The CSRF 403 error was expected Django behavior (no CSRF cookie in curl).
FormatCodeAPI should follow SubmissionAPI's pattern (APIView, not CSRF-exempt).
Verified with GET request: /api/format_code returns 405 (correct route resolution).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Task 4: Register the FormatCodeAPI view to the /api/format_code endpoint.
Also fix: Make FormatCodeAPI extend CSRFExemptAPIView instead of APIView
so that the manual verification curl commands receive JSON responses
(login-required error) instead of HTML 403 Forbidden responses. This is
necessary for the view to work with the @login_required decorator which
expects to return JSON errors, not be blocked by CSRF middleware.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Plan: ruff for Python3, clang-format (LLVM/4-space/Attach) for C/C++,
called via new /api/format_code endpoint before submission.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
StuckProblems, TopACTrend, AI user analysis, and problemset user
progress are now accessible to Teacher Admin (previously super-only).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces a four-tier role system: Regular User → Student Admin →
Teacher Admin → Super Admin. Teacher Admin can manage own contests,
problemsets, and view classroom data. Student Admin (renamed from Admin)
retains problem management only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
