diff --git a/modules/problem.js b/modules/problem.js index 5f7840d..7386e2f 100644 --- a/modules/problem.js +++ b/modules/problem.js @@ -621,8 +621,9 @@ app.post('/problem/:id/submit', app.multer.fields([{ name: 'answer', maxCount: 1 } let contest_id = parseInt(req.query.contest_id); + let contest; if (contest_id) { - let contest = await Contest.fromID(contest_id); + contest = await Contest.fromID(contest_id); if (!contest) throw new ErrorMessage('无此比赛。'); if ((!contest.isRunning()) && (!await contest.isSupervisior(curUser))) throw new ErrorMessage('比赛未开始或已结束。'); let problems_id = await contest.getProblems(); @@ -648,7 +649,7 @@ app.post('/problem/:id/submit', app.multer.fields([{ name: 'answer', maxCount: 1 throw new ErrorMessage(`无法开始评测:${err.toString()}`); } - if (contest_id) { + if (contest && (!await contest.isSupervisior(curUser))) { res.redirect(syzoj.utils.makeUrl(['contest', contest_id, 'submissions'])); } else { res.redirect(syzoj.utils.makeUrl(['submission', judge_state.id])); diff --git a/modules/submission.js b/modules/submission.js index b2c71bc..d23e496 100644 --- a/modules/submission.js +++ b/modules/submission.js @@ -135,14 +135,16 @@ app.get('/submission/:id', async (req, res) => { const id = parseInt(req.params.id); const judge = await JudgeState.fromID(id); if (!judge) throw new ErrorMessage("提交记录 ID 不正确。"); - if (!await judge.isAllowedVisitBy(res.locals.user)) throw new ErrorMessage('您没有权限进行此操作。'); + const curUser = res.locals.user; + if (!await judge.isAllowedVisitBy(curUser)) throw new ErrorMessage('您没有权限进行此操作。'); let contest; if (judge.type === 1) { contest = await Contest.fromID(judge.type_info); contest.ended = contest.isEnded(); - if (!contest.ended && !await judge.problem.isAllowedEditBy(res.locals.user)) { + if (!contest.ended && + !(await judge.problem.isAllowedEditBy(res.locals.user) || await contest.isSupervisior(curUser))) { throw new Error("对不起,在比赛结束之前,您不能查看评测结果。"); } }