easyctf-2017/server/api/team.py

324 lines
10 KiB
Python
Raw Normal View History

2016-01-17 00:58:29 +00:00
from flask import Blueprint, request, session
2016-01-12 03:54:26 +00:00
from flask import current_app as app
from voluptuous import Schema, Length, Required
2016-01-16 21:12:32 +00:00
from models import db, Teams, Users, TeamInvitations
2016-01-12 03:54:26 +00:00
from decorators import api_wrapper, login_required, WebException
from schemas import verify_to_schema, check
2016-01-16 06:53:35 +00:00
import user
2016-01-12 03:54:26 +00:00
import utils
blueprint = Blueprint("team", __name__)
###############
# TEAM ROUTES #
###############
@blueprint.route("/create", methods=["POST"])
@api_wrapper
@login_required
def team_create():
params = utils.flat_multi(request.form)
2016-01-16 06:53:35 +00:00
_user = user.get_user().first()
2016-01-17 02:06:02 +00:00
if (_user.tid is not None and _user.tid >= 0) or get_team(owner=_user.uid).first() is not None:
2016-01-12 03:54:26 +00:00
raise WebException("You're already in a team!")
verify_to_schema(TeamSchema, params)
teamname = params.get("teamname")
2016-01-16 06:53:35 +00:00
school = params.get("school")
2016-01-12 03:54:26 +00:00
2016-01-16 06:53:35 +00:00
team = Teams(teamname, school, _user.uid, _user.utype != 1)
2016-01-17 02:06:02 +00:00
tid = team.tid
2016-01-12 03:54:26 +00:00
with app.app_context():
db.session.add(team)
db.session.commit()
2016-01-16 06:53:35 +00:00
Users.query.filter_by(uid=_user.uid).update({ "tid": team.tid })
2016-01-12 03:54:26 +00:00
db.session.commit()
2016-03-03 05:36:51 +00:00
session["tid"] = team.tid
2016-01-12 03:54:26 +00:00
return { "success": 1, "message": "Success!" }
2016-01-17 02:06:02 +00:00
@blueprint.route("/delete", methods=["POST"])
@api_wrapper
@login_required
def team_delete():
username = session["username"]
tid = session["tid"]
team = Teams.query.filter_by(tid=tid).first()
usr = Users.query.filter_by(username=username).first()
owner = team.owner
if usr.uid == owner or usr.admin:
for member in Users.query.filter_by(tid=tid).all():
member.tid = -1
with app.app_context():
db.session.add(member)
2016-01-17 02:06:02 +00:00
with app.app_context():
db.session.delete(team)
db.session.commit()
session.pop("tid")
return { "success": 1, "message": "Success!" }
else:
raise WebException("Not authorized.")
@blueprint.route("/remove_member", methods=["POST"])
@api_wrapper
@login_required
def team_remove_member():
username = session["username"]
tid = session["tid"]
team = Teams.query.filter_by(tid=tid).first()
usr = Users.query.filter_by(username=username).first()
owner = team.owner
if usr.uid == owner or usr.admin:
params = utils.flat_multi(request.form)
user_to_remove = Users.query.filter_by(username=params.get("user"))
user_to_remove.tid = -1
with app.app_context():
db.session.add(user_to_remove)
db.session.commit()
return { "success": 1, "message": "Success!" }
else:
raise WebException("Not authorized.")
2016-01-16 21:12:32 +00:00
@blueprint.route("/invite", methods=["POST"])
@api_wrapper
@login_required
def team_invite():
params = utils.flat_multi(request.form)
_user = user.get_user().first()
if not user.in_team(_user):
raise WebException("You must be in a team!")
_team = get_team(tid=_user.tid).first()
if _user.uid != _team.owner:
raise WebException("You must be the captain of your team to invite members!")
new_member = params.get("new_member")
if new_member is None:
raise WebException("Please provide a username!")
_user2 = user.get_user(username_lower=new_member.lower()).first()
if _user2 is None:
raise WebException("User doesn't exist!")
if _user2.tid > 0:
raise WebException("This user is already a part of a team!")
if _team.get_pending_invitations(toid=_user2.uid) is not None:
raise WebException("You've already invited this member!")
req = TeamInvitations(0, _team.tid, _user2.uid)
with app.app_context():
db.session.add(req)
db.session.commit()
return { "success": 1, "message": "Success!" }
2016-01-17 02:23:34 +00:00
@blueprint.route("/invite/rescind", methods=["POST"])
@api_wrapper
@login_required
def team_invite_rescind():
params = utils.flat_multi(request.form)
_user = user.get_user().first()
if not user.in_team(_user):
raise WebException("You must be in a team!")
_team = get_team(tid=_user.tid).first()
if _user.uid != _team.owner:
raise WebException("You must be the captain of your team to rescind invitations!")
uid = params.get("uid")
if uid is None:
raise WebException("Please provide a user.")
invitation = TeamInvitations.query.filter_by(rtype=0, frid=_team.tid, toid=uid).first()
if invitation is None:
raise WebException("Invitation doesn't exist.")
with app.app_context():
db.session.delete(invitation)
db.session.commit()
return { "success": 1, "message": "Success!" }
@blueprint.route("/invite/request", methods=["POST"])
@api_wrapper
@login_required
def team_invite_request():
params = utils.flat_multi(request.form)
_user = user.get_user().first()
if user.in_team(_user):
raise WebException("You're already in a team!")
tid = params.get("tid")
_team = get_team(tid=tid).first()
if _team is None:
raise WebException("Team not found.")
if _team.get_invitation_requests(frid=_user.uid) is not None:
raise WebException("You've already requested to join this team!")
req = TeamInvitations(1, _user.uid, _team.tid)
with app.app_context():
db.session.add(req)
db.session.commit()
return { "success": 1, "message": "Success!" }
2016-02-29 18:35:40 +00:00
@blueprint.route("/invite/accept", methods=["POST"])
@api_wrapper
def team_accept_invite():
params = utils.flat_multi(request.form)
_user = user.get_user().first()
if user.in_team(_user):
raise WebException("You're already in a team!")
tid = params.get("tid")
_team = get_team(tid=tid).first()
if _team is None:
raise WebException("Team not found.")
2016-03-03 05:36:51 +00:00
if len(_team.get_members()) >= 5:
raise WebException("This team is full.")
2016-02-29 18:35:40 +00:00
invitation = TeamInvitations.query.filter_by(rtype=0, frid=tid, toid=_user.uid).first()
if invitation is None:
raise WebException("Invitation doesn't exist.")
with app.app_context():
_user = Users.query.filter_by(uid=_user.uid).first()
_user.tid = tid
db.session.delete(invitation)
invitation2 = TeamInvitations.query.filter_by(rtype=1, frid=_user.uid, toid=tid).first()
if invitation2 is not None:
db.session.delete(invitation2)
2016-03-03 05:36:51 +00:00
db.session.commit()
return { "success": 1, "message": "Success!" }
@blueprint.route("/invite/request/accept", methods=["POST"])
@api_wrapper
def team_accept_invite_request():
params = utils.flat_multi(request.form)
_user = user.get_user().first()
if not user.in_team(_user):
raise WebException("You must be in a team!")
_team = get_team(tid=_user.tid).first()
tid = _team.tid
if _user.uid != _team.owner:
raise WebException("You must be the captain of your team to rescind invitations!")
if len(_team.get_members()) >= 5:
raise WebException("Your team is full.")
uid = params.get("uid")
_user2 = user.get_user(uid=uid).first()
if user.in_team(_user2):
raise WebException("This user is already in a team!")
invitation = TeamInvitations.query.filter_by(rtype=1, frid=_user2.uid, toid=tid).first()
if invitation is None:
raise WebException("Invitation doesn't exist.")
with app.app_context():
_user2 = Users.query.filter_by(uid=_user2.uid).first()
_user2.tid = tid
db.session.delete(invitation)
invitation2 = TeamInvitations.query.filter_by(rtype=0, frid=tid, toid=_user2.uid).first()
if invitation2 is not None:
db.session.delete(invitation2)
2016-02-29 18:35:40 +00:00
db.session.commit()
return { "success": 1, "message": "Success!" }
2016-01-12 03:54:26 +00:00
@blueprint.route("/info", methods=["GET"])
@api_wrapper
def team_info():
2016-01-16 06:53:35 +00:00
logged_in = user.is_logged_in()
2016-01-16 21:12:32 +00:00
in_team = False
owner = False
_user = None
teamdata = { }
2016-01-16 21:12:32 +00:00
search = { }
2016-01-12 03:54:26 +00:00
teamname = utils.flat_multi(request.args).get("teamname")
2016-01-16 21:12:32 +00:00
if teamname:
search.update({ "teamname_lower": teamname.lower() })
2016-01-12 03:54:26 +00:00
if logged_in:
2016-01-16 21:12:32 +00:00
_user = user.get_user().first()
if user.in_team(_user):
if "teamname_lower" not in search:
search.update({ "tid": _user.tid })
in_team = True
if bool(search) != False:
team = get_team(**search).first()
teamdata = get_team_info(**search)
2016-01-17 02:23:34 +00:00
if logged_in:
in_team = teamdata["tid"] == _user.tid
owner = teamdata["captain"] == _user.uid
teamdata["in_team"] = in_team
if in_team:
teamdata["is_owner"] = owner
if owner:
teamdata["pending_invitations"] = team.get_pending_invitations()
teamdata["invitation_requests"] = team.get_invitation_requests()
else:
if logged_in:
teamdata["invited"] = team.get_pending_invitations(toid=_user.uid) is not None
teamdata["requested"] = team.get_invitation_requests(frid=_user.uid) is not None
2016-02-29 18:35:40 +00:00
else:
if logged_in:
teamdata["invitations"] = _user.get_invitations()
2016-01-12 03:54:26 +00:00
return { "success": 1, "team": teamdata }
##################
# TEAM FUNCTIONS #
##################
__check_teamname = lambda teamname: get_team(teamname_lower=teamname.lower()).first() is None
TeamSchema = Schema({
Required("teamname"): check(
([str, Length(min=4, max=32)], "Your teamname should be between 4 and 32 characters long."),
([utils.__check_ascii], "Please only use ASCII characters in your teamname."),
([__check_teamname], "This teamname is taken, did you forget your password?")
),
2016-01-16 06:53:35 +00:00
Required("school"): check(
([str, Length(min=4, max=60)], "Your school name should be between 4 and 60 characters long."),
([utils.__check_ascii], "Please only use ASCII characters in your school name."),
),
2016-01-12 03:54:26 +00:00
}, extra=True)
2016-01-16 06:53:35 +00:00
def get_team_info(tid=None, teamname=None, teamname_lower=None, owner=None):
team = get_team(tid=tid, teamname=teamname, teamname_lower=teamname_lower, owner=owner).first()
2016-01-16 21:12:32 +00:00
if team is None:
raise WebException("Team not found.")
2016-01-16 06:53:35 +00:00
place_number, place = team.place()
result = {
"tid": team.tid,
"teamname": team.teamname,
"school": team.school,
"place": place,
"place_number": place_number,
2016-01-16 21:12:32 +00:00
"points": team.points(),
"members": team.get_members(),
"captain": team.owner,
2016-03-04 00:39:09 +00:00
"observer": team.is_observer()
2016-01-16 06:53:35 +00:00
}
return result
2016-01-12 03:54:26 +00:00
def get_team(tid=None, teamname=None, teamname_lower=None, owner=None):
match = {}
if teamname != None:
match.update({ "teamname": teamname })
elif teamname_lower != None:
match.update({ "teamname_lower": teamname_lower })
elif tid != None:
match.update({ "tid": tid })
elif owner != None:
match.update({ "owner": owner })
2016-01-16 06:53:35 +00:00
elif user.is_logged_in():
_user = user.get_user().first()
if _user.tid is not None:
match.update({ "tid": _user.tid })
2016-01-12 03:54:26 +00:00
with app.app_context():
result = Teams.query.filter_by(**match)
return result