Merge pull request 'New permissions to allow a group of user to manage event-related objects' (#89) from Danhia/website:admin/events-permissions into main

Reviewed-on: 42CTF/website#89

src/accounts/views/connection.py

@@ -87,7 +87,6 @@ def connect_discord(request):
 @login_required
 def authorize_discord(request):
 	if request.user.userprofileinfo.discord_id:
-		print("Already")
 		return bad_request(request, "Already connected")
 	try:
 		token = oauth.discord.authorize_access_token(request)

src/api/views.py

@@ -10,13 +10,13 @@ from django.shortcuts import get_object_or_404
 def bot_discord_rank(request):
 	if request.method != 'GET':
 		return JsonResponse({'error':'bad request'})
-	
+
 	token = request.GET.get('token')
 	auth_token = os.getenv('BOT_TOKEN')
 
 	if (token != auth_token or not auth_token):
 		return JsonResponse({'error':'not authorized'})
-	
+
 	all_users	  = UserProfileInfo.objects.select_related().order_by('-score', 'last_submission_date', 'user__username')
 	data = {}
 	rank = 1
@@ -30,30 +30,30 @@ def bot_discord_rank(request):
 def bot_discord_campus(request):
 	if request.method != 'GET':
 		return JsonResponse({'error':'bad request'})
-	
+
 	token = request.GET.get('token')
 	auth_token = os.getenv('BOT_TOKEN')
 
 	if (token != auth_token or not auth_token):
 		return JsonResponse({'error':'not authorized'})
-	
+
 	all_users	  = UserProfileInfo.objects.select_related().order_by('-score', 'last_submission_date', 'user__username')
 	data = {}
 	for user in all_users:
-		if user.discord_id:
+		if user.campus and user.discord_id:
-			data[user.discord_id] = user.campus
+			data[user.discord_id] = user.campus.name
 
 	return JsonResponse(data)
 
 def events_data(request, event_slug):
 	if request.method != 'GET':
 		return JsonResponse({'error':'bad request'})
-	
+
 	event_info = get_object_or_404(Event, slug=event_slug)
-	
+
 	if event_info.password and request.GET.get('password') != event_info.password:
 		return JsonResponse({'error':'not authorized'})
-	
+
 	players = EventPlayer.objects.filter(event=event_info)
 
 	data = {}
@@ -67,7 +67,6 @@ def events_data(request, event_slug):
 	else:
 		for player in players:
 			data[player.user.username] = player.score
-	
+
 	return JsonResponse(data)
 
-	

src/ctfs/admin.py

@@ -2,8 +2,6 @@ from django.contrib import admin
 from .models import Category, CTF, CTF_flags
 
 admin.site.register(Category)
-#admin.site.register(CTF)
-#admin.site.register(CTF_flags)
 
 @admin.register(CTF_flags)
 class ctf_flags(admin.ModelAdmin):
@@ -14,12 +12,61 @@ class ctf_flags(admin.ModelAdmin):
     # search list
     search_fields = ['ctf__category__name', 'ctf__name', 'user__username']
 
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        if request.user.is_superuser:
+            return qs
+        groups = list(request.user.groups.values_list('name', flat=True))
+        return qs.filter(event__name__in=groups)
+
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_change_permission(request, obj)
+    
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_delete_permission(request, obj)
+
 @admin.register(CTF)
 class ctf(admin.ModelAdmin):
     #list display
-    list_display = ['name', 'event', 'category']
+    list_display = ['name', 'event', 'category', 'points']
     #list Filter
     list_filter = ('category', 'event')
     # search list
     search_fields = ['category__name', 'name', 'author__username']
-# Register your models here.
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        if request.user.is_superuser:
+            return qs
+        groups = list(request.user.groups.values_list('name', flat=True))
+        return qs.filter(event__name__in=groups)
+
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_change_permission(request, obj)
+

src/ctfs/migrations/0009_ctf_flags_bonus.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.11 on 2023-09-17 17:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ctfs', '0008_auto_20220215_1713'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='ctf_flags',
+            name='bonus',
+            field=models.PositiveSmallIntegerField(default=0),
+        ),
+    ]

src/ctfs/models.py

@@ -45,6 +45,7 @@ class CTF_flags(models.Model):
     user        =   models.ForeignKey(User, unique=False, on_delete=models.CASCADE) 
     ctf         =   models.ForeignKey(CTF, unique=False, on_delete=models.CASCADE)
     flag_date   =   models.DateTimeField('Flag date')
+    bonus       =   models.PositiveSmallIntegerField(default=0)
     
     class Meta:
         ordering = ['-flag_date']

src/events/admin.py

@@ -1,5 +1,5 @@
 from django.contrib import admin
-from .models import Event, EventPlayer, Team
+from .models import Event, EventPlayer, Team, Bonus
 
 @admin.register(Event)
 class event(admin.ModelAdmin):
@@ -8,6 +8,27 @@ class event(admin.ModelAdmin):
     # search list
     search_fields = ['name', 'slug', 'description', 'password']
 
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        if request.user.is_superuser:
+            return qs
+        groups = list(request.user.groups.values_list('name', flat=True))
+        return qs.filter(name__in=groups)
+
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.name).exists()
+        return super().has_view_permission(request, obj)
+
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.name).exists()
+        return super().has_change_permission(request, obj)
+
 @admin.register(EventPlayer)
 class score(admin.ModelAdmin):
     #list display
@@ -17,7 +38,33 @@ class score(admin.ModelAdmin):
     # search list
     search_fields = ['user__username', 'score', 'event__name']
 
-# Register your models here.
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        if request.user.is_superuser:
+            return qs
+        groups = list(request.user.groups.values_list('name', flat=True))
+        return qs.filter(event__name__in=groups)
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_view_permission(request, obj)
+
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_change_permission(request, obj)
+
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_delete_permission(request, obj)
 
 @admin.register(Team)
 class team(admin.ModelAdmin):
@@ -27,3 +74,36 @@ class team(admin.ModelAdmin):
     list_filter = ('event',)
     # search list
     search_fields = ['name']
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        if request.user.is_superuser:
+            return qs
+        groups = list(request.user.groups.values_list('name', flat=True))
+        return qs.filter(event__name__in=groups)
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_view_permission(request, obj)
+
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_change_permission(request, obj)
+    
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser:
+            return True
+        if obj is not None:
+            return request.user.groups.filter(name=obj.event.name).exists()
+        return super().has_delete_permission(request, obj)
+
+@admin.register(Bonus)
+class bonus(admin.ModelAdmin):
+    #list display
+    list_display = ['points', 'absolute']

src/events/migrations/0011_bonus_points.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.11 on 2023-09-17 17:00
+
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('events', '0010_event_campus'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Bonus',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('absolute', models.BooleanField(default=True)),
+                ('points', models.CharField(max_length=100, validators=[django.core.validators.int_list_validator])),
+            ],
+        ),
+        migrations.AddField(
+            model_name='event',
+            name='bonus',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='events.bonus'),
+        ),
+    ]

src/events/migrations/0012_auto_20230917_2038.py

@@ -0,0 +1,24 @@
+# Generated by Django 3.2.11 on 2023-09-17 18:38
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('events', '0011_bonus_points'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='event',
+            name='bonus',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='events.bonus'),
+        ),
+        migrations.AlterField(
+            model_name='eventplayer',
+            name='team',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='events.team'),
+        ),
+    ]

src/events/models.py

@@ -1,10 +1,17 @@
 from django.db import models
 from django.contrib.auth.models import User
 from django.contrib.auth.models import timezone
+from django.core.validators import int_list_validator
 import uuid
 from accounts.models import Campus
 
 # Create your models here.
+class Bonus(models.Model):
+    absolute    =   models.BooleanField(default=True)
+    points      =   models.CharField(validators=[int_list_validator], max_length=100)
+    def __str__(self):
+        return self.points
+
 class Event(models.Model):
     id          =   models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
     name        =   models.CharField(max_length=200)
@@ -19,6 +26,7 @@ class Event(models.Model):
     auto_match  =   models.BooleanField(default=False)
     dynamic     =   models.BooleanField(default=False)
     campus      =   models.ManyToManyField(Campus, blank=True)
+    bonus       =   models.ForeignKey(Bonus, null=True, on_delete=models.SET_NULL, blank=True)
     def __str__(self):
         return self.name
 
@@ -37,8 +45,6 @@ class EventPlayer(models.Model):
     event                   =   models.ForeignKey(Event, on_delete=models.CASCADE)
     score                   =   models.PositiveIntegerField(default=0, db_index=True)
     last_submission_date    =   models.DateTimeField('Last Submission Date', default=timezone.now)
-    team                    =  models.ForeignKey(Team, on_delete=models.CASCADE, null=True)
+    team                    =  models.ForeignKey(Team, on_delete=models.CASCADE, null=True, blank=True)
     class Meta:
         ordering = ['-score', 'last_submission_date', 'user__username']
-
-

src/events/templates/events/create_team.html

@@ -16,6 +16,9 @@
                     {% if registered == False %}
                     <span class="message error-msg">{% trans "You need to be registered to the event." %}</span>
                     {% else %}
+                    {% if invalid == True %}
+                    <span class="message error-msg">{% trans "Invalid characters in name" %}</span>
+                    {% endif %}
                     {% if exist == True %}
                     <span class="message error-msg">{% trans "Name already taken." %}</span>
                     {% endif %}

src/events/templates/events/ctf_info.html

@@ -21,7 +21,10 @@
       <div class="ctf-footer">
         {% if request.user.is_authenticated %}
           {% if congrat == True %}
-          <p>{% trans "Congratulation !" %}</p>
+            <p>{% trans "Congratulation !" %}</p>
+            {% if bonus|add:"0" > 0 %}
+              <p>{% trans "Bonus points awarded" %} : {{ bonus }}</p>
+            {% endif %}
           {% elif alreadyflag == True %}
           <p>{% trans "Already flagged" %}</p>
           {% elif eventisover == True %}
@@ -96,6 +99,9 @@
     <ul class="list-group">
       <li class="list-group-item">{% trans "Author" %} :  <a style="position:absolute;right: 15px;" class="profile_link {{is_member}}" href="{% url 'accounts:profile' user_name=ctf.author.username %}">{{ ctf.author.username }}</a></li>
       <li class="list-group-item">{% trans "Point reward" %} : <span style="position:absolute;right: 15px;">{{ ctf.points }}</span></li>
+      {% if ctf.event.bonus %}
+      <li class="list-group-item">{% trans "Speed Bonuses" %} : <span style="position:absolute;right: 15px;">{{ bonus_points }}</span></li>
+      {% endif %}
       
     </ul>
   </div>

src/events/templates/events/event_info.html

@@ -26,7 +26,7 @@
         {% endif %}
       </div>
       <div class="event-footer">
-        {% if begun == True %}
+        {% if begun == True or is_event_manager == True %}
           <h4>{% trans "Challenges" %}</h4>
           
           {% if ctfs %}

src/events/templates/events/profile.html

@@ -22,6 +22,7 @@
 			  <th scope="col">{% trans "Challenge Name" %}</th>
 			  <th scope="col">{% trans "Category" %}</th>
 			  <th scope="col">{% trans "Points" %}</th>
+			  <th scope="col">{% trans "Bonus" %}</th>
 			  <th scope="col">{% trans "Date" %}</th>
           </tr>
         </thead>
@@ -31,6 +32,7 @@
 						<th scope="row"><a href="{% url 'events:event_chall_info' event_slug=event.slug chall_slug=s.ctf.slug %}">{{ s.ctf.name }}</a></th>
 							<td>{{ s.ctf.category.name}}</td>
 							<td>{{ s.ctf.points }}</td>
+							<td>{{ s.bonus }}</td>
 							<td>{{ s.flag_date|date:"Y-m-d H:i:s" }}</td>
           </tr>
 					{% endfor %}

src/events/views/events.py

@@ -41,6 +41,31 @@ def actualize_points(ctf):
 				player.team.score -= diff
 				player.team.save()
 
+def compute_bonus_points(ctf):
+	if not ctf.event.bonus:
+		return 0
+
+	solves	=  CTF_flags.objects.filter(ctf=ctf)
+	bonuses	= ctf.event.bonus.points.split(',')
+	
+	if len(solves) >= len(bonuses):
+		return 0
+	else:
+		if ctf.event.bonus.absolute == True:
+			return int(bonuses[len(solves)])
+		else:
+			return int(bonuses[len(solves)]) * ctf.points // 100
+
+def format_bonus_points(ctf):
+	if not ctf.event.bonus:
+		return None
+	
+	bonuses	= ctf.event.bonus.points.split(',')
+	if ctf.event.bonus.absolute == True:
+		return ''.join([b + ', ' for b in bonuses])[:-2]
+	return ''.join([str(ctf.points * int(b) // 100) + ', ' for b in bonuses])[:-2]
+
+
 # Create your views here.
 def events(request):
 	list_events        =   Event.objects.filter().order_by('-end_date', 'start_date')
@@ -50,7 +75,8 @@ def chall_event_info(request, event_slug, chall_slug):
 	event_info  = get_object_or_404(Event, slug=event_slug)
 	ctf_info    = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
 
-	if timezone.now() < ctf_info.pub_date:
+	is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
+	if timezone.now() < ctf_info.pub_date and not is_event_manager:
 		return redirect('events:event_info', event_slug=event_slug)
 	eventisover = False
 	alreadyflag = False
@@ -60,6 +86,7 @@ def chall_event_info(request, event_slug, chall_slug):
 	notsub      = False
 	noteam		= False
 	player		= None
+	bonus		= 0
 	if request.user.is_authenticated and not request.user.is_staff:
 		player = EventPlayer.objects.filter(event=event_info, user=request.user)
 		if not player:
@@ -80,6 +107,8 @@ def chall_event_info(request, event_slug, chall_slug):
 		notsub      = True
 	if request.GET.get('NoTeam'):
 		noteam      = True
+	bonus = request.GET.get('Bonus')
+	bonus_points = format_bonus_points(ctf_info)
 	solved_challs = CTF_flags.objects.filter(ctf=ctf_info).order_by('flag_date')
 	solved_list = []
 	for s in solved_challs:
@@ -89,57 +118,59 @@ def chall_event_info(request, event_slug, chall_slug):
 			solved_list.append([s.user, s.flag_date])
 	description = get_description_by_lang(ctf_info)
 	return render(request, 'events/ctf_info.html', { 'ctf' : ctf_info, 'event':event_info, 'solved_list': solved_list, 'description': description, 'eventisover': eventisover, 'alreadyflag': alreadyflag,
-		'congrat': congrat, 'wrongflag': wrongflag, 'errorform': errorform, 'notsub': notsub, 'noteam':noteam})
+		'congrat': congrat, 'wrongflag': wrongflag, 'errorform': errorform, 'notsub': notsub, 'noteam':noteam, 'bonus':bonus, 'bonus_points':bonus_points})
 
 def event(request, event_slug):
 	event_info 			= get_object_or_404(Event, slug=event_slug)
-	IsRegistered		= False
 	wrongpwd			= False
 	alreadyregistered	= False
 	subisover			= False
+
+	is_event_manager	= request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
+
+	ended = (timezone.now() >= event_info.end_date)
+	begun = (timezone.now() >= event_info.start_date)
+
+	if is_event_manager: # we want to see all the challenges
+		challenges  = CTF.objects.filter(event=event_info).order_by('category', 'points')
+	else:
+		challenges  = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
+
+	if event_info.team_size == 1:
+		solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
+	else:
+		solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
+
 	if request.GET.get('WrongPassword'):
 		wrongpwd = True
 	if request.GET.get('AlreadyRegistered'):
 		alreadyregistered = True
 	if request.GET.get('SubscriptionIsOver'):
 		subisover = True
+	
 	if request.user.is_authenticated:
 		try:
-			player = EventPlayer.objects.get(event=event_info, user=request.user)
+			EventPlayer.objects.get(event=event_info, user=request.user)
+			return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': True, 'ctfs': challenges, 'solved_list':solved_list,
+				'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
 		except:
-			player = None
+			pass
-		if player:
+
-			IsRegistered = True
+	if (event_info.campus.all() or event_info.password) and request.user.is_authenticated is False:
-	if event_info.campus.all():
+		return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False})
-		if request.user.is_authenticated:
+
-			if request.user.is_staff is False:
+	if event_info.campus.all() and is_event_manager is False:
-				user = UserProfileInfo.objects.get(user=request.user)
+		user = UserProfileInfo.objects.get(user=request.user)
-				if user.campus is None:
+		if user.campus is None:
-					return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
+			return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
-				elif user.campus not in event_info.campus.all():
+		elif user.campus not in event_info.campus.all():
-					return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
+			return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
-		else:
+	
-			return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
+	if event_info.password and is_event_manager is False:
-	if event_info.password:
+		return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
-		if request.user.is_authenticated:
+
-			if request.user.is_staff is False:
+	return render(request, 'events/event_info.html', {'event' : event_info, 'ctfs': challenges, 'solved_list':solved_list, 'IsRegistered': False,
-				if not player:
+		'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
-					return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
-		else:
-			return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
-	ended = False
-	if timezone.now() >= event_info.end_date:
-		ended = True
-	begun = False
-	if timezone.now() >= event_info.start_date:
-		begun = True
-	challenges  = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
-	if event_info.team_size == 1:
-		solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
-	else:
-		solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
-	return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': IsRegistered, 'ctfs': challenges, 'solved_list':solved_list,
-		'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover})
 
 @login_required
 def submit_event_flag(request, event_slug, chall_slug):
@@ -183,20 +214,21 @@ def submit_event_flag(request, event_slug, chall_slug):
 
 			if form.is_valid():
 				if ctf_info.flag == request.POST.get('flag'):
-					new =   CTF_flags(user = request.user, ctf = ctf_info, flag_date = timezone.now())
+					bonus	= 	compute_bonus_points(ctf_info)
+					new		=   CTF_flags(user = request.user, ctf = ctf_info, flag_date = timezone.now(), bonus = bonus)
 					new.save()
 					if ctf_info.points > 0:
 						player.last_submission_date = timezone.now()
-					player.score += ctf_info.points
+					player.score += (ctf_info.points + bonus)
 					player.save()
 					if player.team:
 						if ctf_info.points > 0:
 							player.team.last_submission_date = timezone.now()
-						player.team.score += ctf_info.points
+						player.team.score += (ctf_info.points + bonus)
 						player.team.save()
 					if ev.dynamic:
 						actualize_points(ctf_info)
-					response['Location'] += '?Congrat=1'
+					response['Location'] += '?Congrat=1&Bonus=' + str(bonus)
 					return response
 				else:
 					response['Location'] += '?WrongFlag=1'
@@ -278,7 +310,7 @@ def profile(request, user_name, event_slug):
 		percent = (solved_count / max_count) * 100
 		catsDatas.append([cat.name, solved_count, max_count, '{:.0f}'.format(percent)])
 		for flag in solved:
-			somme += flag.ctf.points
+			somme += (flag.ctf.points + flag.bonus)
 			pointDatas[cat.name].append([flag.flag_date.timestamp() * 1000, somme])
 
 	solves = CTF_flags.objects.filter(user=user_obj, ctf__event=event_info).order_by('-flag_date')
@@ -286,10 +318,10 @@ def profile(request, user_name, event_slug):
 	somme = 0
 	solved.append([event_info.start_date.timestamp() * 1000, 0])
 	for s in solves.reverse():
-		somme += s.ctf.points
+		somme += (s.ctf.points + s.bonus)
 		solved.append([s.flag_date.timestamp() * 1000,somme])
 
 	return render(request,'events/profile.html', {'user':user_obj, 'solves':solves,'solved':solved,'catsDatas': catsDatas, 'pointDatas': pointDatas,
-		'rank': rank, 'score' : somme, 'cats':cats, 'event': event_info})
+		'rank': rank, 'score' : player.score, 'cats':cats, 'event': event_info})
 
 

src/events/views/teams.py

@@ -13,10 +13,13 @@ from random import randint
 def create_team(request, event_slug):
 	ev			=   get_object_or_404(Event, slug=event_slug)
 	if request.method == 'POST':
+		teamname = request.POST.get('teamname')
 		if request.user.is_authenticated and ev.team_size > 1:
-			if Team.objects.filter(name=request.POST.get('teamname'), event=ev).exists():
+			if any(c in set('./') for c in teamname):
+				return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : False, 'invalid' : True})
+			if Team.objects.filter(name=teamname, event=ev).exists():
 				return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True})
-			new = Team(name=request.POST.get('teamname'), password=request.POST.get('password'), event=ev)
+			new = Team(name=teamname, password=request.POST.get('password'), event=ev)
 			new.save()
 			player = EventPlayer.objects.get(user=request.user, event=ev)
 			player.team = new
@@ -115,9 +118,10 @@ def manage_team(request, event_slug):
 			pname = p_form.cleaned_data['name']
 			if pname == tname:
 				pass
-			else:
+			elif any(c in set('./') for c in pname):
-				if Team.objects.filter(name=pname, event=event_info).exists():
+				error = _("Invalid characters in name")
-					error = _("Name already taken.")
+			elif Team.objects.filter(name=pname, event=event_info).exists():
+				error = _("Name already taken.")
 			ppassword = p_form.cleaned_data['password']
 			if error is None:
 				p_form.save()
@@ -137,18 +141,20 @@ def leave_team(request, event_slug):
 	player		= 	EventPlayer.objects.get(user=request.user, event=event_info)
 	team		=	Team.objects.get(event=event_info, name=player.team.name)
 
-	team.score -= player.score
-	team.save()
 	player.team = None
+	player.save()
+	members		=	EventPlayer.objects.filter(team=team, event=event_info)
+	if members.count() == 0:
+		team.delete()
+	else:
+		team.score -= player.score
+		team.save()
+	
 	solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info)
 	player.score = 0
 	solved.delete()
 	player.save()
 
-	members		=	EventPlayer.objects.filter(team=team, event=event_info)
-	if members.count() == 0:
-		team.delete()
-
 	return redirect('events:event_info', event_slug=event_slug)
 
 @login_required

src/home/views.py

@@ -35,7 +35,6 @@ def home(request):
         lang_code = request.session[LANGUAGE_SESSION_KEY]
     url_translated = translate_url(request.path, lang_code)
     if request.path != url_translated:
-        print("%s\n%s" % (request.path, url_translated))
         response = HttpResponseRedirect(url_translated)
         return response
     news        =   new.objects.order_by('-pub_date')[:5]