From 266ce4de66cdf19b80a41a51a2224e0ccce4ba48 Mon Sep 17 00:00:00 2001 From: sxw Date: Fri, 30 Oct 2015 14:54:03 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=B0=8Fbug=EF=BC=8C?= =?UTF-8?q?=E4=BB=BF=E7=85=A7problem=20GET=E6=B7=BB=E5=8A=A0=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E5=8D=95=E4=B8=AA=E6=AF=94=E8=B5=9B=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E7=9A=84API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contest/views.py | 24 ++++++++++++++++++------ problem/views.py | 4 ++-- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/contest/views.py b/contest/views.py index 29c943a7..d2a22b26 100644 --- a/contest/views.py +++ b/contest/views.py @@ -90,8 +90,8 @@ class ContestAdminAPIView(APIView): try: # 超级管理员可以编辑所有的 contest = Contest.objects.get(id=data["id"]) - if request.user.admin_type != SUPER_ADMIN: - contest = contest.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"无权访问!") except Contest.DoesNotExist: return error_response(u"该比赛不存在!") try: @@ -144,6 +144,18 @@ class ContestAdminAPIView(APIView): --- response_serializer: ContestSerializer """ + contest_id = request.GET.get("contest_id", None) + if contest_id: + try: + # 普通管理员只能获取自己创建的题目 + # 超级管理员可以获取全部的题目 + contest = Contest.objects.get(id=contest_id) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"题目不存在") + return success_response(ContestSerializer(contest).data) + except Contest.DoesNotExist: + return error_response(u"题目不存在") + if request.user.admin_type == SUPER_ADMIN: contest = Contest.objects.all().order_by("-create_time") else: @@ -171,8 +183,8 @@ class ContestProblemAdminAPIView(APIView): data = serializer.data try: contest = Contest.objects.get(id=data["contest_id"]) - if request.user.admin_type != SUPER_ADMIN: - contest = contest.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest.created_by != request.user: + return error_response(u"比赛不存在") except Contest.DoesNotExist: return error_response(u"比赛不存在") contest_problem = ContestProblem.objects.create(title=data["title"], @@ -238,8 +250,8 @@ class ContestProblemAdminAPIView(APIView): if contest_problem_id: try: contest_problem = ContestProblem.objects.get(id=contest_problem_id) - if request.user.admin_type != SUPER_ADMIN: - contest_problem = contest_problem.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and contest_problem.created_by != request.user: + return error_response(u"比赛题目不存在") return success_response(ContestProblemSerializer(contest_problem).data) except ContestProblem.DoesNotExist: return error_response(u"比赛题目不存在") diff --git a/problem/views.py b/problem/views.py index e48b8a5c..5f1d5353 100644 --- a/problem/views.py +++ b/problem/views.py @@ -136,8 +136,8 @@ class ProblemAdminAPIView(APIView): # 普通管理员只能获取自己创建的题目 # 超级管理员可以获取全部的题目 problem = Problem.objects.get(id=problem_id) - if request.user.admin_type != SUPER_ADMIN: - problem = problem.get(created_by=request.user) + if request.user.admin_type != SUPER_ADMIN and problem.created_by != request.user: + return error_response(u"题目不存在") return success_response(ProblemSerializer(problem).data) except Problem.DoesNotExist: return error_response(u"题目不存在")