Allowed admins logged as users to do more stuff
This commit is contained in:
parent
df4f2eaf81
commit
752f1dbc4a
4
app.py
4
app.py
|
@ -16,10 +16,12 @@ import requests
|
||||||
import sys
|
import sys
|
||||||
from sanic.log import logger, logging, access_logger
|
from sanic.log import logger, logging, access_logger
|
||||||
from metrics import *
|
from metrics import *
|
||||||
|
from utils import isSessionAdmin
|
||||||
from email_util import killSmptClient
|
from email_util import killSmptClient
|
||||||
import pretixClient
|
import pretixClient
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
|
|
||||||
app = Sanic(__name__)
|
app = Sanic(__name__)
|
||||||
app.static("/res", "res/")
|
app.static("/res", "res/")
|
||||||
|
|
||||||
|
@ -156,7 +158,7 @@ async def welcome(request, order: Order, quota: Quotas):
|
||||||
room_members.append(await app.ctx.om.get_order(code=member_id, cached=True))
|
room_members.append(await app.ctx.om.get_order(code=member_id, cached=True))
|
||||||
|
|
||||||
tpl = app.ctx.tpl.get_template('welcome.html')
|
tpl = app.ctx.tpl.get_template('welcome.html')
|
||||||
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES))
|
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES, isSessionAdmin=await isSessionAdmin(request, order)))
|
||||||
|
|
||||||
|
|
||||||
@app.route("/manage/download_ticket")
|
@app.route("/manage/download_ticket")
|
||||||
|
|
|
@ -3,6 +3,7 @@ from sanic import Blueprint, exceptions, response
|
||||||
from ext import *
|
from ext import *
|
||||||
from urllib.parse import unquote
|
from urllib.parse import unquote
|
||||||
from config import ADMINS
|
from config import ADMINS
|
||||||
|
from utils import isSessionAdmin
|
||||||
import json
|
import json
|
||||||
|
|
||||||
bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
||||||
|
@ -10,7 +11,7 @@ bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
||||||
@bp.get("/admin")
|
@bp.get("/admin")
|
||||||
async def show_songs(request, order: Order):
|
async def show_songs(request, order: Order):
|
||||||
|
|
||||||
if not order.isAdmin():
|
if not await isSessionAdmin(request, order):
|
||||||
raise exceptions.Forbidden("Birichino")
|
raise exceptions.Forbidden("Birichino")
|
||||||
|
|
||||||
orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs]
|
orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs]
|
||||||
|
@ -28,7 +29,7 @@ async def show_songs(request, order: Order):
|
||||||
@bp.post("/approve")
|
@bp.post("/approve")
|
||||||
async def approve_songs(request, order: Order):
|
async def approve_songs(request, order: Order):
|
||||||
|
|
||||||
if not order.isAdmin():
|
if not await isSessionAdmin(request, order):
|
||||||
raise exceptions.Forbidden("Birichino")
|
raise exceptions.Forbidden("Birichino")
|
||||||
|
|
||||||
for song in request.form:
|
for song in request.form:
|
||||||
|
@ -44,7 +45,7 @@ async def sing_song(request, order: Order, songname):
|
||||||
|
|
||||||
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
||||||
|
|
||||||
if not order.isAdmin():
|
if not await isSessionAdmin(request, order):
|
||||||
raise exceptions.Forbidden("Birichino")
|
raise exceptions.Forbidden("Birichino")
|
||||||
|
|
||||||
songname = unquote(songname)
|
songname = unquote(songname)
|
||||||
|
|
|
@ -6,6 +6,7 @@ from PIL import Image
|
||||||
from io import BytesIO
|
from io import BytesIO
|
||||||
from hashlib import sha224
|
from hashlib import sha224
|
||||||
from time import time
|
from time import time
|
||||||
|
from utils import isSessionAdmin
|
||||||
import os
|
import os
|
||||||
|
|
||||||
bp = Blueprint("propic", url_prefix="/manage/propic")
|
bp = Blueprint("propic", url_prefix="/manage/propic")
|
||||||
|
@ -38,7 +39,7 @@ async def upload_propic(request, order: Order):
|
||||||
if order.propic_locked:
|
if order.propic_locked:
|
||||||
raise exceptions.BadRequest("You have been limited from further editing the propic.")
|
raise exceptions.BadRequest("You have been limited from further editing the propic.")
|
||||||
|
|
||||||
if request.form.get('submit') != 'Upload' and time() > PROPIC_DEADLINE:
|
if request.form.get('submit') != 'Upload' and (time() > PROPIC_DEADLINE and not await isSessionAdmin(request, order)):
|
||||||
raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.")
|
raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.")
|
||||||
|
|
||||||
if request.form.get('submit') == 'Delete main image':
|
if request.form.get('submit') == 'Delete main image':
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# python merda
|
||||||
|
import asyncio
|
||||||
|
|
||||||
|
async def a():
|
||||||
|
print("a")
|
||||||
|
|
||||||
|
def b():
|
||||||
|
loop = asyncio.get_event_loop()
|
||||||
|
print(loop)
|
||||||
|
|
||||||
|
b()
|
|
@ -32,7 +32,7 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% if time() > PROPIC_DEADLINE %}
|
{% if time() > PROPIC_DEADLINE and not isSessionAdmin %}
|
||||||
<p class="notice">⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at <a href="mailto:info@furizon.net">info@furizon.net</a>. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.</p>
|
<p class="notice">⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at <a href="mailto:info@furizon.net">info@furizon.net</a>. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.</p>
|
||||||
{% else %}
|
{% else %}
|
||||||
<p><em>
|
<p><em>
|
||||||
|
@ -43,9 +43,9 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<div class="grid grid_2x2">
|
<div class="grid grid_2x2">
|
||||||
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if (order.ans('propic') and order.ans('propic_fursuiter')) else ''}} />
|
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if ((order.ans('propic') and order.ans('propic_fursuiter'))) or (time() > PROPIC_DEADLINE and not isSessionAdmin) else ''}} />
|
||||||
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic')) else ''}} />
|
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic')) else ''}} />
|
||||||
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic_fursuiter')) else ''}} />
|
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic_fursuiter')) else ''}} />
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</details>
|
</details>
|
||||||
|
|
13
utils.py
13
utils.py
|
@ -288,6 +288,19 @@ async def validate_rooms(request, rooms, om):
|
||||||
logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails")
|
logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails")
|
||||||
|
|
||||||
|
|
||||||
|
# Returns true if the logged used is an admin OR if it's an admin logged as another user
|
||||||
|
async def isSessionAdmin(request, order):
|
||||||
|
if(order.isAdmin()): return True
|
||||||
|
|
||||||
|
orgCode = request.cookies.get("foxo_code_ORG")
|
||||||
|
orgSecret = request.cookies.get("foxo_secret_ORG")
|
||||||
|
if orgCode != None and orgSecret != None:
|
||||||
|
|
||||||
|
user = await request.app.ctx.om.get_order(code=orgCode)
|
||||||
|
if(user == None): return False
|
||||||
|
if(user.secret != orgSecret): raise exceptions.Forbidden("Birichino :)")
|
||||||
|
return user.isAdmin()
|
||||||
|
|
||||||
async def check_room(request, order, om=None):
|
async def check_room(request, order, om=None):
|
||||||
room_errors = []
|
room_errors = []
|
||||||
room_members = []
|
room_members = []
|
||||||
|
|
Loading…
Reference in New Issue