ljj
/
Hydro
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: restore PERM_EDIT_PROBLEM_SELF

Browse Source
pull/140/head
undefined 3 years ago
parent 5b0478fb3f
commit 866aa56f78
11 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File

2
packages/hydrooj/package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{
"name": "hydrooj",
"version": "2.25.5",
"version": "2.25.6",
"bin": "bin/hydrooj.js",
"main": "dist/loader.js",
"typings": "dist/loader.d.ts",

15
packages/hydrooj/src/handler/problem.ts
Unescape Escape View File

@ -126,7 +126,7 @@ export class ProblemMainHandler extends ProblemHandler {
for (const pid of pids) {
// eslint-disable-next-line no-await-in-loop
const pdoc = await problem.get(domainId, pid);
if (!this.user.own(pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
// eslint-disable-next-line no-await-in-loop
await problem.del(domainId, pid);
}
@ -138,7 +138,7 @@ export class ProblemMainHandler extends ProblemHandler {
for (const pid of pids) {
// eslint-disable-next-line no-await-in-loop
const pdoc = await problem.get(domainId, pid);
if (!this.user.own(pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
// eslint-disable-next-line no-await-in-loop
await problem.edit(domainId, pid, { hidden: true });
}
@ -150,7 +150,7 @@ export class ProblemMainHandler extends ProblemHandler {
for (const pid of pids) {
// eslint-disable-next-line no-await-in-loop
const pdoc = await problem.get(domainId, pid);
if (!this.user.own(pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
// eslint-disable-next-line no-await-in-loop
await problem.edit(domainId, pid, { hidden: false });
}
@ -232,7 +232,7 @@ export class ProblemDetailHandler extends ProblemHandler {
}
async postDelete() {
if (!this.user.own(this.pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(this.pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
await problem.del(this.pdoc.domainId, this.pdoc.docId);
this.response.redirect = this.url('problem_main');
}
@ -340,8 +340,7 @@ export class ProblemStatisticsHandler extends ProblemDetailHandler {
export class ProblemManageHandler extends ProblemDetailHandler {
async prepare() {
if (!this.user.own(this.pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
else this.checkPerm(PERM.PERM_EDIT_PROBLEM_SELF);
if (!this.user.own(this.pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
}
}
@ -413,7 +412,7 @@ export class ProblemFilesHandler extends ProblemDetailHandler {
if (!this.request.files.file) throw new ValidationError('file');
if (!filename) filename = this.request.files.file.name || String.random(16);
if (filename.includes('/') || filename.includes('..')) throw new ValidationError('filename', 'Bad filename');
if (!this.user.own(this.pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(this.pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (filename.endsWith('.zip')) {
const zip = new AdmZip(this.request.files.file.path);
const entries = zip.getEntries();
@ -438,7 +437,7 @@ export class ProblemFilesHandler extends ProblemDetailHandler {
@post('files', Types.Array)
@post('type', Types.Range(['testdata', 'additional_file']), true)
async postDeleteFiles(domainId: string, files: string[], type = 'testdata') {
if (!this.user.own(this.pdoc)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (!this.user.own(this.pdoc, PERM.PERM_EDIT_PROBLEM_SELF)) this.checkPerm(PERM.PERM_EDIT_PROBLEM);
if (type === 'testdata') await problem.delTestdata(domainId, this.pdoc.docId, files);
else await problem.delAdditionalFile(domainId, this.pdoc.docId, files);
this.back();

5
packages/hydrooj/src/interface.ts
Unescape Escape View File

@ -72,6 +72,8 @@ export interface Udoc extends Dictionary<any> {
loginip: string,
}
export type ownerInfo = { owner: number, maintainer?: number[] };
export interface User extends Record<string, any> {
_id: number,
_udoc: Udoc,
@ -90,6 +92,9 @@ export interface User extends Record<string, any> {
perm: bigint,
scope: bigint,
role: string,
own<T extends ownerInfo>(doc: T, checkPerm: bigint): boolean
own<T extends ownerInfo>(doc: T, exact: boolean): boolean
own<T extends ownerInfo>(doc: T): boolean
own<T extends { owner: number, maintainer?: number[] }>(doc: T): boolean;
hasPerm: (...perm: bigint[]) => boolean,
hasPriv: (...priv: number[]) => boolean,

1
packages/hydrooj/src/model/builtin.ts
Unescape Escape View File

@ -26,7 +26,6 @@ export const PERM = {
// Problem and Record
PERM_CREATE_PROBLEM: 1n << 4n,
PERM_EDIT_PROBLEM: 1n << 5n,
/** @deprecated */
PERM_EDIT_PROBLEM_SELF: 1n << 6n,
PERM_VIEW_PROBLEM: 1n << 7n,
PERM_VIEW_PROBLEM_HIDDEN: 1n << 8n,

5
packages/hydrooj/src/model/user.ts
Unescape Escape View File

@ -87,8 +87,9 @@ class User implements _User {
return this;
}
own<T extends { owner: number, maintainer?: number[] }>(doc: T, exact = false) {
return exact
own(doc: any, arg1: any = false): boolean {
if (typeof arg1 === 'bigint' && !this.hasPerm(arg1)) return false;
return (typeof arg1 === 'boolean' && arg1)
? doc.owner === this._id
: doc.owner === this._id || (doc.maintainer || []).includes(this._id);
}

2
packages/ui-default/package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{
"name": "@hydrooj/ui-default",
"version": "4.8.3",
"version": "4.8.4",
"author": "undefined <i@undefined.moe>",
"license": "AGPL-3.0",
"main": "hydro.js",

2
packages/ui-default/templates/partials/problem_sidebar_contest.html
Unescape Escape View File

@ -28,7 +28,7 @@
<span class="icon icon-send"></span> {{ _('Open in Problem Set') }}
</a></li>
{% endif %}
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<li class="menu__seperator"></li>
<li class="menu__item"><a class="menu__link{% if page_name == 'problem_edit' %} active{% endif %}" href="{{ url('problem_edit', pid=pdoc.pid|default(pdoc.docId)) }}">
<span class="icon icon-edit"></span> {{ _('Edit') }}

2
packages/ui-default/templates/partials/problem_sidebar_homework.html
Unescape Escape View File

@ -28,7 +28,7 @@
<span class="icon icon-send"></span> {{ _('Open in Problem Set') }}
</a></li>
{% endif %}
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<li class="menu__seperator"></li>
<li class="menu__item"><a class="menu__link{% if page_name == 'problem_edit' %} active{% endif %}" href="{{ url('problem_edit', pid=pdoc.pid|default(pdoc.docId)) }}">
<span class="icon icon-edit"></span> {{ _('Edit') }}

2
packages/ui-default/templates/partials/problem_sidebar_normal.html
Unescape Escape View File

@ -78,7 +78,7 @@
<li class="menu__item"><a class="menu__link{% if page_name == 'problem_files' %} active{% endif %}" href="{{ url('problem_files', pid=pdoc.pid|default(pdoc.docId)) }}">
<span class="icon icon-file"></span> {{ _('Files') }}
</a></li>
{% if (handler.user.own(pdoc) and handler.user.hasPerm(perm.PERM_EDIT_PROBLEM_SELF)) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<li class="menu__seperator"></li>
<li class="menu__item"><a class="menu__link{% if page_name == 'problem_edit' %} active{% endif %}" href="{{ url('problem_edit', pid=pdoc.pid|default(pdoc.docId)) }}">
<span class="icon icon-edit"></span> {{ _('Edit') }}

2
packages/ui-default/templates/problem_edit.html
Unescape Escape View File

@ -57,7 +57,7 @@
<button type="submit" class="rounded primary button">
{{ _('Update') }}
</button>
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<button name="operation" value="delete" type="submit" class="rounded button">
{{ _('Delete') }}
</button>

8
packages/ui-default/templates/problem_files.html
Unescape Escape View File

@ -6,7 +6,7 @@
<div class="section__header">
<h1 class="section__title">{{ _('Testdata') }}</h1>
<div class="section__tools">
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<button class="primary rounded button" name="upload_testdata">{{ _('Add File') }}</button>
{% endif %}
</div>
@ -55,7 +55,7 @@
{% endif %}
{% endif %}
</div>
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if testdata.length %}
<div class="section__body">
<button class="rounded button" name="download_selected_testdata">{{ _('Download Selected') }}</button>
@ -70,7 +70,7 @@
<div class="section__header">
<h1 class="section__title">{{ _('Additional Files') }}</h1>
<div class="section__tools">
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<button class="primary rounded button" name="upload_file">{{ _('Add File') }}</button>
{% endif %}
</div>
@ -117,7 +117,7 @@
{% if additional_file.length %}
<div class="section__body">
<button class="rounded button" name="download_selected_file">{{ _('Download Selected') }}</button>
{% if handler.user.own(pdoc) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
{% if handler.user.own(pdoc, perm.PERM_EDIT_PROBLEM_SELF) or handler.user.hasPerm(perm.PERM_EDIT_PROBLEM) %}
<button class="rounded button" name="remove_selected_file">{{ _('Remove Selected') }}</button>
{% endif %}
</div>

Write Preview
Loading…
Cancel
Save