From 1bd6a9e0e76a4ec5e02b8395a7d414bde5ccb1a3 Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Wed, 23 Sep 2015 09:01:45 -0400
Subject: [PATCH] #97, updating controls for hints, source, solution and plans
 on lessons in challenge roles

---
 .../owasp/webgoat/lessons/model/LessonInfoModel.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/LessonInfoModel.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/LessonInfoModel.java
index e76d3e141..7840cf7ce 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/LessonInfoModel.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/LessonInfoModel.java
@@ -20,16 +20,22 @@ public class LessonInfoModel {
 
     public LessonInfoModel(WebSession webSession) {
         AbstractLesson lesson = webSession.getCurrentLesson();
-        //TODO make these first class citizens of the lesson itself; and stop passing the session all over
+        //TODO make these first class citizens of the lesson itself; and stop passing the session all over ... and generally tighten the checks up
         this.hasSource = !lesson.getSource(webSession).contains("Could not find the source file or source file does not exist");
         this.hasPlan = !lesson.getSource(webSession).contains("Could not find lesson plan");
         this.hasSolution = !lesson.getSolution(webSession).contains("Could not find the solution file or solution file does not exist");
         this.lessonTitle = lesson.getTitle();
-
         this.numberHints = lesson.getHintCount(webSession);
-        if (lesson.getCategory().equals(Category.CHALLENGE) || this.numberHints < 1 || lesson.getHint(webSession,0).equals("Hint: There are no hints defined.")) {
+
+        if ( this.numberHints < 1 || lesson.getHint(webSession,0).equals("Hint: There are no hints defined.")) {
             this.numberHints = 0;
         }
+        //special challenge case
+        if (lesson.getCategory().equals(Category.CHALLENGE)) {
+            this.numberHints = (lesson.isAuthorized(webSession, AbstractLesson.CHALLENGE_ROLE, WebSession.SHOWHINTS)) ? lesson.getHintCount(webSession) : 0;
+            this.hasSource = (lesson.isAuthorized(webSession, AbstractLesson.CHALLENGE_ROLE, WebSession.SHOWHINTS));
+            this.hasSolution = (lesson.isAuthorized(webSession, AbstractLesson.CHALLENGE_ROLE, WebSession.SHOWHINTS)); //assuming we want this as well
+        }
     }
 
     // GETTERS