From 752f1dbc4a55b6cfd974a34f9a4941c7461cfbc3 Mon Sep 17 00:00:00 2001 From: Stranck Date: Mon, 20 May 2024 12:07:59 +0200 Subject: [PATCH] Allowed admins logged as users to do more stuff --- app.py | 4 +++- karaoke.py | 7 ++++--- propic.py | 3 ++- stuff/testAsyncio.py | 11 +++++++++++ tpl/blocks/badge.html | 8 ++++---- utils.py | 13 +++++++++++++ 6 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 stuff/testAsyncio.py diff --git a/app.py b/app.py index 51e2088..b8d719f 100644 --- a/app.py +++ b/app.py @@ -16,10 +16,12 @@ import requests import sys from sanic.log import logger, logging, access_logger from metrics import * +from utils import isSessionAdmin from email_util import killSmptClient import pretixClient import traceback + app = Sanic(__name__) app.static("/res", "res/") @@ -156,7 +158,7 @@ async def welcome(request, order: Order, quota: Quotas): room_members.append(await app.ctx.om.get_order(code=member_id, cached=True)) tpl = app.ctx.tpl.get_template('welcome.html') - return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES)) + return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES, isSessionAdmin=await isSessionAdmin(request, order))) @app.route("/manage/download_ticket") diff --git a/karaoke.py b/karaoke.py index cf92500..be701cf 100644 --- a/karaoke.py +++ b/karaoke.py @@ -3,6 +3,7 @@ from sanic import Blueprint, exceptions, response from ext import * from urllib.parse import unquote from config import ADMINS +from utils import isSessionAdmin import json bp = Blueprint("karaoke", url_prefix="/manage/karaoke") @@ -10,7 +11,7 @@ bp = Blueprint("karaoke", url_prefix="/manage/karaoke") @bp.get("/admin") async def show_songs(request, order: Order): - if not order.isAdmin(): + if not await isSessionAdmin(request, order): raise exceptions.Forbidden("Birichino") orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs] @@ -28,7 +29,7 @@ async def show_songs(request, order: Order): @bp.post("/approve") async def approve_songs(request, order: Order): - if not order.isAdmin(): + if not await isSessionAdmin(request, order): raise exceptions.Forbidden("Birichino") for song in request.form: @@ -44,7 +45,7 @@ async def sing_song(request, order: Order, songname): if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!") - if not order.isAdmin(): + if not await isSessionAdmin(request, order): raise exceptions.Forbidden("Birichino") songname = unquote(songname) diff --git a/propic.py b/propic.py index 3c4138a..d052054 100644 --- a/propic.py +++ b/propic.py @@ -6,6 +6,7 @@ from PIL import Image from io import BytesIO from hashlib import sha224 from time import time +from utils import isSessionAdmin import os bp = Blueprint("propic", url_prefix="/manage/propic") @@ -38,7 +39,7 @@ async def upload_propic(request, order: Order): if order.propic_locked: raise exceptions.BadRequest("You have been limited from further editing the propic.") - if request.form.get('submit') != 'Upload' and time() > PROPIC_DEADLINE: + if request.form.get('submit') != 'Upload' and (time() > PROPIC_DEADLINE and not await isSessionAdmin(request, order)): raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.") if request.form.get('submit') == 'Delete main image': diff --git a/stuff/testAsyncio.py b/stuff/testAsyncio.py new file mode 100644 index 0000000..01e0ec9 --- /dev/null +++ b/stuff/testAsyncio.py @@ -0,0 +1,11 @@ +# python merda +import asyncio + +async def a(): + print("a") + +def b(): + loop = asyncio.get_event_loop() + print(loop) + +b() \ No newline at end of file diff --git a/tpl/blocks/badge.html b/tpl/blocks/badge.html index a123d87..ceb6c6e 100644 --- a/tpl/blocks/badge.html +++ b/tpl/blocks/badge.html @@ -32,7 +32,7 @@ {% endif %} - {% if time() > PROPIC_DEADLINE %} + {% if time() > PROPIC_DEADLINE and not isSessionAdmin %}

⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at info@furizon.net. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.

{% else %}

@@ -43,9 +43,9 @@ {% endif %}

- - PROPIC_DEADLINE or not order.ans('propic')) else ''}} /> - PROPIC_DEADLINE or not order.ans('propic_fursuiter')) else ''}} /> + PROPIC_DEADLINE and not isSessionAdmin) else ''}} /> + PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic')) else ''}} /> + PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic_fursuiter')) else ''}} />
diff --git a/utils.py b/utils.py index 0876148..99f982b 100644 --- a/utils.py +++ b/utils.py @@ -288,6 +288,19 @@ async def validate_rooms(request, rooms, om): logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails") +# Returns true if the logged used is an admin OR if it's an admin logged as another user +async def isSessionAdmin(request, order): + if(order.isAdmin()): return True + + orgCode = request.cookies.get("foxo_code_ORG") + orgSecret = request.cookies.get("foxo_secret_ORG") + if orgCode != None and orgSecret != None: + + user = await request.app.ctx.om.get_order(code=orgCode) + if(user == None): return False + if(user.secret != orgSecret): raise exceptions.Forbidden("Birichino :)") + return user.isAdmin() + async def check_room(request, order, om=None): room_errors = [] room_members = []