移除time_zone,修复problem越权

2017-08-23 17:01:55 +08:00
parent 99fd87dbcf
commit 57ab7435af
10 changed files with 34 additions and 31 deletions
--- a/problem/serializers.py
+++ b/problem/serializers.py
@@ -74,7 +74,7 @@ class TagSerializer(serializers.ModelSerializer):
        model = ProblemTag


-class ProblemSerializer(serializers.ModelSerializer):
+class BaseProblemSerializer(serializers.ModelSerializer):
    samples = serializers.JSONField()
    test_case_score = serializers.JSONField()
    languages = serializers.JSONField()
@@ -85,20 +85,24 @@ class ProblemSerializer(serializers.ModelSerializer):
    created_by = UsernameSerializer()
    statistic_info = serializers.JSONField()

+
+class ProblemAdminSerializer(BaseProblemSerializer):
    class Meta:
        model = Problem


-class ContestProblemSerializer(serializers.ModelSerializer):
-    samples = serializers.JSONField()
-    test_case_score = serializers.JSONField()
-    languages = serializers.JSONField()
-    template = serializers.JSONField()
-    tags = serializers.SlugRelatedField(many=True, slug_field="name", read_only=True)
-    create_time = DateTimeTZField()
-    last_update_time = DateTimeTZField()
-    created_by = UsernameSerializer()
-    statistic_info = serializers.JSONField()
-
+class ContestProblemAdminSerializer(BaseProblemSerializer):
    class Meta:
        model = ContestProblem
+
+
+class ProblemSerializer(BaseProblemSerializer):
+    class Meta:
+        model = Problem
+        exclude = ("test_case_score", "test_case_id", "visible")
+
+
+class ContestProblemSerializer(BaseProblemSerializer):
+    class Meta:
+        model = ContestProblem
+        exclude = ("test_case_score", "test_case_id", "visible", "is_public")
--- a/problem/views/admin.py
+++ b/problem/views/admin.py
@@ -13,7 +13,8 @@ from utils.shortcuts import rand_str
 from ..models import ContestProblem, Problem, ProblemRuleType, ProblemTag
 from ..serializers import (CreateContestProblemSerializer,
                           CreateProblemSerializer, EditProblemSerializer,
-                           ProblemSerializer, TestCaseUploadForm)
+                           ProblemAdminSerializer, TestCaseUploadForm,
+                           ContestProblemAdminSerializer)


 class TestCaseUploadAPI(CSRFExemptAPIView):
@@ -154,7 +155,7 @@ class ProblemAPI(APIView):
            except ProblemTag.DoesNotExist:
                tag = ProblemTag.objects.create(name=item)
            problem.tags.add(tag)
-        return self.success(ProblemSerializer(problem).data)
+        return self.success(ProblemAdminSerializer(problem).data)

    @problem_permission_required
    def get(self, request):
@@ -165,7 +166,7 @@ class ProblemAPI(APIView):
                problem = Problem.objects.get(id=problem_id)
                if not user.can_mgmt_all_problem() and problem.created_by != user:
                    return self.error("Problem does not exist")
-                return self.success(ProblemSerializer(problem).data)
+                return self.success(ProblemAdminSerializer(problem).data)
            except Problem.DoesNotExist:
                return self.error("Problem does not exist")

@@ -175,7 +176,7 @@ class ProblemAPI(APIView):
        keyword = request.GET.get("keyword")
        if keyword:
            problems = problems.filter(title__contains=keyword)
-        return self.success(self.paginate_data(request, problems, ProblemSerializer))
+        return self.success(self.paginate_data(request, problems, ProblemAdminSerializer))

    @validate_serializer(EditProblemSerializer)
    @problem_permission_required
@@ -282,7 +283,7 @@ class ContestProblemAPI(APIView):
            except ProblemTag.DoesNotExist:
                tag = ProblemTag.objects.create(name=item)
            problem.tags.add(tag)
-        return self.success(ProblemSerializer(problem).data)
+        return self.success(ContestProblemAdminSerializer(problem).data)

    def get(self, request):
        problem_id = request.GET.get("id")
@@ -295,7 +296,7 @@ class ContestProblemAPI(APIView):
                    return self.error("Problem does not exist")
            except ContestProblem.DoesNotExist:
                return self.error("Problem does not exist")
-            return self.success(ProblemSerializer(problem).data)
+            return self.success(ProblemAdminSerializer(problem).data)

        if not contest_id:
            return self.error("Contest id is required")
@@ -306,4 +307,4 @@ class ContestProblemAPI(APIView):
        keyword = request.GET.get("keyword")
        if keyword:
            problems = problems.filter(title__contains=keyword)
-        return self.success(self.paginate_data(request, problems, ProblemSerializer))
+        return self.success(self.paginate_data(request, problems, ContestProblemAdminSerializer))