@@ -88,3 +88,35 @@ its field `public_score` will contain the score of this submission, and
8888Additional details on the submission's results can be retrieved by making an
8989authenticated `GET ` request to `/tasks/{taskname}/submissions/{id}/details `.
9090The endpoint will return an HTML snippet matching what is seen by contestants.
91+
92+ Impersonation of users
93+ ======================
94+
95+ Administrators may impersonate a user and perform requests on their behalf.
96+
97+ This is accomplished by using the authentication endpoint without `password `
98+ and with an additional `admin_token ` parameter equal to the `contest_admin_token `
99+ from the CMS configuration. The returned authentication token refers to the
100+ given user, but it is marked as impersonated.
101+
102+ Requests carrying an impersonated authentication token may bypass certain restrictions:
103+
104+ * IP-based login restrictions do no apply. (But if IP-based autologin is set,
105+ it overrides all authentication tokens including impersonated ones.)
106+
107+ * Hidden participation is never blocked.
108+
109+ * Requests can carry special parameters (either in the URL or in `POST ` data)
110+ that bypasses further restrictions when set to ``1 ``:
111+
112+ * `override_phase_check ` lets the operation proceed regardless of contest phase
113+ (for example, you can submit even though the contest has already ended).
114+
115+ * `override_official ` (in the submit endpoint) makes the submission count as
116+ official regardless of contest phase.
117+
118+ * `override_max_number ` (in the submit endpoint) skips all checks for the
119+ maximum number of submits.
120+
121+ * `override_min_interval ` (in the submit endpoint) skips all checks for the
122+ minimum time interval between submits.
0 commit comments