From 18c90bb1d3b0f03e80aa0d87771d3f7996b13ff4 Mon Sep 17 00:00:00 2001 From: Menci Date: Mon, 12 Jun 2017 09:32:06 +0800 Subject: [PATCH] Disallow user with manage_problem privilege to see contest status --- models/judge_state.js | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/models/judge_state.js b/models/judge_state.js index f8d317e..1fa27d0 100644 --- a/models/judge_state.js +++ b/models/judge_state.js @@ -102,12 +102,12 @@ class JudgeState extends Model { async isAllowedSeeResultBy(user) { await this.loadRelationships(); - if (user && (await user.hasPrivilege('manage_problem') || user.id === this.problem.user_id)) return true; + if (user && user.id === this.problem.user_id) return true; else if (this.type === 0) return true; else if (this.type === 1) { let contest = await Contest.fromID(this.type_info); if (await contest.isRunning()) { - return contest.type === 'acm' || contest.type === 'ioi'; + return (contest.type === 'acm' || contest.type === 'ioi') || (user && user.is_admin); } else { return true; } @@ -117,27 +117,27 @@ class JudgeState extends Model { async isAllowedSeeCodeBy(user) { await this.loadRelationships(); - if (user && (await user.hasPrivilege('manage_problem') || user.id === this.problem.user_id)) return true; - else if (this.type === 0) return this.problem.is_public; + if (user && user.id === this.problem.user_id) return true; + else if (this.type === 0) return this.problem.is_public || (user && (await user.hasPrivilege('manage_problem'))); else if (this.type === 1) { let contest = await Contest.fromID(this.type_info); if (await contest.isRunning()) { - return user && this.user_id === user.id; + return (user && this.user_id === user.id) || (user && user.is_admin); } else { return true; } - } else if (this.type === 2) return false; + } else if (this.type === 2) return user && (await user.hasPrivilege('manage_problem')); } async isAllowedSeeCaseBy(user) { await this.loadRelationships(); - if (user && (await user.hasPrivilege('manage_problem') || user.id === this.problem.user_id)) return true; - else if (this.type === 0) return this.problem.is_public; + if (user && user.id === this.problem.user_id) return true; + else if (this.type === 0) return this.problem.is_public || (user && (await user.hasPrivilege('manage_problem'))); else if (this.type === 1) { let contest = await Contest.fromID(this.type_info); if (await contest.isRunning()) { - return contest.type === 'ioi'; + return contest.type === 'ioi' || (user && user.is_admin); } else { return true; } @@ -147,12 +147,12 @@ class JudgeState extends Model { async isAllowedSeeDataBy(user) { await this.loadRelationships(); - if (user && (await user.hasPrivilege('manage_problem') || user.id === this.problem.user_id)) return true; - else if (this.type === 0) return this.problem.is_public; + if (user && user.id === this.problem.user_id) return true; + else if (this.type === 0) return this.problem.is_public || (user && (await user.hasPrivilege('manage_problem'))); else if (this.type === 1) { let contest = await Contest.fromID(this.type_info); if (await contest.isRunning()) { - return false; + return user && user.is_admin; } else { return true; }