From 96b409d1f064c04b18316fa344de2aaa436e9fb2 Mon Sep 17 00:00:00 2001 From: sxw Date: Wed, 9 Dec 2015 20:02:47 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=BE=83=E5=A4=9A=EF=BC=8C?= =?UTF-8?q?=E6=B6=89=E5=8F=8A=E5=88=B0=E5=B0=8F=E7=BB=84=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E5=AF=B9=E6=AF=94=E8=B5=9B=E7=9A=84=E7=AE=A1=E7=90=86?= =?UTF-8?q?=EF=BC=8C=E5=B0=8F=E7=BB=84=E7=AE=A1=E7=90=86=E5=91=98=E5=8F=AF?= =?UTF-8?q?=E4=BB=A5=E7=9C=8B=E5=88=B0=E4=BB=96=E7=AE=A1=E7=90=86=E7=9A=84?= =?UTF-8?q?=E5=B0=8F=E7=BB=84=E7=9A=84=E5=85=B6=E4=BB=96=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E5=88=9B=E5=BB=BA=E7=9A=84=E6=AF=94=E8=B5=9B=EF=BC=8C?= =?UTF-8?q?=E4=BD=86=E7=9C=8B=E4=B8=8D=E5=88=B0=E5=88=AB=E4=BA=BA=E7=9A=84?= =?UTF-8?q?=E9=A2=98=E7=9B=AE=EF=BC=8C=E4=BD=86=E6=98=AF=E5=8F=AF=E4=BB=A5?= =?UTF-8?q?=E4=BB=8E=E5=89=8D=E5=8F=B0=E7=9C=8B=E5=88=B0=E6=AF=94=E8=B5=9B?= =?UTF-8?q?=E7=9A=84=E9=A2=98=E7=9B=AE=EF=BC=8C=E5=8F=AF=E4=BB=A5=E5=9C=A8?= =?UTF-8?q?=E6=AF=94=E8=B5=9B=E5=BC=80=E5=A7=8B=E5=89=8D=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E9=A2=98=E7=9B=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contest/decorators.py | 7 +++++-- contest/views.py | 29 +++++++++++++++++++---------- 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/contest/decorators.py b/contest/decorators.py index 0dad16f..663f8fb 100644 --- a/contest/decorators.py +++ b/contest/decorators.py @@ -8,7 +8,7 @@ from django.core.urlresolvers import reverse from utils.shortcuts import error_response, error_page -from account.models import SUPER_ADMIN +from account.models import SUPER_ADMIN, ADMIN from .models import (Contest, PASSWORD_PROTECTED_CONTEST, PASSWORD_PROTECTED_GROUP_CONTEST, PUBLIC_CONTEST, GROUP_CONTEST, CONTEST_ENDED, CONTEST_NOT_START, CONTEST_UNDERWAY) @@ -57,7 +57,10 @@ def check_user_contest_permission(func): if request.user.admin_type == SUPER_ADMIN or request.user == contest.created_by: return func(*args, **kwargs) - + if request.user.admin_type == ADMIN: + contest_set = Contest.objects.filter(groups__in=request.user.managed_groups.all()) + if contest in contest_set: + return func(*args, **kwargs) # 管理员可见隐藏的比赛,已经先判断了身份 if not contest.visible: if request.is_ajax(): diff --git a/contest/views.py b/contest/views.py index 2253955..cfc2049 100644 --- a/contest/views.py +++ b/contest/views.py @@ -17,7 +17,7 @@ from utils.shortcuts import (serializer_invalid_response, error_response, success_response, paginate, error_page, paginate_data) from account.models import SUPER_ADMIN, User from account.decorators import login_required, super_admin_required -from group.models import Group +from group.models import Group, AdminGroupRelation, UserGroupRelation from utils.cache import get_cache_redis from submission.models import Submission from problem.models import Problem @@ -91,8 +91,10 @@ class ContestAdminAPIView(APIView): try: # 超级管理员可以编辑所有的 contest = Contest.objects.get(id=data["id"]) - if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: - return error_response(u"无权访问!") + if request.user.admin_type != SUPER_ADMIN: + contest_set = Contest.objects.filter(groups__in=request.user.managed_groups.all()) + if contest not in contest_set: + return error_response(u"无权访问!") except Contest.DoesNotExist: return error_response(u"该比赛不存在!") try: @@ -151,16 +153,18 @@ class ContestAdminAPIView(APIView): # 普通管理员只能获取自己创建的题目 # 超级管理员可以获取全部的题目 contest = Contest.objects.get(id=contest_id) - if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: - return error_response(u"题目不存在") + if request.user.admin_type != SUPER_ADMIN: + contest_set = Contest.objects.filter(groups__in=request.user.managed_groups.all()) + if contest not in contest_set: + return error_response(u"比赛不存在") return success_response(ContestSerializer(contest).data) except Contest.DoesNotExist: - return error_response(u"题目不存在") + return error_response(u"比赛不存在") if request.user.admin_type == SUPER_ADMIN: contest = Contest.objects.all().order_by("-create_time") else: - contest = Contest.objects.filter(created_by=request.user).order_by("-create_time") + contest = Contest.objects.filter(groups__in=request.user.managed_groups.all()).distinct().order_by("-create_time") visible = request.GET.get("visible", None) if visible: contest = contest.filter(visible=(visible == "true")) @@ -184,8 +188,10 @@ class ContestProblemAdminAPIView(APIView): data = serializer.data try: contest = Contest.objects.get(id=data["contest_id"]) - if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: - return error_response(u"比赛不存在") + if request.user.admin_type != SUPER_ADMIN: + contest_set = Contest.objects.filter(groups__in=request.user.managed_groups.all()) + if contest not in contest_set: + return error_response(u"比赛不存在") except Contest.DoesNotExist: return error_response(u"比赛不存在") contest_problem = ContestProblem.objects.create(title=data["title"], @@ -362,7 +368,10 @@ def contest_problem_page(request, contest_id, contest_problem_id): request.user.admin_type == SUPER_ADMIN or \ request.user == contest.created_by: show_submit_code_area = True - + else: + contest_set = Contest.objects.filter(groups__in=request.user.managed_groups.all()) + if contest in contest_set: + show_submit_code_area = True return render(request, "oj/problem/contest_problem.html", {"problem": problem, "contest": contest, "samples": json.loads(problem.samples),