Merge branch 'master' of github.com:failedxyz/easyctf

2016-01-18 01:15:20 -06:00 · 2016-01-18 01:15:20 -06:00 · 353b639cbe
parent ecb080e358 1956c14721
commit 353b639cbe
2 changed files with 28 additions and 5 deletions
--- a/server/api/team.py
+++ b/server/api/team.py
@ -49,9 +49,12 @@ def team_delete():
    usr = Users.query.filter_by(username=username).first()
    owner = team.owner
    if usr.uid == owner or usr.admin:
-        usr.tid = -1
+        for member in Users.query.filter_by(tid=tid).all():
+            member.tid = -1
+            with app.app_context():
+                db.session.add(member)
+
        with app.app_context():
-            db.session.add(usr)
            db.session.delete(team)
            db.session.commit()
            session.pop("tid")
@ -59,6 +62,26 @@ def team_delete():
    else:
        raise WebException("Not authorized.")

+@blueprint.route("/remove_member", methods=["POST"])
+@api_wrapper
+@login_required
+def team_remove_member():
+    username = session["username"]
+    tid = session["tid"]
+    team = Teams.query.filter_by(tid=tid).first()
+    usr = Users.query.filter_by(username=username).first()
+    owner = team.owner
+    if usr.uid == owner or usr.admin:
+        params = utils.flat_multi(request.form)
+        user_to_remove = Users.query.filter_by(username=params.get("user"))
+        user_to_remove.tid = -1
+        with app.app_context():
+            db.session.add(user_to_remove)
+            db.session.commit()
+        return { "success": 1, "message": "Success!" }
+    else:
+        raise WebException("Not authorized.")
+
@blueprint.route("/invite", methods=["POST"])
@api_wrapper
@login_required
--- a/web/js/easyctf.js
+++ b/web/js/easyctf.js
@ -197,7 +197,7 @@ function display_message(containerId, alertType, message, callback) {
 	});
 };

-function api_call(method, url, data, callback) {
+function api_call(method, url, data, callback_success, callback_fail) {
 	if (method.toLowerCase() == "post") {
 		data["csrf_token"] = $.cookie("csrf_token");
 	}
@ -206,7 +206,7 @@ function api_call(method, url, data, callback) {
 		"datatype": "json",
 		"data": data,
 		"url": url
-	}).done(callback);
+	}).done(callback_success).fail(callback_fail);
 }

 $.fn.serializeObject = function() {
@ -372,4 +372,4 @@ var request_invitation = function(tid) {
 			location.reload(true);
 		}
 	});
-};
+};