 @@ var addFilter = function (sql, filter, isMyChallenges, helper, caller) {
  * @since 1.10
  */
 function validateChallenge(api, connection, dbConnectionMap, challengeId, isStudio, callback) {
-    var error, sqlParams, helper = api.helper;
+    var error, sqlParams, helper = api.helper, userId = (connection.caller.userId || 0);
     async.waterfall([
         function (cb) {
             error = helper.checkPositiveInteger(challengeId, 'challengeId') ||
@@ -862,31 +865,18 @@ function validateChallenge(api, connection, dbConnectionMap, challengeId, isStud
             }
             sqlParams = {
                 challengeId: challengeId,
-                user_id: connection.caller.userId || 0
+                user_id: userId
             };
-            async.parallel({
-                accessibility: function (cbx) {
-                    api.dataAccess.executeQuery('check_user_challenge_accessibility', sqlParams, dbConnectionMap, cbx);
-                },
-                exists:  function (cbx) {
-                    api.dataAccess.executeQuery('check_challenge_exists', sqlParams, dbConnectionMap, cbx);
-                }
-            }, cb);
+            api.dataAccess.executeQuery('check_challenge_exists', sqlParams, dbConnectionMap, cb);
         }, function (res, cb) {
-            if (res.exists.length === 0 || Boolean(res.exists[0].is_studio) !== isStudio) {
+            // If the record with this callengeId doesn't exist in 'project' table
+            // or there's a studio/software mismatch
+            if (res.length === 0 || Boolean(res[0].is_studio) !== isStudio) {
                 cb(new NotFoundError("Challenge not found."));
                 return;
             }
-            var access = res.accessibility[0];
-            if (access.is_private && !access.has_access && connection.caller.accessLevel !== "admin") {
-                if (connection.caller.accessLevel === "anon") {
-                    cb(new UnauthorizedError());
-                } else {
-                    cb(new ForbiddenError());
-                }
-                return;
-            }
-            cb();
+            // Check the eligibility
+            api.challengeHelper.checkUserChallengeEligibility(connection, challengeId, cb);
         }
     ], callback);
 }
diff --git a/db_scripts/test_eligibility.delete.sql b/db_scripts/test_eligibility.delete.sql
new file mode 100644
index 000000000..5f77f6c44
--- /dev/null
+++ b/db_scripts/test_eligibility.delete.sql
@@ -0,0 +1,39 @@
+DATABASE common_oltp;
+
+DELETE FROM user_group_xref WHERE group_id > 3330000 AND group_id < 3330100;
+DELETE FROM security_groups WHERE group_id > 3330000 AND group_id < 3330100;
+DELETE FROM group_contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;
+DELETE FROM contest_eligibility WHERE contest_eligibility_id > 1110000 AND contest_eligibility_id < 1110100;
+
+DATABASE informixoltp;
+
+-- UPDATE coder SET comp_country_code = NULL WHERE user_id = 132458;
+
+DATABASE tcs_catalog;
+
+DELETE FROM notification WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project_result WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project_user_audit WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM component_inquiry WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM resource_info WHERE resource_id IN (SELECT resource_id FROM resource WHERE project_id > 1110000 AND project_id < 1110100);
+DELETE FROM resource WHERE project_id > 1110000 AND project_id < 1110100;
+
+DELETE FROM project_info WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM comp_versions WHERE component_id = 3330333;
+DELETE FROM comp_catalog WHERE component_id = 3330333;
+DELETE FROM project_phase WHERE project_id > 1110000 AND project_id < 1110100;
+DELETE FROM project WHERE project_id > 1110000 AND project_id < 1110100;
+
+DELETE FROM review_item_comment WHERE review_item_comment_id > 7770000 AND review_item_id < 7770100;
+DELETE FROM review_item WHERE review_item_id > 5550000 AND review_item_id < 5550100;
+DELETE FROM review WHERE review_id > 4440000 AND review_id < 4440100;
+DELETE FROM scorecard_question WHERE scorecard_question_id = 3330333;
+DELETE FROM scorecard_section WHERE scorecard_section_id = 3330333;
+DELETE FROM scorecard_group WHERE scorecard_group_id = 3330333;
+DELETE FROM scorecard WHERE scorecard_id = 3330333;
+DELETE FROM submission WHERE submission_id > 2220000 AND submission_id < 2220100;
+DELETE FROM prize WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM upload WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM resource WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM project_phase WHERE project_id > 2220000 AND project_id < 2220100;
+DELETE FROM project WHERE project_id > 2220000 AND project_id < 2220100;
diff --git a/db_scripts/test_eligibility.insert.sql b/db_scripts/test_eligibility.insert.sql
new file mode 100644
index 000000000..8bb746502
--- /dev/null
+++ b/db_scripts/test_eligibility.insert.sql
@@ -0,0 +1,219 @@
+DATABASE tcs_catalog;
+
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (2220001, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (2220002, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (2220003, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (2220004, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (2220005, 1, 14, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (7770001, 2220001, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (7770002, 2220002, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (7770003, 2220003, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (7770004, 2220004, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (7770005, 2220005, 17, 3, CURRENT, CURRENT, 0, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
+	VALUES (8880001, 20, 2220001, 7770001, 132456, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
+	VALUES (8880002, 20, 2220002, 7770002, 132456, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
+	VALUES (8880003, 20, 2220003, 7770003, 132456, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
+	VALUES (8880004, 20, 2220004, 7770004, 132456, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO resource (resource_id, resource_role_id, project_id, project_phase_id, user_id, create_user, create_date, modify_user, modify_date)
+	VALUES (8880005, 20, 2220005, 7770005, 132456, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
+	VALUES (9990001, 2220001, 8880001, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
+	VALUES (9990002, 2220002, 8880002, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
+	VALUES (9990003, 2220003, 8880003, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
+	VALUES (9990004, 2220004, 8880004, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO upload (upload_id, project_id, resource_id, upload_type_id, upload_status_id, parameter, create_user, create_date, modify_user, modify_date)
+	VALUES (9990005, 2220005, 8880005, 1, 1, "---", "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 2220001, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 2220002, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 2220003, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 2220004, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO prize (prize_id, project_id, place, prize_amount, prize_type_id, number_of_submissions, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 2220005, 1, 1000, 14, 1, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
+	VALUES (2220001, 9990001, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110001);
+INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
+	VALUES (2220002, 9990002, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110002);
+INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
+	VALUES (2220003, 9990003, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110003);
+INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
+	VALUES (2220004, 9990004, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110004);
+INSERT INTO submission (submission_id, upload_id, submission_status_id, submission_type_id, create_user, create_date, modify_user, modify_date, prize_id)
+	VALUES (2220005, 9990005, 1, 3, "132456", CURRENT, "132456", CURRENT, 1110005);
+
+INSERT INTO scorecard (scorecard_id, scorecard_status_id, scorecard_type_id, project_category_id, name, version, min_score, max_score, create_user, create_date, modify_user, modify_date, version_number)
+	VALUES (3330333, 1, 7, 14, "---", "---", 0, 100, "132456", CURRENT, "132456", CURRENT, 1);
+
+INSERT INTO scorecard_group	(scorecard_group_id, scorecard_id, name, weight, sort, create_user, create_date, modify_user, modify_date, version)
+	VALUES (3330333, 3330333, "---", 100, 1, "132456", CURRENT, "132456", CURRENT, 1);
+	
+INSERT INTO scorecard_section (scorecard_section_id, scorecard_group_id, name, weight, sort, create_user, create_date, modify_user, modify_date, version)
+	VALUES (3330333, 3330333, "---", 100, 1, "132456", CURRENT, "132456", CURRENT, 1);
+
+INSERT INTO scorecard_question (scorecard_question_id, scorecard_question_type_id, scorecard_section_id, description, weight, sort, upload_document, upload_document_required, create_user, create_date, modify_user, modify_date, version)
+	VALUES (3330333, 1, 3330333, '---', 100, 1, 0, 0, "132456", CURRENT, "132456", CURRENT, 1);
+
+INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
+	VALUES (4440001, 8880001, 2220001, 7770001, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
+	VALUES (4440002, 8880002, 2220002, 7770002, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
+	VALUES (4440003, 8880003, 2220003, 7770003, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
+	VALUES (4440004, 8880004, 2220004, 7770004, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review (review_id, resource_id, submission_id, project_phase_id, scorecard_id, committed, create_user, create_date, modify_user, modify_date)
+	VALUES (4440005, 8880005, 2220005, 7770005, 3330333, 1, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO review_item	(review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (5550001, 4440001, 3330333, 9990001, "---", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item	(review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (5550002, 4440002, 3330333, 9990002, "---", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item	(review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (5550003, 4440003, 3330333, 9990003, "---", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item	(review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (5550004, 4440004, 3330333, 9990004, "---", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item	(review_item_id, review_id, scorecard_question_id, upload_id, answer, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (5550005, 4440005, 3330333, 9990005, "---", 1, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (7770001, 8880001, 5550001, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (7770002, 8880002, 5550002, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (7770003, 8880003, 5550003, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (7770004, 8880004, 5550004, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO review_item_comment (review_item_comment_id, resource_id, review_item_id, comment_type_id, content, sort, create_user, create_date, modify_user, modify_date)
+	VALUES (7770005, 8880005, 5550005, 1, "The current user has the right to view this challenge", 1, "132456", CURRENT, "132456", CURRENT);
+	
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (1110001, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (1110002, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (1110003, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (1110004, 1, 14, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project (project_id, project_status_id, project_category_id, create_user, create_date, modify_user, modify_date) 
+	VALUES (1110005, 1, 14, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (2220001, 1110001, 1, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (2220002, 1110002, 1, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (2220003, 1110003, 1, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (2220004, 1110004, 1, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (2220005, 1110005, 1, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO comp_catalog (component_id, current_version, component_name, status_id, modify_date, public_ind)
+	VALUES (3330333, 1, "---", 1, CURRENT, 0);
+	
+INSERT INTO comp_versions (comp_vers_id, component_id, version, version_text, phase_id, phase_time, price, modify_date)
+	VALUES (4440444, 3330333, 1, "1", 113, CURRENT, 1000, CURRENT);
+
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 6, 3330333, "Not private", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 6, 3330333, "Old logic - access allowed", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 6, 3330333, "Old logic - access denied", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 6, 3330333, "New logic - access allowed", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 6, 3330333, "New logic - access denied", CURRENT, "132456", CURRENT);
+	
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 79, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 79, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 79, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 79, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 79, "---", "132456", CURRENT, "132456", CURRENT);
+
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (3330001, 1110001, 2, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (3330002, 1110002, 2, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (3330003, 1110003, 2, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (3330004, 1110004, 2, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_phase (project_phase_id, project_id, phase_type_id, phase_status_id, scheduled_start_time, scheduled_end_time, duration, create_user, create_date, modify_user, modify_date)
+	VALUES (3330005, 1110005, 2, 2, CURRENT, CURRENT, 1, "132456", CURRENT, "132456", CURRENT);
+
+DATABASE informixoltp;
+	
+UPDATE coder SET comp_country_code = (
+	SELECT MIN(country_code) FROM country WHERE country_name = "United States"
+) WHERE coder_id = 132458;
+
+DATABASE common_oltp;
+
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110002, 2220002, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110003, 2220003, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110004, 2220004, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110005, 2220005, 0);
+
+INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330001, "Eligibility - Old logic - with user", 0);
+INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330002, "Eligibility - Old logic - no users", 0);
+INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330003, "Eligibility - New logic - with user", 1);
+INSERT INTO security_groups (group_id, description, challenge_group_ind) VALUES (3330004, "Eligibility - New logic - no users", 1);
+
+INSERT INTO user_group_xref (user_group_id, login_id, group_id) VALUES (5550001, 132458, 3330001);
+
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110002, 3330001);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110003, 3330002);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110004, 3330003);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110005, 3330004);
+
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110012, 1110002, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110013, 1110003, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110014, 1110004, 0);
+INSERT INTO contest_eligibility (contest_eligibility_id, contest_id, is_studio) VALUES (1110015, 1110005, 0);
+
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110012, 3330001);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110013, 3330002);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110014, 3330003);
+INSERT INTO group_contest_eligibility (contest_eligibility_id, group_id) VALUES (1110015, 3330004);
diff --git a/docs/Verification_Guide-Improve Challenge Visibility Control.doc b/docs/Verification_Guide-Improve Challenge Visibility Control.doc
new file mode 100644
index 0000000000000000000000000000000000000000..1c2913aaec56e9f7acc508b92ae08a944ff0a3e0
GIT binary patch
literal 52736
zcmeHw2|!iF_y0V2z+)8<5e@Z$gh(!+xF-SbxZ#4Dnu>sm3%KA~DH>UtnVNgK=2B*A
zrj};qQd*k(8k)P7nu%p<mhk_4?!3#p@9`d@^<947e-}RQZZl_Q&YU@O=FHrC4<7J2
zx8%dJ=Y`eQKsbuLd{^PDxvs-;vU=_<gaeLwEiXSmU%iaOf42Wa9C%>LE9<ZtD$xmG
zox1=Az!h)<+yM{36Yv5`01yG;1NZ_Z0Y9J=;184r0)R3=S>OpE5GV(f2PyzYAP5Ks
zn0^TMPXeJpB_Ir_41@zu0abvi0K*ayIF1Br05yRqpcYUYr~}jm>H+nE2EfxmLm(P>
z28aP-fjFQM&=_a}GzFRg&4Cs`JkSzo1+)g*0BwN;pdHX2=m2yC5`j)YXP^u4EYKC`
z26P9W19|{GfnGoo&>LWRQm{`o9pm)hvb7f(_{&6HG!g084;7=4gW_-gkQi-7ixZP&
zEl#-NhWRIbGY5*pGcEshh`@6~k7HZypZD1Qx&LST-{OD{wdx23&r&(NIw<0^P5Bi~
zslQvNB@fLQmeD8E*g0cpO4Y_01BMSuP0v*Ngw`E+t#L-O(i8Bw8cvk^)#{4d_0|uO
zgo^rw{K-U%3RJ|sJZKV~4HA^=b1yIY<@dJzyx*U05KmS5=sWfo-Eo6`81D}TnD{8b
z5qKA18`uW09UKMN7v2WgA2JgAL_h4=FB-9D-&h5EwvW2lvyW_yJ<~|Qp7gIikbNHe
zwAjIe2c{(_Wu|4M8{4N28J;#YmHZrL>@YYrIjxWBmJH86_UVM78U0g}GmUMM2Bo6o
zV&BQMJ7x@Sl#!A;6o<++_PHHUO(T<rrdkj--A7iGjq#bsHW@<)B@L{W;w$E(3_A2r
zB?`FM3tjuId<Ug}az<~LfnH${da8klr}XzJxj2dp5#b@a*bpJAi@0#nHeN5<0gd7V
z#GvM``e8sqyo*S0t~X=?J#a4x_j)$h=|w-G^JcB}108o!S|6dWsgKq-0BQjB^+r>_
zt`jk#!Yx#|H`S>-&s|PJw@xQ|WUtdbmyJ#|J0Y*+vQffs+0()~MCYYspq4?$w7MH~
zU4(<T4^m=ZY&#`d50wxiCRFDZs*@=xJ0+zU2c#6^AXD1*0QKJ}-X8_=7b(I~p`2ou
zGHsGdkgS+c2e(iMNm<z`ln;{fK@;VO2e6(R#ruic23;)!==+K147%<H*a~_j71|88
z^G~a%667`})X^=}QKq8olvH{-B9&f_GXIPJgzd&uOi6%#7vZGTgnj<dqN<Me5EH6*
z3)M^d%1)u5OZvGc`rdz*T$ZcU1mg4%&I)DwIj5ag9W5*-)X6Q>Nm5pJ3gs+4C}-(q
z&a?g~pzKT@fjM1-%R_Qb8?ZWBZcM1NTd1?7uj~~1-cF$J?Ih{v-Y=lfoEsjJ^STOU
z11P(=g}O+}%1)uYn3NZrDEBf`R&zd3xGMD7o^01Ct=8&j=P{uMw@`zmuj~~15ze3=
z;Vg50@b`k8Q-XY@1VQ|Lr39%B9~47HUWH%sZz=Y*D=gH`u#nq`;b_~DVvL}61k2H6
zt101hI*tb{!__c_^FVWVMsr6-02$uLM);aVgb%V4o)$gn8$ciO4@mlvHo`|0K|j_`
zczg8Q*$7|D27OnI7s$sXT^w>+1|x{xVi>ezCc;+5I3N?p>Cg^I(3&Z@lMF34RHTVM
z%AKM3<tEEC#73I6ZKUapu?W)~uj7~`P^r7BkC}43LTS2=qndJ$O^IAoOR>aGDeQ6j
zLp$NAiCOcmsCie^yemd*EcJFBM{fQYpQVC}Ns!oq;Gz-ZFY-7^^i_TbgU?2c-7=JM
z40G2*iG4^%4dew5rXp+#Y9bvm*uxkx>g%V_;25%Pyc^PWLmM&{bYSR5S~k}S%YMuS
z>e<M?rI$kgJodKe*RY@;rJ)~KKwr`Jy29iGO>MWUlEN(=N05a}P}3rXYMK<v7Nmd@
z6eeGmxtFwc4z_7W6{779?zn?H=G@z)9cbo^kArQ_)Uu#W&ZxA_`L@TIvKE{PvXlGT
z7AcT3Y6|{EbH<;!@2GG+(xIbGuGg`k9j2je&+wtZ1i%YGS&p@n<GL19wK+CZ1y2gs
zWdIo>bKK5Oj_X;_W{y=!H*=#fVSkg3N^-E>57=wnL+pev+`6R>9B(5$`we^Hr`rh6
ze!yP%B{ss>L3s9ew)(LT?S!{i-tBh6+sn@(8{z8}k)QK+!rRNwEj!^0=O;puNSz}&
z;bvtIMA*!cjNxN9M&Ufk7(sSp*vnO<%^0ekVp(r8jaa)e?B%MR-5B<Am1Hx9ZL3J;
zYKYw!_Hs4eZVY?5nr<_OZQDrZYKh$#_Hy;1-5B<AwcTb6TNafw+9Gx1A-gf`<?6iM
z81`~?%VrGf12qk^^&xYm)7xqvb&F~rc4Me%m~C5`Mv&bY_R0}yGlp$FBGZVq8^d0%
z+S!d^FIP!6V$?wG+S0Z%S3~T^u$Qaxc4OGf)pVONY>!Q3u9n!1VJ}x7+Kpi^SKDpI
zD5}*SvKzx*uFl(yVJ}y=Y{t;G+CuHasc`$KfjJoab?##~hP`qG*^ObZ9FaC-*zWgD
z?Za*id%0?7H-^1jCE1Kolr9-!H-^1jjkg=aR<0_0|B^pliQy&6!T0vGzLq`){<m0t
z9QG0VhWfhtruvp}i%Q=>w4$k(I7P!|D1p(|aB)_oD>F!`*pI;&D@_^k@{A#xhwJEY
zqFaGZEzG?oBE=6)@dH3VPD!yLe&h5Q)9Pc9S_Ak1Bao&yJc|y4;U&x$(cwB0X(c)#
z{&uHUpzbd!Ajh$Y*+SnAlo}#VTjaea^8AcKwJ<f0!TqvCmP)O@=nQIyoa%#`x9~;E
zQHa+7V7Y67R&DHKaMlu>p_PO&53_+$LJfrz=bgw^AI$lsViamFe>(Uu41a@hbvSs@
z7oj-A$bRmYQ)3+aV*EZF<JmFd5=Nl|O`(QqXh<G<!(R8m*vms1hW5Z-`T}&$^aXgq
z8<Bxg?P%Ee9g&Ao%E;I}t_?(N>6lfWvRa31dnG?U&h0_T6TXY#@MUBo=b6Y)s@+k8
zc|=lp)DU3ujs!W=JK|n2>Lz!z<L#pJB|R*WCK?>mbB^-SXmnD_7VFH}SRZgc19C}U
z7r9FBL2Hcs2V3MR1ibPDr#&&s^)47En)&4k5%v}d3f*?j383q%_#2ovwGBK@EwoZ7
zCOK24A@Mfq)6$nvH1Fg%bBHs?^`&i6Yk}OR6!76uXiJ`sH}NzM92|&0)=oM&X-oc!
z$5ZL&neI$KkCzBUJC1<{peAam=%Q!P3S$d&Lfd#R)RGt4gBKKw7v|^lD(J*|XL__;
zZOkT6w)+d|CLP5|0<27E8(#u6N+|w}1k`GecpubmAmlX;zS;GrwpAXfHdJOM_*)No
zp|+}zt8vf<WyApC6rwYG@v#hI8K#FY8-XoERQLYSd53cdj-5piG!o0e*$vJL4OH~0
zFX|^4=^a)i-2e?7p|68E5UF=-A*3fHR!(n>5+2C8FLE3}A8(KNl8RdaqkoR0b>f1v
z9H&=Q_*4fpnAZmSR-od9`eAJ9@REua;_ORf<jh^1Mw@5Lvh-B49x{Y)N(#a_hUk*y
z%t{FLUs8Ms^`GRrgA2LtfpVl;QBbv>Ct8`E68Nblpe{w(T&PRk?dVdLVn{(Ld_{~B
zC)gzhaa`cZV{4}FqAZecL+z#NtENh?iB8mTp`XVM?b_O#$lL^?RE{BzNg<Aw)trE8
zre28)*Rg*RR2LqY^MaNZ@rnddKX@oTR21sedWMTFJ=4TlDKt-`KWhZms)SI-<TUEH
zzLL-OF6^Z|E#~8lSf65U%dE5Em>S47O~<_OC)co)L~b0gXKu=4o~;4$Qp2K;qa{&Z
zj1bD?!n6>F9@$u@f~l!q*cVJLfZu)!rI;cpkz@X1q=phF=_Dogex(!&jf<ebIkPh8
z#XNTzgu`N|X(0mHQRlC4k5npv$_y7$@kO6aEzv~juh~B9qlIxEk#<F0pb^f<wb7E|
zIqz*jItRpz6Gl*3>cU>i2kow|zV<_DjIp9YTL`+sg|?6jDAF&@elt@UOO_MQ3uWrk
z0nyYsOLe|4ArEn+1n)3Our@yVSW3Jg<8y{holTmX2Mre&?n;@<qSu-^IIOfASLoj)
zv}KtCX$i38FH%Qo^pb417fkKeUcbl{U1LSn#ztN1U7X{_G&|Ch9y8fT_CP;5LzDv-
ze{q?CJJfO1lB%BWCB{kZ*v~XiI~Vh`VQ4mCA|!>R+MtR}+mp(Lw&n|=Db6~bNRStt
zb(rB)LbNl7fExFM7B2-YUP|e&dtlH0xsAdT2SXdsc2jzJdi>ctsdf!zG|NJ_m0WgC
z#|dO=S0i;Cz5XUIKl>)=CIkB>TUvsx$6t&uphsO%a+%Z*Y=4X$Y+(Dd6`S%NEGAgQ
z?vZ`pG<nGOXGy7sT}n|3rI)NI?J>w{LM^4b!e42JoW-=K6G+WVWJC12n5L+40rQ2W
z9~zVM#a`lN#59`pkc=7d(3qSL_7W2j^GA!AWgZ%nGreBo6~tU;nlP4WmVIbU^1w^H
zikPDcc+PS@@z9u@qxBM#5HrR!70WbbeJ@pN$sIbOux-w^?Ik87o~jI}#|p+dQ2Q9_
zK<i8Gu-*`Z@cIHu)Q+!N)Nv$RH`hNP9Q~sHXc7MC=lwCaPubgH=z=@W7W#?nD5qFc
zQM6RSs)T+zss3$JrhQH;iQ3bk^g(@4(m3dz;n06<53gI4PgOtEU8eDzshwU>+9~az
z!kp6fZAQhv?<J;M(ACnD{Q5=V7wr+-wkd6|H?Y=1Yw1&yQFG7^M_=hmJKR-S@j}gE
z9uJZC(+apon@HikR2`^OlkPC-jll{vU)RA3KeVf8j9ATT#Ol^o$RnwzW0fmL+^|^E
zlw5Ol>~y5_CprnFpcRyYnx^GZVsO7cefl6-S~R{~_p0a`SGJ=Prrsdc)F)8`lAoOK
z<m@S}sTqnjC1p0qwT3Hol%I`w_AEq$c++ITI8$fBCggb1$0g3SJt&p3NN*VI3tJ;(
z&co7w<S%B*Zt|li+<IjH>Z)ojfnEqSQEOun${o3D3tP{KcBY-p<=Ws`vbRKIO7TPA
zfld#+3lD+3(3;^wA?iR@7FQK3eQ52T(;*1zWLO{u6s56V$w!|FNRLGzDd$!A(7Cs3
z6{PQhwZ2K<p&UiB=FI$b5VH|N_7+23*<1LcM~qfH3Nf%Q>cWE%4QqvChzNZo>=M<p
z;w0vnYN9F98sa*^l`D{aY>Z?I$8{HTO?5!~Uabcy2{RN)@UfGN8nByc!7{Cne6Ur_
zLz>){0;S3bF&n^*KD@@&fqGG2b3C%(nD>j?LUEIL9(WNL_ZS$DI9z)7HI~(lDlNn(
z6|uUmx)5t1>fu=0T^_e907f7P2nG;DiE{<<{IO)NJP-=3gE`ZwB+QQhghRyaFj!)s
zH4R<fKy(LXL60=603jgpB*6T0^&W!ST#?R^7f2|QOnZPjo_st2Tm`NJ0XonELV*rI
zCtw=zGZ5{7*6WBBiNM=HQ!F=p9#{&nE=qRs%P*Bx^lv+)K~2wbe@}pId<2jMlnheh
zm*sB>A#!7I4Shnc5x+X{2T8K7Aq8?}B=;&}MEP6Z^1cCCHQ>78E`~2UEEvo^h#TI*
zkP8|zGN_agj=7)UyoAu_l3_aGno9!erpwCDCme*E5|1f6;U>dpVIQZH*Rf8JHj~&X
z+;f}bu(5JsoK6Q~Umz#mVw-OE?Ac;Fj?vBO($dnzUL8gZ;yBvB5GR!1e3Z{1o<Xi1
z#21c6K_^u3E!4eugQXVJ99hum%JB^47#VTMoq~%-ZNX4N7AykSi(N3pQ41#ZfvI4)
zj_v{(anEH&wlSlIz09+a+0{9a%g_P2<biSnd$vgOU_V;pIb2LGD+KqMF}R5~>Ve;~
zsQaGKQd}uxsUvy41}vMN=qGC7SqaX|)CHpOtVGeVA`!MH!f{_$iCGWNRn&Y)teT+P
z6Did}dUX(s=|tf8VQED@Mp{gXxnpUVN2dDlv}&RhkDf!O^61=P`E7Cj30$>bUy&%u
z<CH8)iC38SrIpkgE8f3Wisdmtxe^KPN$Fty)<xZti#6dtWbSN*XK5J5GW<+P;5-wa
zg=DJO20f<5bm;LuXaUr1+$iB}hN>Q7t8oSpjm-eon4$^L{|nd&#Y-axX<Rj>;i#m*
zRPsw$|Cu$N^__gEO6G{Lbx)y(d!~&AP&Pdj6h<O2pcC>+ap;f2(43Iv#7J7*tYXB#
z<Ff6+qr^Cf7!i*YqnBf^?8SdRN*cL{;r&Q4vh=;Ov;KILG`yX9W#`_1lo*Q<qt_$F
zh;Z(eeen0<rQu<t2DK|*Rh?W=fohEk8M7`pFjv-nUA?n5rUO=0=@e;{a#s*hIgqhg
zHdE}yPK9DSJS4Wkr69J!rBH0y66~iv*iaCAu%S?F{X^0|=~@u`q-&wrN=raF?Qt!}
zy&!gsd!g9Q4@vu7kAm3mdK8N7@{rixUInqey$Z!PD6wI97TRQuaj<Nvv3@#>*zo-r
zsV7v4(GsvNE9SK!tZ7P1QL(LMMH^enT2ZmBWknm?@u6v3%ZfI({-Lq0Wknm?>7lW$
zWknmCE7FVRnzgKGV{`p`(Xp*%MH`!|)!AQ23QE-}Kh`qOFxrhHEb}Jsx>&5qtAXB7
zyJo+p$d4ffT7}#kptF>X7ZPN@sXT()%%8)Ihi`O{a$q}57~z~rg&W@pLo!2ggrp;S
zEzq$phApZc;A|fRM|1`p4R|m&w0Nm&-5+U4N#|pWw&gXNFmm!rI#T2`WC!G3F1Qzp
z)3>NHHDm5*X*^`p=8k6dK*gOw=S?yk0(jimxp<}IG}S;Q*UX{hX>lsYlBXS5qiS^*
zk@JVusQEq~h>j|52{Pd1WA5d2yp$9?U=0owM>;wqCYM8~3-O1Md&QJca*vWF9c74D
zOxd#LdQa9CZOMmhZ84?D<pP%6H_L(%k9%{WN3!C)<bsLT%7fswikUA?*z_~CFbvxD
z;NZV7R~?WmT`{D_UaLw%Sy@}=^5ZdhaI!e^+Zc700ZyfWM;%aVQsToJ(n;GJ`(#X}
z<8l3B(rXHOsrXZAA!adoZX;$$@ycL3X4XSwh_?&JRP+vf8xPxT=^8EnV~g2x=w8nN
zhv{aPF6|*`#YsrME!urnF>*r5HsZAiT<p?Mk$JuhAq_2=zoT$35=Wd^g^_4@9exc=
zC5V1HmT*I2rB_zW?Nq7FrBpn~$t?vvTxZx*&Y04t>*=Lw+*@Ad6>gOrK^&Wm$)kU^
z$Kil)#N)&&I*ygbH?l7C@woFtwnxrMmWE({KIS@<Efmr`7=P?h*$=ZnmNoz#V3hDQ
zMNg=UzNm9LC^|hEclubx@`Cd|LD5tF5jz>wXa}*!NyW0oQiz#>IGM1Ek`$`6j%=qw
z<EtY=4~C16(^~8)y^&W=&5uHCxnzS2;+kXeA2lB>ivP$q2dOsxizyopesgW~?_2i!
zOqn27iI(rVQ!1!Zo&bt+Z`pIe2~3Fm2eW0*d-h+OEgz`HzgmgHRwZ&Aa?Yx97vow#
zG=oft_b|L$r#k-nqA9Uk;QG;O5NHk>szcD(IN1c*EUO{}n^iyD$;7^@Dcm63OIPj=
z$92AIK+b{=Q^Lt^zB=e7AvL)Mv^ts;S97x23`Hm!l$?L&TMF0}3Gof^Z(~T8zl|Ye
zSQ-j662Aig%yaxZ3)03$LCAj^Y1Ne4Ov9cAD{G>fQd@(ST9hizT=OH~JLY_t5D#E*
z(trH9cQ32H0yDd=&+4u?{%AcER^n-YINw6`xL$92VraY)c!Ki#lJc9a{OV)TE(BK(
zVR)nbj@My~EhZ?(FDbuYz#{g>tcx5kdn@xT2%gnmxa2lO-kqE-pLl>-M!Xp+IV-4A
zP;4`-0>E`8GB0CW+_YS-53X5<%+EiWe@=MEH*L{W=wK%I!k@@Lg-*fE#Ra}OH-o|8
z?&jw172xgV>FHIjl)q0v#R^Y`1Xl<S3Vo_h_0Y;um4kvKVk4vKHHeOmezIEQ7LA^6
zUZ-Jn0}|1>xx0ILdIfrW2Q~-`4r}npTmClTV}Of)siQ7fIQZxseRTO>avD|VgxoU2
zrcLMIsCRO9F}S+9Bfv&);h=MLbkI9GIqCHX{UYuQy^oV`P-Lug$#zLD!9)CNjGw;5
zP%-Yq?WNiu$_=U6d*}pLH~-QBWy(GoS}Ck@cvP+0b?Vlu->7kurp=nSi0{xbu~X+R
z&vs2tN$u0OUt0fRnZrkn95s5(OW7|^eC5?ilV`j+bJpxRbLY)p`p&ZDD^|Yy-m3K<
zZP>W!<4-nk*|GD>uXgSJ`kOt6j~qRA{KU!ca?W44c<J($AAY=g?ba{9-u~^*-Fv^^
zXSsC3Q5LJ9WLD+EA_JX+Uhk-PVYze;BLPPry;D%6vu|uWm!u&jgKLa8_{B|M^5J&Z
ziZ$Ekmg+t9keh!<)cGfGv1m%kidV1+k5#gQf|<*eBRm|jWW~qP2X8d{?q03)`;4Qy
z9_Z;GUn?{%;dJ`I8>gE_zMXmJgFziGES$6KTAkW8f4sl<vkg<G+{&5oO1bUdAD)++
zk=Nq0Hy#XsD_=CKb^O}3XFj|+)#cCUzsVPi=ZgzL_YN)T9(pfoL7&9^b)H<m?!dWY
z$G^MxPK(V)s%Bi-GWDx!Z;oj;>UznkrzZ?}`JR_9_w_3=`QnY8i2OmvTeCi&H|*BO
z@h^4hHsZrUbw^J)m$e{u*RY$D#qCA+T4a{bIkO;NjBl4OUhn!=!bh7nmF`?Rp;7vf
zNh#C918-lt)nnL&?@OG&UEcRt=#j;TzRKykIs2>d(w<WzUpl^SW1l_`77T3ZJ0v7|
zQQL@vF004wXuWvc!C`Ik#kNoK#jX`wj{P)f!+W)AF9_NA`pD7Kz0bWdaQNEF>vPY%
z7d>6~#`*n|>dbSvv0zP1^;v&>nY?z)vBO*Iy?3wgdH;7-UK`)|t8d5qeC*^j=g;sy
zH~jalyL~MF;7i|a`20@#8<V<r^ZX|1-SrEz<08g&{o<Wbr&=9fo43=gd+gwj>z7^q
zctpc`t8ePBcWu4$<v~H4k5=tHYh-HqME%g`+voKEyxi7Xho+u6@$Ki8XKsD{Zp9b2
zPA##r!pliz_I{t<vcu62URk!F%dVMos{Zyx-%q!kyn5wW)E{Xc9nN<9^5Uwkt5*IJ
zI(N(dITf>8H$66Qswi2x(r;^A+H5#<^M#RX)~w%jqwMC&KYY?|!O4q@;-4O}a#a5V
zaV;{lKkD{I!`O(g-3M(yFmAcmhRxkKIL&E4Jh{o{=azr4;aJbjKhCLhXZG`Bj}7;D
z;`5vHjNS8w`;Gbht*5eIOV~J~p~JV!79IbjZQ!ey=j@C-H}UmXZq`|7_`T-*L&t6}
za*SPmI=V``?35)FGZu}gyUpdz`70B@Up~m=oe3*{y86xLI#2zycF@2P9ZokIRA%<*
z_F=m_j}RrkJl6BZzDju$Ml8DfVBD^)cW-o_)6=zD^vV5ygm#=X_m>W1F5W*9RW3TG
z-%mOBcgECS{m#B=2R02%e(#A77wuSis`lZQOV-{QSkX0pXin?2%gKko*ihy3eRtMw
z+<vKV`HZ=>^Ii<Et|7lUBOvGMriJ2@H{!d@KKX67;jN)R4Bj_v;MEoVj(=Qwq1VP4
zm6H>yO<C#D{Mz8U`|2GZGUAs?CFaC!jL!W2^!%2MZ@2uk=a6f+_Bx$@V(IiJC+(_J
z(V@hJr}p;ET{vgO3mrEd-q2<0f^x^FSMD=u?zAtbFKqMtn90{ZFQ0a|{@9l)<+znv
z*dgTk5U)?0m)l*c&8^sbr&g9c)pXh$fBba(V0ydO3)6$&PD`8_{PUZqr$<-#J~;dh
z@9r1}KltJHv=U#pd+yz<P1;SmT*3M2q?Mn~8gM?g)b3NszI(dA`^&9Q7H-}@`u5sR
zGoohKp4!A?s@wX7=YCr{SuA;{U)i3o+&FVKenZPH%U=9x(%U7EJbkqOftRDIdw)IS
zT24yo_DyTQ|H<!Jx4*v8#7{Rjy3DAEz<kl`)VPahFLpgqzU-kj8xjw#IC6ea!y%hI
zUU<hPcygG-gRMSYPwmcdyD{}i!)rf^ZGInZFZFFzkFVD^z38#JhT(QpyO<t1bNg<~
zd!o`a-whe-arR=T4f(?3$DG97IaO9CPweiq)wk{SCZ)oC+BVLp(j=|Pd#yKK+tuS<
zhek)!yI#53W^#)~H=i*sS`+S++ic>Ym#WPv-|YQ5_YO4)oc{TaF7x-)?l9uF)bE?c
z9Nw5Rsru@}?F?V`x-_W#$@__Q|15R>>$x?qwo4f^W84RR3Fn_Uv%TzZ$>kG6=e)Ok
z*z%L#pM1jg#`F(ft*~X6OW>W=U)+n`8a3`p=?V{SpS{?`?{x6pxR=MQ>y$me$MUao
z&rF-&?doeOi&93MIpo{?z}l;wPPE<F%_sR%<xQ?1?M<5g@sasqOF~+{SLf3g^IrTq
z^FjHY%_be*Q6ebd^0df`&%_Pb|3bqHH=fy5p>)-Zs2|r<oa$Mv`P??ERyO!(m+Qs(
zVJioetX!}5rJoNZmJ3@tSwAlSyEei<L{~aQ*P;)*R^9BG`9ULuV?SNR5kmL1XT=dZ
zhuiKIM>sgncdy^cUHIKWsM2>3vet3ToH>5&i9LFx+wRyqI3g4V+h0lR>R?opaJ9Eq
z_qWR3E&Y}LGxX3!Z?vxZAc(bf^$}L5#NqmQC3^9#tD^0y-mt6Uzl2rhT=vD!u99@G
zUMWFy6?b+ht``^`yp>))w>+*{hs>Xp(59KETUib<JzF$yjMauZ%&P0=acz<?M6X?g
zoxX2u>sTQ^e8c_EBrYe=4Qt;lPORA<$V83F&D+CSH3sXtva*G^k4srU3NbuFh-<y@
z!qB<k{NT5@wBxEB=iV)wHOBgP{4M@$<(s(TI=K0>bc8ln(Da)D(TFZuG>+{!D(9yM
zBd3+?Jm#GH!Z&{&ld<Rdj!P1pN=(2DpBAU>>{I7d!uM6vrgS|#U|;hkqkTS#e1GA*
zlk@8M<Sdxf?#Hj*S}^J4s863t+Yof3|M2%cPfc5_GfdE*Z(XLN?(&V_&MbfCkKLVT
zH9uV=%rD_x_j7+Pb*Nh><H|R0j;{H|u>B*WU;5&~jf{$JFUKu;I(hJ|Q7?RYDrQMS
z*v#FYyVqBVHB`*@4mJdJU2(bZ>a90C7pHa|`)BF|@0HiLeCRsw^A$L4y64mxf%}6h
z56hlgr+t{8+vV-s?(R8WX}Ruh^KlcCyn_tMORvvOG6W@5-gUBjQ-e=juZlt0NdfO<
z84kH7MT8oH;v#m{zwum{-<~6{t+{TjJtw;4gfh-gRH(D}xg}e2?#%ilc}nMol@AS1
z$hc4{ao)0Lf|kcSMR%>@|6ccrC5HvB{JKW>Cw4~6Ully1-qa3>vo6-1dNF?ajBUSe
zHTu2QWMb0lP6OWS-lxpO)MpbDtNQP~e_`Bv1ICXiIpOCU$(^1_`KV#lUH2BoFBx^S
z>hm7o*X_}%&XK9p<DM<`(Tw{(9bdlXJS(uo{Z757G%R0Y@A{?>Ja&R)iy56}ePx_*
zuxsaLhS*oPcd7Jc{}1cFy}x_y_tWMFy<-S^`apvP`)AFXvp2P!-@a3^Yq}1qJv*sm
z>yk};s=n4KYtW!UUm4Q2q<{2X-p+CNN}SER^KrxS2R=A|e%#%R{2O2VIVZoyqP<^T
zyp@0Niw7BJAN)M>okKsqmGSxS3(n@<sQ%*BmQU|~@$TKRZzO*=D)`pfyi?<jMBTWu
z@2&jHh&lDnonL=AkiRnj_M$+qSH9~1;`I+cj&3k+;l<yNHFzpJGp=J|YCzLOzvoU&
zT5~<SSGHf`u_({Ap>te=wyfECd&j-^YTtg#XX(4)&n}!F(|6R!@Rz*fnpbLkVuQ<=
zvL5ZG)($;#KD}Z<jnyyCzBbSQMtIl(-}x)jws;+QX4u-sjdC}ocUfFLarn({o7!h?
zt9S1E)A#O8@m`uXfA_^$!>qljiw<-SpA~-jmp$Ld{P_N=Rn<FeblJQ9H&4$kD-s*G
z^Ul6MapKU;-NWa2M!xEEc=-28AG<i{lFGb)Y|pP-_w_k4{IibXWp=baF+A3L$N6=;
zFAk}@pv^0d)^!QLy#DvCfkFDD)oJsac;CN&Kkuglc|R@s^UZM=hHmcKwOjs`jJzwS
zzR0^?Zoz^cYwzC7`}t;%F;|yY$iKIH?bcuR{Qm0?6{mkasbr=2uX+d1dwNvvxnu8l
zzJC4M)bb5;4jsBxXWXxKp1<?c)oa)8Uu`>X%ky`CUY>Snas{`F%dTxXa^9eS>Bx~I
z4I4JxvS#Ixv?)WP7o9zFqH`7hlD9rtaeZl6TwlYl#`nMKy|L?&c^<omtXh#YrOcFC
z&ovv+>V+w9y;f$$%9YJlckI)*@92e{6E}YF*@D#X`h_@r<Ub|yz^@}d?$*w)b>fn{
z$7d&Y3qaHH*cp@G*r2-{aCG(c`jHPN_j~;Z=Zeev%|Cmyv!7FF;_{*Mk^)+vNV*qe
zNGj9x#PHX>pF5J%p#J)KtwP^QeRjm<z-e)#?`Op>IdXYI?2^@Cvxb&wRnjLYaCg1H
zslDG@7Up)~*Ou{DHokv2s;Zyc=&ffqZ?4y3M!=NVDOof7cIlLu7~phmOB=(jQJ+m-
zI&*T9ZzEpyo|rnP$2S{qdk3KHg}F5^(fWvY(CQXFC(M4UoWZ$Nlj$MfB&=(>H0-Sr
z9TF4U&5ViY;?rbmYMF`CQ|Dc*yY|Fe@yllq2tIhW-+X7^ii-|(`=C>!5+%9@1=MwZ
zDK^&o@YM|=Evl_Na&_qM5AsGmJ++K;wTXk$(qau)=l9vz^@}?j*ZRZ_tljOsjx(OT
zx;FpX+OZGnjJ^2a?%8pdXLU|_HgD0mTcvmI+_~tFKYuvzc67tq(RrH>yjZRL8=t<t
zf8wrPPt-}j_d;|#zo%x!hcEc~+O^)#9#8+cV)mK*bB<n@aweZzv8w;Jn<Y*hORX_4
z#<)0q@`>xmqFN{Vy=I)b=kl&yO%oHlb%WMvIdbI3E3Tg(e6oV!=!p{pR^^;IQ>{h&
z7oU5sQSv)0R+WEaWtS>za-K_`QmP4-l};~}I(BSy_s%EIoLTekDx)D{^~vu}?X5B8
zzz@Iv@nB!os`FQ^4?J=5Xv)W@o}GQ;#*NfxYtL$R=cm(3_l7>=zj@2Z9HgwCR{LG9
zq^3hAvYrqz*k@g+x#B1I+j%UOjqDxayhEoPPkZY^r?(F%$Cdqj2loH*uu6g<i@n)<
ze=B=(hhzJWy<P1I?>Fb*{jF7gU(*=ZoUE>O$F%@}i4$<c2*%|*SM6QL?SD2C2Yy<v
z)3r9b>V>%HOJ^fC7(v*u?2;?s@l;Dv#=xZXy7H=WOZ{=x`-=@U9Zj3MnlnqiV71T3
zf=bF4*IV#71bZy8RF1K;*j`o6ykMYlQ}^=B_AkRk*}i3QH4fqW;mRsg_%qnQpb2rd
zrVvA&v5vlyfIC)*J=lk7?pq)3sf=d`AaZT0U;-02*JICoYy}-k;-hZu@R)CJMEnTG
z=TC^d2Xsn3DiKZicagtf&H3XV{sKO1daO47xGDZU@vfjgI)PM2@G<7^A^Df6%tSu4
z^7J{*J^m8K$BXPBzI(ig|HS%-1OIT~e}n^`ctb!7%$xE(MH$MXM)fT{@?8d8s>g+G
zoiH6a4CoDTxkaY(#vv|m;Bq3y9SBMcr!Ky<UXsyFS&qS(LZ)f!kIN}Wn9`BUIGQVG
za#k2`aKI7@&JlA4awt~A77j1pW-XV5x?tXsOF~i+(gh2b<YF_<O{e2L67!c4*z;+g
zNIWf675m!wjl?g*TmPB!tCm^5M`##ycS)4HIllCgfN!X@$5Xv6uxz9yuHhxY;EEBw
z@8c|j2!=iDhccw1ZupKJE~-`EUBoAOIS0#kOL3u!T=p^y&&kw;t>F0=b7XJ*gUpe=
z8ZPxOP1O}P6-(y%h#ZkI%&P^A;2Yo2F&tdwy#(-<Gu*st1V8!QoLtySsWaLwQ!u3P
zzj+OWtgHX-JeEQml<(o<N)FZx7Z&q~ZJc|)MV;?c=K@h#L)1b>rS{~#RD>}q3nm!H
zh}x8Go~?rvlR+^Jb)Bii3&Sz5bFmnoh^MCD8B^nW61g;)*ZDp*`DQEgRZ=$Rjrrjl
z#YmspuqQMn^&lmSd6fC4bQu-8=9qGQj9mB96EXNa{$PZ%E^QShCes`Qs<K2<e~~ux
zs--EPL}z+ZXKVA*QwdE@anTzWo27vFl>b<?fEKuJ*(y2~@ZXm9;W9XL$|?m}Gje5)
z`8{j0ekAAY>B+yVEm<$0`8(TyHEk)od^4SV0~#Nepd7HydZV^jYqEy;&Ur3&SGBa6
zb6m5e#+H&-U#SzmD}w!GHN3Tqk|f`pz}}aA7i&$epQ1xD2aKPNcv6aF{~_sUYldxy
zt9mG_gCSe&^M_fKg&}y?vbLFP_ONn6BjrnK&5@us6z$2V<d{97Wf_d<ZL6WL<?kr`
zk!xx$WzVm+V=j{973PQ9qJ<)Rqj7CG&e$rLD{W}&l;m<twl31Cq;P^uIGJ-bzq~gR
zSLBxj$b05U+C=h=N`sIR+hLNT8Q7o5wl7<eS|9S!gcOB;+ImvC#&lQ`b3Rl)amkmg
z1t~jHKgqW^u|G;j$^(&u=BWFQXtT1#4pr=>WQ7NeE!!FGGinRg3v(?wIv9I?eZq)m
zcKPHt-}|TXhUrLc##oHg0bjOjg*_M1N{ddd0ky2u*1f?IrlrazbtzL*^%E&20lZHe
zQ))x4R+g<n=3A8-#tJLozI><EXyqL#{goPL8CXWyYp~pu0ZM{3KeQ4{8KTTfIqHaf
zvcKnB>dY<Ik`JswN+soi`6LH2v93*<f38y0*18ezieNlT?JU<jN*zK;l*^K7xv@^z
z*RU7qi;}Qx?3LttMy8t%P7K1HX>;MR453O17bHu2MV5t+qfm~SidlDa#UyQOYJM(D
zRxQbDpvqp8)XhDml<C$8$v%-beNFsI8MY<WvK6w{h9M4Vv!5YnwYDj*v43P)v=rH@
zWo<|);ak)w50dAyZnfdfHO+FfojzWzvHxZHdV()3-~U3rshm`0Rcjfk?SvMV)FoQ3
zl8=-T+6QbYvR!iD5$hFunrgqNQgc1=*b~P&<b1lKfmpBU1yV(APf6uEUa37*J*&zG
z^P<YBxh0nbMO)*j!uEk$hR0czYTGLKD-=s1-<ECGx-AxN!?KNe+8r;mopl0#$wli2
z6{yj*78vV`_6K#Z)KzM4V#K>qJD{e>>r6#2wZM_oB(yv%@0+E?6Jdsf7ImbWchb<t
zq;0~wll^E_=p0XI?c#?vr^ddVTFsm$sT%RLEBCT*rgovOq^@S!tt|k`;UM%8<Xd}_
zR#zpyu$?7&H3%_e4@m0lf6Y?=FpW)1&5{FrgiW>a*eh^U!FFc0$l3Eqi;kR<xs&4^
z^??#;yV$C6N&;IM-_xq*QpTm^aXh2iLbT@D!=!+BWsI^+<S_H2#?;D6;qWr&aum@3
zamXdxBQ(q0v#+F1(B_o6<0CWdds(MaVx*11_q6a!J*pK_4;EphsSYi9OF57hG&!24
zyd#^OsIKVlWaS#^b5%NHTGx%L4-5C*mc4))I}Dy2)+afpZEMonRL5^-*<mkA9&=nJ
zy$EJ&E6^CGv|!2s-}5GI^0x30l`~Rai`&Yr?Hh9&Pe9sinNphR(_p>Oj;HoetpWC_
zw8doGQrm|0m{a!etVf2EX<D`mX$4Wnv=pV?Z;z_Ej#*die^jeWj^%mZY{{s#CG%dm
zhc`>H>b0b_%khkAw`%Pfwiq+Fm^Ll07T8NGOFlKiHbL2va>O+F$RwY9;A6hB=2M{O
zd*aw^D^Uj3{Psj#QsC1tT0dzu3trOZ8iH_^HkVA#n(JmBt8IjQf4n@9L*zYkYtDnL
zH_8iJ0`-r|-9ZSYwf59flA8=a&@>WaO{)F6Rw^h9(ymvv8`~~pazxA;VC_+wRE`%d
znH&??(wXv_T0dHuR7+ycmD!I}SaM|Qjll)=$)d_i-FH;-DE&wDLa~>UHm<pZ+I-3O
zEhSv)WcFHS`6E}@tFbPOBG5<+w-5e!wVcu1Qsl$Zk+4l`!1pON<w)?9es$_4Z93#A
zrI>Z0N=or_pyslu)cJj~!l|occA1tr7pmk)UBP^DL}KQFwZ<}gG^kr;pK0z*&1Isb
zaE8Fz-lT;@eo{7No95R6wOWxhC~emIPnGKGkVeb!a(ruRtfuw|e1=W+3sFmSM7^;0
zV=8KD?E9!q%{i=(vo;7b5}KqDVp!S;w6IyTmKua1<+z$9r%tlWZBNKVVZO=UOpg9l
zsrdU-wp}OYw8<Gc!=(BjWNYC#kS_`0nXDD5iwf5pTMM-_`&ibISw|T~fKis{@n@~d
z810Q?Y)i4sJyULmoUm^!{9rKaReF?JPn7>m*kWcm*2d*r1f`5pVn3d_HPE_I+l#fV
z@k^t$v}7xwH9~o0tB|_k@8Fd!Nux{$80lMJ-$%QXy|%fOtUGId471`$dxT(YS~ASF
zxg|5UWh-G^%2iW@XZfVx)zS~Z^jj%8QcF+mEk_aLH$7_7_oC`Q))4t8eO{!>Jg~)4
zRxQhC$zgNrPe(}We6a1yp4F1N)K+Htsyx}}mK@2*T4hPnkrrDKdsBHPWtO}&m%?2C
zg=M$6X>o)hM~o^Be)CrLgQ|Da+UKLy_~bZyIjJAzn9)|fN^PMX-Kw=?RHT4qp%tt3
zmr1?BenF0d)f^V4PpMSzvM#9O<+o(jxgOG|4QKW(QX)Cpdmf;tjDNw3HnNsza$Ti3
z3}M(Rx@lsmv9*-cYwA8&p<wM-ZGo07>6tAp+6Pr^P&ZQ|w`mpA>Y+^|DFmDPDQZ;C
zUXc&7J_>W%%qz2Z(iXR+EmD}@!8Y>uqUPFj79|Kq`)6J#Bb2tLII@-hV2fDQ&>K?f
zNw)<gjB>(OVfMAlQ80Cg*}j!IHcQdpCmGB=+w@Qqziriau%dm~dek~;s>I-^fwM*A
zf@LYqwMyTbe9yX!8wGEEO$&~g!;+GAv?6DI)HFMqI7JCCYYS>iwgUQZ)&7HZPTvx_
zWS-rkek4~Jn&W)tT53>g0`}AFx24yH63BT9+RthVX6uofg)=aWQO$12nHxE?Fc4JK
zQWWN#5u<l=9hh6~ixync%8kkiYHHb^6z&OB4Jb=RyMsNp<(zLA%4pqJS(lb05B3Kf
zsn8?9UdPgZKpi5v#kA;wv8*9-kS$Y=uFP^BV6^12)YvLtnU1sq)K<+NP-^g^(l=Wz
zjHlXP91Ez&W;(PDs7vJRH1lblCn?+1)G0Pf&QTC8dD)A})~tH^)VUh9SC?gx(q|rd
zsB?lt73#(7y(!gd?^c-8S{e`Up{+SdF3~p|U{q!7U$1pp)7D-=Er-<A59S_I&JEET
zVjYvSeQnkOZB@=ivQ@J;H}|HLd)Xh-rXPhnQaS^S+BIAB-0`~9L(C^*F>lnG*76x(
zY_7R0?M2E~Z-i9GU{cpx)*3A^+8fkba)!u$?Q%>i?HX0~%vOtapZ|E8ov(<acUHC@
zwtapjko~!>-aA;)4A%NR(oR_N&AxtDIWPNn>-Bi_VKE=-UGj)6mRgv1==Wt$z_F+t
zze`QdGq!VSIdEL^s2bZIM~bJnLyfYpr<Khfg=>4va;VkdwsbLTK}x2%<}LMY;kLs#
z<cBSKvaeKoGE3cVON&Vw<R>Wx7|DNHCG7tOD>_TsSMm;d-xvHYth?12IN1(3x|d@B
zbDNaoWXqNz*L2A8Fud9>%)IzlwF35*tS9!?(z19I`Hy-m`R{0|H}Z<J9G1MG?5lk<
zWm?)*((5KAU9ERp@pz54IQ5}if1%o&=9MgzP|C-nw~$7PluAFCDl4jtaSSLq$aZJX
zx=~w+bw41>BxOVOQK^)rHjxr%OWHYqC4CPpJGHpf3o4%ijP1b{%Q3vP&bWHOmWPIN
zO`ApS5lFp>#aa}$k$=}H-aH2QE2H?rJYbEncPp$vWS_?Ss;@>J$5RVgkLp!<HtQ>D
zXWH5WL0w8D{Y`S-hT~ZI(no6b;*4o&3zDK-|E1d3d~Kv<Th&_5(nhniJEcyPJ&UyT
z$l1dAv$U1e+!imdkJlGVY5ZrD^`9AKv29aQ=<hZA8dPhP@?ohv)OJG)QN}9Vf@FI!
z&qYxeQ`)GTX%+C7l=&iG+3%~`O7;Ak*AiIDqdMOByJy_A_L`bQ?W`!*4^t~julM7p
zPVG!R&lO|V^L=vWP0kS04pDicop0=mJdlRe`5t&6w6VfRwo~o12<GQHTtUg+pDUhC
za1}bG|FE})-%QCx9Lep7bhIzfWUaP9ev*+Rehp4Ox8Z_$9;vV7TKxp{G|eDqMm#%F
z8&3?VBZZPUYJ+*))(9^{bikGFA{@W5un%JK;@TGQzpL^1{0Dm@?ce{%BR`hKFyK`w
zKr5gPkN{)?Q-IaL8ej{s703Zj1DAltu6V66@HVgzSPUEnjsnMllR!1Rpd|vR0pKfZ
zq7~2vSO%;B-UU_zYk>6tU&&n_Fap6q4saSc1H6DoB*y|1fcp5dOBWy$m<;f%VB%MC
z`B!lcUo+-kjyRliAP2kM*yV^X@cWTigYy+Ri*n|#d1K8h;}kA<$&V@H^LYXI&@P@c
z=C|r=8*uKYoco#1YZYATj!*_(Rla8L5fR@F-`_Kxm2m9;l@5<L8+3^Vor6J#Z~+Qw
z;XkOk&<_LfnY?uDG68%pPasA$Z48|A&8Gzv^bzqr@Qk!$f9AH}sw2odgAyqqjX<Ok
zh?lJve2Uog9l`{B_&q5eLT=ENw!UY&E+WahpMm?ppX4LHnBxoh0|S9{;0$mMxB%3}
z1Kah1XkZ#J1DFY{2Q~nkfH=ImzcJ7h=nC`z0!yN90VB{6;1}4s0DXX=z*1lnkOLU}
zkUmfrhybF1!@yDCIN*WDp}hcapga%`bOq9Z8NfCm*dO2G1Ev5|f!n|x;2zKzFP?4+
zGza<s{G!~w-0R|sxPD2TzI5!;!RzAsx8l0;`=$7DtJwOb{1e}bPsAtY^Q~WA66-E4
zzl6J@lqw6+;rJS&A|DVI)ZHSyPobdhP;aOZlcbr0QSt(0v;gJ4rhe_o+HpK2UO<;J
z0a@@zx+tMp@*X1Lu`K%-;00hTkOc(b#R*|RU7!`fFXbfwoq#^T3&0d$Ht;pDA2<jc
z295#&_y9#HP#<_27y*m|X5xEgvw^w5ao{B2hj#?~16jaPz#EcWtsL?MtOxP{zBHgb
zU<CNZzAi@8H_#o(21F3j1nL9Lff2wJAQ$M3N8ig=L_DAdumRxL1Mi93x5d@(uZqL?
zIm|z?k3U!O%GIk^mEEUe)4olc_K8jJi+7aceK_AIKK&FaT5Tr1p_6(8&+SRQp)1fE
zXscSiq1J9$Q@9@SPKv<bv#)J&*bdOtA*co5gRTt157(RSmu6fwVn$d&L?vzYdO>K7
z+-c>kA$jpFa2&|O3mLWm-vWo9M126qfiOJz9}ZLjssXiu-arbF35)<n0n>nWz~{g=
zU<Z%`^a?|GU?`9Yi~z<0699gFaSHGWum#uwd=2aYz6JIJah1_#fu=xnAOT1L`T!$<
zg}`E99l*CSd<&cg=7tL~A6Nxk04@PP0lC00z<mIpVigX69&iTcRzaTz1XhE*0fE&a
zKY$Sk2Eu`8AO_$UDDNp7b|P0?G5zP54^7u{A#a5)%HX-;nDTc}e1m^v$b<DNbvJY!
zTC%DAo7*(Bx#!@1SqN(qACuVm%F}|#wt6%xebAO=7z<<p(|}dLYG5l6k9U5w0=fh9
zfwzHWz`MXIU<0rT_ypJj^oT@V1HFOZ8u)r95DJ6=5kO<0DbNWR3uFP)fK|Y1U@I`N
zCiFNk7T5;t0Qd%s{lGyW2RIF!0nPytQE1md6wnx$3d{iBtp&QkYT!>G4}d`^8~`^U
z9H;_B0ri2WfoLEGhy&gQRspL4er5Czaa;S3^PA%4P3y}th`jm34=_ZIo<^O1Bmc$G
zqhdR9VYQibhpGKTBbsWlKzFG9g|^)?Q~)g%C6r>kXnGYz51Fh3lLcZ&s#>sYn}9vQ
zx4>yYUk7ag@CPD*8bBP72jIaW;SDqg;(_)+C!h<^3+My%1NsB}nrb=_QV(xZ0hR)}
zKuCSa1rP>=166=@U@$Njm=Aml><4my)4&<v9PlG>4e)IMP67Tv0KhM{-uc<a|Igye
zl{5H5@4n~LP2vNwY!Uw6p36V0nkdexOGNy$0(~tkvuDvd`P&0_mhe%Jq^*V!-U;!}
zxaSOw?F@~MH_Eu;s$>6N2whJ3cym@(7Fw_o)rgJ)b!LRkNuw^bfJTwQq_t`i6I1P5
z$cVLM+0YL)_?{mJfMWpK|094=z!=~KU@VXYOaQWhiNLGCWPoD?jt{m1rvZLx_jfH5
z?`lu3YELd{PcCRr&S_81XivV=o}AF09Mhg0(ViUAo*dAg?9-m?)t>Cqo@^`Li8j<D
z9YZYeQc(FuP@&Hfjv*o`1h29hU?2Jc2*t0DTZDpC$*W#E`5|n)?^+4PFHy?xUnk@V
z-88&HYntgh*m%KEN!Hnqz&!v1bmdFQeYGX%sXgheJ!z{w`4=6#XxP&Xe0kXU93_0g
zJ5~+Hn+nIi`Dfib2ULb312Na>3ZQ2BVb^%y^*BF2h(F)sFhE8AxpU`a^g>629~K~r
zq;!txdU)XAI8Yww)hh;Eaf}juqD1xM?!rOGboBUD&S3Iu&QRwCXAX|qkPeR8ka&N)
zMM&1QLR0AZW$XZ;ED#9rE7||le}RmsvcdXSHdFoM7;l_4{aPHE>fe5V|E~IHeH(#b
zAOr{n{;B`}f9jw09R`F0Re)+h1W*H@kB`2*b#7KNk*bKk=_grxlB7Mc=sKR$-sz@2
zfgNSuEP5F8W%Wom0{tQ}%QpU%`d`Vz|5*EXW!=*EdI7iu<N@@<=9zqfe(?Fx7pVIA
zR3D$}-|Oxp{d=l!kAA%eYHe|!t3CNydvZ~Ga$b9KT6>bCJ+X*$QhUd~*=J$TeW{J}
zh4$n#?TJO4PqlY8X-_t2Pu6QsERNYT6X=B<LmZPr%%3B-xZ>^z%gw>PsSaNcKj<KB
zwulGCis^uuIvF#@6my%5>0vSl`AKpiBvIH=v>wrp{8T?|fS>fY*1(?rR@K+4`dPL9
z!TF`(3jlrwasm1a=_9nL_dm28uox9s2*FR<U_WS29%oc=R7>C+yC=J~ceZLzwrEd2
z(Vl#uJt@{PT9R){KNyc%#w)c6S->~a?9`Zhf&Fe_xtk@$d{kJjEbbK{PijnG)|=|L
zrLUHLTGdBO|15p869D>Vec_w+15`ikZ7mzFYELZ2Z5AzayEd4`iABSDUmNUg?a6fQ
z$wci5#M``$Gam{p4Y#$C2gTr*?V2i~R&Hd72oKTq$gX2*c0$C4C||#`QTH|_!dImv
zRl{GV$1m>{H*MiXe|lG=^rcV4{#C$O5%wUk37~&i^#jufO#d(azV!Ffze~R^{kinx
z-UmYqwtEFfIJlubxvo9AqCGjUJ+Tm*{n|Sg4f{*&9SenS(Uv!AgRRq^ScuvR?VTms
z6AK~44YTC@8;-mRdIl*Z7X5>*^dZ|tw0?68U)CG_?)10Q*G@k>eeCqD)2B{fI(_K$
zozrJdUpf8c^G$y8^3@<O0Da{2kJB%1AqT%{nP_1Q6jKgPYYCjto*dSmSom|k*528v
zJ^5UFvQ>LxAublG-$FBO(8jUo@-3vQAQZKXJ(%m^KXv5C`l9cjK7ac9>EowwpMHJ%
z^i_X8efjj`(|=FDJ^l6c)6+jszdU{N^vA2d_-Rqawg>JO@CpYO;_|EZ&Moc9P3?(&
z?Q&Hc><8`1W$npD?a6uV$yx2m_u7+F+LQ0JCl)e#OnYay_Qck4k?q``6#bR!{;Vg?
zm#A|koG0NN3Fk&QC&Kv<&Vz8Cfb#>K7vOvV=K<*dr{ACce){_V&$Ro^THaeU=(XBA
ztF$M}wI?=@|5I)FucYg%&e3S+V}{npJS{K+;C##uplpL;*RKV0Ec*9L+FKU({ZZ|m
zz1ou<+LQmyV^@un+cCr;Da66@isI|{)C7VjT#hMb=J(15PgD)yigzUM^3-h$a_sH@
zf&a7+H06ibDQ>LSK%hKe1cHGOAQT7#IIlKW%l6sYlbPC+8QPO++LNi;lPTJh$=Z|u
znq!rph4y1$7%BB&Im0kBzq@BbnQP$p<8S{F53?|^e)*jbi^_ZaQv7emw525fH%h9j
zD=MrzSlzhpT*IJsi=Bdj((4X7RGhZhDFFKr>}w?8Ye3Wb=^_T_pUuy&i8I)NUJ-aM
z^|4|ivg>0<MzV<f&-V9mpgmSu%O|s%U~M(uC_nm<i2DmCe7{F-RF}@K%EY7CCaE;F
zMa+>Gl^=FpjgUUy4cit^y!5vfyvS?5=;D~76Tn;)8CY{uO-YAz`R1U<-Q18m(`9jr
zn?CdFXG$;<Z(~s3lKD7!@RD78K^+u_h8}?yHIyM6BlS$+aW}R6EIYU2(5Z+(&y|uP
zo$&S?zE6wquA}U6g};36gICn&!t7HGL;0O?+W-_deb&_!3M;nGkiMaK5>USP%lzJQ
zdH3PJWs$xMf+>YBX8AGHF8FSilzKinovFOBicf+)%I1$2q^4cm^5<#t=~SrXk5(Ub
iP4chip*VSWL!iv!1T1D4HSNbKe=(CNGT8s+^#32o*MqkJ

literal 0
HcmV?d00001

diff --git a/initializers/challengeHelper.js b/initializers/challengeHelper.js
index d8d94e75c..2460e3f17 100644
--- a/initializers/challengeHelper.js
+++ b/initializers/challengeHelper.js
@@ -1,8 +1,8 @@
 /*
  * Copyright (C) 2013 - 2014 TopCoder Inc., All Rights Reserved.
  *
- * @version 1.4
- * @author ecnu_haozi, bugbuka, Ghost_141, muzehyun
+ * @version 1.5
+ * @author ecnu_haozi, bugbuka, Ghost_141, muzehyun, GFalcon
  * Refactor common code out from challenge.js.
  *
  * changes in 1.1:
@@ -13,6 +13,9 @@
  * - Avoid undefined if rows[0].copilot_type is null.
  * Changes in 1.4:
  * - Add template id to challenge terms of use.
+ * Changes in 1.5:
+ * - Add the checkUserChallengeEligibility function
+ * - Removee the obsolete eligibility check in getChallengeTerms
  */
 "use strict";
 
@@ -135,11 +138,6 @@ exports.challengeHelper = function (api, next) {
                         return;
                     }
 
-                    if (!rows[0].no_elgibility_req && !rows[0].user_in_eligible_group) {
-                        cb(new ForbiddenError('You are not part of the groups eligible for this challenge.'));
-                        return;
-                    }
-
                     // Update check to use flag.
                     if (requireRegOpen && !rows[0].reg_open) {
                         cb(new ForbiddenError('Registration Phase of this challenge is not open.'));
@@ -316,8 +314,71 @@ exports.challengeHelper = function (api, next) {
                 }
                 next(null, result.terms);
             });
+        },
+        /**
+         * Check if the user currently logged in has the right to access the specified challenge
+         *
+         * @param {Object} connection The connection object for the current request
+         * @param {Number} challengeId The challenge id.
+         * @param {Function<err>} next The callback that will receive an error
+         *      if the user is not eligible
+         *
+         * @since 1.5
+         */
+        checkUserChallengeEligibility: function (connection, challengeId, next) {
+            // Admins can access any challenge
+            if (connection.caller.accessLevel === 'admin') {
+                next();
+                return;
+            }
+            // Query the accessibility information
+            var userId = (connection.caller.userId || 0);
+            api.dataAccess.executeQuery('get_challenge_accessibility_and_groups', {
+                challengeId: challengeId,
+                user_id: userId
+            }, connection.dbConnectionMap, function (err, res) {
+                if (err) {
+                    next(err);
+                    return;
+                }
+                // If there's no corresponding record in group_contest_eligibility
+                // then the challenge is available to all users
+                if (res.length === 0
+                        || _.isNull(res[0].challenge_group_ind)
+                        || _.isUndefined(res[0].challenge_group_ind)) {
+                    next();
+                    return;
+                }
+                var error = false;
+                // Look at the groups
+                async.some(res, function (record, cbx) {
+                    // Old challenges: check by looking up in common_oltp:user_group_xref
+                    if (record.challenge_group_ind === 0) {
+                        cbx(!(_.isNull(record.user_group_xref_found) || _.isUndefined(record.user_group_xref_found)));
+                    } else {
+                        // New challenges: query the V3 API
+                        api.v3client.isUserInGroup(connection, userId, record.group_id, function (err, result) {
+                            if (err) {
+                                error = err;
+                                cbx(true);
+                            } else {
+                                cbx(result);
+                            }
+                        });
+                    }
+                }, function (eligible) {
+                    if (error) {
+                        next(error);
+                    } else if (eligible) {
+                        next();
+                    } else if (connection.caller.accessLevel === "anon") {
+                        next(new UnauthorizedError());
+                    } else {
+                        next(new ForbiddenError());
+                    }
+                });
+            });
         }
-
     };
 
     next();
diff --git a/initializers/middleware.js b/initializers/middleware.js
index cf370e589..98fb669ce 100644
--- a/initializers/middleware.js
+++ b/initializers/middleware.js
@@ -2,8 +2,8 @@
 /*
  * Copyright (C) 2013 - 2014 TopCoder Inc., All Rights Reserved.
  *
- * @version 1.3
- * @author vangavroche, TCSASSEMBLER
+ * @version 1.4
+ * @author vangavroche, TCSASSEMBLER, GFalcon
  * changes in 1.1:
  * - add cache support (add preCacheProcessor and postCacheProcessor)
  * changes in 1.2:
@@ -12,6 +12,8 @@
  * - add authorizationPreProcessor
  * changes in 1.3:
  * - add force refresh check for preCacheProcessor
+ * changes in 1.4:
+ * - store the authorization token in connection.authToken
  */
 "use strict";
 
@@ -105,6 +107,7 @@ exports.middleware = function (api, next) {
                     cb(null, reg.exec(authHeader)[1]);
                 }
             }, function (token, cb) {
+            	connection.authToken = token;
                 jwt.verify(token,
                     api.config.tcConfig.oauthClientSecret,
                     { audience: api.config.tcConfig.oauthClientId },
diff --git a/initializers/v3client.js b/initializers/v3client.js
new file mode 100644
index 000000000..dabb7759d
--- /dev/null
+++ b/initializers/v3client.js
@@ -0,0 +1,143 @@
+/*
+ * Copyright (C) 2017 TopCoder Inc., All Rights Reserved.
+ *
+ * V3 API client
+ *
+ * @version 1.0
+ * @author GFalcon
+ */
+"use strict";
+/*jslint nomen: true*/
+
+var request = require('request');
+var _ = require('underscore');
+var async = require('async');
+
+/**
+ * The URL of the V3 API
+ */
+var v3url = process.env.TC_API_V3_URL || 'http://localhost:8084/v3/';
+
+/**
+ * Cached V3 API tokens.
+ * 
+ * This object stores V2 tokens as keys and V3 tokens as values
+ */
+var tokens = {};
+
+/**
+ * Call the service. It handles both errors and bad response status codes.
+ *
+ * @param {Object} params - parameters for a request
+ * @param {Function<err, body>} callback - the callback function. 
+ *      It will get either an Error object or a response body.
+ */
+function callService(params, callback) {
+    params.json = true;
+    request(params, function (err, response, body) {
+        if (err) {
+            callback(err);
+            return;
+        }
+        /*jslint eqeq: true*/
+        if (response.statusCode != 200) {
+            /*jslint eqeq: false*/
+            callback(new Error('API V3 returned ' + response.statusCode + ' ' + (response.statusMessage || '')));
+            return;
+        }
+        callback(null, body);
+    });
+}
+
+/**
+ * Get the V3 API authorization token to use in subsequent calls
+ *
+ * @param {Object} connection - the connection object provided by ActionHero
+ * @param {Function<err, token>} callback - this function receives either an error,
+ *        a V3 token or nothing at all (if the current connection's user is anonymous)
+ */
+function getToken(connection, callback) {
+    // Anonymous
+    if (_.isUndefined(connection.authToken)) {
+        callback();
+        return;
+    }
+    // Cached token
+    if (!_.isUndefined(tokens[connection.authToken])) {
+        callback(null, tokens[connection.authToken]);
+        return;
+    }
+    // Get the token by calling the API
+    callService({
+        url: v3url + 'authorizations',
+        method: 'POST',
+        body: {
+            param: {
+                token: connection.authToken
+            }
+        }
+    }, function (err, body) {
+        if (err) {
+            callback(err);
+        } else {
+            tokens[connection.authToken] = body.result.content.token;
+            callback(null, body.result.content.token);
+        }
+    });
+}
+
+/**
+ * Get IDs of users in the specified group
+ *
+ * @param {Object} connection - the connection object provided by ActionHero
+ * @param {Number} groupId - the group ID
+ * @param {Function<err, members>} callback - the callback. Receives either an error
+ *        or the list of group's users an array of numeric IDs
+ */
+function getGroupMembers(connection, groupId, callback) {
+    getToken(connection, function (err, token) {
+        if (err) {
+            callback(err);
+            return;
+        }
+        callService({
+            url: v3url + 'groups/' + groupId + '/members',
+            method: 'GET',
+            headers: {
+                'Authorization': 'Bearer ' + token
+            }
+        }, function (err, body) {
+            if (err) {
+                callback(err);
+            } else {
+                callback(null, body.result.content.map(function (item) {
+                    return item.memberId;
+                }));
+            }
+        });
+    });
+}
+
+exports.v3client = function (api, next) {
+    api.v3client = {
+        /**
+         * Check if the user belongs to the group
+         *
+         * @param {Object} connection - the connection object provided by ActionHero
+         * @param {Number} userId - the user ID
+         * @param {Number} groupId - the group ID
+         * @param {Function<err, isIn>} callback - the callback. The second parameter
+         *        is boolean vwhich is true if the user is found in the group.
+         */
+        isUserInGroup: function (connection, userId, groupId, callback) {
+            getGroupMembers(connection, groupId, function (err, members) {
+                if (err) {
+                    callback(err);
+                } else {
+                    callback(null, members.indexOf(userId) >= 0);
+                }
+            });
+        }
+    };
+    next();
+};
diff --git a/package.json b/package.json
index b9daa5614..c3e6dfc2a 100644
--- a/package.json
+++ b/package.json
@@ -21,9 +21,11 @@
     "bcrypt": "0.7.x",
     "bigdecimal": "0.6.x",
     "bignum": "0.6.x",
+    "body-parser": "^1.17.2",
     "crypto": "0.0.x",
     "datejs": "0.0.x",
     "email-templates": "0.1.x",
+    "express": "^4.15.3",
     "forums-wrapper": "git://github.com/cloudspokes/forums-wrapper.git#12b57be495c2e10431173522bc9eff60e0575959",
     "heapdump": "^0.3.6",
     "highlight.js": ">= 8.3.0",
diff --git a/queries/challenge_registration_validations b/queries/challenge_registration_validations
index 1b20283f4..4bd4a63de 100644
--- a/queries/challenge_registration_validations
+++ b/queries/challenge_registration_validations
@@ -4,8 +4,6 @@ select
 	(pp_reg_open.project_id IS NOT NULL) as reg_open,
 	(r.project_id IS NOT NULL) as user_registered,
 	(us.user_id IS NOT NULL) as user_suspended,
-	(ce.contest_eligibility_id IS NULL) as no_elgibility_req,
-	(ugx.login_id IS NOT NULL) as user_in_eligible_group,
  	(uax.user_id IS NOT NULL OR coder.coder_id IS NOT NULL) as user_country_banned,
 	(coder2.comp_country_code IS NULL OR coder2.comp_country_code = '') as comp_country_is_null,
 	(cop.copilot_profile_id IS NOT NULL) as user_is_copilot,
@@ -28,14 +26,6 @@ left join
 	on us.user_id = @userId@
 	and us.user_status_type_id = 1
 	and us.user_status_id = 3
--- Check if user meets eligibility requirements
-left outer join (
-	contest_eligibility ce join (
-		group_contest_eligibility gce left outer join user_group_xref ugx 
-        	on ugx.group_id = gce.group_id and ugx.login_id = @userId@
-	) 
-	on ce.contest_eligibility_id = gce.contest_eligibility_id
-) on p.project_id = ce.contest_id
 -- Check user's country
 left outer join (
 	informixoltp:user_address_xref uax join (
diff --git a/queries/get_challenge_accessibility_and_groups b/queries/get_challenge_accessibility_and_groups
new file mode 100644
index 000000000..6ca557db3
--- /dev/null
+++ b/queries/get_challenge_accessibility_and_groups
@@ -0,0 +1,21 @@
+SELECT  
+  ce.is_studio,
+  sg.challenge_group_ind,
+  ugx.group_id AS user_group_xref_found,
+  sg.group_id AS group_id
+FROM 
+  (
+    (
+      contest_eligibility ce 
+      LEFT JOIN group_contest_eligibility gce
+      ON ce.contest_eligibility_id = gce.contest_eligibility_id
+    ) 
+    LEFT JOIN security_groups sg 
+    ON gce.group_id = sg.group_id
+  ) 
+  LEFT JOIN (
+    SELECT group_id FROM user_group_xref WHERE login_id=@user_id@
+  ) ugx
+  ON ugx.group_id = gce.group_id
+WHERE ce.contest_id = @challengeId@
+
diff --git a/queries/get_challenge_accessibility_and_groups.json b/queries/get_challenge_accessibility_and_groups.json
new file mode 100644
index 000000000..218f37428
--- /dev/null
+++ b/queries/get_challenge_accessibility_and_groups.json
@@ -0,0 +1,5 @@
+{
+  "name"    : "get_challenge_accessibility_and_groups",
+  "db"      : "tcs_catalog",
+  "sqlfile" : "get_challenge_accessibility_and_groups"
+}
\ No newline at end of file
diff --git a/test/postman/New_Challenge_Visibility_Control.postman_collection.json b/test/postman/New_Challenge_Visibility_Control.postman_collection.json
new file mode 100644
index 000000000..7dadfd3d1
--- /dev/null
+++ b/test/postman/New_Challenge_Visibility_Control.postman_collection.json
@@ -0,0 +1,386 @@
+{
+	"id": "ba962be9-0d58-f187-8809-008a39bc2240",
+	"name": "New Challenge Visibility Control",
+	"description": "",
+	"order": [],
+	"folders": [
+		{
+			"id": "712ffa63-a959-e4a3-6af9-84d4f236b2f3",
+			"name": "Get checkpoints",
+			"description": "",
+			"order": [
+				"7c7643c6-89ab-641e-b67a-32b3ac91e09e",
+				"d830ec36-eb8e-9586-c546-14af77cec152",
+				"2af8f0d9-f3e8-c58a-ca3d-1130e4b07371",
+				"f545bbfc-36d7-6567-25a8-b4d6634575e7",
+				"a3ae5124-2077-4ff2-4e02-afae7670bbe5"
+			],
+			"owner": "316251"
+		},
+		{
+			"id": "cfbf928f-56b8-9813-f8f3-4ac4e342d965",
+			"name": "Register for challenges",
+			"description": "",
+			"order": [
+				"4b64d85a-4c08-8ec2-9c3f-50605bd2e09e",
+				"5224f722-9f4f-07bb-58e7-351512cc66ea",
+				"60ae89de-4eb1-c0aa-b866-b28b52436e89",
+				"843d6759-0cc0-a0c6-9fde-60f893f56eac",
+				"46cf305a-8251-66aa-391c-46def82773a1"
+			],
+			"owner": "316251"
+		},
+		{
+			"id": "0eeb693c-c6b6-e23b-156d-cff5f21dbb27",
+			"name": "login",
+			"description": "",
+			"order": [
+				"6bed8920-6800-0ae0-e63d-b39b05c7f50c",
+				"fd4cd936-2d4d-a272-f402-d0f7b6cab82f"
+			],
+			"owner": "316251",
+			"collectionId": "6369974d-65cc-d819-459b-0026549ddb47"
+		}
+	],
+	"timestamp": 1474156790593,
+	"owner": "316251",
+	"public": false,
+	"requests": [
+		{
+			"id": "2af8f0d9-f3e8-c58a-ca3d-1130e4b07371",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220003",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550652259,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "46cf305a-8251-66aa-391c-46def82773a1",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110005/register",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "POST",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497813578982,
+			"name": "New logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "4b64d85a-4c08-8ec2-9c3f-50605bd2e09e",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110001/register",
+			"queryParams": [],
+			"pathVariables": {},
+			"pathVariableData": [],
+			"preRequestScript": null,
+			"method": "POST",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"data": null,
+			"dataMode": "params",
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"descriptionFormat": "html",
+			"time": 1497813014785,
+			"version": 2,
+			"responses": [],
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"folder": "cfbf928f-56b8-9813-f8f3-4ac4e342d965"
+		},
+		{
+			"id": "5224f722-9f4f-07bb-58e7-351512cc66ea",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110002/register",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "POST",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497813399305,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "60ae89de-4eb1-c0aa-b866-b28b52436e89",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110003/register",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "POST",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497813480606,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "6bed8920-6800-0ae0-e63d-b39b05c7f50c",
+			"headers": "Content-Type: application/json\n",
+			"url": "{{url}}/auth",
+			"preRequestScript": null,
+			"pathVariables": {},
+			"method": "POST",
+			"data": [],
+			"dataMode": "raw",
+			"version": 2,
+			"tests": "var authResponse = JSON.parse(responseBody);\npostman.setEnvironmentVariable(\"authToken\", authResponse.token);\ntests[\"Status code is 200\"] = responseCode.code === 200;\nvar jsonData = JSON.parse(responseBody);\ntests[\"A valid token is returned\"] = !!jsonData.token;",
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1474159263289,
+			"name": "Login as admin user",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"rawModeData": "{\n    \"username\": \"heffan\", \n    \"password\": \"password\"\n}",
+			"folder": "0eeb693c-c6b6-e23b-156d-cff5f21dbb27"
+		},
+		{
+			"id": "7c7643c6-89ab-641e-b67a-32b3ac91e09e",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220001",
+			"queryParams": [],
+			"pathVariables": {},
+			"pathVariableData": [],
+			"preRequestScript": null,
+			"method": "GET",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"data": null,
+			"dataMode": "params",
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"descriptionFormat": "html",
+			"time": 1497550504090,
+			"version": 2,
+			"responses": [],
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "843d6759-0cc0-a0c6-9fde-60f893f56eac",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110004/register",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "POST",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497813524683,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "a3ae5124-2077-4ff2-4e02-afae7670bbe5",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220005",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550755372,
+			"name": "New logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "d830ec36-eb8e-9586-c546-14af77cec152",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550612717,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "f545bbfc-36d7-6567-25a8-b4d6634575e7",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220004",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550705028,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "fd4cd936-2d4d-a272-f402-d0f7b6cab82f",
+			"headers": "Content-Type: application/json\n",
+			"url": "{{url}}/auth",
+			"preRequestScript": null,
+			"pathVariables": {},
+			"method": "POST",
+			"data": [],
+			"dataMode": "raw",
+			"version": 2,
+			"tests": "var authResponse = JSON.parse(responseBody);\npostman.setEnvironmentVariable(\"authToken\", authResponse.token);\ntests[\"Status code is 200\"] = responseCode.code === 200;\nvar jsonData = JSON.parse(responseBody);\ntests[\"A valid token is returned\"] = !!jsonData.token;",
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1474159245944,
+			"name": "Log in as ordinary user",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"rawModeData": "{\n    \"username\": \"user\", \n    \"password\": \"password\"\n}",
+			"folder": "0eeb693c-c6b6-e23b-156d-cff5f21dbb27"
+		}
+	]
+}
\ No newline at end of file
diff --git a/test/postman/New_Challenge_Visibility_Control.postman_environment.json b/test/postman/New_Challenge_Visibility_Control.postman_environment.json
new file mode 100644
index 000000000..143271c12
--- /dev/null
+++ b/test/postman/New_Challenge_Visibility_Control.postman_environment.json
@@ -0,0 +1,34 @@
+{
+  "id": "d761e292-418f-09b5-8b27-9d93eae42f1e",
+  "name": "New Challenge Visibility Control",
+  "values": [
+    {
+      "enabled": true,
+      "key": "url",
+      "value": "http://localhost:8080/api/v2",
+      "type": "text"
+    },
+    {
+      "enabled": true,
+      "key": "adminToken",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NtYS5hdXRoMC5jb20vIiwic3ViIjoiYWR8MTMyNDU2IiwiYXVkIjoiQ01hQnV3U25ZMFZ1NjhQTHJXYXR2dnUzaUlpR1BoN3QiLCJleHAiOjE1MTAxNTkyNjgsImlhdCI6MTQ3NDE1OTI2OH0.KRgW9TxNOEiEu5YdQnXQO1nKFULIuy7JlzDZdq9QFQY",
+      "type": "text"
+    },
+    {
+      "enabled": true,
+      "key": "userToken",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NtYS5hdXRoMC5jb20vIiwic3ViIjoiYWR8MTMyNDU4IiwiYXVkIjoiQ01hQnV3U25ZMFZ1NjhQTHJXYXR2dnUzaUlpR1BoN3QiLCJleHAiOjE1MTAxNzI0MDgsImlhdCI6MTQ3NDE3MjQwOH0.sIG2FoNiCldizzcTMQ9iAFh-PCigNGBAlicxms6uTkk",
+      "type": "text"
+    },
+    {
+      "enabled": true,
+      "key": "authToken",
+      "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NtYS5hdXRoMC5jb20vIiwic3ViIjoiYWR8MTMyNDU4IiwiYXVkIjoiQ01hQnV3U25ZMFZ1NjhQTHJXYXR2dnUzaUlpR1BoN3QiLCJleHAiOjE1MTAyODI4MDMsImlhdCI6MTQ3NDI4MjgwM30.s6q_FRFryMslkWCkR0wPSWwTopkZhHH8g9R_4GPf9m4",
+      "type": "text"
+    }
+  ],
+  "timestamp": 1497565761064,
+  "_postman_variable_scope": "environment",
+  "_postman_exported_at": "2017-06-15T22:29:38.942Z",
+  "_postman_exported_using": "Postman/5.0.1"
+}
\ No newline at end of file
diff --git a/test/scripts/mock_v3.js b/test/scripts/mock_v3.js
new file mode 100644
index 000000000..8df5e8c02
--- /dev/null
+++ b/test/scripts/mock_v3.js
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2017 TopCoder Inc., All Rights Reserved.
+ * 
+ * This is the REST server that mocks some services from the V3 API
+ * 
+ * @author GFalcon
+ * @version 1.0
+ */
+"use strict";
+
+var express = require('express');
+var bodyParser = require('body-parser');
+
+var app = express();
+
+app.use(bodyParser.json());
+
+/*
+ * Log all incoming requests
+ */
+/*jslint unparam: true*/
+app.use(function (req, res, next) {
+    console.info('V3 Request: ' + JSON.stringify({
+        path: req.path,
+        method: req.method,
+        headers: req.headers,
+        body: req.body
+    }, null, '    '));
+    next();
+});
+/*jslint unparam: false*/
+
+/*
+ * Return a fake 'authorization token'
+ */
+/*jslint unparam: true*/
+app.post('/v3/authorizations', function (req, res) {
+    res.json({
+        result: {
+            content: {
+                token: 'FAKE-TOKEN'
+            }
+        }
+    });
+});
+/*jslint unparam: false*/
+
+/*
+ * Get group members. Makes each group consist of one user 
+ * (the user from the sample database whose handle is 'user')
+ * except one group (id 3330004) that doesn't have any users at all
+ */
+app.get('/v3/groups/:groupId/members', function (req, res) {
+    /*jslint eqeq: true*/
+    if (req.params.groupId != 3330004) {
+        /*jslint eqeq: false*/
+        res.json({
+            result: {
+                content: [{
+                    memberId: 132458
+                }]
+            }
+        });
+    } else {
+        res.json({
+            result: {
+                content: []
+            }
+        });
+    }
+});
+
+app.listen(8084);

From 092c69dc7a1ea669f9a7f864058d3ba32f2367d4 Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 08:05:08 +0800
Subject: [PATCH 02/17] improve the query

---
 queries/check_user_challenge_accessibility | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/queries/check_user_challenge_accessibility b/queries/check_user_challenge_accessibility
index 4ab12d78a..e7d7e9b14 100644
--- a/queries/check_user_challenge_accessibility
+++ b/queries/check_user_challenge_accessibility
@@ -3,9 +3,9 @@ SELECT
     1
   FROM contest_eligibility ce
   INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
-  INNER JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
+  LEFT JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
   WHERE ce.contest_id = @challengeId@
-  AND ugx.login_id = @user_id@) AS has_access
+  AND ((ugx.login_id = @user_id@ AND gce.group_id < 2000000) OR gce.group_id >= 2000000)) AS has_access
 , (SELECT
     1
   FROM contest_eligibility ce

From a0b6b3b4a81be58a07e93fbeb1e425a0557a5baa Mon Sep 17 00:00:00 2001
From: skyhit <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 08:16:46 +0800
Subject: [PATCH 03/17] update query for groups (#502)

---
 queries/check_is_related_with_challenge              | 2 +-
 queries/get_open_challenges_count                    | 2 +-
 queries/get_past_challenges_count                    | 2 +-
 queries/search_past_software_studio_challenges       | 2 +-
 queries/search_past_software_studio_challenges_count | 2 +-
 queries/search_software_studio_challenges            | 2 +-
 queries/search_software_studio_challenges_count      | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/queries/check_is_related_with_challenge b/queries/check_is_related_with_challenge
index 5c18c5bb6..ab18cd096 100644
--- a/queries/check_is_related_with_challenge
+++ b/queries/check_is_related_with_challenge
@@ -5,7 +5,7 @@ SELECT
   INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
   INNER JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
   WHERE ce.contest_id = @challengeId@
-  AND ugx.login_id = @user_id@) AS has_access
+  AND ((ugx.login_id = @user_id@ AND gce.group_id < 2000000) OR gce.group_id >= 2000000)) AS has_access
 , (SELECT
     1
   FROM contest_eligibility ce
diff --git a/queries/get_open_challenges_count b/queries/get_open_challenges_count
index 863788407..0b65313d6 100644
--- a/queries/get_open_challenges_count
+++ b/queries/get_open_challenges_count
@@ -16,7 +16,7 @@ AND p.project_category_id = pcl.project_category_id
 -- Filter out the challenge that user is not belong to.
 AND (not exists (select contest_id from contest_eligibility where contest_id = p.project_id)
          or exists(select contest_id from contest_eligibility ce, group_contest_eligibility gce, user_group_xref x
-                   where x.login_id = @user_id@ AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                   where ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = @user_id@) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                          AND ce.contest_id = p.project_id))
 AND pcl.project_category_id NOT IN (27, 37) --exclude when spec review was a 'contest.' Also exclude MM, which is in there as a 'software' contest.
 -- start of parameters
diff --git a/queries/get_past_challenges_count b/queries/get_past_challenges_count
index 0adb68d0f..23b07d5eb 100644
--- a/queries/get_past_challenges_count
+++ b/queries/get_past_challenges_count
@@ -28,6 +28,6 @@ AND p.tc_direct_project_id = DECODE(@project_id@, 0, p.tc_direct_project_id, @pr
 -- Filter out the challenge that user is not belong to.
 AND (not exists (select contest_id from contest_eligibility where contest_id = p.project_id)
       or exists(select contest_id from contest_eligibility ce, group_contest_eligibility gce, user_group_xref x
-                   where x.login_id = @user_id@ AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                   where ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = @user_id@) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                          AND ce.contest_id = p.project_id))
 AND not exists (select 1 from resource r, project_info pi82 where r.project_id = p.project_id and r.resource_role_id = 1 and p.project_id = pi82.project_id and project_info_type_id = 82 and pi82.value = 1)
diff --git a/queries/search_past_software_studio_challenges b/queries/search_past_software_studio_challenges
index 660133285..53ba42220 100644
--- a/queries/search_past_software_studio_challenges
+++ b/queries/search_past_software_studio_challenges
@@ -105,7 +105,7 @@ AND NVL((cmc_task_id.value), '') = DECODE('@cmc@', '', NVL((cmc_task_id.value),
 -- Filter out the challenge that user is not belong to.
 AND (not exists (SELECT contest_id FROM contest_eligibility WHERE contest_id = p.project_id)
   OR exists(SELECT contest_id FROM contest_eligibility ce, group_contest_eligibility gce, user_group_xref x
-                WHERE x.login_id = @userId@ AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                WHERE ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = @user_id@) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                 AND ce.contest_id = p.project_id))
 and pp.actual_end_time > '2012-01-01 00:00:00'
 
diff --git a/queries/search_past_software_studio_challenges_count b/queries/search_past_software_studio_challenges_count
index 95151dbe4..81bd29d3b 100644
--- a/queries/search_past_software_studio_challenges_count
+++ b/queries/search_past_software_studio_challenges_count
@@ -11,7 +11,7 @@ INNER JOIN project_category_lu pcl on pcl.project_category_id = p.project_catego
 LEFT JOIN project_info pi1 ON pi1.project_id = p.project_id AND pi1.project_info_type_id = 1
 WHERE  (not exists (SELECT contest_id FROM contest_eligibility WHERE contest_id = p.project_id)
   OR exists(SELECT contest_id FROM contest_eligibility ce, group_contest_eligibility gce, user_group_xref x
-                WHERE x.login_id = 22655028 AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                WHERE ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = 22655028) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                 AND ce.contest_id = p.project_id))
 AND pcl.project_category_id NOT IN (27, 37) --exclude when spec review was a 'contest.' Also exclude MM, which is in there as a 'software' contest.
 AND p.project_status_id IN (4, 5, 6, 7, 8, 9, 10, 11)
diff --git a/queries/search_software_studio_challenges b/queries/search_software_studio_challenges
index 0f148ac57..18c7c1370 100644
--- a/queries/search_software_studio_challenges
+++ b/queries/search_software_studio_challenges
@@ -104,7 +104,7 @@ FIRST @pageSize@
    -- Filter out the challenge that user is not belong to.
    AND (not exists (select contest_id from contest_eligibility where contest_id = p.project_id)
 			or exists(select contest_id from contest_eligibility ce, group_contest_eligibility gce, user_group_xref x 
-                      where x.login_id = @userId@ AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                      where ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = 22655028) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                             AND ce.contest_id = p.project_id))
    AND pcl.project_category_id NOT IN (27, 37) --exclude when spec review was a 'contest.' Also exclude MM, which is in there as a 'software' contest.
    -- start of parameters
diff --git a/queries/search_software_studio_challenges_count b/queries/search_software_studio_challenges_count
index 50a44e649..ca300b02b 100644
--- a/queries/search_software_studio_challenges_count
+++ b/queries/search_software_studio_challenges_count
@@ -51,7 +51,7 @@ SELECT count(*) AS total
     -- Filter out the challenge that user is not belong to.
    AND (not exists (select contest_id from contest_eligibility where contest_id = p.project_id)
 			or exists(select contest_id from contest_eligibility ce, group_contest_eligibility gce, user_group_xref x 
-                      where x.login_id = @userId@ AND x.group_id = gce.group_id AND gce.contest_eligibility_id = ce.contest_eligibility_id
+                      where ((gce.group_id < 2000000 AND x.group_id = gce.group_id AND x.login_id = 22655028) OR gce.group_id >= 2000000) AND gce.contest_eligibility_id = ce.contest_eligibility_id
                             AND ce.contest_id = p.project_id))
    AND pcl.project_category_id NOT IN (27, 37) --exclude when spec review was a 'contest.' Also exclude MM, which is in there as a 'software' contest.
    AND pstatus.project_status_id IN (@project_status_id@)

From 29cc5e729459cf107766eb9ac0fc1f3428afbe08 Mon Sep 17 00:00:00 2001
From: skyhit <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 09:53:16 +0800
Subject: [PATCH 04/17] Update queries (#503)

improve logging for v3 api call
---
 initializers/v3client.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initializers/v3client.js b/initializers/v3client.js
index dabb7759d..7b7ac3c33 100644
--- a/initializers/v3client.js
+++ b/initializers/v3client.js
@@ -42,7 +42,7 @@ function callService(params, callback) {
         /*jslint eqeq: true*/
         if (response.statusCode != 200) {
             /*jslint eqeq: false*/
-            callback(new Error('API V3 returned ' + response.statusCode + ' ' + (response.statusMessage || '')));
+            callback(new Error('API ' + params.url + ' returned ' + response.statusCode + ' ' + (response.statusMessage || '')));
             return;
         }
         callback(null, body);

From 591e2d9fe19357976c3307dae7113101efa71a1a Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 10:10:32 +0800
Subject: [PATCH 05/17] should use externalToken field name

---
 initializers/v3client.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initializers/v3client.js b/initializers/v3client.js
index 7b7ac3c33..df8312a37 100644
--- a/initializers/v3client.js
+++ b/initializers/v3client.js
@@ -73,7 +73,7 @@ function getToken(connection, callback) {
         method: 'POST',
         body: {
             param: {
-                token: connection.authToken
+                externalToken: connection.authToken
             }
         }
     }, function (err, body) {

From f875a0963a20547549fd645af87a904aff6b7bc1 Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 22:00:42 +0800
Subject: [PATCH 06/17] update queries for group checking

---
 queries/check_is_related_with_challenge    | 4 ++--
 queries/check_user_challenge_accessibility | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/queries/check_is_related_with_challenge b/queries/check_is_related_with_challenge
index ab18cd096..36014d75c 100644
--- a/queries/check_is_related_with_challenge
+++ b/queries/check_is_related_with_challenge
@@ -1,9 +1,9 @@
 SELECT
 (SELECT
-    1
+    max(1)
   FROM contest_eligibility ce
   INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
-  INNER JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
+  LEFT JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
   WHERE ce.contest_id = @challengeId@
   AND ((ugx.login_id = @user_id@ AND gce.group_id < 2000000) OR gce.group_id >= 2000000)) AS has_access
 , (SELECT
diff --git a/queries/check_user_challenge_accessibility b/queries/check_user_challenge_accessibility
index e7d7e9b14..309258da0 100644
--- a/queries/check_user_challenge_accessibility
+++ b/queries/check_user_challenge_accessibility
@@ -1,6 +1,6 @@
 SELECT
 (SELECT
-    1
+    max(1)
   FROM contest_eligibility ce
   INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
   LEFT JOIN user_group_xref ugx ON ugx.group_id = gce.group_id

From df292bf5881a9bbc59bc688293a0e7f2e8b030ee Mon Sep 17 00:00:00 2001
From: Vyacheslav V Sokolov <deathless@t-sk.ru>
Date: Tue, 20 Jun 2017 21:09:45 +0700
Subject: [PATCH 07/17] Improve challenge visibility control: getChallenge and
 getRegistrants (#504)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* Improve challenge visibility control: getChallenge and getRegistrants
---
 actions/challenges.js                         |  95 ++-
 db_scripts/test_eligibility.insert.sql        |  23 +
 ...e-Improve Challenge Visibility Control.doc | Bin 52736 -> 56832 bytes
 initializers/challengeHelper.js               |   2 +-
 queries/check_is_related_with_challenge       |  26 +-
 ...Visibility_Control.postman_collection.json | 640 +++++++++++++++++-
 6 files changed, 714 insertions(+), 72 deletions(-)

diff --git a/actions/challenges.js b/actions/challenges.js
index 53266e7a8..bb4d6ceb9 100755
--- a/actions/challenges.js
+++ b/actions/challenges.js
@@ -80,8 +80,8 @@
  * Changes in 1.31:
  * - Remove screeningScorecardId and reviewScorecardId from search challenges api.
  * Changes in 1.32:
- * - validateChallenge function now checks if an user belongs to a group via
- *   user_group_xref for old challenges and by calling V3 API for new ones.
+ * - validateChallenge, getRegistrants, getChallenge, getSubmissions and getPhases functions now check 
+ *   if an user belongs to a group via user_group_xref for old challenges and by calling V3 API for new ones.
  */
 "use strict";
 /*jslint stupid: true, unparam: true, continue: true, nomen: true */
@@ -1081,19 +1081,20 @@ var getChallenge = function (api, connection, dbConnectionMap, isStudio, next) {
             };
 
             // Do the private check.
+            api.challengeHelper.checkUserChallengeEligibility(
+                connection, 
+                connection.params.challengeId, 
+                cb
+            );
+        }, function (cb) {
             api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
         }, function (result, cb) {
-            if (result[0].is_private && !result[0].has_access) {
-                cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
-                return;
-            }
-
             if (result[0].is_manager) {
                 isManager = true;
             }
 
             // If the user has the access to the challenge or is a resource for the challenge then he is related with this challenge.
-            if (result[0].has_access || result[0].is_related || isManager || helper.isAdmin(caller)) {
+            if (result[0].is_private || result[0].is_related || isManager || helper.isAdmin(caller)) {
                 isRelated = true;
             }
 
@@ -3342,33 +3343,32 @@ var getRegistrants = function (api, connection, dbConnectionMap, isStudio, next)
             };
 
             // Do the private check.
-            api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
-        }, function (result, cb) {
-            if (result[0].is_private && !result[0].has_access) {
-                cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
-                return;
-            }
-
+            api.challengeHelper.checkUserChallengeEligibility(
+                connection, 
+                connection.params.challengeId, 
+                cb
+            );
+        }, function (cb) {
             api.dataAccess.executeQuery('challenge_registrants', sqlParams, dbConnectionMap, cb);
         }, function (results, cb) {
             var mapRegistrants = function (results) {
-                    if (!_.isDefined(results)) {
-                        return [];
+                if (!_.isDefined(results)) {
+                    return [];
+                }
+                return _.map(results, function (item) {
+                    var registrant = {
+                        handle: item.handle,
+                        reliability: !_.isDefined(item.reliability) ? "n/a" : item.reliability + "%",
+                        registrationDate: formatDate(item.inquiry_date),
+                        submissionDate: formatDate(item.submission_date)
+                    };
+                    if (!isStudio) {
+                        registrant.rating = item.rating;
+                        registrant.colorStyle = helper.getColorStyle(item.rating);
                     }
-                    return _.map(results, function (item) {
-                        var registrant = {
-                            handle: item.handle,
-                            reliability: !_.isDefined(item.reliability) ? "n/a" : item.reliability + "%",
-                            registrationDate: formatDate(item.inquiry_date),
-                            submissionDate: formatDate(item.submission_date)
-                        };
-                        if (!isStudio) {
-                            registrant.rating = item.rating;
-                            registrant.colorStyle = helper.getColorStyle(item.rating);
-                        }
-                        return registrant;
-                    });
-                };
+                    return registrant;
+                });
+            };
             registrants = mapRegistrants(results);
             cb();
         }
@@ -3440,18 +3440,16 @@ var getSubmissions = function (api, connection, dbConnectionMap, isStudio, next)
                 submission_type: [helper.SUBMISSION_TYPE.challenge.id, helper.SUBMISSION_TYPE.checkpoint.id]
             };
 
-            async.parallel({
-                privateCheck: execQuery("check_is_related_with_challenge"),
-                challengeStatus: execQuery("get_challenge_status")
-            }, cb);
-        }, function (result, cb) {
-            if (result.privateCheck[0].is_private && !result.privateCheck[0].has_access) {
-                cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
-                return;
-            }
-
+            api.challengeHelper.checkUserChallengeEligibility(
+                connection, 
+                connection.params.challengeId, 
+                cb
+            );
+        }, 
+        execQuery("get_challenge_status"),
+        function (result, cb) {
             // If the caller is not admin and challenge status is still active.
-            if (!helper.isAdmin(caller) && result.challengeStatus[0].challenge_status_id === 1) {
+            if (!helper.isAdmin(caller) && result[0].challenge_status_id === 1) {
                 cb(new BadRequestError("The challenge is not finished."));
                 return;
             }
@@ -3567,13 +3565,12 @@ var getPhases = function (api, connection, dbConnectionMap, isStudio, next) {
             };
 
             // Do the private check.
-            api.dataAccess.executeQuery('check_is_related_with_challenge', sqlParams, dbConnectionMap, cb);
-        }, function (result, cb) {
-            if (result[0].is_private && !result[0].has_access) {
-                cb(new UnauthorizedError('The user is not allowed to visit the challenge.'));
-                return;
-            }
-
+            api.challengeHelper.checkUserChallengeEligibility(
+                connection, 
+                connection.params.challengeId, 
+                cb
+            );
+        }, function (cb) {
             var execQuery = function (name) {
                 return function (cbx) {
                     api.dataAccess.executeQuery(name, sqlParams, dbConnectionMap, cbx);
diff --git a/db_scripts/test_eligibility.insert.sql b/db_scripts/test_eligibility.insert.sql
index 8bb746502..994746f08 100644
--- a/db_scripts/test_eligibility.insert.sql
+++ b/db_scripts/test_eligibility.insert.sql
@@ -150,6 +150,28 @@ INSERT INTO project_info (project_id, project_info_type_id, value, create_user,
 INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
 	VALUES (1110005, 2, "3330333", "132456", CURRENT, "132456", CURRENT);
 
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 6, "Not private", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 6, "Old logic - access allowed", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 6, "Old logic - access denied", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 6, "New logic - access allowed", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 6, "New logic - access denied", "132456", CURRENT, "132456", CURRENT);
+	
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110001, 26, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110002, 26, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110003, 26, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110004, 26, "---", "132456", CURRENT, "132456", CURRENT);
+INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+	VALUES (1110005, 26, "---", "132456", CURRENT, "132456", CURRENT);
+
 INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
 	VALUES (1110001, 6, 3330333, "Not private", CURRENT, "132456", CURRENT);
 INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
@@ -162,6 +184,7 @@ INSERT INTO project_info (project_id, project_info_type_id, value, create_user,
 	VALUES (1110005, 6, 3330333, "New logic - access denied", CURRENT, "132456", CURRENT);
 	
 INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
+>>>>>>> upstream/dev
 	VALUES (1110001, 79, "---", "132456", CURRENT, "132456", CURRENT);
 INSERT INTO project_info (project_id, project_info_type_id, value, create_user, create_date, modify_user, modify_date)
 	VALUES (1110002, 79, "---", "132456", CURRENT, "132456", CURRENT);
diff --git a/docs/Verification_Guide-Improve Challenge Visibility Control.doc b/docs/Verification_Guide-Improve Challenge Visibility Control.doc
index 1c2913aaec56e9f7acc508b92ae08a944ff0a3e0..fd53c55cca92514a1e3731a719129a08120a1bcc 100644
GIT binary patch
delta 5309
zcmb8z4^UNA9>DS610*u}Bl6^*;PZjzzeo^B5e=2hB_kt8%g|83$dFiI&2@9Z)y!p@
z{Bw|X$gEZi%eGb?^Fl==av7!CbscM3D{9DbwQ+EF#%;(k*zfN>9zJPz+unPhch5cd
z-gECg=iKu<?^W&bt!nn&KE?9np~NM=6Y@o*0EJkE$5DhQuo}I6eSO6&*O(o?4>b6V
zoE-l~jL5`T5kHZ&Y!G(n^OH2M^wVoi+LULaPR6rif=FAkNa-w*+PNY*nIdswMkU6Y
z&M7wgi7_G<#);IhTM)Z7O()H+d)Rd$yDrK!(-Q6Gq>s%kO`Pwir#5eKY)hiQqa(4)
z;xjSUygfD6H<0|FCyzGWQ&Y{-<Y{JHa;mAEKhiX%#F}=}+i~z`5vD5TVY51Ar14LV
zHAyKEraL9i5@D{SghwVxl01efyr;5Ek!dnrk|o(3N}Uk&^)QhXPO@yI$Qv=HDmBS6
z%)FC2DQGg8O~?t?4UY4vo&F=Va`fdB;$Bi)j*n;V@=w~o_}=XEh4U<~>><?O2hk$8
z$TrsfWYczC-kiJ5u_rUgw_(10NLu^w;1POUX58#sa;6rAibPVpyC}^Ud1YSAKZcVx
zcuz;}{mmgkNz`rzdsQ8FMhqWe#x0Kx*y_8j?eL{D7PHYW*-^E8kHv@Tj?Ie;bTy?G
z>AKnMJp1rCk^$)J3zkVNL(Im!4HIY}>8ABIv-G@DI8T{BZl}@7>|#0IjPZ+(>Y5<p
z^by%TSwwr3-yK37i-abdjRC3F`ZST1Y`%4-$Yru^6lCSnW(;ZNKs%|q{zJ!8gvA`n
zYzR!}=*8^z=2Y&BoK4nmNU?q36-EKW*i!DemcP*Iczu27t&Wz>e*VFW=-`E7lV3<V
z%QEw~-;Ew_lL~o?ytQ=va#WbVZi%rZIKHfY?bfj+JRvrTu-(h<6{N~oKJMDFg7gY0
zA-CMTx+&bTv!>Sfr<8BLtiIh*yt~<AK6y5DNde`q;WA3N1b4|5oTY?w*`Vjn`A=tN
z>k7$d>l3bHZKPLF!^M=MTguFeH6u*grlG-uuG<7}2_KTcKJ&~=o1-6cmy*vJ%3W2k
zk`lC<+!a%CbEUcRwHkj(s+?_4QJuxEdeXC0uvR7|=E=3AhXl%_5@?=$E+)p#ep*`v
zu9EGN#<BK+X6UPpjMHO_xsMgHl5b5_a0btwC32^%Fzh#J(47q2dnQL#P=@D-1W7PE
zs-w-$=fZ*qZPRj|%ICU^Q6>+$&ZKwjIrhdjz0Nq-$e^QxzU>l7p8LIl^fElb_^EZM
z^{*xBHJ0-XXnPj0m3B0i>Ji5F>@btFE9t(c*;iYrP}U)zdeAG^p0<+ZDpwhWGJ|z@
z$yygSaUWG8k+uq%%(|;x%;U9jk$RN&(ntAT#&%cBYAM>4XX=?sSkp4xb*w%3f4A{X
z<@-{;WA<-1T7GK(Hc2(1xAZ?e=GD#C;7FSmJn%S~9nV?g%DG^zyupuJsjJKAbE*$m
z<PfdW3X`}i{0^<+{@W){Z{7PL=<oWje5&4@+BDkgc`V$O{3BPC_<vkce<k1JI&+a(
z_I#ZAq$VW#hmXTRH!#DuJ?QAJP5a4}ID9t!w3wUJ7S!jij7qSYdA|y>y4!tFFEWRA
zg^w+EJ)NFPy}3VXPtqP$q)p;WA2T~TtdTbQUm<<A@J63?owLLoeIe4=>yB9NGGEl)
z#kcjv%ceE+Q-@_wzF+0~NRemIgd>QL5?O~voFT@=j$*LJezf5P+Hsvo*{jiVG($J`
zqZysJj3}E(HEQ5LhGWr=hwUP{SdG#+c~Hs-P!(v87tv`)k6gVfm%g|pXZSj!Z}~{S
zF7ZAtN5%P(^CNK{lzr}`YxStS_@aLFWjbGuH21&SP?@f!b>Kssg^VSzBNSm6i3DUL
z7t4`{b?Ai<A43p|FpPo?c1*-#Jd8Z7LJ?M@7+;O6B!H4Q51l4yu=OFJ`XLPIn1yT<
zVKvqxl{h#J^O1)Zw4x0i_%lx9Q*`1hbm2VKPNWQ6BhL3$@^y`PeI30JqHX|2Ar=Y9
z#d4HjE2>e4@yzLT`qv}f{hzKI$^N_^Ip?+Ao!R5rt4BT_As_QTEvLLbX4}58K|yn~
zA|y3HR<KwWU>f$#tb9OEmWFj$kKbSmwqhrAl39!0NWYVsLk1Yn#Rq=yM-c3YM>2A;
z93|L_YSbYsQDgyfu{V*XdWFORyoI;Xgd=E13xbm93kXFXp2u#~VJ{k)!8p-`0A?>k
zbp`{S8IMFNrXd6KFdtc1fW{?!Injh8Xv23`T_3qBSLDhS7X2CC3HQdo^ODcy?B{Yy
znq8k$a#kAUO)($tiw}>On-!+jof04mv;3&_Flt?L&9>JbsSMC<nj^zB<=H-0FW?h=
zii-$I;m%=4I%XjoLsK~tqmYc9s6j3E;`i8(x6pt_IMIY7sZuGWcTvUYMmjUfQk0<r
z4bwRQPUw$|R<z*+&f;72Ab{Ct5|WXL5>#Lv)}tDYaH1VPGw3fEHiLE#A`ya6grOIH
z=_1>)6E&#CUNoQ)CvX|v=tTt6-Y87O1zbcALijaQ0{sEyc`#hhljkv6O!kEfoxE8{
zr*z)<oVk%?gYMBe@GK5IYvFSy29_38@fc|9(ZJf2xdG;A{TP})uJR#0a~am-*Qml)
zynyZ43H{AhivwuGNu0q&Tt?8{+#N>2hTW(`BaYw%&Y=@N8T=4H0aj&HGP02<#b#_l
zEn3iu)A$CLaUD&wDG(j#LdG1CImpBUEJO~LA`dH3fK^y9mkx=A$iX7iYC^v4maZ;_
zs&i*NFX`~S$Y!(Gr`xsW+P_0O#92=P-me(5w?4+y)KAKca94K()lC(-tKZ_Tev4<l
zzd1zyTRVMLAHV2s{b{`$t!Tqld<&mUdLsN0fDnWt4e6ML4Cv4DYw}OI_%-jZKG(Oy
zQc!3yQ|jmWNJzthuYCem_MN*eCn902>3cKY5q$8hWl+u^evtFd4{{D!hNS33K_?00
zqTG`NC(9;yCIy}e!Nk!blW}4U_hXhHh%}3xQR7c~SLI>vmAAcD_L-2w<L1<PXYKM{
zG2SctyjOO3uRL$kjz^oP9ahup+-#cPotqt^m!or#rFKSsc%~jYQP4?(P7ZWZppyU%
z{u=Z(*lUp2;I4sPW4gxkYo?-cs+oK&&@?whnfj(alXp1DynguhC84@m!@P!f4eJ`t
zHGFH>)^M$%dR>30zOJDf8l^QtYh>1ltdUrQq6R|^f;9;yt7Wyx<9u~Zf#%Bt$>y`h
zK(ppppyf~IFD;Q~gEP>4&y~FN#}Q`a`w^z~ShU%2bm3yFhE5Heo{*{GQbVPNNDYk|
z5;YWR1k}i<QBNbDC)(}lk8qyorjaekJks3Gg=CvM{DztPjwf>CG3Ma0^!uzD@HEhA
zfYacnaZO{Ih7t`S8agy&Xo%3zpdq0@91M*7I_ft~cVx9VEm=D9>xi!-y^ioYqU%Vm
zBe)LSI%w-at%I}<&N?XTV620%4t+Z0=}=cQ%T?a}p5ZQ*;Yx?If(-X4wS{FXE<;Bl
z9d&fH(NRW681K=gj>l8~<{I1wil~l2GwN`l<z@ahv6@rwrJBc%=WDM>3e^MlLZ9<*
zFo)+h6Z0@1Sy+H<=>KQmn}f}fX6una?PL$E6|Yx?SDK$vUawNGG`|D9Ud3K%S<PQE
zc4K|tY7*W*Z8pDmPxNhiN*ziT>8ZW<y~t?tuI0`!>QKYPkJg)5INGP7y~o$`FUNPM
Osw|eZj`bgG@%cA;d-3%E

delta 3478
zcmZwK3s6+o83*w1?k*G&1QC!$+%6AcK|*-03QE){1=}KaI_N~DyrqUBMT%(*?D`ld
z?WBr+hM|NhY2%~}LZe)}r9gcU5(U9pN^MFgW~?QWI?806jwP-1|LwYQ(d^yd-h0kH
z_uR+f{CBbTYOT%M`go=2Y{FLUyhpRMv&BSI!e_OckLMdZb%C)F0eYea&=HklAEC{x
zj#6E=_my&L{A<g)!ijR8C;E+<C?<`_fW}`3BZNX2g!8}R!wq5Bb=X9-7Om@(iON?J
z1>*=gDmIO;#~Zj+<HhL-{#=!isR_`ly$K!~O@p34OfqP_i1?2wq3n^I%vH%NIX&6T
zfhoy6fpu+W5MN9-@V%5Ej!iLgcS;}^rflPmtUz`*=X0ak<ayj1cd~#eK+o6AiL6^;
z@*G3el)Xw#T`}RlNbXl&8ehj64?ta>{-*ny#@wjv+a(!_y}DRSv~@9&JN*!49UZEd
z_1s#ikyn(Kj2yovQ1va2Q`B`C7Zk4CncJBe=9c=;zy1$TjA&z#H8d)8-8YEzIIZIp
zQcv`D#?tA9sC&Aly5rluz6%mo;Yp&E^;Ximcl|gr&+xTqf4}nGcScy*n4((qniUP6
zsv$qz+dgR0qy6r)^TQU(Ai2ZrtPe$C?ZXH1YojqHG!aSk8rII&%_O2KG<_+Gs1lWf
zSerOhw<LHl8pEj}%8td|V^1g6(nD_&AMh{-Y)K_5#BOyp(Oo$Z9R=_KU7A}f4h+NA
zi*BEzGaD{f^`6ARxoGuWv|7srI}Zh%#1{TozI>fW*$aF2sxw770X_v(MAh_t+Cvqz
zm!9Wewk(>zm*QwQN=EYL&9#e_8s1W-x0Fy7mOUVQs;P{mrUcuC_$;CV`Vsa>ISY!>
zXEFNJ8>{WD_h4@kj&UAoL}?FNe06(iS%9N=VSgHq`2iL9(#!V7d(n~ow7jJ@AgcnM
z7*X$fX>vK$v=5&p=)y?lxReTP%Vn>m6f$Eiofl)hiW0CylefC+$KmsM+7if>Ey45U
z03&7NpnbfsEN!{o=(yf;bSC%ed}66+6=W>OMeMSlL~o4c<A<W$?A`O0w^FomWK_2w
zbaUsKlYYGWXe75cc&WEvubVgT%U;x<pLk2_+^@DbTv0gZopXwr-A=8*=bBS@Rps3x
zouvlT>J>N{j7Wh-xB(x5{}Q4=u)-+#h7iRqC3+P);Sorr7{CaUA=`}jbA%mm7$jzb
zAQdv91}0$|3d8Wo42Y;ONQ84Bk@b)sJfNw+PtgcIMr5I3`Iw>$G&N;k^^k4YW*a8k
zX?n-LJ&f`&_4MGBb6&jRbdP0?^g0ALz=}!L4MQ-p47Ub1z=S{e7>I>9Fhd~}Lp9XE
zD^L$-;5=M}J{W_1%!op$f@-LNIyh*uII{H(6uO`r`rrx-!Vp}8^_Y7bAOkWX2a2H-
zYTy^}Hk<*O;6pGDjWI+`&<3~QHr$12_#9>|_@L#;PSAlnG-6UWLr5G34?+<91~5Vx
z#6UX87lM3+JhZ>CqG_6Z{2qI<`M7QxWA{wu<RW|3H2uZCT&DrN`B=v??(aym(1I5?
z1(Df<3b5MgL7U}lbzp^hXoGg>g-!89-+~>`1kG>?TA>ZjfepH#8}bq`E>H+zi9`_)
z2_}e#4T%_=3~b~=9ay0r+MpeJp&aQ}0d;T@`alx%8eE4l7>5b?1mcmjiI5B%;3%Ac
z))e#$?eJfC1Z2S%jRrg+24W!@Qeicu!&+Dmt<VPTAYbWU&;!>u%J=F1{imxPO&mKv
z{glRObeslg!0{&k(NVfIXU3qwUcWYR>w9bYM8{%FmYm84gD?c+pj&}IBM5|eNQCw9
z2oQ+m3z@J9z5}_i4f3HB%3wFh?~DqFz&B<k{0gQaA{7G#rc?}23^rn+0xF>qnqUa7
z!5ECg1bhN_;4|<`Lx@2j1cCgR`S-oAc;BPR$q6hpNrOE$>Y!6CSehGU!IxnYcl|bl
zv(+sAo$Ad)XMK5G4ObF7ZU4}C?3%qfe``?mGM?><P<?(ssytQG^GwYjo~gN@xIHH!
z><nNDUkToWAi?X0;PnS*$Ufjao1XLfgH3ZrZcf4GI;N+&qhHT6{obY{uGNQK3wX{?
zUbXlY5y1N|Me&Xg@_qbp3B_fKLfQyzL4=m~e^9Y~fu#LQMn}>g!TNPDB3>oTZ6J~B
zj8=(NiBySFiBO45iAsq``PDh|<jhDKJ~tT2)}de?zT(ZMtLymAhv)gD%TfIDWl#Re
zB~z}S93v?z=_$!6sVRvmNht{_$tZ~^Nhk>@!6%{D^f>ekk3&xaPr^<@ZicOcdM+J0
z#+vt|IN?&1a>nrx2159~fgHA6PTcM<4JDT(k0ggAe<XJ#b0lw^StB_k86(jmks?td
z5hBqcks)y*QQ?e<`efeJ7tNNzX5}V-b40Iv%q_MgUNYd#Khyc+=9lvOS6B0~fuQU_
z`FSpJ;*1iB5lIk94oM723rPu?wlZC1n#%N)X(`iDrlCwfnR@n{R!fJPl;@l?(J|{B
zldcMrs2XZOCS4!Me+Bl#lxaL4J->lL+Gh)1GU_^pS6vHztbFelcmH`KzwjsXE>Gzo
z1Pow=Fo=LiFoDd{M%UvTTni^%3nyF)^{$1Z{6)WB`6+&rzRCLs^!(Y#_4(xC_-_V}
kPgROT6u)P08CQBmQ95rt)G96NfBt4wlv4H8kB?~n4~Qp6qW}N^

diff --git a/initializers/challengeHelper.js b/initializers/challengeHelper.js
index 2460e3f17..66edae75f 100644
--- a/initializers/challengeHelper.js
+++ b/initializers/challengeHelper.js
@@ -374,7 +374,7 @@ exports.challengeHelper = function (api, next) {
                     } else if (connection.caller.accessLevel === "anon") {
                         next(new UnauthorizedError());
                     } else {
-                        next(new ForbiddenError());
+                        next(new ForbiddenError('The user is not allowed to visit the challenge.'));
                     }
                 });
             });
diff --git a/queries/check_is_related_with_challenge b/queries/check_is_related_with_challenge
index 36014d75c..2e7034109 100644
--- a/queries/check_is_related_with_challenge
+++ b/queries/check_is_related_with_challenge
@@ -2,21 +2,21 @@ SELECT
 (SELECT
     max(1)
   FROM contest_eligibility ce
-  INNER JOIN group_contest_eligibility gce ON gce.contest_eligibility_id = ce.contest_eligibility_id
-  LEFT JOIN user_group_xref ugx ON ugx.group_id = gce.group_id
   WHERE ce.contest_id = @challengeId@
-  AND ((ugx.login_id = @user_id@ AND gce.group_id < 2000000) OR gce.group_id >= 2000000)) AS has_access
-, (SELECT
-    1
-  FROM contest_eligibility ce
-  WHERE ce.contest_id = @challengeId@) AS is_private
-, (
-  SELECT 
+) AS is_private
+, (SELECT 
     decode(max(ri.value), null, null, 1)
   FROM resource r
-  INNER JOIN resource_info ri ON ri.resource_id = r.resource_id AND ri.resource_info_type_id = 1
+    INNER JOIN resource_info ri ON ri.resource_id = r.resource_id AND ri.resource_info_type_id = 1
   WHERE r.project_id = @challengeId@
-  AND ri.value = @user_id@) AS is_related
-, (SELECT max(project_metadata_id) FROM direct_project_metadata m, project p 
-         WHERE metadata_value = @user_id@ AND p.tc_direct_project_id = m.tc_direct_project_id and p.project_id = @challengeId@ AND project_metadata_key_id IN (1, 2, 14)) AS is_manager
+    AND ri.value = @user_id@
+) AS is_related
+, (SELECT 
+    max(project_metadata_id) 
+  FROM direct_project_metadata m, project p 
+  WHERE metadata_value = @user_id@ 
+    AND p.tc_direct_project_id = m.tc_direct_project_id 
+    AND p.project_id = @challengeId@ 
+    AND project_metadata_key_id IN (1, 2, 14)
+) AS is_manager
 FROM dual
diff --git a/test/postman/New_Challenge_Visibility_Control.postman_collection.json b/test/postman/New_Challenge_Visibility_Control.postman_collection.json
index 7dadfd3d1..3c52fb3e4 100644
--- a/test/postman/New_Challenge_Visibility_Control.postman_collection.json
+++ b/test/postman/New_Challenge_Visibility_Control.postman_collection.json
@@ -4,6 +4,19 @@
 	"description": "",
 	"order": [],
 	"folders": [
+		{
+			"id": "cada5a0c-766f-dde0-3c9f-d001a67eddd4",
+			"name": "Get challenge",
+			"description": "",
+			"order": [
+				"c383cab7-3145-145e-9da9-846001755460",
+				"42b84596-9d5a-50e7-76be-c1ad23f98468",
+				"3246a996-e8f9-5e60-79b9-8aeffcd5392f",
+				"bf83e2d2-549b-361e-f5cf-66a40d816f0c",
+				"1af5c911-4627-ad92-085c-63e6fc7b6d9e"
+			],
+			"owner": "316251"
+		},
 		{
 			"id": "712ffa63-a959-e4a3-6af9-84d4f236b2f3",
 			"name": "Get checkpoints",
@@ -17,6 +30,47 @@
 			],
 			"owner": "316251"
 		},
+		{
+			"id": "6b9370a1-5974-a6a6-a961-67e73abaa861",
+			"name": "Get phases",
+			"description": "",
+			"order": [
+				"c7d11de6-630a-71bd-4095-cd3c8fb8ab77",
+				"f5da62a7-9231-5f7a-f44a-f2f14c9ae003",
+				"d7a050dc-6eaa-f62e-24e4-37d111002d4a",
+				"c305f2ea-dbfd-f95f-c809-583133af5881",
+				"0461a7de-3ae1-f873-b667-50d04a43b317"
+			],
+			"owner": "316251",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240"
+		},
+		{
+			"id": "6a038555-23cd-e79f-1d34-0fb860e305a3",
+			"name": "Get registrants",
+			"description": "",
+			"order": [
+				"bcc821a7-0e3a-3454-d900-12af0cc94656",
+				"70b3453b-1d1a-e411-f8e5-527edb0a2530",
+				"f73f4e00-c286-d440-ce79-89095d7354dd",
+				"e97dac4e-c786-27b1-5e4b-fff50b6de93a",
+				"b3cb44e7-3e5f-897e-5d6f-6179afc52653"
+			],
+			"owner": "316251"
+		},
+		{
+			"id": "2a873809-800c-ee71-51ad-94f10096709b",
+			"name": "Get submissions",
+			"description": "",
+			"order": [
+				"f90179ed-98da-be6d-77ae-9e3aa4199b5c",
+				"f915c206-b3fe-a4be-1094-bc8a448cb467",
+				"d3e5ca45-334d-fb54-1fd7-46f8e7b82841",
+				"f8e9d38f-8d8d-6e63-4978-6e3546f20b7c",
+				"f8720a5a-5a8b-423c-065f-8d3a3469fbca"
+			],
+			"owner": "316251",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240"
+		},
 		{
 			"id": "cfbf928f-56b8-9813-f8f3-4ac4e342d965",
 			"name": "Register for challenges",
@@ -46,6 +100,62 @@
 	"owner": "316251",
 	"public": false,
 	"requests": [
+		{
+			"id": "0461a7de-3ae1-f873-b667-50d04a43b317",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110005",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959637871,
+			"name": "New logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "1af5c911-4627-ad92-085c-63e6fc7b6d9e",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110005",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959273575,
+			"name": "New logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
 		{
 			"id": "2af8f0d9-f3e8-c58a-ca3d-1130e4b07371",
 			"headers": "Authorization: Bearer {{authToken}}\n",
@@ -75,6 +185,62 @@
 			"responses": [],
 			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
 		},
+		{
+			"id": "3246a996-e8f9-5e60-79b9-8aeffcd5392f",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110003",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497958076427,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "42b84596-9d5a-50e7-76be-c1ad23f98468",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497957969156,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
 		{
 			"id": "46cf305a-8251-66aa-391c-46def82773a1",
 			"headers": "Authorization: Bearer {{authToken}}\n",
@@ -214,6 +380,34 @@
 			"rawModeData": "{\n    \"username\": \"heffan\", \n    \"password\": \"password\"\n}",
 			"folder": "0eeb693c-c6b6-e23b-156d-cff5f21dbb27"
 		},
+		{
+			"id": "70b3453b-1d1a-e411-f8e5-527edb0a2530",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/registrants/1110002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497934833132,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
 		{
 			"id": "7c7643c6-89ab-641e-b67a-32b3ac91e09e",
 			"headers": "Authorization: Bearer {{authToken}}\n",
@@ -304,7 +498,7 @@
 			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
 		},
 		{
-			"id": "d830ec36-eb8e-9586-c546-14af77cec152",
+			"id": "b3cb44e7-3e5f-897e-5d6f-6179afc52653",
 			"headers": "Authorization: Bearer {{authToken}}\n",
 			"headerData": [
 				{
@@ -314,7 +508,7 @@
 					"enabled": true
 				}
 			],
-			"url": "{{url}}/develop/challenges/checkpoint/2220002",
+			"url": "{{url}}/challenges/registrants/1110005",
 			"queryParams": [],
 			"preRequestScript": null,
 			"pathVariables": {},
@@ -325,15 +519,45 @@
 			"tests": null,
 			"currentHelper": "normal",
 			"helperAttributes": {},
-			"time": 1497550612717,
-			"name": "Old logic, access allowed",
+			"time": 1497935002619,
+			"name": "New logic, access denied",
 			"description": "",
 			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "bcc821a7-0e3a-3454-d900-12af0cc94656",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/registrants/1110001",
+			"queryParams": [],
+			"pathVariables": {},
+			"pathVariableData": [],
+			"preRequestScript": null,
+			"method": "GET",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"data": null,
+			"dataMode": "params",
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"descriptionFormat": "html",
+			"time": 1497934405019,
+			"version": 2,
 			"responses": [],
-			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"folder": "6a038555-23cd-e79f-1d34-0fb860e305a3"
 		},
 		{
-			"id": "f545bbfc-36d7-6567-25a8-b4d6634575e7",
+			"id": "bf83e2d2-549b-361e-f5cf-66a40d816f0c",
 			"headers": "Authorization: Bearer {{authToken}}\n",
 			"headerData": [
 				{
@@ -343,7 +567,7 @@
 					"enabled": true
 				}
 			],
-			"url": "{{url}}/develop/challenges/checkpoint/2220004",
+			"url": "{{url}}/challenges/1110004",
 			"queryParams": [],
 			"preRequestScript": null,
 			"pathVariables": {},
@@ -354,12 +578,410 @@
 			"tests": null,
 			"currentHelper": "normal",
 			"helperAttributes": {},
-			"time": 1497550705028,
+			"time": 1497958165136,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "c305f2ea-dbfd-f95f-c809-583133af5881",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110004",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959248881,
 			"name": "New logic, access allowed",
 			"description": "",
 			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "c383cab7-3145-145e-9da9-846001755460",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/1110001",
+			"queryParams": [],
+			"pathVariables": {},
+			"pathVariableData": [],
+			"preRequestScript": null,
+			"method": "GET",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"data": null,
+			"dataMode": "params",
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"descriptionFormat": "html",
+			"time": 1497957874624,
+			"version": 2,
 			"responses": [],
-			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"folder": "cada5a0c-766f-dde0-3c9f-d001a67eddd4"
+		},
+		{
+			"id": "c7d11de6-630a-71bd-4095-cd3c8fb8ab77",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110001",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959147405,
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "d3e5ca45-334d-fb54-1fd7-46f8e7b82841",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/submissions/2220003",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959455425,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "d7a050dc-6eaa-f62e-24e4-37d111002d4a",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110003",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959220837,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "d830ec36-eb8e-9586-c546-14af77cec152",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550612717,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "e97dac4e-c786-27b1-5e4b-fff50b6de93a",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/registrants/1110004",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497934940451,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f545bbfc-36d7-6567-25a8-b4d6634575e7",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/develop/challenges/checkpoint/2220004",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497550705028,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": [],
+			"folder": "712ffa63-a959-e4a3-6af9-84d4f236b2f3"
+		},
+		{
+			"id": "f5da62a7-9231-5f7a-f44a-f2f14c9ae003",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/phases/1110002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959161340,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f73f4e00-c286-d440-ce79-89095d7354dd",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/registrants/1110003",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497934860473,
+			"name": "Old logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f8720a5a-5a8b-423c-065f-8d3a3469fbca",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/submissions/2220005",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959508749,
+			"name": "New logic, access denied",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f8e9d38f-8d8d-6e63-4978-6e3546f20b7c",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/submissions/2220004",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959483268,
+			"name": "New logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f90179ed-98da-be6d-77ae-9e3aa4199b5c",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/submissions/2220001",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"version": 2,
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959423349,
+			"name": "No groups (challenge is not private)",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
+		},
+		{
+			"id": "f915c206-b3fe-a4be-1094-bc8a448cb467",
+			"headers": "Authorization: Bearer {{authToken}}\n",
+			"headerData": [
+				{
+					"key": "Authorization",
+					"value": "Bearer {{authToken}}",
+					"description": "",
+					"enabled": true
+				}
+			],
+			"url": "{{url}}/challenges/submissions/2220002",
+			"queryParams": [],
+			"preRequestScript": null,
+			"pathVariables": {},
+			"pathVariableData": [],
+			"method": "GET",
+			"data": null,
+			"dataMode": "params",
+			"tests": null,
+			"currentHelper": "normal",
+			"helperAttributes": {},
+			"time": 1497959438513,
+			"name": "Old logic, access allowed",
+			"description": "",
+			"collectionId": "ba962be9-0d58-f187-8809-008a39bc2240",
+			"responses": []
 		},
 		{
 			"id": "fd4cd936-2d4d-a272-f402-d0f7b6cab82f",

From af2daa1edcc93390999e14bcedf8fa928d48590c Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 20 Jun 2017 22:41:33 +0800
Subject: [PATCH 08/17] revert commit

---
 tc-api.iml |   9 -
 tc-api.ipr |  82 ---------
 tc-api.iws | 495 -----------------------------------------------------
 3 files changed, 586 deletions(-)
 delete mode 100644 tc-api.iml
 delete mode 100644 tc-api.ipr
 delete mode 100644 tc-api.iws

diff --git a/tc-api.iml b/tc-api.iml
deleted file mode 100644
index 44b943bfa..000000000
--- a/tc-api.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" name="tc-api node_modules" level="project" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/tc-api.ipr b/tc-api.ipr
deleted file mode 100644
index 92b3a0143..000000000
--- a/tc-api.ipr
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="CompilerConfiguration">
-    <option name="DEFAULT_COMPILER" value="Javac" />
-    <resourceExtensions />
-    <wildcardResourcePatterns>
-      <entry name="!?*.java" />
-      <entry name="!?*.form" />
-      <entry name="!?*.class" />
-      <entry name="!?*.groovy" />
-      <entry name="!?*.scala" />
-      <entry name="!?*.flex" />
-      <entry name="!?*.kt" />
-      <entry name="!?*.clj" />
-    </wildcardResourcePatterns>
-    <annotationProcessing>
-      <profile default="true" name="Default" enabled="false">
-        <processorPath useClasspath="true" />
-      </profile>
-    </annotationProcessing>
-  </component>
-  <component name="CopyrightManager" default="" />
-  <component name="JavaScriptLibraryMappings">
-    <file url="file://$PROJECT_DIR$" libraries="{tc-api node_modules}" />
-  </component>
-  <component name="MavenImportPreferences">
-    <option name="generalSettings">
-      <MavenGeneralSettings>
-        <option name="mavenHome" value="Bundled (Maven 3)" />
-      </MavenGeneralSettings>
-    </option>
-  </component>
-  <component name="ProjectLevelVcsManager" settingsEditedManually="false">
-    <OptionsSetting value="true" id="Add" />
-    <OptionsSetting value="true" id="Remove" />
-    <OptionsSetting value="true" id="Checkout" />
-    <OptionsSetting value="true" id="Update" />
-    <OptionsSetting value="true" id="Status" />
-    <OptionsSetting value="true" id="Edit" />
-    <ConfirmationsSetting value="0" id="Add" />
-    <ConfirmationsSetting value="0" id="Remove" />
-  </component>
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/tc-api.iml" filepath="$PROJECT_DIR$/tc-api.iml" />
-    </modules>
-  </component>
-  <component name="ProjectRootManager" version="2" />
-  <component name="VcsDirectoryMappings">
-    <mapping directory="" vcs="Git" />
-  </component>
-  <component name="libraryTable">
-    <library name="tc-api node_modules" type="javaScript">
-      <properties>
-        <option name="frameworkName" value="node_modules" />
-        <sourceFilesUrls>
-          <item url="file://$PROJECT_DIR$/node_modules" />
-        </sourceFilesUrls>
-      </properties>
-      <CLASSES>
-        <root url="file://$PROJECT_DIR$/node_modules" />
-      </CLASSES>
-      <SOURCES />
-    </library>
-  </component>
-  <component name="masterDetails">
-    <states>
-      <state key="ProjectJDKs.UI">
-        <settings>
-          <last-edited>1.8</last-edited>
-          <splitter-proportions>
-            <option name="proportions">
-              <list>
-                <option value="0.2" />
-              </list>
-            </option>
-          </splitter-proportions>
-        </settings>
-      </state>
-    </states>
-  </component>
-</project>
\ No newline at end of file
diff --git a/tc-api.iws b/tc-api.iws
deleted file mode 100644
index 16b05a466..000000000
--- a/tc-api.iws
+++ /dev/null
@@ -1,495 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ChangeListManager">
-    <list default="true" id="ba66c07b-ffc8-4463-ad41-d1cb2b6cb685" name="Default" comment="" />
-    <ignored path="tc-api.iws" />
-    <ignored path=".idea/workspace.xml" />
-    <ignored path="$PROJECT_DIR$/out/" />
-    <ignored path=".idea/dataSources.local.xml" />
-    <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
-    <option name="TRACKING_ENABLED" value="true" />
-    <option name="SHOW_DIALOG" value="false" />
-    <option name="HIGHLIGHT_CONFLICTS" value="true" />
-    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
-    <option name="LAST_RESOLUTION" value="IGNORE" />
-  </component>
-  <component name="ChangesViewManager" flattened_view="true" show_ignored="false" />
-  <component name="CreatePatchCommitExecutor">
-    <option name="PATCH_PATH" value="" />
-  </component>
-  <component name="ExecutionTargetManager" SELECTED_TARGET="default_target" />
-  <component name="FavoritesManager">
-    <favorites_list name="tc-api" />
-  </component>
-  <component name="FileEditorManager">
-    <leaf>
-      <file leaf-file-name="search_past_software_studio_challenges" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_past_software_studio_challenges">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="107" column="132" selection-start-line="107" selection-start-column="132" selection-end-line="107" selection-end-column="132" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="search_past_software_studio_challenges_count" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_past_software_studio_challenges_count">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="13" column="22" selection-start-line="13" selection-start-column="22" selection-end-line="13" selection-end-column="132" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="search_private_software_studio_challenges" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_private_software_studio_challenges">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="108" column="26" selection-start-line="108" selection-start-column="26" selection-end-line="108" selection-end-column="26" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="search_private_software_studio_challenges_count" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_private_software_studio_challenges_count">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="54" column="26" selection-start-line="54" selection-start-column="26" selection-end-line="54" selection-end-column="26" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="search_software_studio_challenges" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_software_studio_challenges">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="106" column="137" selection-start-line="106" selection-start-column="137" selection-end-line="106" selection-end-column="137" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="search_software_studio_challenges_count" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/queries/search_software_studio_challenges_count">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="53" column="138" selection-start-line="53" selection-start-column="138" selection-end-line="53" selection-end-column="138" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="v3client.js" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/initializers/v3client.js">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="-14.0">
-              <caret line="75" column="29" selection-start-line="75" selection-start-column="29" selection-end-line="75" selection-end-column="29" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="ForbiddenError.js" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/errors/ForbiddenError.js">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="17" column="18" selection-start-line="17" selection-start-column="4" selection-end-line="17" selection-end-column="18" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="challengeRegistration.js" pinned="false" current-in-tab="true">
-        <entry file="file://$PROJECT_DIR$/actions/challengeRegistration.js">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.7838577">
-              <caret line="785" column="27" selection-start-line="785" selection-start-column="27" selection-end-line="785" selection-end-column="27" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file leaf-file-name="challenges.js" pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/actions/challenges.js">
-          <provider selected="true" editor-type-id="text-editor">
-            <state vertical-scroll-proportion="0.0">
-              <caret line="1937" column="23" selection-start-line="1937" selection-start-column="23" selection-end-line="1937" selection-end-column="23" />
-              <folding />
-            </state>
-          </provider>
-        </entry>
-      </file>
-    </leaf>
-  </component>
-  <component name="Git.Settings">
-    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
-  </component>
-  <component name="GradleLocalSettings">
-    <option name="externalProjectsViewState">
-      <projects_view />
-    </option>
-  </component>
-  <component name="IdeDocumentHistory">
-    <option name="CHANGED_PATHS">
-      <list>
-        <option value="$PROJECT_DIR$/queries/check_user_challenge_accessibility" />
-        <option value="$PROJECT_DIR$/queries/check_is_related_with_challenge" />
-        <option value="$PROJECT_DIR$/queries/get_open_challenges_count" />
-        <option value="$PROJECT_DIR$/queries/get_past_challenges_count" />
-        <option value="$PROJECT_DIR$/queries/search_past_software_studio_challenges" />
-        <option value="$PROJECT_DIR$/queries/search_past_software_studio_challenges_count" />
-        <option value="$PROJECT_DIR$/queries/search_software_studio_challenges" />
-        <option value="$PROJECT_DIR$/queries/search_software_studio_challenges_count" />
-        <option value="$PROJECT_DIR$/initializers/v3client.js" />
-      </list>
-    </option>
-  </component>
-  <component name="JsBuildToolGruntFileManager" detection-done="true" />
-  <component name="JsGulpfileManager">
-    <detection-done>true</detection-done>
-  </component>
-  <component name="NamedScopeManager">
-    <order />
-  </component>
-  <component name="ProjectFrameBounds">
-    <option name="width" value="1920" />
-    <option name="height" value="1200" />
-  </component>
-  <component name="ProjectLevelVcsManager" settingsEditedManually="false">
-    <OptionsSetting value="true" id="Add" />
-    <OptionsSetting value="true" id="Remove" />
-    <OptionsSetting value="true" id="Checkout" />
-    <OptionsSetting value="true" id="Update" />
-    <OptionsSetting value="true" id="Status" />
-    <OptionsSetting value="true" id="Edit" />
-    <ConfirmationsSetting value="0" id="Add" />
-    <ConfirmationsSetting value="0" id="Remove" />
-  </component>
-  <component name="ProjectView">
-    <navigator currentView="ProjectPane" proportions="" version="1">
-      <flattenPackages />
-      <showMembers />
-      <showModules />
-      <showLibraryContents />
-      <hideEmptyPackages />
-      <abbreviatePackageNames />
-      <autoscrollToSource />
-      <autoscrollFromSource />
-      <sortByType />
-    </navigator>
-    <panes>
-      <pane id="Scratches" />
-      <pane id="ProjectPane">
-        <subPane>
-          <PATH>
-            <PATH_ELEMENT>
-              <option name="myItemId" value="tc-api.ipr" />
-              <option name="myItemType" value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
-            </PATH_ELEMENT>
-          </PATH>
-        </subPane>
-      </pane>
-      <pane id="Scope" />
-      <pane id="PackagesPane" />
-    </panes>
-  </component>
-  <component name="PropertiesComponent">
-    <property name="GoToClass.includeLibraries" value="false" />
-    <property name="GoToClass.toSaveIncludeLibraries" value="false" />
-    <property name="GoToFile.includeJavaFiles" value="false" />
-    <property name="MemberChooser.sorted" value="false" />
-    <property name="MemberChooser.showClasses" value="true" />
-    <property name="MemberChooser.copyJavadoc" value="false" />
-    <property name="aspect.path.notification.shown" value="true" />
-    <property name="WebServerToolWindowFactoryState" value="false" />
-    <property name="FullScreen" value="true" />
-    <property name="last_opened_file_path" value="$PROJECT_DIR$" />
-    <property name="HbShouldOpenHtmlAsHb" value="" />
-  </component>
-  <component name="RunManager">
-    <configuration default="true" type="NodeJSConfigurationType" factoryName="Node.js" working-dir="">
-      <method />
-    </configuration>
-    <configuration name="&lt;template&gt;" type="#org.jetbrains.idea.devkit.run.PluginConfigurationType" default="true" selected="false">
-      <option name="VM_PARAMETERS" value="-Xmx512m -Xms256m -XX:MaxPermSize=250m -ea" />
-    </configuration>
-    <configuration name="&lt;template&gt;" type="WebApp" default="true" selected="false">
-      <Host>localhost</Host>
-      <Port>5050</Port>
-    </configuration>
-  </component>
-  <component name="ShelveChangesManager" show_recycled="false" />
-  <component name="SvnConfiguration">
-    <configuration />
-  </component>
-  <component name="TaskManager">
-    <task active="true" id="Default" summary="Default task">
-      <changelist id="ba66c07b-ffc8-4463-ad41-d1cb2b6cb685" name="Default" comment="" />
-      <created>1467168622962</created>
-      <option name="number" value="Default" />
-      <updated>1467168622962</updated>
-      <workItem from="1467168626845" duration="481000" />
-    </task>
-    <servers />
-  </component>
-  <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="481000" />
-  </component>
-  <component name="ToolWindowManager">
-    <frame x="0" y="0" width="1920" height="1200" extended-state="6" />
-    <editor active="true" />
-    <layout>
-      <window_info id="Project" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" weight="0.24960506" sideWeight="0.5" order="0" side_tool="false" content_ui="combo" />
-      <window_info id="TODO" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="6" side_tool="false" content_ui="tabs" />
-      <window_info id="Event Log" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="7" side_tool="true" content_ui="tabs" />
-      <window_info id="Application Servers" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="7" side_tool="false" content_ui="tabs" />
-      <window_info id="Find" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" weight="0.3295053" sideWeight="0.5" order="1" side_tool="false" content_ui="tabs" />
-      <window_info id="Version Control" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="7" side_tool="false" content_ui="tabs" />
-      <window_info id="Run" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="2" side_tool="false" content_ui="tabs" />
-      <window_info id="Structure" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.25" sideWeight="0.5" order="1" side_tool="false" content_ui="tabs" />
-      <window_info id="Terminal" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="7" side_tool="false" content_ui="tabs" />
-      <window_info id="Favorites" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="2" side_tool="true" content_ui="tabs" />
-      <window_info id="Debug" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.4" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
-      <window_info id="Cvs" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.25" sideWeight="0.5" order="4" side_tool="false" content_ui="tabs" />
-      <window_info id="Message" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="0" side_tool="false" content_ui="tabs" />
-      <window_info id="Commander" active="false" anchor="right" auto_hide="false" internal_type="SLIDING" type="SLIDING" visible="false" weight="0.4" sideWeight="0.5" order="0" side_tool="false" content_ui="tabs" />
-      <window_info id="Palette&#9;" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="2" side_tool="false" content_ui="tabs" />
-      <window_info id="Inspection" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.4" sideWeight="0.5" order="5" side_tool="false" content_ui="tabs" />
-      <window_info id="Maven Projects" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
-      <window_info id="Hierarchy" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.25" sideWeight="0.5" order="2" side_tool="false" content_ui="combo" />
-      <window_info id="Designer" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
-      <window_info id="LuaJ" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
-      <window_info id="Database" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
-      <window_info id="Ant Build" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" weight="0.25" sideWeight="0.5" order="1" side_tool="false" content_ui="tabs" />
-    </layout>
-  </component>
-  <component name="VcsContentAnnotationSettings">
-    <option name="myLimit" value="2678400000" />
-  </component>
-  <component name="XDebuggerManager">
-    <breakpoint-manager />
-    <watches-manager />
-  </component>
-  <component name="editorHistoryManager">
-    <entry file="file://$PROJECT_DIR$/actions/auth0.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
-          <folding>
-            <element signature="n#!!doc" expanded="false" />
-          </folding>
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/actions/auth.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="65" column="57" selection-start-line="65" selection-start-column="16" selection-end-line="65" selection-end-column="57" />
-          <folding>
-            <element signature="n#!!doc" expanded="false" />
-          </folding>
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/config/tc-config.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/config/tc-config.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="87" column="65" selection-start-line="87" selection-start-column="46" selection-end-line="87" selection-end-column="65" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/actions/auth.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="65" column="57" selection-start-line="65" selection-start-column="16" selection-end-line="65" selection-end-column="57" />
-          <folding>
-            <element signature="n#!!doc" expanded="false" />
-          </folding>
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/actions/auth0.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
-          <folding>
-            <element signature="n#!!doc" expanded="false" />
-          </folding>
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/get_upcoming_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="24" column="129" selection-start-line="24" selection-start-column="119" selection-end-line="24" selection-end-column="129" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/check_user_challenge_accessibility.json">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="-3.125">
-          <caret line="5" column="0" selection-start-line="5" selection-start-column="0" selection-end-line="5" selection-end-column="0" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/check_is_related_with_challenge">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="7" column="59" selection-start-line="7" selection-start-column="52" selection-end-line="7" selection-end-column="59" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/get_active_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="32" column="40" selection-start-line="32" selection-start-column="40" selection-end-line="32" selection-end-column="40" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/check_user_challenge_accessibility">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="4" column="38" selection-start-line="4" selection-start-column="13" selection-end-line="4" selection-end-column="38" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/get_challenge_accessibility_and_groups">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="9" column="16" selection-start-line="9" selection-start-column="16" selection-end-line="9" selection-end-column="16" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/get_open_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="18" column="136" selection-start-line="18" selection-start-column="25" selection-end-line="18" selection-end-column="136" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/get_past_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="30" column="136" selection-start-line="30" selection-start-column="136" selection-end-line="30" selection-end-column="136" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_past_software_studio_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="107" column="132" selection-start-line="107" selection-start-column="132" selection-end-line="107" selection-end-column="132" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_private_software_studio_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="108" column="26" selection-start-line="108" selection-start-column="26" selection-end-line="108" selection-end-column="26" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_private_software_studio_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="54" column="26" selection-start-line="54" selection-start-column="26" selection-end-line="54" selection-end-column="26" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_private_past_software_studio_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.5738636">
-          <caret line="77" column="27" selection-start-line="77" selection-start-column="24" selection-end-line="77" selection-end-column="27" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_private_past_software_studio_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.50752395">
-          <caret line="124" column="22" selection-start-line="124" selection-start-column="22" selection-end-line="124" selection-end-column="22" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_past_software_studio_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="13" column="22" selection-start-line="13" selection-start-column="22" selection-end-line="13" selection-end-column="132" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_software_studio_challenges">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="106" column="137" selection-start-line="106" selection-start-column="137" selection-end-line="106" selection-end-column="137" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/queries/search_software_studio_challenges_count">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="53" column="138" selection-start-line="53" selection-start-column="138" selection-end-line="53" selection-end-column="138" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/initializers/v3client.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="-14.0">
-          <caret line="75" column="29" selection-start-line="75" selection-start-column="29" selection-end-line="75" selection-end-column="29" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/errors/ForbiddenError.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="17" column="18" selection-start-line="17" selection-start-column="4" selection-end-line="17" selection-end-column="18" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/actions/challenges.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.0">
-          <caret line="1937" column="23" selection-start-line="1937" selection-start-column="23" selection-end-line="1937" selection-end-column="23" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/actions/challengeRegistration.js">
-      <provider selected="true" editor-type-id="text-editor">
-        <state vertical-scroll-proportion="0.7838577">
-          <caret line="785" column="27" selection-start-line="785" selection-start-column="27" selection-end-line="785" selection-end-column="27" />
-          <folding />
-        </state>
-      </provider>
-    </entry>
-  </component>
-</project>
\ No newline at end of file

From 57a54928729c10028d4ddbdf46e3c2c57eb7e540 Mon Sep 17 00:00:00 2001
From: ajefts <ajefts@users.noreply.github.com>
Date: Tue, 20 Jun 2017 22:00:42 -0400
Subject: [PATCH 09/17] fixed issue with is_studio check

---
 actions/challengeRegistration.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/challengeRegistration.js b/actions/challengeRegistration.js
index 9424951ef..149a40d96 100644
--- a/actions/challengeRegistration.js
+++ b/actions/challengeRegistration.js
@@ -897,7 +897,7 @@ exports.registerChallenge = {
                     cb();
                     return;
                 }
-                var isStudio = result[0].isStudio !== 0;
+                var isStudio = result[0].is_studio !== 0;
                 api.challengeHelper.checkUserChallengeEligibility(connection, challengeId, function (err) {
                     cb(err, isStudio);
                 });

From d6c922d99d833282f52a35b8ee180d0ebb7e0f17 Mon Sep 17 00:00:00 2001
From: skyhit <skyhit@gmail.com>
Date: Wed, 21 Jun 2017 10:36:47 +0800
Subject: [PATCH 10/17] More eligibility and group updates (#506) (#507)

* Improve challenge visibility control (#501)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* improve the query

* update query for groups (#502)

* Update queries (#503)

improve logging for v3 api call

* should use externalToken field name

* update queries for group checking

* Improve challenge visibility control: getChallenge and getRegistrants (#504)

* IMPROVE CHALLENGE VISIBILITY CONTROL
(https://www.topcoder.com/challenge-details/30057891/?type=develop)

Verification guide: docs/Verification_Guide-Improve Challenge Visibility Control.doc

* Restoring an accidentially modified file

* Fixed the case with a challenge that doesn't have eligibility

* Shared the eligibility verification with challengeRegistration.
The eligibility check routine is now in challengeHelper and can be added anywhere by a couple of simple lines of code.

* Improve challenge visibility control: getChallenge and getRegistrants

* revert commit

From e8a0d71357e3496d784818cfaa1aaf241ae85fb7 Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 25 Jul 2017 00:32:50 +0800
Subject: [PATCH 11/17] fix social provider id

---
 initializers/.dataAccess.js.swp | Bin 28672 -> 0 bytes
 initializers/helper.js          |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 initializers/.dataAccess.js.swp

diff --git a/initializers/.dataAccess.js.swp b/initializers/.dataAccess.js.swp
deleted file mode 100644
index 542d73f7eba4b7e4272e91f9d0283b665d384cbe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 28672
zcmeI54UAmXb;lnekUBshp_C>S;d*G9H7qk;+Ym5uYh$lrE!%7Ft{sSDZQjnj*&Ta!
z-uS&YUN2?~A<c(cC6!7m^&=u7NvT2*3WU<8q!2Y!ZCbTWh}5boBvo5gQ9npkMG2zN
z^mp#Zdv9jmu1!eQ56zSQ`)1y|_uO;OJ@?*o?mc&QZsXyJed-;REgsh;p7-U)KmD#?
zv*-Q%k9b}bhKW2r({<D4E!Wq#Y}|a~=Ia}4rL88l>-<i$+H5zIrr&Db8ANfl?kE0^
zS}lm<%CUH@+{1T62@ECh+9Yt1w|UdpMxk+4X}!AiEr(tkxnb_11cnkAN?<5~p#+8!
z7)oF$fuRJ368JwQfuwVucQ+ir&T{P>{&VbicYnS8?(WNd@6Wg2-)rwb+xPxF`~9%J
zf1~gHx%T^{y>GDvyYlVh;cX~^p#+8!7)oF$fuRJ35*SKgD1o5_h7uS`U?_p11bzSs
z_;t?{Ut5U-&i=pi|6jS-^S%ha06qgwf*KeFZv)?cljl7To&>)JJ_s%YFJ9z%-vR#!
zo&vuQz5tGbJHU2uHMj`;!-byrCGa$O5_}4L9NYsIz#dQm=Ywxu;Cau1zX2Zv9{}$I
zhrmH_1GpZHflI-~;FULe-pk-c@D%tJa0fU9HiOH-OY1!E&%keip98mnG4SKyT=3V#
zLHsFr8vF*B0k?vyfdX#_SAe&I$KT+2zW}y?e`i7D1@ODzL!b)|gWX^|xEfpnUSwh9
z%iuS`N5I`+5?lw)0r#`uG6(j7%fK7J`QSUW*FS-0!PDT=;688!90U{KR<IjL+g<{m
zXOZUt@I~+#cocjDTn;V+KMM4<;wcpcNjGY%R=5;I(+Brfn(caUYO*m>YPRDbN=h5l
zwr$(gbz|!4s|yl!JH&MaXGl~JT0t(+&6Il5k5X!Cn~G1YTUQI)ao7qft#E#%G=1CT
zp}o7*{>d42XnI`j*>QM>x@Br&*RA8F4U)gv7+K$qgFXI9|CXq^O5Wnfy1I?D;tjtQ
z2RD0-Zo8H=!?tS1(|#kE2@j>z>+``#e4@2Mo%TGDm{Kd62l>QjPv7jHjvx7pR5l{$
z<zP36mPby=-%+Js#G|U_w_0<4?RcJo3Sa^1c|tDTNDxK2w9SUnPi*R=qbg-Q|6C~b
zGFF=#flN;ky$K|X=9T8q_evCWT7E4U(X3Ae^R^N>ZY0l25%;STD{b%ial8~p_3fo%
zf|9pdMPMeGTJYlqRS$!>T}~7kkE^Ai)ly5%WWh*PvlfRc?gTZ$jmXfhx0>yFno@Ow
zs1ZhsLERIw?h+~LTJ5K?w0@Ueab;;{mu@95UY&skoXe+>ltEncJHY{Ic|$cmk`kwZ
z$RHY<U4wEreXuu`q^Hr^-BxQ<m5kPBG^7UWbt!QL0ZlHo4@4oAO_sBYZOAj4sYzA=
zKVELvDob?Wh+fbdIpRqHDeox4qMy_jj*J~OtYwV%Gn{IxVOQ&qt+nP<({b!b-`5W)
zKo>>>R)SMO&GeNGRxPA$a{W@LJgc514R}ozsO>tFI=$O=?sw9eMvZp=^h(+l)paUa
z2(qtERCx-MbH{>OvSRp+ZH`61qr!%HCY;3;HC~yoxJ0MpFiN(nvLDyVqpH<hZ1Qak
zA!dwCClQLeVmqGUgQ3QJmxNP6tsBM7lYwGXSqSS2ZDz=pjwu>WtL2JU&9?2j>VO-E
zRP0L>-krW3+_D})<~Xc))oZRvhc(^)q64Yo83v6`ZLlpm(Bma_u%yPLD2ztRp%zuF
z{3uZEFi~;0(?JkHUHP%CXxf(LKANH|vz2CS#O;dB_sBE$rId9)iYmv#W_yHjrsT?z
z%E>iQ2lH6hym!Qv7s8f2%`sy74jN#X9L<jc`B6h_9IUv!wqRG$9Z}@lF5A;xtJT^<
zP&=+0nAvkNXeY7g8kGEHFUPFua9W`0fL$$D8LUg?a$0RyTyJyQ>Qt*{1XHorMpafx
zsLJJRN*oyA(ot}&Zl-yXZZ`L-I~W=K_Hw4#(i6t@D2t_#)A)*-NL1KvEi*rK=URd2
zSD0|4Bbdq<^_CGw#-t{%wyD!A3}=S(sh|@DF~X%!`E^a)rpq$wdN4$hv$}ocJxkaA
z%!cjN9EJJdl<t)&XEG9~pfYcVpV>A8+4hXyF>ID8O2cl!vXC(_3Uyd)&^}oaLuYns
ze8;X?W9_KB?oy?NB<XCeR$C#%>_QkPTW{QW<EHAI&R=3um+CD9Er$P__2(!!0a^Zb
zn^7=QmJdOkl<7K>a!-A(mVe!B%M95(b=^|rcc9_Y37`3N^4-1D+Mjz_(hp>kk`fvs
zWmkNu5xeKJxyR)$c4idU!YB};wmtTR^=>Or^`H~*x?Q8e><A@vca87facJ+%?99Zz
z@ySCoP}{tb>t-<*HgAk|*)Gk*uD#>AbT_zUeCSQMZ^!M^6Ym~}*ha&>qri&;laqUS
zaYO%`iT(D?SjzdXpy790i8?0I#guI`U5Gi^3B#6rZ#3t-ksgFA3e&Q#mKK7xqRE?4
z*p}|CsA1FBN}P_IL1JrPz2;bqNt38<TdU(%l|<cO6eaI=nsxI{L|DQm)|y{SPz)>7
zO%=7fc}m40wvHvks1!yO=~iPE<=5+Oc9B`Qn*`G*S_j2!)%|O!$s{uuC`i|3WUy&;
zXQ`uLwS@kMvyey+Vu+Fsw5%FYxQJ#4t<bNNuhFD;>H>FSp3R#sI#$`TRd|3wcp%lD
zUAOFnl+j03kC^vTE~8*EJV~0J*IwJ7L}=9VWH;NIrJdT)G;^Tl>{v|OXr=}-Z?c&U
zMOR%d52?PL&a%PD&aJv~JzR|G%5C?%OxzL8+n)DN($yDex9Q`{vzR$27yWs^wh)f0
zTcuymj%^u}!nafHSd<3=@m(J63_HtFbABOFBRe;!O&iBHGe&aTqGrO*&XBI8Ca~p3
z)eahKN)pD{4mfa#OmxT-|NkX?!zp}C@&6~S3-~BL{>Q*+un1<rJHVCT&EOL7ulW1_
z0`3R*fNkIs@C|(XFM&Hj3mgYi;CgTcxEQ<%d>6m|ey|_h07k%1fG6<XKMNiL_k#&=
zAvgzo4WIp&!6bM+_zFJy=Yja|GvHG27Vszd;~xY2z>VN?unznizWLX|AA(;5cYy8S
zDsTaK1)uz7@CdjQYysk{{}i|od>c9a75EDHV-SG_;DbXz<hT_Kub~8n68Qft0kIaj
z+QF$rmQdugeze+iNzlLgV&}{Qcy3JY_2~qkTPFPxj!7|#pTNb}^SbsTv9445VN{np
zs_Jv%4pY3RsoOu9L++mTJLc}W=3dYGwhHcrb!|fJpm^@7+y{y4{MbXr)~sj`#d>Oa
zj!W5>{$&fHo4tip_GO>nIbv#g)CgJ9$|W4GUt?7c3wb?atXQsO&Yy|=cI;~dO#CiS
z)3JXBtM%GsmZvSB^TM(2mZ{dLDw_}5-pyqz606OrHKW8|R#@-4%gbddXr5#t3YV0o
zHYh>U_SWNbbOvRSX(5fH9VM5R`>IZ}tAV-GAbBC=eR-?jrL35K4biPFO8|#(02<A9
zP&W>?&e`K43uEFHxWe;gx&<HBB~B%{!g4FIu#~A=Ur!PR(hJYy#sW@V!DUr0scZGu
zYjLS%EukLFb?5VZ_gT$bb8E5#UEAqG#tDjVdbwL7&=ME_)LmGFakE_uj6Ilps>PTs
zZ>{LTVl{6Y1JzyG0+eYSob+_WfgMXhPHfKkI274S73#&ELQ+O$SL{&LPa|3I6YCma
z^NPDrNW}4zDTpOxyo&U3VP?kxLbti(lg^n>pO?c73xBKti09_~99aoAo{p>v8r4Y`
z2lI54(-lcKkFUa_Lt37?O;(}tb7GcnY6)jyWjCd2wnD0A+r+I&WJL91oNJ|((Tr1`
zz2-SY1c5_+L<>ZwlcSaTT;FuiQ{v$8u;x%%7Gaupl2uAs_FygPTJuQC<8xUS<z-bc
z3g(-*j7*08!=Y5)b;t6dc9zi6E+py4$HmLUsb#6PtcQetx_V@xf&SZPgfqynXuPsx
zWY*CbX0k6b)~s9SWRf-?X~eJXeY<CRa(^Y(3wh1P@<>L6e$4<_kfU^!yVSm2%6+~{
zMmk4cnk0W^R0pQ;LM3BH@7>?a2nbt)v(;;y@7D>l(ihEER-e-IqHpwnm5Q!guz+jx
z{D0>hEB?Ru^|H4w{y$sG`g)G<4N$l5=C~gQlVEraB`}o0Py#~<3?(p>z)%812@EAL
zl)z8|LkSEeFqD9nfUF#tMKNWf=<JvO>2T^+B?<RRNcT<_aAn&{{C{!j-!BL4@&DcV
z{J-Ggr@#vE!8q6qE(I^L$NvEkgWJJvK=%IM3Em98&))tgz`KFO`^#Rx2fokV{y&4i
z1>Xc;2M>V|+zhJVCHD9~4vvC10*T>&7~BVrg6&`v7z5v9pZ~YP61W+h13d6m_W6GY
z{3_^z+rWD8UH127@Be+E3Z7>_|87tLSAw^L7udW1d+>MQ^WZV?AlMDof&XNI<Owhi
z9w%;M5%}Oz@KxgH?*Vs%P2jEIW#sw-cm#-y?*)BVeg#byBW0I^u%R>UaTKi=+U=qI
zQegTyzcV344lZuJ`i-JjyU)TB+u3Zk9Mqvg>7stDWUHlb1v7gq%a;RtFH%FdGFoyA
z@>&*V<0cggl-J(A(ahxcZqlr)ZO)$6&W+|j+oLfd$Y#rd;7Hk+vU?RShC1Cn@}zG1
zI`e*wEWH=)*DT8Bk`9$W9xM~ZB|*coU6H2MtMqJDu$9*821O~dwOY@zqa;Sj)@#)b
z8%pjCj!uIlwOr3KRN9r873em3($+zIx)Ow*NzL?g3DhEF&2E|Gg8vDoa@RFVg!V((
z{4r&kEuf4C;i~dO*aw<TyMQ}XvNekqaF0f_UGBbpBReBWgtml!j>JKdpa$`%>o?2}
znN*OD4Qz07l6xs>E(T#YDJfla983_qkdIrnp_Zd+Y@_T{_lIhFd19Jilg+W2GZ3A~
zVmJo~=id!dU-VDKNM==bZP4ccRrkD*qJ(m;MNwixizw>n1r(d@wJDk?(?N>%`5;9d
z?iUG*=2P$fq2emJelLmKXW5!7Na{|+m@1pYI7P{b?eCQe4>Z#Si6zQW63bn>M?n(8
zOm!9H-uv1qu0$sERG#qPiS(z2dxtldr&q(}JOWg53QXw9v;<2=gy=K~mSwV-Juo>n
zQ|b#wF@imF-u*lFjrZqul|FOs+a{+6N_Ne0=G+H%Oi#aSa%xw9`6AIX=jOQGl;rG@
z@T;&PM9tiUTppJ=W7=ExY_%P;*5+*C_E}15CxJaOZYiHhbBQQ}d{_dp1)|O7_od6D
zWo;&~0W8cY<>|lnPtTVk+sc__y&565hl_`>N<efos?u+6NikY?8KZ5d$<*C-Ov1vY
zlQ`|{-2hFEEeZST(aLRFvP{TClUI`3PV>R>g*nneKu6qn>DNcIE>sf%2IO&}>3Lfx
zpJ%N&6g!!mcGJGhc7||0*B)6wL(Wog6L-F--p;Bg%&dKgde$t{;x12N8EXYi=(x9m
z2`(!`T8k^yvL1z9O<CpW80X?R6VxLrLrTdxiHaC=66M#d?bGMBM#}neiy-jI^fG}D
zi#kr>R5Rhev2QO~2r;IOpX#)lwPu1D!=F8e_bI}e0*RBK3u-<(rllv(mpEA!C%!&p
zrHwslmg{ck7)scYQwSS8%bUI>gy&}i=qz#jQ9WF0(@ovUH)Y}yMR+~Y5`C6M{urz)
zKnt91RZykDK}0e+(U*+q!x{(Phzc?1BP5v5nXF=Dv6H`5I|-B^W3>J(N3#fd;83kt
z9_6z52|Nm;qOK{97ccu8Zmol~u4={nb4GOFgs00P_aY(X-`D0&X@+{ofP4!1Eaw#}
zCZa)yFZ926-+NB1QcoRRDwP%gAGg+fK>Skt|Myzw^mF+6zYgvN`+)-gfp7l;_#|io
z@%_hu0_TEf@bMo6_knxC9&i)*1N{02z!LDmUhre!dHnl70*`?YgN@*A;5_go{{4qR
z0%k!OJcV!nQP2c8feXMh`1PLwcY@78&f$L#-~RW&!{C$PUJ!ySz=hyB{QPIZ*T54%
zV*MWmp9K$r2f@8S)&{EJFA>nQK-K}|oc>3FoYilDaWDczh|jYo@F@5k_$3g532-I&
zChG%_06CX`HFzEP7V87gfDeHk;7#DqX$NVGPe^;n<yx@l&Pk|H`T-MZH)-5hUNvze
z<`AG?-_2>85zgjF7paO*?bJt3yo}~Le}7@Nj~&tJWjH>H!608&*G`$OBn1iGkuOgD
zF!G%YcI7ybk_*NJ$3Qv?OxYeUTpMnSeSViw?&;~Me9&Y*0iTOIuS;a6wbd&r>7=8s
zQ3DxR5Pyq-D4FJ5wUvLlDz=ZVy)5_W^HL!{3!uHE_0{+A&oILFPgX0OT1-ZCvi_mT
z@hJDSru_%M@`>DMb3~PxxN*)HY1;UF*${7}ORb6u>={QSC0VnB<E{jEw`zyRNv&5I
z5VMj82^m)NC(%7e+uid@wM~^Pm8w<Na&NPVKEed*Sk97UR*;ZOm2EGF(`0%%Xr`9_
z`GPrEj<4w@1(|s~$BW!exG}{DHS;B7WLD3{Yfq?>PwX0Fv_j~#=LM(4FpPVjXM!V3
zE>zeYVRZ{JyK`sU-NKSAa11Of*|iaQ?xxuQ$7fj^*F<O5!*-xgq4llsP`F+(k$b4a
zfU!R?yvc$sqK^jp`v1FVvxLyW$R`f5TjTdOgr1PZq6w|pqOECD^^)o)%~ms6wuc=(
z(^vBor?V<X?RpLUFl~(9o-I<<f!xxj%jpVGVcd3MJbOxDT>CE09yu$sV=(Zv&)n!Y
zGt&Cx#^m1m^nMe?vs`n|y_7TNYb_*O=X@wCM7(iOZ!Pz$vt*WQWkba-jIA}E4Hj&2
zo4-y<<=y;~AAX<15R|^8hdVjzAW`!DF}QgWEPRtQ-$xonBazF}XM4KG?w&F<Ep~AJ
zoT`o&J{yJx`s|6-_`w6SPE<t(p=J4b7#a0en_3x2rn+t2FLZj(aqaG+COM+b*tRUE
z9|q1mNFE4k&nx9aE$YLe3qHRTF&7YtZuOzgnl5XhA*t<22?lb0D<xT=+nS#kSnS4$
zES8#n?>Mq|C)Uy~=lohWgF0QRxRDFHmC(!g=zKZWsZ4*lVJ@sMW5-BTe!R+zoANak
z#2tP(DA-!Cbs%(B-866vc<w{~zPj>fyq5U2Bu2Dapj|9;;CYXnnKuXf&48h+61YUG
zR7P6AFJW#x$n*6BGuyYRq9wBiHwa%#Rotqii#FB+wSF51j#=G3UC2b?!?O{i_SDv3
z#k?;l6>D?kwCYB!t=i=l!_i27)ShOi1rEqU+NhH1Zq<KBwXJFo%;$_8alt|?7guqU
zr>L?66?LjuB;wU}tQ6M(p@MaHNmr`Rl~}Bu8_b~JGW76Tmc(x9HX1>sf2xYzU%N$E
zmJ>WTY{4lWC{HXUk&HGygjW9Y@?Ye$tEL|6R=3Gl%~#rq!66ewu8$PX%2Js0h&7J<
z@l#~Nj<LG5$J2M>PiVNyb06dm_f*$zsK}3W)wP|FS#CL<u)h%%aG1iSD>8xyc4y3N
dkUln+b5=rT&SiG+p#7VsvQzbIIXWt8{9l~3@3jB`

diff --git a/initializers/helper.js b/initializers/helper.js
index e9961b888..b4ca38b54 100755
--- a/initializers/helper.js
+++ b/initializers/helper.js
@@ -1272,7 +1272,7 @@ helper.getProviderId = function (provider, callback) {
     if (provider.startsWith("ad") || provider.startsWith("auth0")) {
         providerId = helper.socialProviders.ad;
     }
-    if (provider.startsWith("samlp")) {
+    if (provider.startsWith("samlp") || provider.startsWith("adfs")) {
         providerId = helper.socialProviders.samlp;
     }
     if (providerId) {

From a2820eef03d3f6e2eea56a702d1c6ba285156f90 Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 25 Jul 2017 09:38:07 +0800
Subject: [PATCH 12/17] check v3 token expiration

---
 initializers/v3client.js | 3 ++-
 package.json             | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/initializers/v3client.js b/initializers/v3client.js
index df8312a37..b1e620288 100644
--- a/initializers/v3client.js
+++ b/initializers/v3client.js
@@ -12,6 +12,7 @@
 var request = require('request');
 var _ = require('underscore');
 var async = require('async');
+var tcAccounts = require('tc-accounts');
 
 /**
  * The URL of the V3 API
@@ -63,7 +64,7 @@ function getToken(connection, callback) {
         return;
     }
     // Cached token
-    if (!_.isUndefined(tokens[connection.authToken])) {
+    if (!_.isUndefined(tokens[connection.authToken]) && !tcAccounts.isTokenExpired(tokens[connection.authToken])) {
         callback(null, tokens[connection.authToken]);
         return;
     }
diff --git a/package.json b/package.json
index c3e6dfc2a..84605d1dd 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,8 @@
     "validator": "~3.5.0",
     "wkhtmltoimage": ">= 0.1.3",
     "xml2js": "0.2.x",
-    "xtend": "2.1.x"
+    "xtend": "2.1.x",
+    "tc-accounts": "https://github.com/appirio-tech/accounts-app#dev"
   },
   "devDependencies": {
     "supertest": "0.8.x",

From 650f8b8dcba19f0f31f80e74ef25533191cf430f Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 25 Jul 2017 09:57:46 +0800
Subject: [PATCH 13/17] copy over token exipiration check logic

---
 initializers/v3client.js | 65 ++++++++++++++++++++++++++++++++++++++--
 package.json             |  3 +-
 2 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/initializers/v3client.js b/initializers/v3client.js
index b1e620288..c9b389aeb 100644
--- a/initializers/v3client.js
+++ b/initializers/v3client.js
@@ -12,7 +12,6 @@
 var request = require('request');
 var _ = require('underscore');
 var async = require('async');
-var tcAccounts = require('tc-accounts');
 
 /**
  * The URL of the V3 API
@@ -64,7 +63,7 @@ function getToken(connection, callback) {
         return;
     }
     // Cached token
-    if (!_.isUndefined(tokens[connection.authToken]) && !tcAccounts.isTokenExpired(tokens[connection.authToken])) {
+    if (!_.isUndefined(tokens[connection.authToken]) && !isTokenExpired(tokens[connection.authToken])) {
         callback(null, tokens[connection.authToken]);
         return;
     }
@@ -87,6 +86,68 @@ function getToken(connection, callback) {
     });
 }
 
+
+function urlBase64Decode(str) {
+    var output = str.replace(/-/g, '+').replace(/_/g, '/');
+
+    switch (output.length % 4) {
+        case 0:
+            break;
+
+        case 2:
+            output += '==';
+            break;
+
+        case 3:
+            output += '=';
+            break;
+
+        default:
+            throw 'Illegal base64url string!'
+    }
+    return decodeURIComponent(escape(atob(output)));//polyfill https://github.com/davidchambers/Base64.js
+}
+
+function decodeToken(token) {
+    var parts = token.split('.');
+
+    if (parts.length !== 3) {
+        throw new Error('The token is invalid')
+    }
+
+    var decoded = urlBase64Decode(parts[1]);
+
+    if (!decoded) {
+        throw new Error('Cannot decode the token')
+    }
+
+    return JSON.parse(decoded)
+}
+
+function getTokenExpirationDate(token) {
+    var decoded = decodeToken(token);
+
+    if(typeof decoded.exp === 'undefined') {
+        return null
+    }
+
+    var d = new Date(0);// The 0 here is the key, which sets the date to the epoch
+    d.setUTCSeconds(decoded.exp);
+
+    return d
+}
+
+function isTokenExpired(token) {
+    var d = getTokenExpirationDate(token);
+
+    if (d === null) {
+        return false
+    }
+
+    // Token expired?
+    return !(d.valueOf() > (new Date().valueOf()))
+}
+
 /**
  * Get IDs of users in the specified group
  *
diff --git a/package.json b/package.json
index 84605d1dd..c3e6dfc2a 100644
--- a/package.json
+++ b/package.json
@@ -48,8 +48,7 @@
     "validator": "~3.5.0",
     "wkhtmltoimage": ">= 0.1.3",
     "xml2js": "0.2.x",
-    "xtend": "2.1.x",
-    "tc-accounts": "https://github.com/appirio-tech/accounts-app#dev"
+    "xtend": "2.1.x"
   },
   "devDependencies": {
     "supertest": "0.8.x",

From 15c7f74998ddb672f0f8358c16f65213f1691dff Mon Sep 17 00:00:00 2001
From: Guiqiang Zhang <skyhit@gmail.com>
Date: Tue, 25 Jul 2017 10:28:29 +0800
Subject: [PATCH 14/17] add atob

---
 initializers/v3client.js | 1 +
 package.json             | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/initializers/v3client.js b/initializers/v3client.js
index c9b389aeb..765fc2a0e 100644
--- a/initializers/v3client.js
+++ b/initializers/v3client.js
@@ -12,6 +12,7 @@
 var request = require('request');
 var _ = require('underscore');
 var async = require('async');
+var atob = require('atob');
 
 /**
  * The URL of the V3 API
diff --git a/package.json b/package.json
index c3e6dfc2a..d5470d6df 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,8 @@
     "validator": "~3.5.0",
     "wkhtmltoimage": ">= 0.1.3",
     "xml2js": "0.2.x",
-    "xtend": "2.1.x"
+    "xtend": "2.1.x",
+    "atob": "2.0.3"
   },
   "devDependencies": {
     "supertest": "0.8.x",

From 8d6f97f1d603275b767adafed45622762cee20f0 Mon Sep 17 00:00:00 2001
From: ajefts <ajefts@users.noreply.github.com>
Date: Mon, 2 Oct 2017 11:22:21 -0400
Subject: [PATCH 15/17] updating activation URL

---
 actions/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/user.js b/actions/user.js
index 88bece40f..b8f7101f9 100644
--- a/actions/user.js
+++ b/actions/user.js
@@ -233,7 +233,7 @@ function userActivationEmail(api, connection, next) {
                     toAddress : rs[0].address,
                     fromAddress : process.env.TC_EMAIL_ACCOUNT,
                     senderName : activationEmailSenderName,
-                    url : process.env.TC_ACTIVATION_SERVER_NAME + '/reg2/activate.action?code=' + activationCode,
+                    url : process.env.TC_ACTIVATION_SERVER_NAME + '?code=' + activationCode + '&retUrl=https://www.topcoder.com/skill-picker',
                     userHandle : rs[0].handle
                 }, 'default');
             api.cache.save(cacheKey, currentResendTimes + 1, api.config.tcConfig.userActivationCacheLifeTime,

From 7507828dd087e39b482393127456b1b3d88417af Mon Sep 17 00:00:00 2001
From: ajefts <ajefts@users.noreply.github.com>
Date: Mon, 2 Oct 2017 11:23:29 -0400
Subject: [PATCH 16/17] updated activation URL

---
 actions/memberRegistration.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/memberRegistration.js b/actions/memberRegistration.js
index cb75d89cf..789bcb61f 100644
--- a/actions/memberRegistration.js
+++ b/actions/memberRegistration.js
@@ -396,7 +396,7 @@ var registerUser = function (user, api, dbConnectionMap, next) {
                 },
 				function (callback) {
                     var url;
-                    url = process.env.TC_ACTIVATION_SERVER_NAME + '/reg2/activate.action?code=' + activationCode;
+                    url = process.env.TC_ACTIVATION_SERVER_NAME + '?code=' + activationCode + '&retUrl=https://www.topcoder.com/skill-picker';
                     if (user.regSource && user.regSource.match(/arena/)) {
                       url += '&destination=http%3A%2F%2Farena.topcoder.com';
                     }

From 61b025c87b06c54250e1a37605d1bdb85fff6c30 Mon Sep 17 00:00:00 2001
From: TonyJ <tjefts@topcoder.com>
Date: Mon, 2 Oct 2017 11:32:43 -0400
Subject: [PATCH 17/17] update activation url

---
 actions/challengeRegistration.js | 2 +-
 deploy/ci.sh                     | 3 ++-
 deploy/development.sh            | 3 ++-
 deploy/vm.sh                     | 3 ++-
 local/env.sh                     | 3 ++-
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/actions/challengeRegistration.js b/actions/challengeRegistration.js
index 149a40d96..0d558f628 100644
--- a/actions/challengeRegistration.js
+++ b/actions/challengeRegistration.js
@@ -404,7 +404,7 @@ var sendNotificationEmail = function (api, componentInfo, userId, activeForumCat
             if (challengeType === CHALLENGE_TYPE.DEVELOP) {
                 forumURL = api.config.tcConfig.developForumsUrlPrefix + activeForumCategoryId;
                 reviewURL = process.env.TC_SOFTWARE_SERVER_NAME + '/review/actions/ViewProjectDetails?pid=' + challengeId;
-                submitURL = process.env.TC_ACTIVATION_SERVER_NAME + '/challenge-details/' + challengeId + '/submit/?type=develop';
+                submitURL = process.env.TC_WWW_SERVER_NAME + '/challenge-details/' + challengeId + '/submit/?type=develop';
             } else if (challengeType === CHALLENGE_TYPE.DESIGN) {
                 forumURL = api.config.tcConfig.studioForumsUrlPrefix + activeForumCategoryId;
                 //submitURL = process.env.TC_STUDIO_SERVER_NAME + '/?module=ViewContestDetails&ct=' + challengeId;
diff --git a/deploy/ci.sh b/deploy/ci.sh
index a0143cf31..e3cfb2f49 100644
--- a/deploy/ci.sh
+++ b/deploy/ci.sh
@@ -58,7 +58,8 @@ export TC_EMAIL_PASSWORD=tc_public_email
 export TC_EMAIL_FROM=tc.ldap.test@gmail.com
 export TC_EMAIL_TEMPLATE_DIR=mail_templates
 
-export TC_ACTIVATION_SERVER_NAME="https://www.topcoder.com"
+export TC_ACTIVATION_SERVER_NAME="https://api.topcoder.com/pub/activation.html"
+export TC_WWW_SERVER_NAME="https://www.topcoder.com"
 export TC_SOFTWARE_SERVER_NAME="https://www.topcoder.com"
 
 #export DISABLE_CONSOLE_LOG=true
diff --git a/deploy/development.sh b/deploy/development.sh
index 11f08580c..7ec784d66 100755
--- a/deploy/development.sh
+++ b/deploy/development.sh
@@ -60,7 +60,8 @@ export TC_EMAIL_PASSWORD=tc_public_email
 export TC_EMAIL_FROM=tc.ldap.test.1@gmail.com
 export TC_EMAIL_TEMPLATE_DIR=mail_templates
 
-export TC_ACTIVATION_SERVER_NAME="https://www.topcoder.com"
+export TC_ACTIVATION_SERVER_NAME="https://api.topcoder.com/pub/activation.html"
+export TC_WWW_SERVER_NAME="https://www.topcoder.com"
 export TC_SOFTWARE_SERVER_NAME="https://software.topcoder.com"
 export TC_FORUMS_SERVER_NAME="http://apps.topcoder.com/forums"
 
diff --git a/deploy/vm.sh b/deploy/vm.sh
index 5f75cefe6..a193827d3 100644
--- a/deploy/vm.sh
+++ b/deploy/vm.sh
@@ -54,7 +54,8 @@ export TC_EMAIL_PASSWORD=tc_public_email
 export TC_EMAIL_FROM=tc.ldap.test.1@gmail.com
 export TC_EMAIL_TEMPLATE_DIR=mail_templates
 
-export TC_ACTIVATION_SERVER_NAME="https://www.topcoder.com"
+export TC_ACTIVATION_SERVER_NAME="https://api.topcoder.com/pub/activation.html"
+export TC_WWW_SERVER_NAME="https://www.topcoder.com"
 export TC_SOFTWARE_SERVER_NAME="https://software.topcoder.com"
 export TC_FORUMS_SERVER_NAME="http://apps.topcoder.com/forums"
 
diff --git a/local/env.sh b/local/env.sh
index ac4e6ab9c..2c2556c28 100644
--- a/local/env.sh
+++ b/local/env.sh
@@ -58,7 +58,8 @@ export TC_EMAIL_PASSWORD=tc_public_email
 export TC_EMAIL_FROM=tc.ldap.test.1@gmail.com
 export TC_EMAIL_TEMPLATE_DIR=mail_templates
 
-export TC_ACTIVATION_SERVER_NAME="https://www.topcoder.com"
+export TC_ACTIVATION_SERVER_NAME="https://api.topcoder.com/pub/activation.html"
+export TC_WWW_SERVER_NAME="https://www.topcoder.com"
 export TC_SOFTWARE_SERVER_NAME="https://software.topcoder.com"
 export TC_FORUMS_SERVER_NAME="http://apps.topcoder.com/forums"