Browse Source

Fix contest submissions permission.

pull/6/head
t123yh 7 years ago
parent
commit
9994da4eaf
  1. 5
      modules/problem.js
  2. 6
      modules/submission.js

5
modules/problem.js

@ -621,8 +621,9 @@ app.post('/problem/:id/submit', app.multer.fields([{ name: 'answer', maxCount: 1
} }
let contest_id = parseInt(req.query.contest_id); let contest_id = parseInt(req.query.contest_id);
let contest;
if (contest_id) { if (contest_id) {
let contest = await Contest.fromID(contest_id); contest = await Contest.fromID(contest_id);
if (!contest) throw new ErrorMessage('无此比赛。'); if (!contest) throw new ErrorMessage('无此比赛。');
if ((!contest.isRunning()) && (!await contest.isSupervisior(curUser))) throw new ErrorMessage('比赛未开始或已结束。'); if ((!contest.isRunning()) && (!await contest.isSupervisior(curUser))) throw new ErrorMessage('比赛未开始或已结束。');
let problems_id = await contest.getProblems(); let problems_id = await contest.getProblems();
@ -648,7 +649,7 @@ app.post('/problem/:id/submit', app.multer.fields([{ name: 'answer', maxCount: 1
throw new ErrorMessage(`无法开始评测:${err.toString()}`); throw new ErrorMessage(`无法开始评测:${err.toString()}`);
} }
if (contest_id) { if (contest && (!await contest.isSupervisior(curUser))) {
res.redirect(syzoj.utils.makeUrl(['contest', contest_id, 'submissions'])); res.redirect(syzoj.utils.makeUrl(['contest', contest_id, 'submissions']));
} else { } else {
res.redirect(syzoj.utils.makeUrl(['submission', judge_state.id])); res.redirect(syzoj.utils.makeUrl(['submission', judge_state.id]));

6
modules/submission.js

@ -135,14 +135,16 @@ app.get('/submission/:id', async (req, res) => {
const id = parseInt(req.params.id); const id = parseInt(req.params.id);
const judge = await JudgeState.fromID(id); const judge = await JudgeState.fromID(id);
if (!judge) throw new ErrorMessage("提交记录 ID 不正确。"); if (!judge) throw new ErrorMessage("提交记录 ID 不正确。");
if (!await judge.isAllowedVisitBy(res.locals.user)) throw new ErrorMessage('您没有权限进行此操作。'); const curUser = res.locals.user;
if (!await judge.isAllowedVisitBy(curUser)) throw new ErrorMessage('您没有权限进行此操作。');
let contest; let contest;
if (judge.type === 1) { if (judge.type === 1) {
contest = await Contest.fromID(judge.type_info); contest = await Contest.fromID(judge.type_info);
contest.ended = contest.isEnded(); contest.ended = contest.isEnded();
if (!contest.ended && !await judge.problem.isAllowedEditBy(res.locals.user)) { if (!contest.ended &&
!(await judge.problem.isAllowedEditBy(res.locals.user) || await contest.isSupervisior(curUser))) {
throw new Error("对不起,在比赛结束之前,您不能查看评测结果。"); throw new Error("对不起,在比赛结束之前,您不能查看评测结果。");
} }
} }

Loading…
Cancel
Save