JohnHammond
/
ColdCore
mirror of https://github.com/JohnHammond/ColdCore.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanity checks (#22) 

* fix timeago 0 epoch

* switch order

* additional sanity checks
master
James Woglom 2016-05-26 21:43:45 -04:00 committed by Fox Wilson
parent b68cad6e3a
commit 871d35f3d1
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
utils/decorators.py
View File

@ -5,10 +5,11 @@ from functools import wraps
def login_required(f): def login_required(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if "team_id" not in session: if "team_id" in session and session["team_id"]:
return f(*args, **kwargs)
else:
flash("You need to be logged in to access that page.") flash("You need to be logged in to access that page.")
return redirect(url_for('login')) return redirect(url_for('login'))
return f(*args, **kwargs)
return decorated return decorated
def must_be_allowed_to(thing): def must_be_allowed_to(thing):
@ -17,7 +18,7 @@ def must_be_allowed_to(thing):
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if getattr(g, 'team_restricts', None) is None: if getattr(g, 'team_restricts', None) is None:
return redirect(url_for('login')) return redirect(url_for('login'))
if thing in g.team_restricts: if g.team_restricts and thing in g.team_restricts:
return "You are restricted from performing the {} action. Contact an organizer.".format(thing) return "You are restricted from performing the {} action. Contact an organizer.".format(thing)
return f(*args, **kwargs) return f(*args, **kwargs)
@ -27,13 +28,15 @@ def must_be_allowed_to(thing):
def confirmed_email_required(f): def confirmed_email_required(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if "team_id" not in session: if "team_id" in session and session["team_id"]:
if not g.team.email_confirmed:
flash("Please confirm your email in order to access that page.")
return redirect(url_for('dashboard'))
else:
return f(*args, **kwargs)
else:
flash("You need to be logged in to access that page.") flash("You need to be logged in to access that page.")
return redirect(url_for('login')) return redirect(url_for('login'))
if not g.team.email_confirmed:
flash("Please confirm your email in order to access that page.")
return redirect(url_for('dashboard'))
return f(*args, **kwargs)
return decorated return decorated
def competition_running_required(f): def competition_running_required(f):
@ -48,16 +51,16 @@ def competition_running_required(f):
def admin_required(f): def admin_required(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if "admin" not in session: if "admin" in session and session["admin"]:
flash("You must be an admin to access that page.") return f(*args, **kwargs)
return redirect(url_for("admin.admin_login")) flash("You must be an admin to access that page.")
return f(*args, **kwargs) return redirect(url_for("admin.admin_login"))
return decorated return decorated
def csrf_check(f): def csrf_check(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if "csrf" not in kwargs: if "csrf" not in kwargs or "_csrf_session" not in session or not kwargs["csrf"] or not session["_csrf_session"]:
abort(403) abort(403)
return return