添加contest access api

2017-07-20 15:52:11 +08:00
parent 8b85f86124
commit 17432b4c81
7 changed files with 60 additions and 13 deletions
--- a/account/decorators.py
+++ b/account/decorators.py
@@ -4,7 +4,7 @@ from utils.api import JSONResponse

 from .models import ProblemPermission

-from contest.models import Contest, ContestType
+from contest.models import Contest, ContestType, ContestStatus


 class BasePermissionDecorator(object):
@@ -80,12 +80,15 @@ def check_contest_permission(func):
        except Contest.DoesNotExist:
            return self.error("Contest %s doesn't exist" % contest_id)

+        if self.contest.status == ContestStatus.CONTEST_NOT_START and user != self.contest.created_by:
+            return self.error("Contest has not started yet.")
+
        if self.contest.contest_type == ContestType.PASSWORD_PROTECTED_CONTEST:
            # Anonymous
            if not user.is_authenticated():
                return self.error("Please login in first.")
            # creator
-            if request.user == self.contest.created_by:
+            if user == self.contest.created_by:
                return func(*args, **kwargs)
            # password error
            if ("contests" not in request.session) or (self.contest.id not in request.session["contests"]):
--- a/account/urls/user.py
+++ b/account/urls/user.py
@@ -4,7 +4,7 @@ from ..views.user import (SSOAPI, AvatarUploadAPI, TwoFactorAuthAPI,
                          UserNameAPI, UserProfileAPI)

 urlpatterns = [
-    url(r"^username/?$", UserNameAPI.as_view(), name="user_name_api"),
+    # url(r"^username/?$", UserNameAPI.as_view(), name="user_name_api"),
    url(r"^profile/?$", UserProfileAPI.as_view(), name="user_profile_api"),
    url(r"^avatar/upload/?$", AvatarUploadAPI.as_view(), name="avatar_upload_api"),
    url(r"^sso/?$", SSOAPI.as_view(), name="sso_api"),
--- a/account/views/user.py
+++ b/account/views/user.py
@@ -39,15 +39,19 @@ class UserNameAPI(APIView):


 class UserProfileAPI(APIView):
-    @login_required
+    """
+    判断是否登录， 若登录返回用户信息
+    """
+    @method_decorator(ensure_csrf_cookie)
    def get(self, request, **kwargs):
-        """
-        Return user info according username or user_id
-        """
+        user = request.user
+        if not user.is_authenticated():
+            return self.success(0)
+
        username = request.GET.get("username")
        try:
            if username:
-                user = User.objects.get(username=username)
+                user = User.objects.get(username=username, is_disabled=False)
            else:
                user = request.user
        except User.DoesNotExist: