From 3fd098226f258ae7897652217758d344302e3753 Mon Sep 17 00:00:00 2001 From: James Wang Date: Sat, 2 Jan 2016 13:40:56 -0500 Subject: [PATCH] Implement the admins_only decorator --- server/api/decorators.py | 15 ++------------- server/api/problem.py | 3 +-- server/api/user.py | 3 ++- 3 files changed, 5 insertions(+), 16 deletions(-) diff --git a/server/api/decorators.py b/server/api/decorators.py index 546ff55..44552cf 100644 --- a/server/api/decorators.py +++ b/server/api/decorators.py @@ -6,25 +6,14 @@ from flask import session class WebException(Exception): pass -def login_required(f): - @wraps(f) - def decorated_function(*args, **kwargs): - return f(*args, **kwargs) - return decorated_function - def admins_only(f): @wraps(f) def decorated_function(*args, **kwargs): + if "admin" not in session and not session["admin"]: + return { "success": 0, "message": "Not authorized." } return f(*args, **kwargs) return decorated_function -def check_csrf(f): - @wraps(f) - @login_required - def wrapper(*args, **kwds): - return f(*args, **kwds) - return wrapper - def api_wrapper(f): @wraps(f) def wrapper(*args, **kwds): diff --git a/server/api/problem.py b/server/api/problem.py index d55a1f5..5aa9820 100644 --- a/server/api/problem.py +++ b/server/api/problem.py @@ -4,7 +4,7 @@ from flask import Blueprint, session, request from flask import current_app as app from models import db, Problems, Solves, Teams -from decorators import admins_only, api_wrapper, login_required +from decorators import admins_only, api_wrapper blueprint = Blueprint("problem", __name__) @@ -72,7 +72,6 @@ def problem_update(): @blueprint.route("/submit", methods=["POST"]) @api_wrapper -@login_required def problem_submit(): pid = request.form["pid"] flag = request.form["flag"] diff --git a/server/api/user.py b/server/api/user.py index 1cdbe45..9a07f05 100644 --- a/server/api/user.py +++ b/server/api/user.py @@ -59,7 +59,8 @@ def user_login(): if utils.check_password(user.password, password): session["username"] = user.username - session["admin"] = user.admin + if user.admin: + session["admin"] = True session["logged_in"] = True return { "success": 1, "message": "Success!" } else: