添加contest ip限制api；

OI problem的AC，total count也算入profile了
2017-11-10 19:40:54 +08:00
parent 48f65d1a14
commit 727fbf48d8
13 changed files with 96 additions and 21 deletions
--- a/account/decorators.py
+++ b/account/decorators.py
@@ -82,7 +82,7 @@ def check_contest_permission(check_type="details"):
                return self.error("Contest %s doesn't exist" % contest_id)

            # creator or owner
-            if self.contest.is_contest_admin(user):
+            if user.is_authenticated() and user.is_contest_admin(self.contest):
                return func(*args, **kwargs)

            if self.contest.contest_type == ContestType.PASSWORD_PROTECTED_CONTEST:
--- a/account/models.py
+++ b/account/models.py
@@ -59,6 +59,9 @@ class User(AbstractBaseUser):
    def can_mgmt_all_problem(self):
        return self.problem_permission == ProblemPermission.ALL

+    def is_contest_admin(self, contest):
+        return self.is_authenticated() and (contest.created_by == self or self.admin_type == AdminType.SUPER_ADMIN)
+
    class Meta:
        db_table = "user"

--- a/account/views/oj.py
+++ b/account/views/oj.py
@@ -277,6 +277,8 @@ class UserChangePasswordAPI(APIView):
 class ApplyResetPasswordAPI(APIView):
    @validate_serializer(ApplyResetPasswordSerializer)
    def post(self, request):
+        if request.user.is_authenticated():
+            return self.error("You have already logged in, are you kidding me? ")
        data = request.data
        captcha = Captcha(request)
        if not captcha.check(data["captcha"]):