Changeset 1091 for trunk/common

Timestamp:

12/23/09 00:26:25 (2 years ago)

Author:

bogdan2412

Message:

Many many small fixes.

• Changed task-tag action from simple-critical to simple-edit.
• Fixed downloading attachments containing grader from normal (non-task) pages.
• Moved a call to remote_ip_info() from common/ to www/ where it's supposed to be in MVC.
• Fixed round and task tests.
• Fixed test cleanup to delete only the created users and to delete them from the forum also.
• Check that the username doesn't exist in the forum when someone tries to register (there are users on the forum that are not on infoarena, because of the import from info.devnet.ro i guess). Having two smf users with the same name crashes things.
• Allow rounds to have no tasks.

Reviewed: ​http://reviewboard.infoarena.ro/r/126/

Location:

trunk/common

Files:

• db/user.php (modified) (2 diffs)
• security.php (modified) (5 diffs)

trunk/common/db/user.php

@@ -131 +131 @@
 // $user must be a valid user struct, user_id ignored
 // Returns created $user or throws up on error.
-function user_create($user)
+function user_create($user, $remote_ip_info=null)
 {
     log_assert_valid(user_validate($user));
@@ -150 +150 @@
     $replace = array("user_id" => $user['username']);
     textblock_copy_replace("template/newuser", IA_USER_TEXTBLOCK_PREFIX.$user['username'],
-                           $replace, "public", $new_user['id'], remote_ip_info());
+                           $replace, "public", $new_user['id'], $remote_ip_info);
 
     // Create SMF user

trunk/common/security.php

@@ -129 +129 @@
         case 'task-create':
         case 'task-delete':
+        case 'task-tag':
         case 'round-delete':
         case 'textblock-delete':
@@ -143 +144 @@
         case 'textblock-change-security':
         case 'task-edit-owner':
-        case 'task-tag':
         case 'round-tag':
         case 'textblock-tag':
@@ -280 +280 @@
 // FIXME: attach-grader?
 function security_attach($user, $action, $attach) {
-
     $att_name = $attach['name'];
     $att_page = normalize_page_name($attach['page']);
@@ -296 +295 @@
     }
 
-    // HACK: magic prefix.
-    if (preg_match('/^grader\_/', $att_name)) {
+    // Speed hack: avatars are always visible. This is good.
+    if ($action == 'attach-download' && $att_name == 'avatar' &&
+            starts_with($att_page, IA_USER_TEXTBLOCK_PREFIX)) {
+        return true;
+    }
+
+    // Forward to textblock.
+    $tb = textblock_get_revision($attach['page']);
+    if (!$tb) {
+        log_print_r($attach);
+    }
+    log_assert($tb, "Orphan attachment");
+
+    // Convert action into a grader action if the textblock is a task
+    // textblock and the attachment has the grader_ prefix.
+    if (preg_match("/^ \s* task: \s* (".IA_RE_TASK_ID.") \s* $/xi", $tb["security"]) &&
+        preg_match('/^grader\_/', $att_name)) {
         $newaction = preg_replace('/^attach/', 'grader', $action);
         if (IA_LOG_SECURITY) {
@@ -304 +318 @@
         $action = $newaction;
     }
-
-    // Speed hack: avatars are always visible. This is good.
-    if ($action == 'attach-download' && $att_name = 'avatar' &&
-            strstr($att_page, IA_USER_TEXTBLOCK_PREFIX) === $att_page) {
-        return true;
-    }
-
-    // Forward to textblock.
-    $tb = textblock_get_revision($attach['page']);
-    if (!$tb) {
-        log_print_r($attach);
-    }
-    log_assert($tb, "Orphan attachment");
 
     return security_textblock($user, $action, $tb);