From 718ca49d25170e5a8934857a8640404e2c241b49 Mon Sep 17 00:00:00 2001
From: Menci <HuangHaoRui301@Gmail.com>
Date: Sun, 11 Jun 2017 17:14:33 +0800
Subject: [PATCH] Hide non-public problem in judge_state and problems

---
 modules/problem.js    | 53 +++++++++++++++++++++++++++++++++++++++++--
 modules/submission.js |  6 +++++
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/modules/problem.js b/modules/problem.js
index 5221dda..616ffd7 100644
--- a/modules/problem.js
+++ b/modules/problem.js
@@ -28,8 +28,24 @@ let ProblemTagMap = syzoj.model('problem_tag_map');
 
 app.get('/problems', async (req, res) => {
   try {
-    let paginate = syzoj.utils.paginate(await Problem.count(), req.query.page, syzoj.config.page.problem);
-    let problems = await Problem.query(paginate);
+    let where = {};
+    if (!res.locals.user || !await res.locals.user.hasPrivilege('manage_problem')) {
+      if (res.locals.user) {
+        where = {
+          $or: {
+            is_public: 1,
+            user_id: res.locals.user.id
+          }
+        };
+      } else {
+        where = {
+          is_public: 1
+        };
+      }
+    }
+
+    let paginate = syzoj.utils.paginate(await Problem.count(where), req.query.page, syzoj.config.page.problem);
+    let problems = await Problem.query(paginate, where);
 
     await problems.forEachAsync(async problem => {
       problem.allowedEdit = await problem.isAllowedEditBy(res.locals.user);
@@ -61,6 +77,31 @@ app.get('/problems/search', async (req, res) => {
       }
     };
 
+    if (!res.locals.user || !await res.locals.user.hasPrivilege('manage_problem')) {
+      if (res.locals.user) {
+        where = {
+          $and: [
+            where,
+            {
+              $or: {
+                is_public: 1,
+                user_id: res.locals.user.id
+              }
+            }
+          ]
+        };
+      } else {
+        where = {
+          $and: [
+            where,
+            {
+              is_public: 1
+            }
+          ]
+        };
+      }
+    }
+
     let order = [syzoj.db.literal('`id` = ' + id + ' DESC')];
 
     let paginate = syzoj.utils.paginate(await Problem.count(where), req.query.page, syzoj.config.page.problem);
@@ -106,6 +147,14 @@ app.get('/problems/tag/:tagIDs', async (req, res) => {
       sql += '`problem`.`id` IN (SELECT `problem_id` FROM `problem_tag_map` WHERE `tag_id` = ' + tagID + ')';
     }
 
+    if (!res.locals.user || !await res.locals.user.hasPrivilege('manage_problem')) {
+      if (res.locals.user) {
+        sql += 'AND (`problem`.`is_public` = 1 OR `problem`.`user_id` = ' + res.locals.user.id + ')';
+      } else {
+        sql += 'AND (`problem`.`is_public` = 1)';
+      }
+    }
+
     let paginate = syzoj.utils.paginate(await Problem.count(sql), req.query.page, syzoj.config.page.problem);
     let problems = await Problem.query(sql + paginate.toSQL());
 
diff --git a/modules/submission.js b/modules/submission.js
index caae9c6..a611dfd 100644
--- a/modules/submission.js
+++ b/modules/submission.js
@@ -48,6 +48,12 @@ app.get('/submissions', async (req, res) => {
 
     where.type = { $ne: 1 };
 
+    if (!res.locals.user || !await res.locals.user.hasPrivilege('manage_problem')) {
+      where.problem_id = {
+        $in: syzoj.db.literal('(SELECT `id` FROM `problem` WHERE `is_public` = 1' + (res.locals.user ? (' OR `user_id` = ' + res.locals.user.id) : '') + ')')
+      };
+    }
+
     let paginate = syzoj.utils.paginate(await JudgeState.count(where), req.query.page, syzoj.config.page.judge_state);
     let judge_state = await JudgeState.query(paginate, where, [['submit_time', 'desc']]);