forked from 42CTF/website
Merge pull request 'New permissions to allow a group of user to manage event-related objects' (#89) from Danhia/website:admin/events-permissions into main
Reviewed-on: 42CTF/website#89
This commit is contained in:
commit
f1b1214291
|
@ -2,8 +2,6 @@ from django.contrib import admin
|
||||||
from .models import Category, CTF, CTF_flags
|
from .models import Category, CTF, CTF_flags
|
||||||
|
|
||||||
admin.site.register(Category)
|
admin.site.register(Category)
|
||||||
#admin.site.register(CTF)
|
|
||||||
#admin.site.register(CTF_flags)
|
|
||||||
|
|
||||||
@admin.register(CTF_flags)
|
@admin.register(CTF_flags)
|
||||||
class ctf_flags(admin.ModelAdmin):
|
class ctf_flags(admin.ModelAdmin):
|
||||||
|
@ -14,12 +12,61 @@ class ctf_flags(admin.ModelAdmin):
|
||||||
# search list
|
# search list
|
||||||
search_fields = ['ctf__category__name', 'ctf__name', 'user__username']
|
search_fields = ['ctf__category__name', 'ctf__name', 'user__username']
|
||||||
|
|
||||||
|
def get_queryset(self, request):
|
||||||
|
qs = super().get_queryset(request)
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return qs
|
||||||
|
groups = list(request.user.groups.values_list('name', flat=True))
|
||||||
|
return qs.filter(event__name__in=groups)
|
||||||
|
|
||||||
|
def has_view_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_view_permission(request, obj)
|
||||||
|
|
||||||
|
def has_change_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_change_permission(request, obj)
|
||||||
|
|
||||||
|
def has_delete_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_delete_permission(request, obj)
|
||||||
|
|
||||||
@admin.register(CTF)
|
@admin.register(CTF)
|
||||||
class ctf(admin.ModelAdmin):
|
class ctf(admin.ModelAdmin):
|
||||||
#list display
|
#list display
|
||||||
list_display = ['name', 'event', 'category']
|
list_display = ['name', 'event', 'category', 'points']
|
||||||
#list Filter
|
#list Filter
|
||||||
list_filter = ('category', 'event')
|
list_filter = ('category', 'event')
|
||||||
# search list
|
# search list
|
||||||
search_fields = ['category__name', 'name', 'author__username']
|
search_fields = ['category__name', 'name', 'author__username']
|
||||||
# Register your models here.
|
|
||||||
|
def get_queryset(self, request):
|
||||||
|
qs = super().get_queryset(request)
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return qs
|
||||||
|
groups = list(request.user.groups.values_list('name', flat=True))
|
||||||
|
return qs.filter(event__name__in=groups)
|
||||||
|
|
||||||
|
def has_view_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_view_permission(request, obj)
|
||||||
|
|
||||||
|
def has_change_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_change_permission(request, obj)
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,27 @@ class event(admin.ModelAdmin):
|
||||||
# search list
|
# search list
|
||||||
search_fields = ['name', 'slug', 'description', 'password']
|
search_fields = ['name', 'slug', 'description', 'password']
|
||||||
|
|
||||||
|
def get_queryset(self, request):
|
||||||
|
qs = super().get_queryset(request)
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return qs
|
||||||
|
groups = list(request.user.groups.values_list('name', flat=True))
|
||||||
|
return qs.filter(name__in=groups)
|
||||||
|
|
||||||
|
def has_view_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.name).exists()
|
||||||
|
return super().has_view_permission(request, obj)
|
||||||
|
|
||||||
|
def has_change_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.name).exists()
|
||||||
|
return super().has_change_permission(request, obj)
|
||||||
|
|
||||||
@admin.register(EventPlayer)
|
@admin.register(EventPlayer)
|
||||||
class score(admin.ModelAdmin):
|
class score(admin.ModelAdmin):
|
||||||
#list display
|
#list display
|
||||||
|
@ -17,7 +38,33 @@ class score(admin.ModelAdmin):
|
||||||
# search list
|
# search list
|
||||||
search_fields = ['user__username', 'score', 'event__name']
|
search_fields = ['user__username', 'score', 'event__name']
|
||||||
|
|
||||||
# Register your models here.
|
def get_queryset(self, request):
|
||||||
|
qs = super().get_queryset(request)
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return qs
|
||||||
|
groups = list(request.user.groups.values_list('name', flat=True))
|
||||||
|
return qs.filter(event__name__in=groups)
|
||||||
|
|
||||||
|
def has_view_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_view_permission(request, obj)
|
||||||
|
|
||||||
|
def has_change_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_change_permission(request, obj)
|
||||||
|
|
||||||
|
def has_delete_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_delete_permission(request, obj)
|
||||||
|
|
||||||
@admin.register(Team)
|
@admin.register(Team)
|
||||||
class team(admin.ModelAdmin):
|
class team(admin.ModelAdmin):
|
||||||
|
@ -28,6 +75,34 @@ class team(admin.ModelAdmin):
|
||||||
# search list
|
# search list
|
||||||
search_fields = ['name']
|
search_fields = ['name']
|
||||||
|
|
||||||
|
def get_queryset(self, request):
|
||||||
|
qs = super().get_queryset(request)
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return qs
|
||||||
|
groups = list(request.user.groups.values_list('name', flat=True))
|
||||||
|
return qs.filter(event__name__in=groups)
|
||||||
|
|
||||||
|
def has_view_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_view_permission(request, obj)
|
||||||
|
|
||||||
|
def has_change_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_change_permission(request, obj)
|
||||||
|
|
||||||
|
def has_delete_permission(self, request, obj=None):
|
||||||
|
if request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
if obj is not None:
|
||||||
|
return request.user.groups.filter(name=obj.event.name).exists()
|
||||||
|
return super().has_delete_permission(request, obj)
|
||||||
|
|
||||||
@admin.register(Bonus)
|
@admin.register(Bonus)
|
||||||
class bonus(admin.ModelAdmin):
|
class bonus(admin.ModelAdmin):
|
||||||
#list display
|
#list display
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
<div class="event-footer">
|
<div class="event-footer">
|
||||||
{% if begun == True %}
|
{% if begun == True or is_event_manager == True %}
|
||||||
<h4>{% trans "Challenges" %}</h4>
|
<h4>{% trans "Challenges" %}</h4>
|
||||||
|
|
||||||
{% if ctfs %}
|
{% if ctfs %}
|
||||||
|
|
|
@ -75,7 +75,8 @@ def chall_event_info(request, event_slug, chall_slug):
|
||||||
event_info = get_object_or_404(Event, slug=event_slug)
|
event_info = get_object_or_404(Event, slug=event_slug)
|
||||||
ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
|
ctf_info = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
|
||||||
|
|
||||||
if timezone.now() < ctf_info.pub_date:
|
is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
|
||||||
|
if timezone.now() < ctf_info.pub_date and not is_event_manager:
|
||||||
return redirect('events:event_info', event_slug=event_slug)
|
return redirect('events:event_info', event_slug=event_slug)
|
||||||
eventisover = False
|
eventisover = False
|
||||||
alreadyflag = False
|
alreadyflag = False
|
||||||
|
@ -121,53 +122,55 @@ def chall_event_info(request, event_slug, chall_slug):
|
||||||
|
|
||||||
def event(request, event_slug):
|
def event(request, event_slug):
|
||||||
event_info = get_object_or_404(Event, slug=event_slug)
|
event_info = get_object_or_404(Event, slug=event_slug)
|
||||||
IsRegistered = False
|
|
||||||
wrongpwd = False
|
wrongpwd = False
|
||||||
alreadyregistered = False
|
alreadyregistered = False
|
||||||
subisover = False
|
subisover = False
|
||||||
|
|
||||||
|
is_event_manager = request.user.groups.filter(name=event_info.name).exists() or request.user.is_superuser
|
||||||
|
|
||||||
|
ended = (timezone.now() >= event_info.end_date)
|
||||||
|
begun = (timezone.now() >= event_info.start_date)
|
||||||
|
|
||||||
|
if is_event_manager: # we want to see all the challenges
|
||||||
|
challenges = CTF.objects.filter(event=event_info).order_by('category', 'points')
|
||||||
|
else:
|
||||||
|
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
|
||||||
|
|
||||||
|
if event_info.team_size == 1:
|
||||||
|
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
|
||||||
|
else:
|
||||||
|
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
|
||||||
|
|
||||||
if request.GET.get('WrongPassword'):
|
if request.GET.get('WrongPassword'):
|
||||||
wrongpwd = True
|
wrongpwd = True
|
||||||
if request.GET.get('AlreadyRegistered'):
|
if request.GET.get('AlreadyRegistered'):
|
||||||
alreadyregistered = True
|
alreadyregistered = True
|
||||||
if request.GET.get('SubscriptionIsOver'):
|
if request.GET.get('SubscriptionIsOver'):
|
||||||
subisover = True
|
subisover = True
|
||||||
|
|
||||||
if request.user.is_authenticated:
|
if request.user.is_authenticated:
|
||||||
try:
|
try:
|
||||||
player = EventPlayer.objects.get(event=event_info, user=request.user)
|
EventPlayer.objects.get(event=event_info, user=request.user)
|
||||||
|
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': True, 'ctfs': challenges, 'solved_list':solved_list,
|
||||||
|
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
|
||||||
except:
|
except:
|
||||||
player = None
|
pass
|
||||||
if player:
|
|
||||||
IsRegistered = True
|
if (event_info.campus.all() or event_info.password) and request.user.is_authenticated is False:
|
||||||
if event_info.campus.all():
|
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False})
|
||||||
if request.user.is_authenticated:
|
|
||||||
if request.user.is_staff is False:
|
if event_info.campus.all() and is_event_manager is False:
|
||||||
user = UserProfileInfo.objects.get(user=request.user)
|
user = UserProfileInfo.objects.get(user=request.user)
|
||||||
if user.campus is None:
|
if user.campus is None:
|
||||||
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
|
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': False, 'campusCanJoin': True})
|
||||||
elif user.campus not in event_info.campus.all():
|
elif user.campus not in event_info.campus.all():
|
||||||
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
|
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': False})
|
||||||
else:
|
|
||||||
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
|
if event_info.password and is_event_manager is False:
|
||||||
if event_info.password:
|
|
||||||
if request.user.is_authenticated:
|
|
||||||
if request.user.is_staff is False:
|
|
||||||
if not player:
|
|
||||||
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
|
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': True, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
|
||||||
else:
|
|
||||||
return render(request, 'events/event_pwd.html', {'event' : event_info, 'logged': False, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'userHasCampus': True, 'campusCanJoin': True})
|
return render(request, 'events/event_info.html', {'event' : event_info, 'ctfs': challenges, 'solved_list':solved_list, 'IsRegistered': False,
|
||||||
ended = False
|
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover, 'is_event_manager':is_event_manager})
|
||||||
if timezone.now() >= event_info.end_date:
|
|
||||||
ended = True
|
|
||||||
begun = False
|
|
||||||
if timezone.now() >= event_info.start_date:
|
|
||||||
begun = True
|
|
||||||
challenges = CTF.objects.filter(event=event_info, pub_date__lte=timezone.now()).order_by('category', 'points')
|
|
||||||
if event_info.team_size == 1:
|
|
||||||
solved_list = EventPlayer.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'user__username')
|
|
||||||
else:
|
|
||||||
solved_list = Team.objects.filter(event=event_info).order_by('-score', 'last_submission_date', 'name')
|
|
||||||
return render(request, 'events/event_info.html', {'event' : event_info, 'IsRegistered': IsRegistered, 'ctfs': challenges, 'solved_list':solved_list,
|
|
||||||
'ended': ended, 'begun': begun, 'wrongpwd': wrongpwd, 'alreadyregistered': alreadyregistered, 'subisover': subisover})
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def submit_event_flag(request, event_slug, chall_slug):
|
def submit_event_flag(request, event_slug, chall_slug):
|
||||||
|
|
Loading…
Reference in New Issue