Implement the admins_only decorator

This commit is contained in:
James Wang 2016-01-02 13:40:56 -05:00
parent 9b50731b9b
commit 3fd098226f
3 changed files with 5 additions and 16 deletions

View file

@ -6,25 +6,14 @@ from flask import session
class WebException(Exception): pass class WebException(Exception): pass
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
return f(*args, **kwargs)
return decorated_function
def admins_only(f): def admins_only(f):
@wraps(f) @wraps(f)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
if "admin" not in session and not session["admin"]:
return { "success": 0, "message": "Not authorized." }
return f(*args, **kwargs) return f(*args, **kwargs)
return decorated_function return decorated_function
def check_csrf(f):
@wraps(f)
@login_required
def wrapper(*args, **kwds):
return f(*args, **kwds)
return wrapper
def api_wrapper(f): def api_wrapper(f):
@wraps(f) @wraps(f)
def wrapper(*args, **kwds): def wrapper(*args, **kwds):

View file

@ -4,7 +4,7 @@ from flask import Blueprint, session, request
from flask import current_app as app from flask import current_app as app
from models import db, Problems, Solves, Teams from models import db, Problems, Solves, Teams
from decorators import admins_only, api_wrapper, login_required from decorators import admins_only, api_wrapper
blueprint = Blueprint("problem", __name__) blueprint = Blueprint("problem", __name__)
@ -72,7 +72,6 @@ def problem_update():
@blueprint.route("/submit", methods=["POST"]) @blueprint.route("/submit", methods=["POST"])
@api_wrapper @api_wrapper
@login_required
def problem_submit(): def problem_submit():
pid = request.form["pid"] pid = request.form["pid"]
flag = request.form["flag"] flag = request.form["flag"]

View file

@ -59,7 +59,8 @@ def user_login():
if utils.check_password(user.password, password): if utils.check_password(user.password, password):
session["username"] = user.username session["username"] = user.username
session["admin"] = user.admin if user.admin:
session["admin"] = True
session["logged_in"] = True session["logged_in"] = True
return { "success": 1, "message": "Success!" } return { "success": 1, "message": "Success!" }
else: else: