Browse Source

Disallow normal users setting the problem id

master
Menci 8 years ago
parent
commit
9840c93bb9
  1. 6
      modules/problem.js
  2. 2
      views/problem_edit.ejs
  3. 2
      views/problem_import.ejs

6
modules/problem.js

@ -288,11 +288,13 @@ app.post('/problem/:id/edit', async (req, res) => {
problem = await Problem.create();
if (await res.locals.user.hasPrivilege('manage_problem')) {
let customID = parseInt(req.body.id);
if (customID) {
if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。');
problem.id = customID;
} else if (id) problem.id = id;
}
problem.user_id = res.locals.user.id;
problem.publicizer_id = res.locals.user.id;
@ -357,6 +359,8 @@ app.get('/problem/:id/import', async (req, res) => {
if (!await problem.isAllowedEditBy(res.locals.user)) throw new ErrorMessage('您没有权限进行此操作。');
}
problem.allowedManage = await problem.isAllowedManageBy(res.locals.user);
res.render('problem_import', {
problem: problem
});
@ -377,11 +381,13 @@ app.post('/problem/:id/import', async (req, res) => {
problem = await Problem.create();
if (await res.locals.user.hasPrivilege('manage_problem')) {
let customID = parseInt(req.body.id);
if (customID) {
if (await Problem.fromID(customID)) throw new ErrorMessage('ID 已被使用。');
problem.id = customID;
} else if (id) problem.id = id;
}
problem.user_id = res.locals.user.id;
problem.publicizer_id = res.locals.user.id;

2
views/problem_edit.ejs

@ -13,7 +13,7 @@
</div>
<div class="ui bottom attached tab segment active" data-tab="edit">
<div class="field">
<% if (problem.new || problem.allowedManage) { %>
<% if (problem.allowedManage) { %>
<label for="id">
<% if (problem.new) { %>
题目编号

2
views/problem_import.ejs

@ -7,10 +7,12 @@
</div>
<form class="ui form" action="<%= syzoj.utils.makeUrl(['problem', problem.id, 'import']) %>" method="post">
<% if (problem.allowedManage) { %>
<div class="field">
<label>题目编号</label>
<input type="text" name="id" value="<%= problem.id ? problem.id : '' %>" placeholder="留空则自动延伸" <%= problem.new ? '' : 'disabled' %>>
</div>
<% } %>
<div class="field">
<label>题目链接</label>
<input type="text" name="url" placeholder="如:http://example.com/problem/1">

Loading…
Cancel
Save