Details
Bug
Resolved
Minor
Description
Uploading package with API does not work.
Steps to reproduce:
```
curl -v \
--form contest_id=contest-id\
--form round_name=round-name \
--form package_file=@/path/to/file/abc.zip \
--header 'Authorization: Token XXX-XXX-XXX-XXX' \
https://sio2.mimuw.edu.pl/api/problems/package_upload/
```
Error code: 403
Returned JSON: `{"message":"Permission denied."}`
Tested on SIO and Szkopuł by different users with permissions.
PS (to person fixing)
It would be nice, if uploading packed would return problem_id needed by package_reupload, if that doesn't now.
Steps to reproduce:
```
curl -v \
--form contest_id=contest-id\
--form round_name=round-name \
--form package_file=@/path/to/file/abc.zip \
--header 'Authorization: Token XXX-XXX-XXX-XXX' \
https://sio2.mimuw.edu.pl/api/problems/package_upload/
```
Error code: 403
Returned JSON: `{"message":"Permission denied."}`
Tested on SIO and Szkopuł by different users with permissions.
PS (to person fixing)
It would be nice, if uploading packed would return problem_id needed by package_reupload, if that doesn't now.
Activity
- All
- Comments
- History
- Activity
- Transitions
- Commits
Tried it as a superadmin, it worked.
Show
Wojciech Dubiel
added a comment - Tried it as a superadmin, it worked.
Wojciech Dubiel
added a comment - Tried it as a superadmin, it worked. Change oioioi~master~Idb5c487fe13028e697510780f746e71fbe02c1df, patchset 1
https://gerrit.sio2project.mimuw.edu.pl/3438
(SIO-2344) Fix permission check in problem upload api
There's no implied contest in an API request,
so is_contest_admin doesn't make sense.
We need to use can_admin_contest instead.
Change-Id: Idb5c487fe13028e697510780f746e71fbe02c1df
https://gerrit.sio2project.mimuw.edu.pl/3438
(
There's no implied contest in an API request,
so is_contest_admin doesn't make sense.
We need to use can_admin_contest instead.
Change-Id: Idb5c487fe13028e697510780f746e71fbe02c1df
Show
Gerrit Gerrit
added a comment - Change oioioi~master~Idb5c487fe13028e697510780f746e71fbe02c1df, patchset 1
https://gerrit.sio2project.mimuw.edu.pl/3438
( SIO-2344 ) Fix permission check in problem upload api
There's no implied contest in an API request,
so is_contest_admin doesn't make sense.
We need to use can_admin_contest instead.
Change-Id: Idb5c487fe13028e697510780f746e71fbe02c1df
Gerrit Gerrit
added a comment - Change oioioi~master~Idb5c487fe13028e697510780f746e71fbe02c1df, patchset 1
https://gerrit.sio2project.mimuw.edu.pl/3438
( SIO-2344 ) Fix permission check in problem upload api
There's no implied contest in an API request,
so is_contest_admin doesn't make sense.
We need to use can_admin_contest instead.
Change-Id: Idb5c487fe13028e697510780f746e71fbe02c1df 
https://github.com/sio2project/oioioi/blob/549df58b09d9699327bb5808e2ce3e30b0a4a616/oioioi/problems/api.py#L32
The is_contest_admin check does not use the passed contest.
If this is a good guess, then superadmins should be able to upload packages.