From 0bac0da9795333f9986258d80901a3a31c3cbdc1 Mon Sep 17 00:00:00 2001 From: uzi Date: Thu, 29 Oct 2015 17:02:57 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=B8=80=E4=BA=9B=E5=B0=8F?= =?UTF-8?q?=E9=97=AE=E9=A2=98=EF=BC=8C=E4=B8=BB=E8=A6=81=E6=98=AF=E5=9C=A8?= =?UTF-8?q?=E9=9D=9E=E7=AE=A1=E7=90=86=E5=91=98=E7=94=A8=E6=88=B7=E6=97=B6?= =?UTF-8?q?=EF=BC=8C=E4=BC=9A=E8=B0=83=E7=94=A8models=E7=9A=84=E5=AD=97?= =?UTF-8?q?=E5=85=B8=E5=AF=B9=E8=B1=A1=E7=9A=84get=E6=96=B9=E6=B3=95?= =?UTF-8?q?=EF=BC=8C=E5=AE=9E=E9=99=85=E4=B8=8A=E8=BF=99=E4=B8=AA=E5=AD=97?= =?UTF-8?q?=E5=85=B8=E6=B2=A1=E6=9C=89get=E6=96=B9=E6=B3=95=EF=BC=8C?= =?UTF-8?q?=E4=BC=9A=E5=BC=95=E5=8F=91500=EF=BC=8C=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E6=88=90=E4=BA=86=E5=88=A4=E6=96=AD=E6=AF=94=E8=B5=9B=EF=BC=88?= =?UTF-8?q?=E6=88=96=E8=80=85=E6=AF=94=E8=B5=9B=E9=A2=98=E7=9B=AE=EF=BC=89?= =?UTF-8?q?=E7=9A=84=E5=88=9B=E5=BB=BA=E8=80=85=E6=98=AF=E5=90=A6=E7=AD=89?= =?UTF-8?q?=E4=BA=8Erequest.user=EF=BC=9B=20=20=20=E5=8F=A6=E5=A4=96?= =?UTF-8?q?=E4=BB=BF=E7=85=A7problem=E6=B7=BB=E5=8A=A0=E4=BA=86=E5=AF=B9?= =?UTF-8?q?=E5=8D=95=E4=B8=AA=E6=AF=94=E8=B5=9B=E4=BF=A1=E6=81=AF=E7=9A=84?= =?UTF-8?q?GETapi?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contest/views.py | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/contest/views.py b/contest/views.py index 29c943a..d2a22b2 100644 --- a/contest/views.py +++ b/contest/views.py @@ -90,8 +90,8 @@ class ContestAdminAPIView(APIView): try: # 超级管理员可以编辑所有的 contest = Contest.objects.get(id=data["id"]) - if request.user.admin_type != SUPER_ADMIN: - contest = contest.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"无权访问!") except Contest.DoesNotExist: return error_response(u"该比赛不存在!") try: @@ -144,6 +144,18 @@ class ContestAdminAPIView(APIView): --- response_serializer: ContestSerializer """ + contest_id = request.GET.get("contest_id", None) + if contest_id: + try: + # 普通管理员只能获取自己创建的题目 + # 超级管理员可以获取全部的题目 + contest = Contest.objects.get(id=contest_id) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"题目不存在") + return success_response(ContestSerializer(contest).data) + except Contest.DoesNotExist: + return error_response(u"题目不存在") + if request.user.admin_type == SUPER_ADMIN: contest = Contest.objects.all().order_by("-create_time") else: @@ -171,8 +183,8 @@ class ContestProblemAdminAPIView(APIView): data = serializer.data try: contest = Contest.objects.get(id=data["contest_id"]) - if request.user.admin_type != SUPER_ADMIN: - contest = contest.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"比赛不存在") except Contest.DoesNotExist: return error_response(u"比赛不存在") contest_problem = ContestProblem.objects.create(title=data["title"], @@ -238,8 +250,8 @@ class ContestProblemAdminAPIView(APIView): if contest_problem_id: try: contest_problem = ContestProblem.objects.get(id=contest_problem_id) - if request.user.admin_type != SUPER_ADMIN: - contest_problem = contest_problem.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest_problem.created_by != request.user: + return error_response(u"比赛题目不存在") return success_response(ContestProblemSerializer(contest_problem).data) except ContestProblem.DoesNotExist: return error_response(u"比赛题目不存在")