add restrictions

master
Fox Wilson 2015-12-17 12:57:35 +00:00
parent 446ca0887d
commit a37137f709
6 changed files with 35 additions and 1 deletions

12
app.py
View File

@ -22,6 +22,7 @@ logging.basicConfig(level=logging.DEBUG)
def make_info_available(): def make_info_available():
if "team_id" in session: if "team_id" in session:
g.team = Team.get(Team.id == session["team_id"]) g.team = Team.get(Team.id == session["team_id"])
g.team_restricts = g.team.restricts.split(",")
@app.context_processor @app.context_processor
def scoreboard_variables(): def scoreboard_variables():
@ -192,6 +193,7 @@ def dashboard():
return redirect(url_for('dashboard')) return redirect(url_for('dashboard'))
@app.route('/challenges/') @app.route('/challenges/')
@decorators.must_be_allowed_to("view challenges")
@decorators.competition_running_required @decorators.competition_running_required
@decorators.confirmed_email_required @decorators.confirmed_email_required
def challenges(): def challenges():
@ -202,6 +204,8 @@ def challenges():
return render_template("challenges.html", challenges=chals, solved=solved, categories=categories, solves=solves) return render_template("challenges.html", challenges=chals, solved=solved, categories=categories, solves=solves)
@app.route('/challenges/<int:challenge>/solves/') @app.route('/challenges/<int:challenge>/solves/')
@decorators.must_be_allowed_to("view challenge solves")
@decorators.must_be_allowed_to("view challenges")
@decorators.competition_running_required @decorators.competition_running_required
@decorators.confirmed_email_required @decorators.confirmed_email_required
def challenge_show_solves(challenge): def challenge_show_solves(challenge):
@ -210,6 +214,8 @@ def challenge_show_solves(challenge):
return render_template("challenge_solves.html", challenge=chal, solves=solves) return render_template("challenge_solves.html", challenge=chal, solves=solves)
@app.route('/submit/<int:challenge>/', methods=["POST"]) @app.route('/submit/<int:challenge>/', methods=["POST"])
@decorators.must_be_allowed_to("solve challenges")
@decorators.must_be_allowed_to("view challenges")
@decorators.competition_running_required @decorators.competition_running_required
@decorators.confirmed_email_required @decorators.confirmed_email_required
def submit(challenge): def submit(challenge):
@ -223,11 +229,14 @@ def submit(challenge):
# Trouble tickets # Trouble tickets
@app.route('/tickets/') @app.route('/tickets/')
@decorators.must_be_allowed_to("view tickets")
@decorators.login_required @decorators.login_required
def team_tickets(): def team_tickets():
return render_template("tickets.html", tickets=list(g.team.tickets)) return render_template("tickets.html", tickets=list(g.team.tickets))
@app.route('/tickets/new/', methods=["GET", "POST"]) @app.route('/tickets/new/', methods=["GET", "POST"])
@decorators.must_be_allowed_to("submit tickets")
@decorators.must_be_allowed_to("view tickets")
@decorators.login_required @decorators.login_required
def open_ticket(): def open_ticket():
if request.method == "GET": if request.method == "GET":
@ -241,6 +250,7 @@ def open_ticket():
return redirect(url_for("team_ticket_detail", ticket=ticket.id)) return redirect(url_for("team_ticket_detail", ticket=ticket.id))
@app.route('/tickets/<int:ticket>/') @app.route('/tickets/<int:ticket>/')
@decorators.must_be_allowed_to("view tickets")
@decorators.login_required @decorators.login_required
def team_ticket_detail(ticket): def team_ticket_detail(ticket):
try: try:
@ -257,6 +267,8 @@ def team_ticket_detail(ticket):
return render_template("ticket_detail.html", ticket=ticket, comments=comments) return render_template("ticket_detail.html", ticket=ticket, comments=comments)
@app.route('/tickets/<int:ticket>/comment/', methods=["POST"]) @app.route('/tickets/<int:ticket>/comment/', methods=["POST"])
@decorators.must_be_allowed_to("comment on tickets")
@decorators.must_be_allowed_to("view tickets")
def team_ticket_comment(ticket): def team_ticket_comment(ticket):
try: try:
ticket = TroubleTicket.get(TroubleTicket.id == ticket) ticket = TroubleTicket.get(TroubleTicket.id == ticket)

View File

@ -4,7 +4,7 @@ ctf_name = "TJCTF"
eligibility = "In order to be eligible for prizes, all members of your team must be in high school, and you must not have more than four team members." eligibility = "In order to be eligible for prizes, all members of your team must be in high school, and you must not have more than four team members."
tagline = "a cybersecurity competition created by TJHSST students" tagline = "a cybersecurity competition created by TJHSST students"
cdn = True cdn = False
apisubmit = True apisubmit = True
proxied_ip_header = "X-Forwarded-For" proxied_ip_header = "X-Forwarded-For"

View File

@ -14,6 +14,7 @@ class Team(BaseModel):
first_login = BooleanField(default=True) first_login = BooleanField(default=True)
email_confirmed = BooleanField(default=False) email_confirmed = BooleanField(default=False)
email_confirmation_key = CharField() email_confirmation_key = CharField()
restricts = TextField(default="")
key = CharField() key = CharField()
def solved(self, challenge): def solved(self, challenge):

View File

@ -5,6 +5,8 @@ from ctferror import *
api = Blueprint("api", "api", url_prefix="/api") api = Blueprint("api", "api", url_prefix="/api")
@api.route("/submit/<int:challenge>.json", methods=["POST"]) @api.route("/submit/<int:challenge>.json", methods=["POST"])
@decorators.must_be_allowed_to("solve challenges")
@decorators.must_be_allowed_to("view challenges")
@decorators.competition_running_required @decorators.competition_running_required
@decorators.confirmed_email_required @decorators.confirmed_email_required
def submit_api(challenge): def submit_api(challenge):

View File

@ -44,6 +44,14 @@
</nav> </nav>
</div> </div>
<div class="container"> <div class="container">
{% if session.admin %}
<div class="card red darken-3">
<div class="card-content white-text">
<span class="card-title">You are an admin.</span>
Please note that team restrictions do not currently apply.
</div>
</div>
{% endif %}
{% for notification in notifications %} {% for notification in notifications %}
<div class="card yellow darken-2" id="notification{{ notification.id }}" onclick="dismissNotification({{ notification.id }});" style="cursor: hand;"> <div class="card yellow darken-2" id="notification{{ notification.id }}" onclick="dismissNotification({{ notification.id }});" style="cursor: hand;">
<div class="card-content"> <div class="card-content">

View File

@ -11,6 +11,17 @@ def login_required(f):
return f(*args, **kwargs) return f(*args, **kwargs)
return decorated return decorated
def must_be_allowed_to(thing):
def _must_be_allowed_to(f):
@wraps(f)
def decorated(*args, **kwargs):
if thing in g.team_restricts:
return "You are restricted from performing the {} action. Contact an organizer.".format(thing)
return f(*args, **kwargs)
return decorated
return _must_be_allowed_to
def confirmed_email_required(f): def confirmed_email_required(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):