/**
  * Validate requests for grader apis
  *
  * @param Request $r
  * @throws ForbiddenAccessException
  */
 private static function validateRequest(Request $r)
 {
     self::authenticateRequest($r);
     if (!Authorization::IsSystemAdmin($r['current_user_id'])) {
         throw new ForbiddenAccessException();
     }
 }
 /**
  *
  * @param Request $r
  * @return array
  * @throws ForbiddenAccessException
  */
 public static function apiGenerateOmiUsers(Request $r)
 {
     self::authenticateRequest($r);
     $response = array();
     $is_system_admin = Authorization::IsSystemAdmin($r['current_user_id']);
     if ($r['contest_type'] == 'OMI') {
         if (!$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         // Arreglo de estados de MX
         $keys = array('OMI2015-AGU' => 4, 'OMI2015-BCN' => 4, 'OMI2015-BCS' => 4, 'OMI2015-CAM' => 4, 'OMI2015-COA' => 4, 'OMI2015-COL' => 4, 'OMI2015-CHP' => 4, 'OMI2015-CHH' => 8, 'OMI2015-DIF' => 4, 'OMI2015-DUR' => 4, 'OMI2015-GUA' => 4, 'OMI2015-GRO' => 4, 'OMI2015-HID' => 4, 'OMI2015-JAL' => 4, 'OMI2015-MEX' => 4, 'OMI2015-MIC' => 4, 'OMI2015-MOR' => 4, 'OMI2015-NAY' => 4, 'OMI2015-NLE' => 4, 'OMI2015-OAX' => 4, 'OMI2015-PUE' => 4, 'OMI2015-QUE' => 4, 'OMI2015-ROO' => 4, 'OMI2015-SLP' => 4, 'OMI2015-SIN' => 4, 'OMI2015-SON' => 4, 'OMI2015-TAB' => 4, 'OMI2015-TAM' => 4, 'OMI2015-TLA' => 4, 'OMI2015-VER' => 4, 'OMI2015-YUC' => 4, 'OMI2015-ZAC' => 4, 'OMI2015-INV' => 4);
     } elseif ($r['contest_type'] == 'OMIPS') {
         if ($r['current_user']->getUsername() != 'andreasantillana' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('OMIPS2015-P' => 25, 'OMIPS2015-S' => 25);
     } elseif ($r['contest_type'] == 'ORIG') {
         if ($r['current_user']->getUsername() != 'kuko.coder' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('ORIG1516-CEL' => 38, 'ORIG1516-DHI' => 15, 'ORIG1516-GTO' => 14, 'ORIG1516-IRA' => 37, 'ORIG1516-PEN' => 22, 'ORIG1516-LEO' => 43, 'ORIG1516-SLP' => 14, 'ORIG1516-SLV' => 14, 'ORIG1516-URI' => 17, 'ORIG1516-VDS' => 15);
     } elseif ($r['contest_type'] == 'OMIAGS') {
         if ($r['current_user']->getUsername() != 'andreasantillana' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('OMIAGS' => 35);
     } elseif ($r['contest_type'] == 'OSI') {
         if ($r['current_user']->getUsername() != 'cope_quintana' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('OSI16' => 120);
     } elseif ($r['contest_type'] == 'UNAMFC') {
         if ($r['current_user']->getUsername() != 'manuelalcantara52' && $r['current_user']->getUsername() != 'manuel52' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('UNAMFC15' => 30);
     } elseif ($r['contest_type'] == 'OVI') {
         if ($r['current_user']->getUsername() != 'covi.academico' && !$is_system_admin) {
             throw new ForbiddenAccessException();
         }
         $keys = array('OVI15' => 200);
     } else {
         throw new InvalidParameterException('parameterNotInExpectedSet', 'contest_type', array('bad_elements' => $r['contest_type'], 'expected_set' => 'OMI, OMIAGS, ORIG, OSI, OVI'));
     }
     self::$permissionKey = $r['permission_key'] = self::randomString(32);
     foreach ($keys as $k => $n) {
         $digits = floor(log10($n) + 1);
         for ($i = 1; $i <= $n; $i++) {
             $username = $k . '-' . str_pad($i, $digits, '0', STR_PAD_LEFT);
             $password = self::randomString(8);
             if (self::omiPrepareUser($r, $username, $password)) {
                 $response[$username] = $password;
             }
             // Add user to contest if needed
             if (!is_null($r['contest_alias'])) {
                 $addUserRequest = new Request();
                 $addUserRequest['auth_token'] = $r['auth_token'];
                 $addUserRequest['usernameOrEmail'] = $username;
                 $addUserRequest['contest_alias'] = $r['contest_alias'];
                 ContestController::apiAddUser($addUserRequest);
             }
         }
     }
     return $response;
 }
 /**
  * Validator for List API
  *
  * @param Request $r
  * @throws ForbiddenAccessException
  * @throws InvalidDatabaseOperationException
  * @throws NotFoundException
  */
 private static function validateList(Request $r)
 {
     // Defaults for offset and rowcount
     if (!isset($r['offset'])) {
         $r['offset'] = 0;
     }
     if (!isset($r['rowcount'])) {
         $r['rowcount'] = 100;
     }
     if (!Authorization::IsSystemAdmin($r['current_user_id'])) {
         throw new ForbiddenAccessException('userNotAllowed');
     }
     Validators::isNumber($r['offset'], 'offset', false);
     Validators::isNumber($r['rowcount'], 'rowcount', false);
     Validators::isInEnum($r['status'], 'status', array('new', 'waiting', 'compiling', 'running', 'ready'), false);
     Validators::isInEnum($r['verdict'], 'verdict', array('AC', 'PA', 'WA', 'TLE', 'MLE', 'OLE', 'RTE', 'RFE', 'CE', 'JE', 'NO-AC'), false);
     // Check filter by problem, is optional
     if (!is_null($r['problem_alias'])) {
         Validators::isStringNonEmpty($r['problem_alias'], 'problem');
         try {
             $r['problem'] = ProblemsDAO::getByAlias($r['problem_alias']);
         } catch (Exception $e) {
             // Operation failed in the data layer
             throw new InvalidDatabaseOperationException($e);
         }
         if (is_null($r['problem'])) {
             throw new NotFoundException('problemNotFound');
         }
     }
     Validators::isInEnum($r['language'], 'language', array('c', 'cpp', 'cpp11', 'java', 'py', 'rb', 'pl', 'cs', 'pas', 'kp', 'kj', 'cat', 'hs'), false);
     // Get user if we have something in username
     if (!is_null($r['username'])) {
         try {
             $r['user'] = UserController::resolveUser($r['username']);
         } catch (NotFoundException $e) {
             // If not found, simply ignore it
             $r['username'] = null;
             $r['user'] = null;
         }
     }
 }
 public static function getCurrentSession(Request $r)
 {
     $authToken = $r['auth_token'];
     if (is_null($authToken)) {
         return array('valid' => false, 'id' => null, 'name' => null, 'username' => null, 'email' => null, 'email_md5' => null, 'auth_token' => null, 'is_admin' => false, 'login_url' => '/login/');
     }
     $vo_CurrentUser = AuthTokensDAO::getUserByToken($authToken);
     if (is_null($vo_CurrentUser)) {
         // Means user has auth token, but at
         // does not exist in DB
         return array('valid' => false, 'id' => null, 'name' => null, 'username' => null, 'email' => null, 'email_md5' => null, 'auth_token' => null, 'is_admin' => false, 'login_url' => '/login/');
     }
     // Get email via his id
     $vo_Email = EmailsDAO::getByPK($vo_CurrentUser->getMainEmailId());
     $_SESSION['omegaup_user'] = array('name' => $vo_CurrentUser->getUsername(), 'email' => !is_null($vo_Email) ? $vo_Email->getEmail() : '');
     return array('valid' => true, 'id' => $vo_CurrentUser->getUserId(), 'name' => $vo_CurrentUser->getName(), 'email' => !is_null($vo_Email) ? $vo_Email->getEmail() : '', 'email_md5' => !is_null($vo_Email) ? md5($vo_Email->getEmail()) : '', 'user' => $vo_CurrentUser, 'username' => $vo_CurrentUser->getUsername(), 'auth_token' => $authToken, 'is_email_verified' => $vo_CurrentUser->getVerified(), 'is_admin' => Authorization::IsSystemAdmin($vo_CurrentUser->getUserId()), 'private_contests_count' => ContestsDAO::getPrivateContestsCount($vo_CurrentUser), 'private_problems_count' => ProblemsDAO::getPrivateCount($vo_CurrentUser), 'needs_basic_info' => $vo_CurrentUser->getPassword() == null);
 }
Beispiel #5
0
 /**
  * Validator for List API
  * 
  * @param Request $r
  * @throws ForbiddenAccessException
  * @throws InvalidDatabaseOperationException
  * @throws NotFoundException
  */
 private static function validateList(Request $r)
 {
     // Defaults for offset and rowcount
     if (!isset($r["offset"])) {
         $r["offset"] = 0;
     }
     if (!isset($r["rowcount"])) {
         $r["rowcount"] = 100;
     }
     if (!Authorization::IsSystemAdmin($r["current_user_id"])) {
         throw new ForbiddenAccessException("userNotAllowed");
     }
     Validators::isNumber($r["offset"], "offset", false);
     Validators::isNumber($r["rowcount"], "rowcount", false);
     Validators::isInEnum($r["status"], "status", array('new', 'waiting', 'compiling', 'running', 'ready'), false);
     Validators::isInEnum($r["verdict"], "verdict", array("AC", "PA", "WA", "TLE", "MLE", "OLE", "RTE", "RFE", "CE", "JE", "NO-AC"), false);
     // Check filter by problem, is optional
     if (!is_null($r["problem_alias"])) {
         Validators::isStringNonEmpty($r["problem_alias"], "problem");
         try {
             $r["problem"] = ProblemsDAO::getByAlias($r["problem_alias"]);
         } catch (Exception $e) {
             // Operation failed in the data layer
             throw new InvalidDatabaseOperationException($e);
         }
         if (is_null($r["problem"])) {
             throw new NotFoundException("problemNotFound");
         }
     }
     Validators::isInEnum($r["language"], "language", array('c', 'cpp', 'cpp11', 'java', 'py', 'rb', 'pl', 'cs', 'pas', 'kp', 'kj', 'cat', 'hs'), false);
     // Get user if we have something in username
     if (!is_null($r["username"])) {
         try {
             $r["user"] = UserController::resolveUser($r["username"]);
         } catch (NotFoundException $e) {
             // If not found, simply ignore it
             $r["username"] = null;
             $r["user"] = null;
         }
     }
 }
 /**
  * Given a contest_alias, sets the recommended flag on/off.
  * Only omegaUp admins can call this API.
  *
  * @param Request $r
  * @return array
  */
 public static function apiSetRecommended(Request $r)
 {
     self::authenticateRequest($r);
     if (!Authorization::IsSystemAdmin($r['current_user_id'])) {
         throw new ForbiddenAccessException('userNotAllowed');
     }
     // Validate & get contest_alias
     try {
         $r['contest'] = ContestsDAO::getByAlias($r['contest_alias']);
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     if (is_null($r['contest'])) {
         throw new NotFoundException('contestNotFound');
     }
     // Validate value param
     Validators::isInEnum($r['value'], 'value', array('0', '1'));
     $r['contest']->recommended = $r['value'];
     try {
         ContestsDAO::save($r['contest']);
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     return array('status' => 'ok');
 }
Beispiel #7
0
 /**
  * Given a contest_alias and user_id, returns the role of the user within
  * the context of a contest.
  *
  * @param Request $r
  * @return array
  */
 public static function apiRole(Request $r)
 {
     try {
         if ($r['contest_alias'] == 'all-events') {
             self::authenticateRequest($r);
             if (Authorization::IsSystemAdmin($r['current_user_id'])) {
                 return array('status' => 'ok', 'admin' => true);
             }
         }
         self::validateDetails($r);
         return array('status' => 'ok', 'admin' => $r['contest_admin']);
     } catch (Exception $e) {
         self::$log->error("Error getting role: " . $e);
         return array('status' => 'error', 'admin' => false);
     }
 }
 /**
  *
  * Gets a list of problems where current user is the owner
  *
  * @param Request $r
  */
 public static function apiMyList(Request $r)
 {
     self::authenticateRequest($r);
     self::validateList($r);
     $response = array();
     $response['results'] = array();
     try {
         $problems = null;
         if (Authorization::IsSystemAdmin($r['current_user_id'])) {
             $problems = ProblemsDAO::getAll(null, null, 'problem_id', 'DESC');
         } else {
             $problem_mask = new Problems(array('author_id' => $r['current_user_id']));
             $problems = ProblemsDAO::search($problem_mask, 'problem_id', 'DESC', $r['offset'], $r['rowcount']);
         }
         foreach ($problems as $problem) {
             $problemArray = $problem->asArray();
             $problemArray['tags'] = ProblemsDAO::getTagsForProblem($problem, false);
             array_push($response['results'], $problemArray);
         }
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     $response['status'] = 'ok';
     return $response;
 }
Beispiel #9
0
 /**
  *
  * @param Request $r
  * @return array
  * @throws ForbiddenAccessException
  */
 public static function apiGenerateOmiUsers(Request $r)
 {
     self::authenticateRequest($r);
     $response = array();
     if ($r["contest_type"] == "OMI") {
         if (!Authorization::IsSystemAdmin($r["current_user_id"])) {
             throw new ForbiddenAccessException();
         }
         // Arreglo de estados de MX
         $keys = array("OMI2015-AGU" => 4, "OMI2015-BCN" => 4, "OMI2015-BCS" => 4, "OMI2015-CAM" => 4, "OMI2015-COA" => 4, "OMI2015-COL" => 4, "OMI2015-CHP" => 4, "OMI2015-CHH" => 8, "OMI2015-DIF" => 4, "OMI2015-DUR" => 4, "OMI2015-GUA" => 4, "OMI2015-GRO" => 4, "OMI2015-HID" => 4, "OMI2015-JAL" => 4, "OMI2015-MEX" => 4, "OMI2015-MIC" => 4, "OMI2015-MOR" => 4, "OMI2015-NAY" => 4, "OMI2015-NLE" => 4, "OMI2015-OAX" => 4, "OMI2015-PUE" => 4, "OMI2015-QUE" => 4, "OMI2015-ROO" => 4, "OMI2015-SLP" => 4, "OMI2015-SIN" => 4, "OMI2015-SON" => 4, "OMI2015-TAB" => 4, "OMI2015-TAM" => 4, "OMI2015-TLA" => 4, "OMI2015-VER" => 4, "OMI2015-YUC" => 4, "OMI2015-ZAC" => 4, "OMI2015-INV" => 4);
     } else {
         if ($r["contest_type"] == "OMIPS") {
             if (!Authorization::IsSystemAdmin($r["current_user_id"])) {
                 throw new ForbiddenAccessException();
             }
             $keys = array("OMIPS2015-P" => 25, "OMIPS2015-S" => 25);
         } else {
             if ($r["contest_type"] == "ORIG") {
                 if (!($r["current_user"]->getUsername() == "kuko.coder" || Authorization::IsSystemAdmin($r["current_user_id"]))) {
                     throw new ForbiddenAccessException();
                 }
                 $keys = array("ORIG1516-CEL" => 38, "ORIG1516-DHI" => 15, "ORIG1516-GTO" => 14, "ORIG1516-IRA" => 37, "ORIG1516-PEN" => 22, "ORIG1516-LEO" => 43, "ORIG1516-SLP" => 14, "ORIG1516-SLV" => 14, "ORIG1516-URI" => 17, "ORIG1516-VDS" => 15);
             } else {
                 if ($r["contest_type"] == "OMIAGS") {
                     if (!($r["current_user"]->getUsername() == "andreasantillana" || Authorization::IsSystemAdmin($r["current_user_id"]))) {
                         throw new ForbiddenAccessException();
                     }
                     $keys = array("OMIAGS" => 35);
                 } else {
                     if ($r["contest_type"] == "OSI") {
                         if (!($r["current_user"]->getUsername() == "cope_quintana" || Authorization::IsSystemAdmin($r["current_user_id"]))) {
                             throw new ForbiddenAccessException();
                         }
                         $keys = array("OSI16" => 120);
                     } else {
                         if ($r["contest_type"] == "UNAMFC") {
                             if (!($r["current_user"]->getUsername() == "manuelalcantara52" || $r["current_user"]->getUsername() == "manuel52" || Authorization::IsSystemAdmin($r["current_user_id"]))) {
                                 throw new ForbiddenAccessException();
                             }
                             $keys = array("UNAMFC15" => 30);
                         } else {
                             if ($r["contest_type"] == "OVI") {
                                 if (!($r["current_user"]->getUsername() == "covi.academico" || Authorization::IsSystemAdmin($r["current_user_id"]))) {
                                     throw new ForbiddenAccessException();
                                 }
                                 $keys = array("OVI15" => 200);
                             } else {
                                 throw new InvalidParameterException("parameterNotInExpectedSet", "contest_type", array("bad_elements" => $r["contest_type"], "expected_set" => "OMI, OMIAGS, ORIG, OSI, OVI"));
                             }
                         }
                     }
                 }
             }
         }
     }
     self::$permissionKey = $r['permission_key'] = self::randomString(32);
     foreach ($keys as $k => $n) {
         $digits = floor(log10($n) + 1);
         for ($i = 1; $i <= $n; $i++) {
             $username = $k . "-" . str_pad($i, $digits, '0', STR_PAD_LEFT);
             $password = self::randomString(8);
             if (self::omiPrepareUser($r, $username, $password)) {
                 $response[$username] = $password;
             }
             // Add user to contest if needed
             if (!is_null($r["contest_alias"])) {
                 $addUserRequest = new Request();
                 $addUserRequest["auth_token"] = $r["auth_token"];
                 $addUserRequest["usernameOrEmail"] = $username;
                 $addUserRequest["contest_alias"] = $r["contest_alias"];
                 ContestController::apiAddUser($addUserRequest);
             }
         }
     }
     return $response;
 }
 /**
  * Forza un refresh de la tabla User_Rank. SysAdmin only.
  *
  * @param Request $r
  * @return array
  * @throws UnauthorizedException
  */
 public static function apiRefreshUserRank(Request $r)
 {
     self::authenticateRequest($r);
     if (!Authorization::IsSystemAdmin($r['current_user_id'])) {
         throw new UnauthorizedException();
     }
     // Actualizar tabla User_Rank
     try {
         UserRankDAO::refreshUserRank();
     } catch (Exception $ex) {
         throw new InvalidDatabaseOperationException($ex);
     }
     // Borrar todos los ranks cacheados
     self::deleteProblemsSolvedRankCacheList();
     return array('status' => 'ok');
 }
 public static function IsGroupAdmin($user_id, Groups $group)
 {
     if (is_null($group)) {
         return false;
     }
     if ($group->owner_id === $user_id) {
         return true;
     }
     return Authorization::IsSystemAdmin($user_id);
 }
Beispiel #12
0
 /**
  *
  * Gets a list of problems where current user is the owner
  *
  * @param Request $r
  */
 public static function apiMyList(Request $r)
 {
     self::authenticateRequest($r);
     self::validateList($r);
     $response = array();
     $response["results"] = array();
     try {
         $problems = NULL;
         if (Authorization::IsSystemAdmin($r["current_user_id"])) {
             $problems = ProblemsDAO::getAll(NULL, NULL, "problem_id", 'DESC');
         } else {
             $problem_mask = new Problems(array("author_id" => $r["current_user_id"]));
             $problems = ProblemsDAO::search($problem_mask, "problem_id", 'DESC', $r["offset"], $r["rowcount"]);
         }
         foreach ($problems as $problem) {
             $problemArray = $problem->asArray();
             $problemArray['tags'] = ProblemsDAO::getTagsForProblem($problem, false);
             array_push($response["results"], $problemArray);
         }
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     $response["status"] = "ok";
     return $response;
 }