mirror of
https://github.com/QingdaoU/OnlineJudge.git
synced 2024-09-21 16:33:22 +00:00
Merge branch 'virusdefender-dev' into debug
* virusdefender-dev: 修复 None 导致的 xss filter 错误 修复分享代码时候的逻辑错误
This commit is contained in:
commit
e7aaaa523f
@ -10,8 +10,8 @@ from rest_framework.views import APIView
|
|||||||
|
|
||||||
from judge.judger_controller.tasks import judge
|
from judge.judger_controller.tasks import judge
|
||||||
from judge.judger_controller.settings import redis_config
|
from judge.judger_controller.settings import redis_config
|
||||||
from account.decorators import login_required
|
from account.decorators import login_required, super_admin_required
|
||||||
from account.models import SUPER_ADMIN, User
|
from account.models import SUPER_ADMIN, User, REGULAR_USER
|
||||||
|
|
||||||
from problem.models import Problem
|
from problem.models import Problem
|
||||||
from contest.models import ContestProblem, Contest
|
from contest.models import ContestProblem, Contest
|
||||||
@ -104,13 +104,16 @@ def _get_submission(submission_id, user):
|
|||||||
"""
|
"""
|
||||||
submission = Submission.objects.get(id=submission_id)
|
submission = Submission.objects.get(id=submission_id)
|
||||||
# 超级管理员或者提交者自己或者是一个分享的提交
|
# 超级管理员或者提交者自己或者是一个分享的提交
|
||||||
if user.admin_type == SUPER_ADMIN or submission.user_id == user.id or submission.shared:
|
if user.admin_type == SUPER_ADMIN or submission.user_id == user.id:
|
||||||
return submission
|
return {"submission": submission, "can_share": True}
|
||||||
if submission.contest_id:
|
if submission.contest_id:
|
||||||
contest = Contest.objects.get(id=submission.contest_id)
|
contest = Contest.objects.get(id=submission.contest_id)
|
||||||
# 比赛提交的话,比赛创建者也可见
|
# 比赛提交的话,比赛创建者也可见
|
||||||
if contest.created_by == user:
|
if contest.created_by == user:
|
||||||
return submission
|
return {"submission": submission, "can_share": True}
|
||||||
|
if submission.shared:
|
||||||
|
return {"submission": submission, "can_share": False}
|
||||||
|
else:
|
||||||
raise Submission.DoesNotExist
|
raise Submission.DoesNotExist
|
||||||
|
|
||||||
|
|
||||||
@ -120,7 +123,8 @@ def my_submission(request, submission_id):
|
|||||||
单个题目的提交详情页
|
单个题目的提交详情页
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
submission = _get_submission(submission_id, request.user)
|
result = _get_submission(submission_id, request.user)
|
||||||
|
submission = request["submission"]
|
||||||
except Submission.DoesNotExist:
|
except Submission.DoesNotExist:
|
||||||
return error_page(request, u"提交不存在")
|
return error_page(request, u"提交不存在")
|
||||||
|
|
||||||
@ -143,8 +147,10 @@ def my_submission(request, submission_id):
|
|||||||
info = submission.info
|
info = submission.info
|
||||||
else:
|
else:
|
||||||
info = None
|
info = None
|
||||||
|
user = User.objects.get(id=submission.user_id)
|
||||||
return render(request, "oj/problem/my_submission.html",
|
return render(request, "oj/problem/my_submission.html",
|
||||||
{"submission": submission, "problem": problem, "info": info})
|
{"submission": submission, "problem": problem, "info": info,
|
||||||
|
"user": user, "can_share": result["can_share"]})
|
||||||
|
|
||||||
|
|
||||||
class SubmissionAdminAPIView(APIView):
|
class SubmissionAdminAPIView(APIView):
|
||||||
@ -222,9 +228,12 @@ class SubmissionShareAPIView(APIView):
|
|||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
submission_id = serializer.data["submission_id"]
|
submission_id = serializer.data["submission_id"]
|
||||||
try:
|
try:
|
||||||
submission = _get_submission(submission_id, request.user)
|
result = _get_submission(submission_id, request.user)
|
||||||
except Submission.DoesNotExist:
|
except Submission.DoesNotExist:
|
||||||
return error_response(u"提交不存在")
|
return error_response(u"提交不存在")
|
||||||
|
if not request["can_share"]:
|
||||||
|
return error_page(request, u"提交不存在")
|
||||||
|
submission = result["submission"]
|
||||||
submission.shared = not submission.shared
|
submission.shared = not submission.shared
|
||||||
submission.save()
|
submission.save()
|
||||||
return success_response(submission.shared)
|
return success_response(submission.shared)
|
||||||
@ -233,6 +242,7 @@ class SubmissionShareAPIView(APIView):
|
|||||||
|
|
||||||
|
|
||||||
class SubmissionRejudgeAdminAPIView(APIView):
|
class SubmissionRejudgeAdminAPIView(APIView):
|
||||||
|
@super_admin_required
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
serializer = SubmissionRejudgeSerializer(data=request.data)
|
serializer = SubmissionRejudgeSerializer(data=request.data)
|
||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
|
@ -8,6 +8,8 @@ class RichTextField(models.TextField):
|
|||||||
__metaclass__ = models.SubfieldBase
|
__metaclass__ = models.SubfieldBase
|
||||||
|
|
||||||
def get_prep_value(self, value):
|
def get_prep_value(self, value):
|
||||||
|
if not value:
|
||||||
|
return value
|
||||||
parser = XssHtml()
|
parser = XssHtml()
|
||||||
parser.feed(value)
|
parser.feed(value)
|
||||||
parser.close()
|
parser.close()
|
||||||
|
Loading…
Reference in New Issue
Block a user