def can_rejudge(submission, user): """Test if the user can rejudge that submission Args: submission: the submission to show user: an User object Returns: a boolean of the judgement """ user = validate_user(user) # There are 2 kinds of people can rejudge submission: # 1. Admin Almighty if user.has_admin_auth(): return True # 2. Problem owner if has_problem_ownership(user, submission.problem): return True # 3. Contest owner / coowner contests = Contest.objects.filter( problem=submission.problem, end_time__gte=submission.submit_time, creation_time__lte=submission.submit_time) for contest in contests: if has_contest_ownership(user, contest): return True return False
def detail(request, group_id): group = get_group(group_id) show_number = 5 # number for brief list to show in group detail page. announce_list = group.announce.order_by('-id')[0:show_number] student_list = group.member.order_by('username') form = AnnounceForm() user = validate_user(request.user) user_is_owner = has_group_ownership(user, group) user_is_coowner = has_group_coownership(user, group) user_has_auth = user_is_owner or user_is_coowner running_contest_list = [] ended_contest_list = [] now = timezone.now() running_contest_list = group.trace_contest.filter( start_time__lte=now, end_time__gte=now)[0:show_number] ended_contest_list = group.trace_contest.filter( end_time__lte=now)[0:show_number] student_list = get_current_page(request, student_list) return render_index( request, 'group/groupDetail.html', { 'running_contest_list': running_contest_list, 'ended_contest_list': ended_contest_list, 'announce_list': announce_list, 'student_list': student_list, 'group': group, 'user_has_auth': user_has_auth, 'form': form, 'redirect_page': 'detail', })
def download(request): user = user_info.validate_user(request.user) if request.method == 'POST': what = request.POST.get('type') if what == 'scoreboard': scoreboard_type = request.POST.get('scoreboard_type') cid = request.POST.get('contest') scoreboard_file = get_scoreboard_csv(cid, scoreboard_type) return scoreboard_file elif what == 'public_user_password': cid = request.POST.get('contest') contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or\ user.has_admin_auth(): logger.info( 'Contest:User %s download Contest %s - %s public user password!' % (request.user, contest.id, contest.cname)) return get_public_user_password_csv(contest) else: raise PermissionDenied raise Http404('file not found') elif request.method == 'GET': if request.GET.get('cid'): cid = request.GET.get('cid') contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): return render_index(request, 'contest/download.html', {'contest': contest}) else: raise PermissionDenied
def download(request): user = user_info.validate_user(request.user) if request.method == 'POST': what = request.POST.get('type') if what == 'scoreboard': scoreboard_type = request.POST.get('scoreboard_type') cid = request.POST.get('contest') scoreboard_file = get_scoreboard_csv(cid, scoreboard_type) return scoreboard_file elif what == 'public_user_password': cid = request.POST.get('contest') contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or\ user.has_admin_auth(): logger.info('Contest:User %s download Contest %s - %s public user password!' % (request.user, contest.id, contest.cname)) return get_public_user_password_csv(contest) else: raise PermissionDenied raise Http404('file not found') elif request.method == 'GET': if request.GET.get('cid'): cid = request.GET.get('cid') contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): return render_index(request,'contest/download.html',{'contest':contest}) else: raise PermissionDenied
def is_coowner(user, contest): user = validate_user(user) coowners = contest.coowner.all() for coowner in coowners: if user == coowner: return True return False
def problem(request): user = validate_user(request.user) can_add_problem = user.has_subjudge_auth() filter_type = request.GET.get('filter') tag_filter = TagFilter(request.GET) if tag_filter.is_valid(): tag_name = tag_filter.cleaned_data['tag_name'] if filter_type == 'mine': problem_list = get_owner_problem_list(user) mine = True else: problem_list = get_problem_list(user) mine = False if tag_name: problem_list = problem_list.filter(tags__tag_name=tag_name) for p in problem_list: p.in_contest = check_in_contest(p) problems = get_current_page(request, problem_list, slice=15) for p in problems: if p.total_submission != 0: p.pass_rate = float(p.ac_count) / float(p.total_submission) * 100.0 p.not_pass_rate = 100.0 - p.pass_rate p.pass_rate = "%.2f" % (p.pass_rate) p.not_pass_rate = "%.2f" % (p.not_pass_rate) else: p.no_submission = True else: problems = [] mine = False return render_index(request, 'problem/panel.html', {'all_problem': problems, 'mine': mine, 'can_add_problem': can_add_problem, 'tag_filter': tag_filter})
def contest(request, cid): user = user_info.validate_user(request.user) try: contest = Contest.objects.get(id = cid) except Contest.DoesNotExist: logger.warning('Contest: Can not find contest %s!' % cid) raise Http404('Contest does not exist') now = datetime.now() #if contest has not started and user is not the owner if ((contest.start_time < now) or\ user_info.has_contest_ownership(user,contest) or\ user.has_admin_auth()): for problem in contest.problem.all(): problem.testcase = get_testcase(problem) scoreboard = get_scoreboard(contest) status = contest_status(request, contest) clarifications = get_clarifications(user,contest) initial_form = {'contest':contest,'asker':user} form = ClarificationForm(initial=initial_form) initial_reply_form = {'contest':contest,'replier':user} reply_form = ReplyForm(initial = initial_reply_form) return render_index(request, 'contest/contest.html', {'contest':contest, 'clarifications':clarifications, 'form':form, 'reply_form':reply_form, 'scoreboard':scoreboard, 'status': status}) else: raise PermissionDenied
def download(request): user = user_info.validate_user(request.user) if request.method == "POST": what = request.POST.get("type") if what == "scoreboard": scoreboard_type = request.POST.get("scoreboard_type") cid = request.POST.get("contest") scoreboard_file = get_scoreboard_csv(cid, scoreboard_type) return scoreboard_file elif what == "public_user_password": cid = request.POST.get("contest") contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): logger.info( "Contest:User %s download Contest %s - %s public user password!" % (request.user, contest.id, contest.cname) ) return get_public_user_password_csv(contest) else: raise PermissionDenied raise Http404("file not found") elif request.method == "GET": if request.GET.get("cid"): cid = request.GET.get("cid") contest = get_contest_or_404(cid) if user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): return render_index(request, "contest/download.html", {"contest": contest}) else: raise PermissionDenied
def problem(request): user = validate_user(request.user) can_add_problem = user.has_subjudge_auth() filter_type = request.GET.get('filter') tag_filter = TagFilter(request.GET) if tag_filter.is_valid(): tag_name = tag_filter.cleaned_data['tag_name'] if filter_type == 'mine': problem_list = get_owner_problem_list(user) mine = True else: problem_list = get_problem_list(user) mine = False if tag_name: problem_list = problem_list.filter(tags__tag_name=tag_name) for p in problem_list: p.in_contest = check_in_contest(p) problems = get_current_page(request, problem_list, 15) for p in problems: if p.total_submission != 0: p.pass_rate = float(p.ac_count) / float(p.total_submission) * 100.0 p.not_pass_rate = 100.0 - p.pass_rate p.pass_rate = "%.2f" % (p.pass_rate) p.not_pass_rate = "%.2f" % (p.not_pass_rate) else: p.no_submission = True else: problems = [] mine = False return render_index(request, 'problem/panel.html', {'all_problem': problems, 'mine': mine, 'can_add_problem': can_add_problem, 'tag_filter': tag_filter})
def register_public_user(request, public_user, contest): user = user_info.validate_user(request.user) if user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): if not is_integer(public_user): message = "invalid input!" messages.warning(request, message) return redirect("contest:archive") user_registered = public_user_register_contest(public_user, contest) if user_registered: message = 'User %s registered %s public users to Contest %s- "%s"!' % ( user.username, user_registered, contest.id, contest.cname, ) messages.success(request, message) if int(public_user) > settings.MAX_PUBLIC_USER: message = "Requested more than max! Set public users to %s" % (settings.MAX_PUBLIC_USER) messages.warning(request, message) download_url = reverse("contest:download") + "?cid=" + str(contest.id) return HttpResponseRedirect(download_url) else: if int(public_user) == 0: message = "Remove all public users!" messages.warning(request, message) return redirect("contest:archive") else: message = 'Cannot register public user to Contest %s- "%s"!' % (contest.id, contest.cname) messages.error(request, message) return redirect("contest:archive") raise PermissionDenied
def register_public_user(request, public_user, contest): user = user_info.validate_user(request.user) if (user_info.has_contest_ownership(user, contest) or user.has_admin_auth()): if not is_integer(public_user): message = 'invalid input!' messages.warning(request, message) return redirect('contest:archive') user_registered = public_user_register_contest(public_user, contest) if user_registered: message = 'User %s registered %s public users to Contest %s- "%s"!' % \ (user.username, user_registered, contest.id, contest.cname) messages.success(request, message) if int(public_user) > settings.MAX_PUBLIC_USER: message = 'Requested more than max! Set public users to %s' % \ (settings.MAX_PUBLIC_USER) messages.warning(request, message) download_url = reverse('contest:download') + '?cid=' + str( contest.id) return HttpResponseRedirect(download_url) else: if int(public_user) == 0: message = 'Remove all public users!' messages.warning(request, message) return redirect('contest:archive') else: message = 'Cannot register public user to Contest %s- "%s"!' % \ (contest.id, contest.cname) messages.error(request, message) return redirect('contest:archive') raise PermissionDenied
def detail(request, group_id): group = get_group(group_id) show_number = 5; #number for brief list to show in group detail page. announce_list = group.announce.order_by('-id')[0:show_number] student_list = group.member.order_by('username') form = AnnounceForm() user = validate_user(request.user) user_is_owner = has_group_ownership(user, group) user_is_coowner = has_group_coownership(user, group) user_has_auth = user_is_owner or user_is_coowner running_contest_list = [] ended_contest_list = [] now = timezone.now() running_contest_list = group.trace_contest.filter(start_time__lte=now, end_time__gte=now)[0:show_number] ended_contest_list = group.trace_contest.filter(end_time__lte=now)[0:show_number] student_list = get_current_page(request, student_list) return render_index( request, 'group/groupDetail.html', { 'running_contest_list': running_contest_list, 'ended_contest_list': ended_contest_list, 'announce_list': announce_list, 'student_list': student_list, 'group': group, 'user_has_auth': user_has_auth, 'form': form, 'redirect_page' : 'detail', })
def reveal_private_info(request_user, profile_user): """Test if the request_user can view private information of profile_user""" request_user = validate_user(request_user) # admin is almighty if request_user.has_admin_auth(): return True # user won't know their user level if request_user.has_subjudge_auth() and request_user == profile_user: return True return False
def show_submission(submission, user): """Test if the user can see that submission Args: submission: a Submission object user: an User object Returns: a boolean of the judgement """ user = validate_user(user) # admin can see all submissions if user.user_level == user.ADMIN: return True # no one can see admin's submissions if submission.user.user_level == user.ADMIN: return False # user's own submission must be seen if submission.user == user: return True # problem owner can see all submission of his problem if submission.problem.owner_id == user.username: return True # contest owner/coowner's submission can't be seen before the end of contest contests = Contest.objects.filter( is_homework=False, problem=submission.problem, creation_time__lte=submission.submit_time, end_time__gte=datetime.now()) if contests: owners = [] for contest in contests: owners.append(contest.owner) owners.extend(contest.coowner.all()) if user in owners: # owner/coowner can see submission return True else: # not a owner/coowner # to see submission, submission.user must not be owners return submission.user not in owners # an invisible problem's submission can't be seen if not submission.problem.visible: return False # problem owner's submission can't be seen if submission.user.username == submission.problem.owner_id: return False return True
def get_contests(user): user = validate_user(user) if user.has_admin_auth(): #admin show all contests_info = Contest.objects.order_by('-start_time') elif user.has_subjudge_auth(): contests_info = get_owned_or_started_contests(user) else: contests_info = get_started_contests() return contests_info.distinct()
def get_visible_submission(user): """Get all submissions that can be viewed by the given user.""" user = validate_user(user) submissions = Submission.objects.all() # Admin can view all submissions if user.has_admin_auth(): return submissions # No one can view admins' submissions submissions = submissions.exclude( user__in=User.objects.filter(user_level=User.ADMIN) ) # Invisible problem is invisible_problem = Problem.objects.filter( visible=False ).exclude( owner=user ) # Not ended contest has something to judge contests = Contest.objects.filter( is_homework=False, end_time__gte=datetime.now() ) for contest in contests: # Those who don't have contest ownership has some limitations if not has_contest_ownership(user, contest): # 1. Can't view contest owner/coowners' submission before the end submissions = submissions.exclude( Q(user__in=contest.coowner.all()) | Q(user=contest.owner), problem__in=contest.problem.all(), submit_time__gte=contest.creation_time ) # 2. Can't view other contestants' submission after contest freeze submissions = submissions.exclude( user=get_contestant(contest).exclude(username=user.username), problem__in=contest.problem.all(), submit_time__gte=get_freeze_time_datetime(contest) ) else: # Exclude contest problem from invlsible problem for owner/coowners invisible_problem = invisible_problem.exclude( id__in=contest.problem.filter(visible=False).values_list('id', flat=True) ) # Invisible problems' submission can't be seen submissions = submissions.exclude( problem__in=invisible_problem ) return submissions
def can_change_userlevel(request_user, profile_user): """Test if the request_user can change user_level of profile_user""" request_user = validate_user(request_user) # admin can change user to all levels if request_user.has_admin_auth(): return True # judge can change user to sub-judge, user user_level = profile_user.user_level if request_user.has_judge_auth() and \ (user_level == User.SUB_JUDGE or user_level == User.USER): return True return False
def archive(request): user = validate_user(request.user) # filter for contest. # show owned and attended contests when filter==mine # else show all filter_type = request.GET.get("filter") if filter_type == "mine": contests = get_owned_or_attended_contests(user) else: contests = get_contests(user) contests = get_current_page(request, contests) return render_index(request, "contest/contestArchive.html", {"contests": contests})
def archive(request): user = validate_user(request.user) # filter for contest. # show owned and attended contests when filter==mine # else show all filter_type = request.GET.get('filter') if filter_type == 'mine': contests = get_owned_or_attended_contests(user) else: contests = get_contests(user) contests = get_current_page(request, contests) return render_index(request, 'contest/contestArchive.html', {'contests': contests})
def detail(request, pid): user = validate_user(request.user) tag_form = TagForm() try: problem = Problem.objects.get(pk=pid) if not has_problem_auth(user, problem): logger.warning("%s has no permission to see problem %d" % (user, problem.pk)) raise PermissionDenied() except Problem.DoesNotExist: logger.warning('problem %s not found' % (pid)) raise Http404('problem %s does not exist' % (pid)) problem.testcase = get_testcase(problem) problem = verify_problem_code(problem) return render_index(request, 'problem/detail.html', {'problem': problem, 'tag_form': tag_form})
def show_detail(submission, user): """Test if the user can see that submission's details (code, error message, etc) Args: submission: the submission to show user: an User object Returns: a boolean of the judgement """ user = validate_user(user) # admin can see everyone's detail if user.has_admin_auth(): return True # no one can see admin's detail if submission.user.has_admin_auth(): return False # during the contest, only owner/coowner can view contestants' detail contests = get_running_contests() if contests: contests = contests.filter( problem=submission.problem, creation_time__lte=submission.submit_time ) return show_contest_submission(submission, user, contests) # a user can view his own detail if submission.user == user: return True # a problem owner can view his problem's detail in normal mode if submission.problem.owner_id == user.username: return True # contest owner/coowner can still view code after the contest in normal # mode contests = Contest.objects.filter( problem=submission.problem, end_time__gte=submission.submit_time, creation_time__lte=submission.submit_time) if show_contest_submission(submission, user, contests): return True # a user can view his team member's detail if submission.team: team_member = TeamMember.objects.filter( team=submission.team, member=user) if team_member or submission.team.leader == user: return True # no condition is satisfied return False
def detail(request, pid): user = validate_user(request.user) tag_form = TagForm() try: problem = Problem.objects.get(pk=pid) if not has_problem_auth(user, problem): logger.warning( "%s has no permission to see problem %d" % (user, problem.pk)) raise PermissionDenied() except Problem.DoesNotExist: logger.warning('problem %s not found' % (pid)) raise Http404('problem %s does not exist' % (pid)) problem.testcase = get_testcase(problem) problem = verify_problem_code(problem) problem.in_contest = check_in_contest(problem) return render_index(request, 'problem/detail.html', {'problem': problem, 'tag_form': tag_form})
def show_detail(submission, user): """Test if the user can see that submission's details (code, error message, etc) Args: submission: the submission to show user: an User object Returns: a boolean of the judgement """ user = validate_user(user) # admin can see everyone's detail if user.has_admin_auth(): return True # no one can see admin's detail if submission.user.has_admin_auth(): return False # during the contest, only owner/coowner can view contestants' detail contests = get_running_contests() if contests: contests = contests.filter(problem=submission.problem, creation_time__lte=submission.submit_time) return show_contest_submission(submission, user, contests) # a user can view his own detail if submission.user == user: return True # a problem owner can view his problem's detail in normal mode if submission.problem.owner_id == user.username: return True # contest owner/coowner can still view code after the contest in normal # mode contests = Contest.objects.filter( problem=submission.problem, end_time__gte=submission.submit_time, creation_time__lte=submission.submit_time) if show_contest_submission(submission, user, contests): return True # a user can view his team member's detail if submission.team: team_member = TeamMember.objects.filter(team=submission.team, member=user) if team_member or submission.team.leader == user: return True # no condition is satisfied return False
def get_visible_submission(user): """Get all submissions that can be viewed by the given user.""" user = validate_user(user) submissions = Submission.objects.all() # Admin can view all submissions if user.has_admin_auth(): return submissions # No one can view admins' submissions submissions = submissions.exclude(user__in=User.objects.filter( user_level=User.ADMIN)) # Invisible problem is invisible_problem = Problem.objects.filter(visible=False).exclude( owner=user) # Not ended contest has something to judge contests = Contest.objects.filter(is_homework=False, end_time__gte=datetime.now()) for contest in contests: # Those who don't have contest ownership has some limitations if not has_contest_ownership(user, contest): # 1. Can't view contest owner/coowners' submission before the end submissions = submissions.exclude( Q(user__in=contest.coowner.all()) | Q(user=contest.owner), problem__in=contest.problem.all(), submit_time__gte=contest.creation_time) # 2. Can't view other contestants' submission after contest freeze submissions = submissions.exclude( user=get_contestant(contest).exclude(username=user.username), problem__in=contest.problem.all(), submit_time__gte=get_freeze_time_datetime(contest)) else: # Exclude contest problem from invlsible problem for owner/coowners invisible_problem = invisible_problem.exclude( id__in=contest.problem.filter( visible=False).values_list('id', flat=True)) # Invisible problems' submission can't be seen submissions = submissions.exclude(problem__in=invisible_problem) return submissions
def get_all_announce(request, group_id): group = get_group(group_id) user = validate_user(request.user) user_is_owner = has_group_ownership(user, group) user_is_coowner = has_group_coownership(user, group) user_has_auth = user_is_owner or user_is_coowner all_announce_list_unpaged = group.announce.order_by('-id') all_announce_list = get_current_page(request, all_announce_list_unpaged) return render_index( request, 'group/viewall.html', { 'data_list': all_announce_list, 'title': 'announce', 'list_type': 'announce', 'user_has_auth': user_has_auth, 'redirect_page': 'viewall', 'group': group, })
def contest(request, cid): user = user_info.validate_user(request.user) try: contest = Contest.objects.get(id=cid) except Contest.DoesNotExist: logger.warning("Contest: Can not find contest %s!" % cid) raise Http404("Contest does not exist") now = datetime.now() # if contest has not started and user is not the owner if (contest.start_time < now) or user_info.has_contest_ownership(user, contest) or user.has_admin_auth(): contest.problems = contest.problem.all() for problem in contest.problems: problem.testcase = get_testcase(problem) problem = verify_problem_code(problem) problem.in_contest = check_in_contest(problem) scoreboard = get_scoreboard(user, contest) status = contest_status(request, contest) clarifications = get_clarifications(user, contest) initial_form = {"contest": contest, "asker": user} form = ClarificationForm(initial=initial_form) initial_reply_form = {"contest": contest, "replier": user} reply_form = ReplyForm(initial=initial_reply_form) return render_index( request, "contest/contest.html", { "contest": contest, "clarifications": clarifications, "form": form, "reply_form": reply_form, "scoreboard": scoreboard, "status": status, }, ) else: raise PermissionDenied
def contest(request, cid): user = user_info.validate_user(request.user) try: contest = Contest.objects.get(id=cid) except Contest.DoesNotExist: logger.warning('Contest: Can not find contest %s!' % cid) raise Http404('Contest does not exist') now = datetime.now() # if contest has not started and user is not the owner if ((contest.start_time < now) or user_info.has_contest_ownership(user, contest) or user.has_admin_auth()): contest.problems = contest.problem.all() for problem in contest.problems: problem.testcase = get_testcase(problem) problem = verify_problem_code(problem) problem.in_contest = check_in_contest(problem) scoreboard = get_scoreboard(user, contest) status = contest_status(request, contest) clarifications = get_clarifications(user, contest) initial_form = {'contest': contest, 'asker': user} form = ClarificationForm(initial=initial_form) initial_reply_form = {'contest': contest, 'replier': user} reply_form = ReplyForm(initial=initial_reply_form) return render_index( request, 'contest/contest.html', { 'contest': contest, 'clarifications': clarifications, 'form': form, 'reply_form': reply_form, 'scoreboard': scoreboard, 'status': status }) else: raise PermissionDenied
def can_ask(user, contest): user = validate_user(user) user_is_contestant = is_contestant(user, contest) user_is_owner_coowner = has_contest_ownership(user, contest) user_is_admin = user.has_admin_auth() return user_is_contestant | user_is_owner_coowner | user_is_admin
def can_edit_contest(user, contest): user = validate_user(user) return user.has_admin_auth() or has_contest_ownership(user, contest)
def is_contestant(user, contest): user = validate_user(user) contestant = Contestant.objects.filter(contest=contest, user=user) return (len(contestant) >= 1)
def can_edit_group(user, group): user = validate_user(user) return has_group_ownership(user, group) or has_group_coownership( user, group)
def f(request, *args, **kwargs): user = validate_user(request.user) if user.has_admin_auth(): return view(request, *args, **kwargs) return HttpResponseRedirect(settings.LOGIN_URL)
def can_delete_group(user, group): user = validate_user(user) return has_group_ownership(user, group)
def can_edit_group(user, group): user = validate_user(user) return has_group_ownership(user, group) or has_group_coownership(user, group)
def can_create_contest(user): user = validate_user(user) return user.has_judge_auth()
def has_auth(user, contest_id): contest = Contest.objects.get(id=contest_id) user = user_info.validate_user(user) return user_info.has_contest_ownership(user, contest) | user.has_admin_auth()
def can_delete_contest(user, contest): user = validate_user(user) return user.has_admin_auth() or (user == contest.owner)