Browse Source

Disallow normal users setting the problem id

master
Menci 7 years ago
parent
commit
9840c93bb9
  1. 6
      modules/problem.js
  2. 2
      views/problem_edit.ejs
  3. 2
      views/problem_import.ejs

6
modules/problem.js

@ -288,11 +288,13 @@ app.post('/problem/:id/edit', async (req, res) => {
problem = await Problem.create(); problem = await Problem.create();
if (await res.locals.user.hasPrivilege('manage_problem')) {
let customID = parseInt(req.body.id); let customID = parseInt(req.body.id);
if (customID) { if (customID) {
if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。'); if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。');
problem.id = customID; problem.id = customID;
} else if (id) problem.id = id; } else if (id) problem.id = id;
}
problem.user_id = res.locals.user.id; problem.user_id = res.locals.user.id;
problem.publicizer_id = res.locals.user.id; problem.publicizer_id = res.locals.user.id;
@ -357,6 +359,8 @@ app.get('/problem/:id/import', async (req, res) => {
if (!await problem.isAllowedEditBy(res.locals.user)) throw new ErrorMessage('您没有权限进行此操作。'); if (!await problem.isAllowedEditBy(res.locals.user)) throw new ErrorMessage('您没有权限进行此操作。');
} }
problem.allowedManage = await problem.isAllowedManageBy(res.locals.user);
res.render('problem_import', { res.render('problem_import', {
problem: problem problem: problem
}); });
@ -377,11 +381,13 @@ app.post('/problem/:id/import', async (req, res) => {
problem = await Problem.create(); problem = await Problem.create();
if (await res.locals.user.hasPrivilege('manage_problem')) {
let customID = parseInt(req.body.id); let customID = parseInt(req.body.id);
if (customID) { if (customID) {
if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。'); if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。');
problem.id = customID; problem.id = customID;
} else if (id) problem.id = id; } else if (id) problem.id = id;
}
problem.user_id = res.locals.user.id; problem.user_id = res.locals.user.id;
problem.publicizer_id = res.locals.user.id; problem.publicizer_id = res.locals.user.id;

2
views/problem_edit.ejs

@ -13,7 +13,7 @@
</div> </div>
<div class="ui bottom attached tab segment active" data-tab="edit"> <div class="ui bottom attached tab segment active" data-tab="edit">
<div class="field"> <div class="field">
<% if (problem.new || problem.allowedManage) { %> <% if (problem.allowedManage) { %>
<label for="id"> <label for="id">
<% if (problem.new) { %> <% if (problem.new) { %>
题目编号 题目编号

2
views/problem_import.ejs

@ -7,10 +7,12 @@
</div> </div>
<form class="ui form" action="<%= syzoj.utils.makeUrl(['problem', problem.id, 'import']) %>" method="post"> <form class="ui form" action="<%= syzoj.utils.makeUrl(['problem', problem.id, 'import']) %>" method="post">
<% if (problem.allowedManage) { %>
<div class="field"> <div class="field">
<label>题目编号</label> <label>题目编号</label>
<input type="text" name="id" value="<%= problem.id ? problem.id : '' %>" placeholder="留空则自动延伸" <%= problem.new ? '' : 'disabled' %>> <input type="text" name="id" value="<%= problem.id ? problem.id : '' %>" placeholder="留空则自动延伸" <%= problem.new ? '' : 'disabled' %>>
</div> </div>
<% } %>
<div class="field"> <div class="field">
<label>题目链接</label> <label>题目链接</label>
<input type="text" name="url" placeholder="如:http://example.com/problem/1"> <input type="text" name="url" placeholder="如:http://example.com/problem/1">

Loading…
Cancel
Save