xuyue/OnlineJudge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加比赛的权限管理 decorator

Browse Source
This commit is contained in:
virusdefender
2015-08-23 14:31:53 +08:00
parent 748e36d33c
commit 09d0968b73
3 changed files with 90 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
contest/decorators.py Normal file
View File

@@ -0,0 +1,86 @@
# coding=utf-8
from functools import wraps
from django.http import HttpResponse
from django.shortcuts import render
from django.utils.timezone import now
from utils.shortcuts import error_response, error_page
from account.models import SUPER_ADMIN
from .models import Contest
def check_user_contest_permission(func):
@wraps(func)
def _check_user_contest_permission(*args, **kwargs):
"""
这个函数检查当前的这个比赛对于 request 的用户来说能不能参加
需要比较:比赛的开始和结束时间、比赛是否有密码、比赛是不是限定指定小组参加
如果是有密码或者限定指定小组参加的话,即使比赛已经结束,那么也是可以看到所有的题目和结果的
否则不能看到这个比赛的题目结果排名等等
"""
# CBV 的情况第一个参数是self第二个参数是request
if len(args) == 2:
request = args[-1]
else:
request = args[0]
if not request.user.is_authenticated():
if request.is_ajax():
return error_response(u"请先登录")
else:
return error_page(request, u"请先登录")
# kwargs 就包含了url 里面的播或参数
if "contest_id" in kwargs:
contest_id = kwargs["contest_id"]
elif "contest_id" in request.data:
contest_id = request.data["contest_id"]
else:
if request.is_ajax():
return error_response(u"参数错误")
else:
return error_page(request, u"参数错误")
try:
contest = Contest.objects.get(id=contest_id)
except Contest.DoesNotExist:
if request.is_ajax():
return error_response(u"比赛不存在")
else:
return error_page(request, u"比赛不存在")
if request.user.admin_type == SUPER_ADMIN or request.user == contest.created_by:
return func(*args, **kwargs)
# 有密码的公开赛
if contest.contest_type == 2:
# 没有输入过密码
if contest.id not in request.session.get("contests", []):
if request.is_ajax():
return error_response(u"请先输入密码")
else:
return render(request, "oj/contest/no_contest_permission.html",
{"reason": "password_protect", "show_tab": False, "contest": contest})
# 指定小组参加的
if contest.contest_type == 0:
if not contest.groups.filter(id__in=request.user.group_set.all()).exists():
if request.is_ajax():
return error_response(u"只有指定小组的可以参加这场比赛")
else:
return render(request, "oj/contest/no_contest_permission.html",
{"reason": "group_limited", "show_tab": False, "contest": contest})
# 比赛没有开始
if contest.start_time > now():
if request.is_ajax():
return error_response(u"比赛还没有开始")
else:
return render(request, "oj/contest/no_contest_permission.html",
{"reason": "contest_not_start", "show_tab": False, "contest": contest})
return func(*args, **kwargs)
return _check_user_contest_permission

26
contest/views.py
View File

@@ -1,7 +1,8 @@
# coding=utf-8 # coding=utf-8
import json import json
import datetime import datetime
from django.utils.timezone import localtime from functools import wraps
from django.utils.timezone import now
from django.shortcuts import render from django.shortcuts import render
from django.db import IntegrityError from django.db import IntegrityError
from django.utils import dateparse from django.utils import dateparse
@@ -17,6 +18,7 @@ from group.models import Group
from announcement.models import Announcement from announcement.models import Announcement
from .models import Contest, ContestProblem from .models import Contest, ContestProblem
from .decorators import check_user_contest_permission
from .serializers import (CreateContestSerializer, ContestSerializer, EditContestSerializer, from .serializers import (CreateContestSerializer, ContestSerializer, EditContestSerializer,
CreateContestProblemSerializer, ContestProblemSerializer, CreateContestProblemSerializer, ContestProblemSerializer,
EditContestProblemSerializer, ContestPasswordVerifySerializer, EditContestProblemSerializer, ContestPasswordVerifySerializer,
@@ -251,33 +253,13 @@ class ContestPasswordVerifyAPIView(APIView):
return serializer_invalid_response(serializer) return serializer_invalid_response(serializer)
def check_user_contest_permission(request, contest): @check_user_contest_permission
# 有密码的公开赛
if contest.contest_type == 2:
# 没有输入过密码
if contest.id not in request.session.get("contests", []):
return {"result": False, "reason": "password_protect"}
# 指定小组参加的
if contest.contest_type == 0:
if not contest.groups.filter(id__in=request.user.group_set.all()).exists():
return {"result": False, "reason": "limited_group"}
return {"result": True}
@login_required
def contest_page(request, contest_id): def contest_page(request, contest_id):
try: try:
contest = Contest.objects.get(id=contest_id) contest = Contest.objects.get(id=contest_id)
except Contest.DoesNotExist: except Contest.DoesNotExist:
return error_page(request, u"比赛不存在") return error_page(request, u"比赛不存在")
Contest.objects.filter(Q(contest_type__in=[1, 2]) | Q(groups__in=request.user.group_set.all()))
result = check_user_contest_permission(request, contest)
if not result["result"]:
return render(request, "oj/contest/contest_no_privilege.html", {"contest": contest, "reason": result["reason"]})
return render(request, "oj/contest/contest_index.html", {"contest": contest}) return render(request, "oj/contest/contest_index.html", {"contest": contest})

0
template/oj/contest/contest_no_privilege.html → template/oj/contest/no_contest_permission.html
View File