Changeset 1006

Timestamp:

02/28/09 18:14:02 (3 years ago)

Author:

bogdan2412

Message:

Implemented virtual contests (mircea and bogdan)

​http://reviewboard.infoarena.ro/r/65/
​http://reviewboard.infoarena.ro/r/66/

There is still a security hole, don't put on live.

Location:

trunk

Files:

• common/db/round.php (modified) (4 diffs)
• common/round.php (modified) (6 diffs)
• common/security.php (modified) (4 diffs)
• scripts/migrate-virtual-contest (added)
• tests/round.php (modified) (9 diffs)
• www/controllers/round.php (modified) (9 diffs)
• www/macros/macro_roundlist.php (added)
• www/static/css/screen.css (modified) (1 diff)
• www/static/images/hourglass.png (added)
• www/static/images/run.png (added)
• www/views/round_create.php (modified) (1 diff)
• www/views/round_edit.php (modified) (2 diffs)

trunk/common/db/round.php

@@ -179 +179 @@
             $values[] = "('".db_escape($round_id)."', '".db_escape($task_id)."')";
         }
-        $query = "INSERT INTO ia_round_task (round_id, task_id) 
+        $query = "INSERT INTO ia_round_task (round_id, task_id)
                   VALUES ". implode(', ', $values);
         db_query($query);
@@ -230 +230 @@
 
 // Returs list of registred user to round $round_id, order by rating
-// round can be 
+// round can be
 function round_get_registered_users_range($round_id, $start, $range)
 {
@@ -312 +312 @@
     $query = <<<SQL
 SELECT * FROM `ia_round`
-    WHERE `state` != 'running' AND 
-    `start_time` <= '%s' AND 
+    WHERE `state` != 'running' AND
+    `start_time` <= '%s' AND
     DATE_ADD(`start_time`, INTERVAL ($duration_subquery) * 60 * 60 SECOND) > '%s'
     LIMIT 1
@@ -370 +370 @@
 }
 
+function round_get_many($options) {
+    $field_list = "`ia_round`.*";
+    $where = Array();
+    if (getattr($options, "name_regexp")) {
+        $where[] = "`ia_round`.`id` REGEXP " . db_quote($options["name_regexp"]);
+    }
+    if (getattr($options, "type")) {
+        $where[] = "`ia_round`.`type` = " . db_quote($options["type"]);
+    }
+
+    // Add a join for username.
+    $join = "";
+    if (getattr($options, 'username', false) == true) {
+        $field_list .= ", `ia_user`.`username` AS `user_name`" .
+                       ", `ia_user`.`full_name` AS `user_fullname`" .
+                       ", `ia_user`.`rating_cache` AS `user_rating`";
+        $join = "LEFT JOIN ia_user ON `ia_round`.`user_id` = `ia_user`.`id`";
+    }
+
+    if (strtolower(getattr($options, "order", "desc") == "desc")) {
+        $order = "DESC";
+    } else {
+        $order = "ASC";
+    }
+
+    $limit = db_quote(getattr($options, "limit", 50));
+    $offset = db_quote(getattr($options, "offset", 0));
+
+    if (!empty($where)) {
+        $where = " WHERE (" . implode(") AND (", $where) . ")";
+    } else {
+        $where = "";
+    }
+
+    $query = "SELECT $field_list FROM `ia_round` $join $where";
+    $query .= " ORDER BY `ia_round`.`start_time` $order, `ia_round`.`id` $order";
+    $query .= " LIMIT $offset, $limit";
+
+    $rounds = db_fetch_all($query);
+
+    if (getattr($options, "get_count")) {
+        $query = "SELECT COUNT(*) FROM `ia_round` $where";
+        $rounds["count"] = db_fetch($query);
+        $rounds["count"] = array_pop($rounds["count"]);
+    }
+
+    return $rounds;
+}
+
 ?>

trunk/common/round.php

@@ -7 +7 @@
             'classic' => 'Concurs clasic',
             'archive' => 'Arhiva de pregatire',
+            'user-defined' => 'Concurs virtual',
     );
 }
@@ -27 +28 @@
                             'type' => 'bool',
                     ),
-            ),
+                ),
             'archive' => array(
                     'duration' => array(
@@ -35 +36 @@
                             'type' => 'float',
                     ),
-            ),
-    );
+                ),
+            'user-defined' => array(
+                'duration' => array(
+                            'name' => 'Durata',
+                            'description' => "Durata concursului, in ore",
+                            'default' => '4.5',
+                            'type' => 'float',
+                    ),
+                ),
+            );
 }
 
@@ -42 +51 @@
 function round_validate_parameters($round_type, $parameters) {
     $errors = array();
-    if ($round_type == 'classic') {
+    if ($round_type == 'classic' or $round_type == 'user-defined') {
         // Check duration
         $duration = getattr($parameters, 'duration');
@@ -69 +78 @@
             'state' => 'waiting',
             'start_time' => NULL,
-            'public_eval' => (($round_type == 'archive') ? 1 : 0)
+            'public_eval' => (($round_type == 'archive') ? 1 : 0),
+            'user_id' => $user['id']
     );
 
@@ -111 +121 @@
     }
 
+    if (!is_user_id(getattr($round, 'user_id', ''))) {
+        $errors['user_id'] = "ID-ul userului este invalid";
+    }
+
     return $errors;
 }

trunk/common/security.php

@@ -129 +129 @@
         case 'task-create':
         case 'task-delete':
-        case 'round-edit':
-        case 'round-create':
         case 'round-delete':
         case 'textblock-delete':
@@ -154 +152 @@
         case 'grader-download':
         case 'task-submit':
+        case 'round-edit':
+        case 'round-create':
         case 'round-submit':
         case 'round-view-tasks':
@@ -449 +449 @@
     switch ($action) {
         case 'simple-view':
-            return true;
+          return true;
+
+        case 'round-create':
+          if ($round['type'] == 'user-defined') {
+              return $usersec != 'anonymous';
+          } else {
+              return $is_admin;
+          }
+
+        case 'round-edit':
+        case 'simple-rev-edit':
+          if ($usersec == 'anonymous') {
+              return false;
+          }
+          if ($round['type'] == 'user-defined') {
+              return $user['id'] == $round['user_id'] || $is_admin;
+          } else {
+              return $is_admin;
+          }
 
         case 'round-view-tasks':
@@ -456 +474 @@
             return $round['public_eval'] == true || $is_admin;
 
-        case 'simple-rev-edit':
         case 'simple-edit':
         case 'simple-critical':

trunk/tests/round.php

@@ -11 +11 @@
 log_print("WARNING: This test requires the evaluator.");
 
-log_print("Helper1 looks at new round page, fails");
+log_print("Helper1 looks at new round page, works");
 $res = curl_test(array(
         'url' => url_round_create(),
         'user' => 'test_helper1',
 ));
-log_assert($res['url'] != url_absolute(url_round_create()));
+log_assert_equal($res['url'], url_absolute(url_round_create()));
+
+
+log_print("Helper1 tries to create a new round, works");
+$res = curl_test(array(
+        'url' => url_round_create(),
+        'user' => 'test_helper1',
+        'post' => array(
+          'id' => 'tEst_Round',
+          'type' => 'user-defined',
+)));
+log_assert_equal($res['url'], url_absolute(url_round_edit('tEst_Round')));
 
 
@@ -24 +35 @@
         'user' => 'test_helper1',
         'post' => array(
-                'id' => 'tEst_Round',
-)));
-log_assert_equal($res['url'], url_absolute(url_home()));
-
-
-log_print("Helper2 looks at round page, but it's not there");
+          'id' => 'tEst_Round',
+          'type' => 'classic',
+)));
+log_assert_equal($res['url'], url_absolute(url_round_create()));
+
+
+log_print("Helper2 looks at round page, and it's there");
 $res = curl_test(array(
         'url' => url_textblock('runda/tEst_Round'),
         'user' => 'test_helper2',
 ));
-log_assert_equal($res['url'], url_absolute(url_textblock_edit('runda/test_round')));
+log_assert_equal($res['url'], url_absolute(url_textblock('runda/tEst_Round')));
 
 
@@ -45 +57 @@
 
 
-log_print("Admin creates round.");
+log_print("Admin creates round, already exists.");
 $res = curl_test(array(
         'url' => url_round_create(),
@@ -52 +64 @@
                 'id' => 'tEst_Round',
 )));
-log_assert_equal($res['url'], url_absolute(url_round_edit('tEst_Round')));
+log_assert_equal($res['url'], url_absolute(url_round_create()));
 log_assert(strstr($res['content'], 'tEst_Round'));
 
@@ -117 +129 @@
 log_assert_equal($res['url'], url_absolute(url_textblock('runda/tEst_Round')));
 log_assert(strstr($res['content'], 'xzx-round-title-xzx'));
-log_assert(strstr($res['content'], '<span class="round status waiting">'));
+log_assert(strstr($res['content'], 'Nu esti inscris la'));
 log_assert(!strstr($res['content'], '<a href="'.
             url_textblock('problema/cmmdc')));
@@ -150 +162 @@
 log_assert_equal($res['url'], url_absolute(url_textblock('runda/tEst_Round')));
 log_assert(strstr($res['content'], 'xzx-round-title-xzx'));
-log_assert(strstr($res['content'], '<span class="round status waiting">'));
-log_assert(!strstr($res['content'], '<span class="round status running">'));
-log_assert(!strstr($res['content'], '<span class="round status complete">'));
+log_assert(strstr($res['content'], 'Nu esti inscris la'));
+log_assert(!strstr($res['content'], 'Nu se mai pot face inscrieri'));
+log_assert(!strstr($res['content'], 'Runda s-a incheiat'));
 log_assert(strstr($res['content'], '<a href="'.
             url_textblock('problema/cmmdc')));
@@ -162 +174 @@
 
 // Yuck
-log_print("Waiting for 4 seconds...");
-usleep(4 * 1000000);
+log_print("Waiting for 5 seconds...");
+usleep(5 * 1000000);
 
 
@@ -172 +184 @@
 log_assert_equal($res['url'], url_absolute(url_textblock('runda/tEst_Round')));
 log_assert(strstr($res['content'], 'xzx-round-title-xzx'));
-log_assert(!strstr($res['content'], '<span class="round status waiting">'), "Round still waiting");
-log_assert(strstr($res['content'], '<span class="round status running">'));
-log_assert(!strstr($res['content'], '<span class="round status complete">'));
+log_assert(!strstr($res['content'], 'Nu esti inscris la'), 
+    "Round still waiting, is the evaluator ON?");
+log_assert(strstr($res['content'], 'Nu se mai pot face inscrieri'));
+log_assert(!strstr($res['content'], 'Runda s-a incheiat'));
 log_assert(strstr($res['content'], '<a href="'.
             url_textblock('problema/cmmdc')));
@@ -186 +199 @@
 //test_cleanup();
 
+
 ?>

trunk/www/controllers/round.php

@@ -20 +20 @@
 // with the user-submitted data and their corresponding errors.
 function controller_round_details($round_id) {
-    // validate round_id
+    global $identity_user;
+
+    // Validate round_id
     if (!is_round_id($round_id)) {
         flash_error('Identificatorul rundei este invalid');
@@ -35 +37 @@
     // Security check
     identity_require('round-edit', $round);
+
+    // Filter for available round types.
+    $round_types = array();
+    foreach (round_get_types() as $round_type => $pretty_name) {
+        if (identity_can("round-edit", round_init('round_id', $round_type, 
+            $identity_user)))
+            $round_types[$round_type] = $pretty_name;
+    }
 
     // get parameter list for rounds (in general, not for this specific round)
@@ -148 +158 @@
     // If posting with no errors then do the db monkey
     if (request_is_post() && !$errors) {
+        // Don't forget about security.
+        identity_require("round-edit", $new_round);
         // FIXME: error handling? Is that even remotely possible in php?
         log_print_r($_REQUEST);
@@ -172 +184 @@
     $view['param_infos'] = $param_infos;
     $view['all_tasks'] = $all_tasks;
+    $view['round_types'] = $round_types;
 
     execute_view_die("views/round_edit.php", $view);
@@ -181 +194 @@
     global $identity_user;
 
-    // Security check. FIXME: sort of a hack.
+    // Security check.
     identity_require_login();
-    identity_require("round-create",
-            round_init('new_round', 'classic', $identity_user));
 
     // Form stuff.
@@ -193 +204 @@
     $values['id'] = request('id', '');
     // FIXME: type hidden
-    $values['type'] = request('type', 'classic');
+    $values['type'] = request('type', 'user-defined');
 
     if (request_is_post()) {
@@ -210 +221 @@
                     $values['type'],
                     $identity_user);
+            identity_require("round-create", $round);
             $round_params = array();
             // FIXME: array_ magic?
@@ -223 +235 @@
             redirect(url_round_edit($round['id']));
         }
+    }
+
+    // Filter for available round types.
+    $round_types = array();
+    foreach (round_get_types() as $round_type => $pretty_name) {
+        if (identity_can("round-create", round_init("round_id", $round_type, 
+            $identity_user)))
+            $round_types[$round_type] = $pretty_name;
     }
 
@@ -231 +251 @@
     $view['form_values'] = $values;
     $view['form_errors'] = $errors;
+    $view['round_types'] = $round_types;
 
     execute_view_die("views/round_create.php", $view);

trunk/www/static/css/screen.css

@@ -1485 +1485 @@
 }
 
+/* Round status icons */
+.round-complete, .round-waiting, .round-running {
+    width: 16px;
+    height: 16px;
+    display: block;
+}
+
+.round-complete {
+    width: 14px;
+    height: 11px;
+    background: url("../images/complete.gif");
+}
+
+.round-waiting {
+    background: url("../images/hourglass.png");
+}
+
+.round-running {
+    background: url("../images/run.png");
+}

trunk/www/views/round_create.php

@@ -12 +12 @@
                 'name' => 'Tipul rundei',
                 'type' => 'enum',
-                'values' => round_get_types(),
-                'default' => 'classic',
+                'values' => $round_types,
+                'default' => 'user-defined',
         ), 
 );
 
 ?>
-
 <h1><?= html_escape($title) ?></h1>
 

trunk/www/views/round_edit.php

@@ -55 +55 @@
                 'name' => 'Tipul rundei',
                 'type' => 'enum',
-                'values' => round_get_types(),
-                'default' => 'classic',
+                'values' => $round_types,
+                'default' => 'user-defined',
         ),
         'public_eval' => array(
@@ -71 +71 @@
 <?php if ($round['state'] == 'running') { ?>
     <div class="warning">
-     Atentie! Runda este activa chiar acum. Orice modificare poate avea urmari neplacute.
+     Atentie! Runda este activa chiar acum. Orice modificare poate avea urmari neplacute!
     </div>
 <?php } elseif ($round['state'] == 'waiting') { ?>