Allowed admins logged as users to do more stuff
This commit is contained in:
parent
df4f2eaf81
commit
752f1dbc4a
4
app.py
4
app.py
|
@ -16,10 +16,12 @@ import requests
|
|||
import sys
|
||||
from sanic.log import logger, logging, access_logger
|
||||
from metrics import *
|
||||
from utils import isSessionAdmin
|
||||
from email_util import killSmptClient
|
||||
import pretixClient
|
||||
import traceback
|
||||
|
||||
|
||||
app = Sanic(__name__)
|
||||
app.static("/res", "res/")
|
||||
|
||||
|
@ -156,7 +158,7 @@ async def welcome(request, order: Order, quota: Quotas):
|
|||
room_members.append(await app.ctx.om.get_order(code=member_id, cached=True))
|
||||
|
||||
tpl = app.ctx.tpl.get_template('welcome.html')
|
||||
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES))
|
||||
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES, isSessionAdmin=await isSessionAdmin(request, order)))
|
||||
|
||||
|
||||
@app.route("/manage/download_ticket")
|
||||
|
|
|
@ -3,6 +3,7 @@ from sanic import Blueprint, exceptions, response
|
|||
from ext import *
|
||||
from urllib.parse import unquote
|
||||
from config import ADMINS
|
||||
from utils import isSessionAdmin
|
||||
import json
|
||||
|
||||
bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
||||
|
@ -10,7 +11,7 @@ bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
|||
@bp.get("/admin")
|
||||
async def show_songs(request, order: Order):
|
||||
|
||||
if not order.isAdmin():
|
||||
if not await isSessionAdmin(request, order):
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs]
|
||||
|
@ -28,7 +29,7 @@ async def show_songs(request, order: Order):
|
|||
@bp.post("/approve")
|
||||
async def approve_songs(request, order: Order):
|
||||
|
||||
if not order.isAdmin():
|
||||
if not await isSessionAdmin(request, order):
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
for song in request.form:
|
||||
|
@ -44,7 +45,7 @@ async def sing_song(request, order: Order, songname):
|
|||
|
||||
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
||||
|
||||
if not order.isAdmin():
|
||||
if not await isSessionAdmin(request, order):
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
songname = unquote(songname)
|
||||
|
|
|
@ -6,6 +6,7 @@ from PIL import Image
|
|||
from io import BytesIO
|
||||
from hashlib import sha224
|
||||
from time import time
|
||||
from utils import isSessionAdmin
|
||||
import os
|
||||
|
||||
bp = Blueprint("propic", url_prefix="/manage/propic")
|
||||
|
@ -38,7 +39,7 @@ async def upload_propic(request, order: Order):
|
|||
if order.propic_locked:
|
||||
raise exceptions.BadRequest("You have been limited from further editing the propic.")
|
||||
|
||||
if request.form.get('submit') != 'Upload' and time() > PROPIC_DEADLINE:
|
||||
if request.form.get('submit') != 'Upload' and (time() > PROPIC_DEADLINE and not await isSessionAdmin(request, order)):
|
||||
raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.")
|
||||
|
||||
if request.form.get('submit') == 'Delete main image':
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# python merda
|
||||
import asyncio
|
||||
|
||||
async def a():
|
||||
print("a")
|
||||
|
||||
def b():
|
||||
loop = asyncio.get_event_loop()
|
||||
print(loop)
|
||||
|
||||
b()
|
|
@ -32,7 +32,7 @@
|
|||
{% endif %}
|
||||
</div>
|
||||
|
||||
{% if time() > PROPIC_DEADLINE %}
|
||||
{% if time() > PROPIC_DEADLINE and not isSessionAdmin %}
|
||||
<p class="notice">⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at <a href="mailto:info@furizon.net">info@furizon.net</a>. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.</p>
|
||||
{% else %}
|
||||
<p><em>
|
||||
|
@ -43,9 +43,9 @@
|
|||
{% endif %}
|
||||
|
||||
<div class="grid grid_2x2">
|
||||
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if (order.ans('propic') and order.ans('propic_fursuiter')) else ''}} />
|
||||
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic')) else ''}} />
|
||||
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic_fursuiter')) else ''}} />
|
||||
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if ((order.ans('propic') and order.ans('propic_fursuiter'))) or (time() > PROPIC_DEADLINE and not isSessionAdmin) else ''}} />
|
||||
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic')) else ''}} />
|
||||
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic_fursuiter')) else ''}} />
|
||||
</div>
|
||||
</form>
|
||||
</details>
|
||||
|
|
13
utils.py
13
utils.py
|
@ -288,6 +288,19 @@ async def validate_rooms(request, rooms, om):
|
|||
logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails")
|
||||
|
||||
|
||||
# Returns true if the logged used is an admin OR if it's an admin logged as another user
|
||||
async def isSessionAdmin(request, order):
|
||||
if(order.isAdmin()): return True
|
||||
|
||||
orgCode = request.cookies.get("foxo_code_ORG")
|
||||
orgSecret = request.cookies.get("foxo_secret_ORG")
|
||||
if orgCode != None and orgSecret != None:
|
||||
|
||||
user = await request.app.ctx.om.get_order(code=orgCode)
|
||||
if(user == None): return False
|
||||
if(user.secret != orgSecret): raise exceptions.Forbidden("Birichino :)")
|
||||
return user.isAdmin()
|
||||
|
||||
async def check_room(request, order, om=None):
|
||||
room_errors = []
|
||||
room_members = []
|
||||
|
|
Loading…
Reference in New Issue