42CTF/website
42CTF
/
website
13
5
Fork 10
Code Issues 10 Pull Requests 1 Projects 9 Releases Wiki Activity

Compare commits

base: 42CTF:main
Branches Tags
42CTF:main
42CTF:ctf-ordered-by-points
42CTF:translation
42CTF:resources
42CTF:news-content
42CTF:bot-api
42CTF:challenges-description
42CTF:home-refacto
Danhia:admin/events-permissions
Danhia:main
Danhia:events/fix-teamname
Danhia:api-campus
Danhia:scoreboard/fix-network
Danhia:translation
Danhia:members
Danhia:news-content
Danhia:bot-api
Danhia:challenges-description
Danhia:home-refacto
Danhia:dynamic-scoring
..
compare: Danhia:main
Branches Tags
Danhia:admin/events-permissions
Danhia:main
Danhia:events/fix-teamname
Danhia:api-campus
Danhia:scoreboard/fix-network
Danhia:translation
Danhia:members
Danhia:news-content
Danhia:bot-api
Danhia:challenges-description
Danhia:home-refacto
Danhia:dynamic-scoring
42CTF:main
42CTF:ctf-ordered-by-points
42CTF:translation
42CTF:resources
42CTF:news-content
42CTF:bot-api
42CTF:challenges-description
42CTF:home-refacto

No commits in common. "main" and "main" have entirely different histories.
main ... main

4 changed files with 42 additions and 167 deletions
Show Stats Expand all files Collapse all files

55
src/ctfs/admin.py
View File

@ -2,6 +2,8 @@ from django.contrib import admin
from .models import Category, CTF, CTF_flags from .models import Category, CTF, CTF_flags
admin.site.register(Category) admin.site.register(Category)
#admin.site.register(CTF)
#admin.site.register(CTF_flags)
@admin.register(CTF_flags) @admin.register(CTF_flags)
class ctf_flags(admin.ModelAdmin): class ctf_flags(admin.ModelAdmin):
@ -12,61 +14,12 @@ class ctf_flags(admin.ModelAdmin):
# search list # search list
search_fields = ['ctf__category__name', 'ctf__name', 'user__username'] search_fields = ['ctf__category__name', 'ctf__name', 'user__username']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(CTF) @admin.register(CTF)
class ctf(admin.ModelAdmin): class ctf(admin.ModelAdmin):
#list display #list display
list_display = ['name', 'event', 'category', 'points'] list_display = ['name', 'event', 'category']
#list Filter #list Filter
list_filter = ('category', 'event') list_filter = ('category', 'event')
# search list # search list
search_fields = ['category__name', 'name', 'author__username'] search_fields = ['category__name', 'name', 'author__username']
# Register your models here.
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)

77
src/events/admin.py
View File

@ -8,27 +8,6 @@ class event(admin.ModelAdmin):
# search list # search list
search_fields = ['name', 'slug', 'description', 'password'] search_fields = ['name', 'slug', 'description', 'password']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.name).exists()
return super().has_change_permission(request, obj)
@admin.register(EventPlayer) @admin.register(EventPlayer)
class score(admin.ModelAdmin): class score(admin.ModelAdmin):
#list display #list display
@ -38,33 +17,7 @@ class score(admin.ModelAdmin):
# search list # search list
search_fields = ['user__username', 'score', 'event__name'] search_fields = ['user__username', 'score', 'event__name']
def get_queryset(self, request): # Register your models here.
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(Team) @admin.register(Team)
class team(admin.ModelAdmin): class team(admin.ModelAdmin):
@ -75,34 +28,6 @@ class team(admin.ModelAdmin):
# search list # search list
search_fields = ['name'] search_fields = ['name']
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
groups = list(request.user.groups.values_list('name', flat=True))
return qs.filter(event__name__in=groups)
def has_view_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
if request.user.is_superuser:
return True
if obj is not None:
return request.user.groups.filter(name=obj.event.name).exists()
return super().has_delete_permission(request, obj)
@admin.register(Bonus) @admin.register(Bonus)
class bonus(admin.ModelAdmin): class bonus(admin.ModelAdmin):
#list display #list display

2
src/events/templates/events/event_info.html
View File

@ -26,7 +26,7 @@
{% endif %} {% endif %}
</div> </div>
<div class="event-footer"> <div class="event-footer">
{% if begun == True or is_event_manager == True %} {% if begun == True %}
<h4>{% trans "Challenges" %}</h4> <h4>{% trans "Challenges" %}</h4>
{% if ctfs %} {% if ctfs %}

75
src/events/views/events.py
View File

@ -75,8 +75,7 @@ def chall_event_info(request, event_slug, chall_slug):
event_info = get_object_or_404(Event, slug=event_slug) event_info = get_object_or_404(Event, slug=event_slug)
ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug) ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser if timezone.now() < ctf_info.pub_date:
if timezone.now() < ctf_info.pub_date and not is_event_manager:
return redirect('events:event_info', event_slug=event_slug) return redirect('events:event_info', event_slug=event_slug)
eventisover = False eventisover = False
alreadyflag = False alreadyflag = False
@ -122,55 +121,53 @@ def chall_event_info(request, event_slug, chall_slug):
def event(request, event_slug): def event(request, event_slug):
event_info = get_object_or_404(Event, slug=event_slug) event_info = get_object_or_404(Event, slug=event_slug)
IsRegistered = False
wrongpwd = False wrongpwd = False
alreadyregistered = False alreadyregistered = False
subisover = False subisover = False
is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
ended = (timezone.now() >= event_info.end_date)
begun = (timezone.now() >= event_info.start_date)
if is_event_manager: # we want to see all the challenges
challenges = CTF.objects.filter(event=event_info).order_by('category', 'points')
else:
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
if event_info.team_size == 1:
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
else:
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
if request.GET.get('WrongPassword'): if request.GET.get('WrongPassword'):
wrongpwd = True wrongpwd = True
if request.GET.get('AlreadyRegistered'): if request.GET.get('AlreadyRegistered'):
alreadyregistered = True alreadyregistered = True
if request.GET.get('SubscriptionIsOver'): if request.GET.get('SubscriptionIsOver'):
subisover = True subisover = True
if request.user.is_authenticated: if request.user.is_authenticated:
try: try:
EventPlayer.objects.get(event=event_info, user=request.user) player = EventPlayer.objects.get(event=event_info, user=request.user)
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': True, 'ctfs': challenges, 'solved_list':solved_list,
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
except: except:
pass player = None
if player:
if (event_info.campus.all() or event_info.password) and request.user.is_authenticated is False: IsRegistered = True
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False}) if event_info.campus.all():
if request.user.is_authenticated:
if event_info.campus.all() and is_event_manager is False: if request.user.is_staff is False:
user = UserProfileInfo.objects.get(user=request.user) user = UserProfileInfo.objects.get(user=request.user)
if user.campus is None: if user.campus is None:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True}) return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
elif user.campus not in event_info.campus.all(): elif user.campus not in event_info.campus.all():
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False}) return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
else:
if event_info.password and is_event_manager is False: return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True}) if event_info.password:
if request.user.is_authenticated:
return render(request, 'events/event_info.html', {'event' : event_info, 'ctfs': challenges, 'solved_list':solved_list, 'IsRegistered': False, if request.user.is_staff is False:
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager}) if not player:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
else:
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
ended = False
if timezone.now() >= event_info.end_date:
ended = True
begun = False
if timezone.now() >= event_info.start_date:
begun = True
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
if event_info.team_size == 1:
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
else:
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': IsRegistered, 'ctfs': challenges, 'solved_list':solved_list,
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover})
@login_required @login_required
def submit_event_flag(request, event_slug, chall_slug): def submit_event_flag(request, event_slug, chall_slug):