mirror of
https://github.com/QingdaoU/OnlineJudge.git
synced 2024-09-21 16:33:22 +00:00
Merge branch 'virusdefender-dev' into debug
* virusdefender-dev: 修复 None 导致的 xss filter 错误 修复分享代码时候的逻辑错误
This commit is contained in:
commit
e7aaaa523f
@ -10,8 +10,8 @@ from rest_framework.views import APIView
|
||||
|
||||
from judge.judger_controller.tasks import judge
|
||||
from judge.judger_controller.settings import redis_config
|
||||
from account.decorators import login_required
|
||||
from account.models import SUPER_ADMIN, User
|
||||
from account.decorators import login_required, super_admin_required
|
||||
from account.models import SUPER_ADMIN, User, REGULAR_USER
|
||||
|
||||
from problem.models import Problem
|
||||
from contest.models import ContestProblem, Contest
|
||||
@ -104,14 +104,17 @@ def _get_submission(submission_id, user):
|
||||
"""
|
||||
submission = Submission.objects.get(id=submission_id)
|
||||
# 超级管理员或者提交者自己或者是一个分享的提交
|
||||
if user.admin_type == SUPER_ADMIN or submission.user_id == user.id or submission.shared:
|
||||
return submission
|
||||
if user.admin_type == SUPER_ADMIN or submission.user_id == user.id:
|
||||
return {"submission": submission, "can_share": True}
|
||||
if submission.contest_id:
|
||||
contest = Contest.objects.get(id=submission.contest_id)
|
||||
# 比赛提交的话,比赛创建者也可见
|
||||
if contest.created_by == user:
|
||||
return submission
|
||||
raise Submission.DoesNotExist
|
||||
return {"submission": submission, "can_share": True}
|
||||
if submission.shared:
|
||||
return {"submission": submission, "can_share": False}
|
||||
else:
|
||||
raise Submission.DoesNotExist
|
||||
|
||||
|
||||
@login_required
|
||||
@ -120,7 +123,8 @@ def my_submission(request, submission_id):
|
||||
单个题目的提交详情页
|
||||
"""
|
||||
try:
|
||||
submission = _get_submission(submission_id, request.user)
|
||||
result = _get_submission(submission_id, request.user)
|
||||
submission = request["submission"]
|
||||
except Submission.DoesNotExist:
|
||||
return error_page(request, u"提交不存在")
|
||||
|
||||
@ -143,8 +147,10 @@ def my_submission(request, submission_id):
|
||||
info = submission.info
|
||||
else:
|
||||
info = None
|
||||
user = User.objects.get(id=submission.user_id)
|
||||
return render(request, "oj/problem/my_submission.html",
|
||||
{"submission": submission, "problem": problem, "info": info})
|
||||
{"submission": submission, "problem": problem, "info": info,
|
||||
"user": user, "can_share": result["can_share"]})
|
||||
|
||||
|
||||
class SubmissionAdminAPIView(APIView):
|
||||
@ -222,9 +228,12 @@ class SubmissionShareAPIView(APIView):
|
||||
if serializer.is_valid():
|
||||
submission_id = serializer.data["submission_id"]
|
||||
try:
|
||||
submission = _get_submission(submission_id, request.user)
|
||||
result = _get_submission(submission_id, request.user)
|
||||
except Submission.DoesNotExist:
|
||||
return error_response(u"提交不存在")
|
||||
if not request["can_share"]:
|
||||
return error_page(request, u"提交不存在")
|
||||
submission = result["submission"]
|
||||
submission.shared = not submission.shared
|
||||
submission.save()
|
||||
return success_response(submission.shared)
|
||||
@ -233,6 +242,7 @@ class SubmissionShareAPIView(APIView):
|
||||
|
||||
|
||||
class SubmissionRejudgeAdminAPIView(APIView):
|
||||
@super_admin_required
|
||||
def post(self, request):
|
||||
serializer = SubmissionRejudgeSerializer(data=request.data)
|
||||
if serializer.is_valid():
|
||||
|
@ -8,6 +8,8 @@ class RichTextField(models.TextField):
|
||||
__metaclass__ = models.SubfieldBase
|
||||
|
||||
def get_prep_value(self, value):
|
||||
if not value:
|
||||
return value
|
||||
parser = XssHtml()
|
||||
parser.feed(value)
|
||||
parser.close()
|
||||
|
Loading…
Reference in New Issue
Block a user