请教关于设置管理员的问题…… about vj4 HOT 1 CLOSED

In vj4, there are two things called permission and privilege. Permission is per-domain and privilege is per-system (for the entire site).

In code we usually assert permission and privilege requirements by applying decorators on view handlers. For example, in vj4/view/discussion.py:50:

@app.route('/discuss/{node_or_pid}/create', 'discussion_create')
class DiscussionCreateView(base.View):
  @base.require_priv(builtin.PRIV_USER_PROFILE)
  @base.require_perm(builtin.PERM_CREATE_DISCUSSION)
  @base.route_argument
  @base.sanitize
  async def get(self, *, node_or_pid: document.convert_doc_id):
    vnode = await discussion.get_vnode(self.domain_id, node_or_pid)

The discussion_create view requires PRIV_USER_PROFILE privilege and PERM_CREATE_DISCUSSION permission.

Privileges are directly stored in the user collection, where most user's privilege should be 4, which is PRIV_USER_PROFILE, which means the user has access to its user profile. Guest user (hardcoded in vj4/model/builtin.py) doesn't have PRIV_USER_PROFILE, but it has PRIV_REGISTER_USER.

My UID is -4, and I can run the following command in MongoDB shell to see my privilege.

> db.user.findOne({_id: -4}, {priv: 1})
{ "_id" : -4, "priv" : 4 }

Say you want to play with the judge playground, which is an interactive web page where you can behave like a judger. The judge playground requires PRIV_READ_RECORD_CODE and builtin.PRIV_WRITE_RECORD which normal users don't have. Since

PRIV_USER_PROFILE (4) + PRIV_READ_RECORD_CODE (16) + PRIV_WRITE_RECORD (64) = 84

You can run the following command in MongoDB shell to change the privilege.

> db.user.updateOne({_id: -4}, {$set: {priv: NumberInt(84)}})
{ "acknowledged" : true, "matchedCount" : 1, "modifiedCount" : 1 }

And then you can verify by:

> db.user.findOne({_id: -4}, {priv: 1})
{ "_id" : -4, "priv" : 84 }

Permission is another thing, which is not fully implemented and not useful for now.

from vj4.