mirror of
https://github.com/QingdaoU/OnlineJudge.git
synced 2025-01-01 10:02:01 +00:00
移除time_zone,修复problem越权
This commit is contained in:
parent
99fd87dbcf
commit
57ab7435af
@ -80,7 +80,6 @@ class UserProfile(models.Model):
|
||||
school = models.CharField(max_length=200, blank=True, null=True)
|
||||
major = models.CharField(max_length=200, blank=True, null=True)
|
||||
student_id = models.CharField(max_length=15, blank=True, null=True)
|
||||
time_zone = models.CharField(max_length=32, blank=True, null=True)
|
||||
language = models.CharField(max_length=32, blank=True, null=True)
|
||||
# for ACM
|
||||
accepted_number = models.IntegerField(default=0)
|
||||
|
@ -247,7 +247,7 @@ class UserRegisterAPI(APIView):
|
||||
user = User.objects.create(username=data["username"], email=data["email"])
|
||||
user.set_password(data["password"])
|
||||
user.save()
|
||||
UserProfile.objects.create(user=user, time_zone=settings.USER_DEFAULT_TZ)
|
||||
UserProfile.objects.create(user=user)
|
||||
return self.success("Succeeded")
|
||||
|
||||
|
||||
|
@ -2,11 +2,12 @@ from django.conf.urls import url
|
||||
|
||||
from ..views.oj import ContestAnnouncementListAPI, ContestAPI
|
||||
from ..views.oj import ContestPasswordVerifyAPI, ContestAccessAPI
|
||||
from ..views.oj import ContestRankAPI
|
||||
|
||||
urlpatterns = [
|
||||
url(r"^contest/?$", ContestAPI.as_view(), name="contest_api"),
|
||||
url(r"^contest/password/?$", ContestPasswordVerifyAPI.as_view(), name="contest_password_api"),
|
||||
url(r"^contest/announcement/?$", ContestAnnouncementListAPI.as_view(), name="contest_announcement_api"),
|
||||
url(r"^contest/access/?$", ContestAccessAPI.as_view(), name="contest_access_api"),
|
||||
|
||||
url(r"^contest_rank/?$", ContestRankAPI.as_view(), name="contest_rank_api"),
|
||||
]
|
||||
|
@ -89,9 +89,10 @@ class ContestAccessAPI(APIView):
|
||||
|
||||
class ContestRankAPI(APIView):
|
||||
def get_rank(self):
|
||||
if self.contest.contest_type == ContestRuleType.ACM:
|
||||
if self.contest.rule_type == ContestRuleType.ACM:
|
||||
rank = ACMContestRank.objects.filter(contest=self.contest). \
|
||||
select_related("user").order_by("-total_ac_number", "total_time")
|
||||
print(rank)
|
||||
return ACMContestRankSerializer(rank, many=True).data
|
||||
else:
|
||||
rank = OIContestRank.objects.filter(contest=self.contest). \
|
||||
|
@ -61,7 +61,7 @@ MIDDLEWARE_CLASSES = (
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
'account.middleware.AdminRoleRequiredMiddleware',
|
||||
'account.middleware.SessionSecurityMiddleware',
|
||||
'account.middleware.TimezoneMiddleware'
|
||||
# 'account.middleware.TimezoneMiddleware'
|
||||
)
|
||||
|
||||
ROOT_URLCONF = 'oj.urls'
|
||||
@ -97,9 +97,6 @@ USE_L10N = True
|
||||
|
||||
USE_TZ = True
|
||||
|
||||
# in user's profile
|
||||
USER_DEFAULT_TZ = 'Asia/Shanghai'
|
||||
|
||||
# Static files (CSS, JavaScript, Images)
|
||||
# https://docs.djangoproject.com/en/1.8/howto/static-files/
|
||||
|
||||
|
@ -74,7 +74,7 @@ class TagSerializer(serializers.ModelSerializer):
|
||||
model = ProblemTag
|
||||
|
||||
|
||||
class ProblemSerializer(serializers.ModelSerializer):
|
||||
class BaseProblemSerializer(serializers.ModelSerializer):
|
||||
samples = serializers.JSONField()
|
||||
test_case_score = serializers.JSONField()
|
||||
languages = serializers.JSONField()
|
||||
@ -85,20 +85,24 @@ class ProblemSerializer(serializers.ModelSerializer):
|
||||
created_by = UsernameSerializer()
|
||||
statistic_info = serializers.JSONField()
|
||||
|
||||
|
||||
class ProblemAdminSerializer(BaseProblemSerializer):
|
||||
class Meta:
|
||||
model = Problem
|
||||
|
||||
|
||||
class ContestProblemSerializer(serializers.ModelSerializer):
|
||||
samples = serializers.JSONField()
|
||||
test_case_score = serializers.JSONField()
|
||||
languages = serializers.JSONField()
|
||||
template = serializers.JSONField()
|
||||
tags = serializers.SlugRelatedField(many=True, slug_field="name", read_only=True)
|
||||
create_time = DateTimeTZField()
|
||||
last_update_time = DateTimeTZField()
|
||||
created_by = UsernameSerializer()
|
||||
statistic_info = serializers.JSONField()
|
||||
|
||||
class ContestProblemAdminSerializer(BaseProblemSerializer):
|
||||
class Meta:
|
||||
model = ContestProblem
|
||||
|
||||
|
||||
class ProblemSerializer(BaseProblemSerializer):
|
||||
class Meta:
|
||||
model = Problem
|
||||
exclude = ("test_case_score", "test_case_id", "visible")
|
||||
|
||||
|
||||
class ContestProblemSerializer(BaseProblemSerializer):
|
||||
class Meta:
|
||||
model = ContestProblem
|
||||
exclude = ("test_case_score", "test_case_id", "visible", "is_public")
|
||||
|
@ -13,7 +13,8 @@ from utils.shortcuts import rand_str
|
||||
from ..models import ContestProblem, Problem, ProblemRuleType, ProblemTag
|
||||
from ..serializers import (CreateContestProblemSerializer,
|
||||
CreateProblemSerializer, EditProblemSerializer,
|
||||
ProblemSerializer, TestCaseUploadForm)
|
||||
ProblemAdminSerializer, TestCaseUploadForm,
|
||||
ContestProblemAdminSerializer)
|
||||
|
||||
|
||||
class TestCaseUploadAPI(CSRFExemptAPIView):
|
||||
@ -154,7 +155,7 @@ class ProblemAPI(APIView):
|
||||
except ProblemTag.DoesNotExist:
|
||||
tag = ProblemTag.objects.create(name=item)
|
||||
problem.tags.add(tag)
|
||||
return self.success(ProblemSerializer(problem).data)
|
||||
return self.success(ProblemAdminSerializer(problem).data)
|
||||
|
||||
@problem_permission_required
|
||||
def get(self, request):
|
||||
@ -165,7 +166,7 @@ class ProblemAPI(APIView):
|
||||
problem = Problem.objects.get(id=problem_id)
|
||||
if not user.can_mgmt_all_problem() and problem.created_by != user:
|
||||
return self.error("Problem does not exist")
|
||||
return self.success(ProblemSerializer(problem).data)
|
||||
return self.success(ProblemAdminSerializer(problem).data)
|
||||
except Problem.DoesNotExist:
|
||||
return self.error("Problem does not exist")
|
||||
|
||||
@ -175,7 +176,7 @@ class ProblemAPI(APIView):
|
||||
keyword = request.GET.get("keyword")
|
||||
if keyword:
|
||||
problems = problems.filter(title__contains=keyword)
|
||||
return self.success(self.paginate_data(request, problems, ProblemSerializer))
|
||||
return self.success(self.paginate_data(request, problems, ProblemAdminSerializer))
|
||||
|
||||
@validate_serializer(EditProblemSerializer)
|
||||
@problem_permission_required
|
||||
@ -282,7 +283,7 @@ class ContestProblemAPI(APIView):
|
||||
except ProblemTag.DoesNotExist:
|
||||
tag = ProblemTag.objects.create(name=item)
|
||||
problem.tags.add(tag)
|
||||
return self.success(ProblemSerializer(problem).data)
|
||||
return self.success(ContestProblemAdminSerializer(problem).data)
|
||||
|
||||
def get(self, request):
|
||||
problem_id = request.GET.get("id")
|
||||
@ -295,7 +296,7 @@ class ContestProblemAPI(APIView):
|
||||
return self.error("Problem does not exist")
|
||||
except ContestProblem.DoesNotExist:
|
||||
return self.error("Problem does not exist")
|
||||
return self.success(ProblemSerializer(problem).data)
|
||||
return self.success(ProblemAdminSerializer(problem).data)
|
||||
|
||||
if not contest_id:
|
||||
return self.error("Contest id is required")
|
||||
@ -306,4 +307,4 @@ class ContestProblemAPI(APIView):
|
||||
keyword = request.GET.get("keyword")
|
||||
if keyword:
|
||||
problems = problems.filter(title__contains=keyword)
|
||||
return self.success(self.paginate_data(request, problems, ProblemSerializer))
|
||||
return self.success(self.paginate_data(request, problems, ContestProblemAdminSerializer))
|
||||
|
@ -55,7 +55,7 @@ class SubmissionAPI(APIView):
|
||||
except Contest.DoesNotExist:
|
||||
return self.error("Contest doesn't exist.")
|
||||
if contest.status != ContestStatus.CONTEST_UNDERWAY and request.user != contest.created_by:
|
||||
return self.error("You have no permission to submit code.")
|
||||
return self.error("Contest have not started or have ended, you can't submit code.")
|
||||
return _submit(self, request.user, data["problem_id"], data["language"], data["code"], data.get("contest_id"))
|
||||
|
||||
@login_required
|
||||
@ -64,7 +64,7 @@ class SubmissionAPI(APIView):
|
||||
if not submission_id:
|
||||
return self.error("Parameter id doesn't exist.")
|
||||
try:
|
||||
submission = Submission.objects.get(id=submission_id, user_id=request.user.id)
|
||||
submission = Submission.objects.get(id=submission_id)
|
||||
except Submission.DoesNotExist:
|
||||
return self.error("Submission doesn't exist.")
|
||||
if not submission.check_user_permission(request.user):
|
||||
|
@ -11,7 +11,7 @@ class APITestCase(TestCase):
|
||||
def create_user(self, username, password, admin_type=AdminType.REGULAR_USER, login=True, problem_permission=ProblemPermission.NONE):
|
||||
user = User.objects.create(username=username, admin_type=admin_type, problem_permission=problem_permission)
|
||||
user.set_password(password)
|
||||
UserProfile.objects.create(user=user, time_zone="Asia/Shanghai")
|
||||
UserProfile.objects.create(user=user)
|
||||
user.save()
|
||||
if login:
|
||||
self.client.login(username=username, password=password)
|
||||
|
@ -33,7 +33,7 @@ class Command(BaseCommand):
|
||||
rand_password = "rootroot"
|
||||
user.set_password(rand_password)
|
||||
user.save()
|
||||
UserProfile.objects.create(user=user, time_zone="Asia/Shanghai")
|
||||
UserProfile.objects.create(user=user)
|
||||
self.stdout.write(self.style.SUCCESS("Successfully created super admin user.\n"
|
||||
"Username: root\nPassword: %s\n"
|
||||
"Remember to change password and turn on two factors auth "
|
||||
|
Loading…
Reference in New Issue
Block a user