移除time_zone,修复problem越权

account/models.py

@@ -80,7 +80,6 @@ class UserProfile(models.Model):
     school = models.CharField(max_length=200, blank=True, null=True)
     major = models.CharField(max_length=200, blank=True, null=True)
     student_id = models.CharField(max_length=15, blank=True, null=True)
-    time_zone = models.CharField(max_length=32, blank=True, null=True)
     language = models.CharField(max_length=32, blank=True, null=True)
     # for ACM
     accepted_number = models.IntegerField(default=0)

account/views/oj.py

@@ -247,7 +247,7 @@ class UserRegisterAPI(APIView):
         user = User.objects.create(username=data["username"], email=data["email"])
         user.set_password(data["password"])
         user.save()
-        UserProfile.objects.create(user=user, time_zone=settings.USER_DEFAULT_TZ)
+        UserProfile.objects.create(user=user)
         return self.success("Succeeded")
 
 

contest/urls/oj.py

@@ -2,11 +2,12 @@ from django.conf.urls import url
 
 from ..views.oj import ContestAnnouncementListAPI, ContestAPI
 from ..views.oj import ContestPasswordVerifyAPI, ContestAccessAPI
+from ..views.oj import ContestRankAPI
 
 urlpatterns = [
     url(r"^contest/?$", ContestAPI.as_view(), name="contest_api"),
     url(r"^contest/password/?$", ContestPasswordVerifyAPI.as_view(), name="contest_password_api"),
     url(r"^contest/announcement/?$", ContestAnnouncementListAPI.as_view(), name="contest_announcement_api"),
     url(r"^contest/access/?$", ContestAccessAPI.as_view(), name="contest_access_api"),
-
+    url(r"^contest_rank/?$", ContestRankAPI.as_view(), name="contest_rank_api"),
 ]

contest/views/oj.py

@@ -89,9 +89,10 @@ class ContestAccessAPI(APIView):
 
 class ContestRankAPI(APIView):
     def get_rank(self):
-        if self.contest.contest_type == ContestRuleType.ACM:
+        if self.contest.rule_type == ContestRuleType.ACM:
             rank = ACMContestRank.objects.filter(contest=self.contest). \
                 select_related("user").order_by("-total_ac_number", "total_time")
+            print(rank)
             return ACMContestRankSerializer(rank, many=True).data
         else:
             rank = OIContestRank.objects.filter(contest=self.contest). \

oj/settings.py

@@ -61,7 +61,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.security.SecurityMiddleware',
     'account.middleware.AdminRoleRequiredMiddleware',
     'account.middleware.SessionSecurityMiddleware',
-    'account.middleware.TimezoneMiddleware'
+    # 'account.middleware.TimezoneMiddleware'
 )
 
 ROOT_URLCONF = 'oj.urls'
@@ -97,9 +97,6 @@ USE_L10N = True
 
 USE_TZ = True
 
-# in user's profile
-USER_DEFAULT_TZ = 'Asia/Shanghai'
-
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.8/howto/static-files/
 

problem/serializers.py

@@ -74,7 +74,7 @@ class TagSerializer(serializers.ModelSerializer):
         model = ProblemTag
 
 
-class ProblemSerializer(serializers.ModelSerializer):
+class BaseProblemSerializer(serializers.ModelSerializer):
     samples = serializers.JSONField()
     test_case_score = serializers.JSONField()
     languages = serializers.JSONField()
@@ -85,20 +85,24 @@ class ProblemSerializer(serializers.ModelSerializer):
     created_by = UsernameSerializer()
     statistic_info = serializers.JSONField()
 
+
+class ProblemAdminSerializer(BaseProblemSerializer):
     class Meta:
         model = Problem
 
 
-class ContestProblemSerializer(serializers.ModelSerializer):
+class ContestProblemAdminSerializer(BaseProblemSerializer):
-    samples = serializers.JSONField()
-    test_case_score = serializers.JSONField()
-    languages = serializers.JSONField()
-    template = serializers.JSONField()
-    tags = serializers.SlugRelatedField(many=True, slug_field="name", read_only=True)
-    create_time = DateTimeTZField()
-    last_update_time = DateTimeTZField()
-    created_by = UsernameSerializer()
-    statistic_info = serializers.JSONField()
-
     class Meta:
         model = ContestProblem
+
+
+class ProblemSerializer(BaseProblemSerializer):
+    class Meta:
+        model = Problem
+        exclude = ("test_case_score", "test_case_id", "visible")
+
+
+class ContestProblemSerializer(BaseProblemSerializer):
+    class Meta:
+        model = ContestProblem
+        exclude = ("test_case_score", "test_case_id", "visible", "is_public")

problem/views/admin.py

@@ -13,7 +13,8 @@ from utils.shortcuts import rand_str
 from ..models import ContestProblem, Problem, ProblemRuleType, ProblemTag
 from ..serializers import (CreateContestProblemSerializer,
                            CreateProblemSerializer, EditProblemSerializer,
-                           ProblemSerializer, TestCaseUploadForm)
+                           ProblemAdminSerializer, TestCaseUploadForm,
+                           ContestProblemAdminSerializer)
 
 
 class TestCaseUploadAPI(CSRFExemptAPIView):
@@ -154,7 +155,7 @@ class ProblemAPI(APIView):
             except ProblemTag.DoesNotExist:
                 tag = ProblemTag.objects.create(name=item)
             problem.tags.add(tag)
-        return self.success(ProblemSerializer(problem).data)
+        return self.success(ProblemAdminSerializer(problem).data)
 
     @problem_permission_required
     def get(self, request):
@@ -165,7 +166,7 @@ class ProblemAPI(APIView):
                 problem = Problem.objects.get(id=problem_id)
                 if not user.can_mgmt_all_problem() and problem.created_by != user:
                     return self.error("Problem does not exist")
-                return self.success(ProblemSerializer(problem).data)
+                return self.success(ProblemAdminSerializer(problem).data)
             except Problem.DoesNotExist:
                 return self.error("Problem does not exist")
 
@@ -175,7 +176,7 @@ class ProblemAPI(APIView):
         keyword = request.GET.get("keyword")
         if keyword:
             problems = problems.filter(title__contains=keyword)
-        return self.success(self.paginate_data(request, problems, ProblemSerializer))
+        return self.success(self.paginate_data(request, problems, ProblemAdminSerializer))
 
     @validate_serializer(EditProblemSerializer)
     @problem_permission_required
@@ -282,7 +283,7 @@ class ContestProblemAPI(APIView):
             except ProblemTag.DoesNotExist:
                 tag = ProblemTag.objects.create(name=item)
             problem.tags.add(tag)
-        return self.success(ProblemSerializer(problem).data)
+        return self.success(ContestProblemAdminSerializer(problem).data)
 
     def get(self, request):
         problem_id = request.GET.get("id")
@@ -295,7 +296,7 @@ class ContestProblemAPI(APIView):
                     return self.error("Problem does not exist")
             except ContestProblem.DoesNotExist:
                 return self.error("Problem does not exist")
-            return self.success(ProblemSerializer(problem).data)
+            return self.success(ProblemAdminSerializer(problem).data)
 
         if not contest_id:
             return self.error("Contest id is required")
@@ -306,4 +307,4 @@ class ContestProblemAPI(APIView):
         keyword = request.GET.get("keyword")
         if keyword:
             problems = problems.filter(title__contains=keyword)
-        return self.success(self.paginate_data(request, problems, ProblemSerializer))
+        return self.success(self.paginate_data(request, problems, ContestProblemAdminSerializer))

submission/views/oj.py

@@ -55,7 +55,7 @@ class SubmissionAPI(APIView):
             except Contest.DoesNotExist:
                 return self.error("Contest doesn't exist.")
             if contest.status != ContestStatus.CONTEST_UNDERWAY and request.user != contest.created_by:
-                return self.error("You have no permission to submit code.")
+                return self.error("Contest have not started or have ended, you can't submit code.")
         return _submit(self, request.user, data["problem_id"], data["language"], data["code"], data.get("contest_id"))
 
     @login_required
@@ -64,7 +64,7 @@ class SubmissionAPI(APIView):
         if not submission_id:
             return self.error("Parameter id doesn't exist.")
         try:
-            submission = Submission.objects.get(id=submission_id, user_id=request.user.id)
+            submission = Submission.objects.get(id=submission_id)
         except Submission.DoesNotExist:
             return self.error("Submission doesn't exist.")
         if not submission.check_user_permission(request.user):

utils/api/tests.py

@@ -11,7 +11,7 @@ class APITestCase(TestCase):
     def create_user(self, username, password, admin_type=AdminType.REGULAR_USER, login=True, problem_permission=ProblemPermission.NONE):
         user = User.objects.create(username=username, admin_type=admin_type, problem_permission=problem_permission)
         user.set_password(password)
-        UserProfile.objects.create(user=user, time_zone="Asia/Shanghai")
+        UserProfile.objects.create(user=user)
         user.save()
         if login:
             self.client.login(username=username, password=password)

utils/management/commands/initadmin.py

@@ -33,7 +33,7 @@ class Command(BaseCommand):
             rand_password = "rootroot"
             user.set_password(rand_password)
             user.save()
-            UserProfile.objects.create(user=user, time_zone="Asia/Shanghai")
+            UserProfile.objects.create(user=user)
             self.stdout.write(self.style.SUCCESS("Successfully created super admin user.\n"
                                                  "Username: root\nPassword: %s\n"
                                                  "Remember to change password and turn on two factors auth "