Fix Quiz etc via challenge

Author: KillerX

backend/internal/cache/keys.go

@@ -233,6 +233,11 @@ func QuizKey(quizID string) string {
 	return PrefixQuiz + quizID
 }
 
+// QuizByChallengeKey builds a cache key for a quiz by challenge ID
+func QuizByChallengeKey(challengeID string) string {
+	return fmt.Sprintf("%schallenge:%s", PrefixQuiz, challengeID)
+}
+
 // QuizzesByProjectKey builds a cache key for quizzes in a project
 func QuizzesByProjectKey(projectID string) string {
 	return fmt.Sprintf("%s:project:%s", PrefixQuiz, projectID)

backend/internal/database/queries/quizzes.sql

@@ -17,12 +17,11 @@ WHERE project_id = ANY(@project_ids::text[])
 ORDER BY project_id, published_at DESC;
 
 -- name: GetQuizzesByChallengeIDs :many
+-- Batch version of GetQuizByChallengeID for dataloader
 SELECT id, project_id, challenge_id, name, description, image_url, timeout_seconds, randomize_questions, reveal_correct_answers, allow_retakes, completion_points, published_at, end_time, created_at, updated_at
 FROM quizzes
 WHERE challenge_id = ANY(@challenge_ids::text[])
-    AND published_at IS NOT NULL
-    AND published_at <= NOW()
-ORDER BY challenge_id, published_at DESC;
+ORDER BY challenge_id;
 
 -- name: GetQuizzesFilteredCursor :many
 SELECT id, project_id, challenge_id, name, description, image_url, timeout_seconds, randomize_questions, reveal_correct_answers, allow_retakes, completion_points, published_at, end_time, created_at, updated_at

backend/internal/database/sqlc/quizzes.sql.go

@@ -3,9 +3,11 @@ package api
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/bcc-media/wayfarer/internal/cache"
 	"github.com/bcc-media/wayfarer/internal/database"
+	"github.com/bcc-media/wayfarer/internal/graph/api/model"
 	"github.com/bcc-media/wayfarer/internal/graph/scalars"
 	"github.com/bcc-media/wayfarer/internal/loaders"
 	"github.com/bcc-media/wayfarer/internal/middleware"
@@ -61,3 +63,54 @@ func (r *Resolver) getUserChallengeEnrolledAt(ctx context.Context, challengeID s
 	}
 	return &scalars.DateTime{Time: *ts}, nil
 }
+
+// LoadQuizWithVisibility loads a quiz and enforces visibility rules for non-admins.
+// Admins can see all quizzes, non-admins can only see published quizzes.
+func (r *Resolver) LoadQuizWithVisibility(ctx context.Context, quizID string) (*model.Quiz, error) {
+	thunk := r.Loaders.QuizByIDLoader.Load(ctx, quizID)
+	quiz, err := thunk()
+	if err != nil {
+		return nil, err
+	}
+	if quiz == nil {
+		return nil, fmt.Errorf("quiz not found")
+	}
+
+	// Admins can see all quizzes
+	userID, _ := middleware.GetUserID(ctx)
+	if userID != "" && r.RoleService.CanManageProject(ctx, userID, quiz.ProjectID) {
+		return quiz, nil
+	}
+
+	// Non-admins can only see published quizzes
+	if quiz.PublishedAt == nil || quiz.PublishedAt.Time.After(time.Now()) {
+		return nil, fmt.Errorf("quiz not found")
+	}
+
+	return quiz, nil
+}
+
+// LoadChallengeWithVisibility loads a challenge and enforces visibility rules for non-admins.
+// Admins can see all challenges, non-admins can only see published challenges.
+func (r *Resolver) LoadChallengeWithVisibility(ctx context.Context, challengeID string) (model.Challenge, error) {
+	thunk := r.Loaders.ChallengeByIDLoader.Load(ctx, challengeID)
+	challenge, err := thunk()
+	if err != nil {
+		return nil, err
+	}
+
+	// Admins can see all challenges
+	userID, _ := middleware.GetUserID(ctx)
+	projectID := getChallengeProjectID(challenge)
+	if userID != "" && r.RoleService.CanManageProject(ctx, userID, projectID) {
+		return challenge, nil
+	}
+
+	// Non-admins can only see published challenges
+	publishedAt := getChallengePublishedAt(challenge)
+	if publishedAt == nil || publishedAt.Time.After(time.Now()) {
+		return nil, fmt.Errorf("challenge not found")
+	}
+
+	return challenge, nil
+}