Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check challenge phase is corresponding to challenge in update submission API #4229

Open
gchhablani opened this issue Nov 28, 2023 · 4 comments · May be fixed by #4301
Open

Check challenge phase is corresponding to challenge in update submission API #4229

gchhablani opened this issue Nov 28, 2023 · 4 comments · May be fixed by #4301
Labels
bug easy_to_fix GSoC-2024 minor issue

Comments

@gchhablani
Copy link
Collaborator

Here, we do check for whether the host is accessing the challenge: https://github.com/Cloud-CV/EvalAI/blob/master/apps/jobs/views.py#L1117-L1121

    if not is_user_a_staff(request.user) and not is_user_a_host_of_challenge(request.user, challenge_pk):
        response_data = {
            "error": "Sorry, you are not authorized to make this request!"
        }
        return Response(response_data, status=status.HTTP_400_BAD_REQUEST)

But, we don't verify whether the other details (challenge phase) are corresponding to that challenge PK:

EvalAI/apps/jobs/views.py

Line 1124 in 8bf1c3d

challenge_phase_pk = request.data.get("challenge_phase") 

        challenge_phase_pk = request.data.get("challenge_phase")

We need to fix this.
@khadeom
Copy link

khadeom commented Dec 17, 2023

Hey @gchhablani, looked into this issue a bit, could you please explain some more? Can other users access the update_submission API except for host users? How can challenger_phase_pk be used here to further improve the API?

@manikanta1213
Copy link

Hey @gchhablani Can I work on this issue?

@Rahulxx01
Copy link

Hello I am interested in this issue can I fix this?
@gchhablani

I have already completed on issue assigned to me and submitted a PR review pending and want to work on this issue.

Thank You
Rahul Yadav

@KimVianney
Copy link

@gchhablani Please assign this issue to me

@Harshit28j Harshit28j mentioned this issue Mar 12, 2024
Open
@AishwaryJain07 AishwaryJain07 linked a pull request Mar 15, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug easy_to_fix GSoC-2024 minor issue
Projects
None yet
Milestone
No milestone
5 participants
@KimVianney @Rahulxx01 @gchhablani @khadeom @manikanta1213