Implement the admins_only decorator

server/api/decorators.py

@@ -6,25 +6,14 @@ from flask import session
 
 class WebException(Exception): pass
 
-def login_required(f):
-    @wraps(f)
-    def decorated_function(*args, **kwargs):
-        return f(*args, **kwargs)
-    return decorated_function
-
 def admins_only(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
+        if "admin" not in session and not session["admin"]:
+            return { "success": 0, "message": "Not authorized." }
         return f(*args, **kwargs)
     return decorated_function
 
-def check_csrf(f):
-    @wraps(f)
-    @login_required
-    def wrapper(*args, **kwds):
-        return f(*args, **kwds)
-    return wrapper
-
 def api_wrapper(f):
     @wraps(f)
     def wrapper(*args, **kwds):

server/api/problem.py

@@ -4,7 +4,7 @@ from flask import Blueprint, session, request
 from flask import current_app as app
 
 from models import db, Problems, Solves, Teams
-from decorators import admins_only, api_wrapper, login_required
+from decorators import admins_only, api_wrapper
 
 blueprint = Blueprint("problem", __name__)
 
@@ -72,7 +72,6 @@ def problem_update():
 
 @blueprint.route("/submit", methods=["POST"])
 @api_wrapper
-@login_required
 def problem_submit():
     pid = request.form["pid"]
     flag = request.form["flag"]

server/api/user.py

@@ -59,7 +59,8 @@ def user_login():
 
     if utils.check_password(user.password, password):
         session["username"] = user.username
-        session["admin"] = user.admin
+        if user.admin:
+            session["admin"] = True
         session["logged_in"] = True
         return { "success": 1, "message": "Success!" }
     else: