From 79724b04639bd0981dab4fda89a8e7fc2cf62887 Mon Sep 17 00:00:00 2001
From: virusdefender <virusdefender@outlook.com>
Date: Tue, 17 Apr 2018 23:53:49 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BC=96=E8=BE=91=E9=A2=98?=
 =?UTF-8?q?=E7=9B=AE=E4=BC=9A=E4=BF=AE=E6=94=B9=E4=BD=9C=E8=80=85=E7=9A=84?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=EF=BC=9B=E4=BF=AE=E5=A4=8D=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E5=88=A4=E6=96=AD=E6=97=B6=E5=80=99=E7=9A=84=E9=80=BB=E8=BE=91?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 account/decorators.py  | 11 +++++++++--
 problem/views/admin.py |  3 ++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/account/decorators.py b/account/decorators.py
index 36a2b44f..92f29081 100644
--- a/account/decorators.py
+++ b/account/decorators.py
@@ -1,4 +1,5 @@
 import functools
+from problem.models import Problem
 from contest.models import Contest, ContestType, ContestStatus, ContestRuleType
 from utils.api import JSONResponse, APIError
 from .models import ProblemPermission
@@ -105,5 +106,11 @@ def check_contest_permission(check_type="details"):
 
 
 def ensure_created_by(obj, user):
-    if not user.is_admin_role() or (user.is_admin() and obj.created_by != user):
-        raise APIError(msg=f"{obj.__class__.__name__} does not exist")
+    e = APIError(msg=f"{obj.__class__.__name__} does not exist")
+    if not user.is_admin_role():
+        raise e
+    if isinstance(obj, Problem):
+        if not user.can_mgmt_all_problem() and obj.created_by != user:
+            raise e
+    elif obj.created_by != user:
+        raise e
diff --git a/problem/views/admin.py b/problem/views/admin.py
index 5e8a880d..7b79ce26 100644
--- a/problem/views/admin.py
+++ b/problem/views/admin.py
@@ -181,7 +181,6 @@ class ProblemBase(APIView):
                 else:
                     total_score += item["score"]
             data["total_score"] = total_score
-        data["created_by"] = request.user
         data["languages"] = list(data["languages"])
 
     @problem_permission_required
@@ -220,6 +219,7 @@ class ProblemAPI(ProblemBase):
 
         # todo check filename and score info
         tags = data.pop("tags")
+        data["created_by"] = request.user
         problem = Problem.objects.create(**data)
 
         for item in tags:
@@ -324,6 +324,7 @@ class ContestProblemAPI(ProblemBase):
         # todo check filename and score info
         data["contest"] = contest
         tags = data.pop("tags")
+        data["created_by"] = request.user
         problem = Problem.objects.create(**data)
 
         for item in tags: