diff options
author | Devin Matte <devinmatte@gmail.com> | 2022-03-21 13:35:35 -0400 |
---|---|---|
committer | Devin Matte <devinmatte@gmail.com> | 2022-03-21 13:35:35 -0400 |
commit | 1b06260fd28e463b97c78dbd0e1f24c2d32eceb8 (patch) | |
tree | 8d6d6b6baf6648b54185f7945b38de8b9554d55e | |
parent | aeb8f275b88a1ad6b1df6334498e391bd8790336 (diff) | |
parent | 7d6d98fa7acaac41dcaf080770e24fa6bf4ad41e (diff) |
Merge branch 'develop' of github.com:ComputerScienceHouse/packet into develop
-rw-r--r-- | packet/__init__.py | 6 | ||||
-rw-r--r-- | packet/notifications.py | 2 | ||||
-rw-r--r-- | packet/routes/api.py | 30 | ||||
-rw-r--r-- | packet/templates/active_packets.html | 4 | ||||
-rw-r--r-- | requirements.txt | 2 |
5 files changed, 33 insertions, 11 deletions
diff --git a/packet/__init__.py b/packet/__init__.py index 82e2119..85102f5 100644 --- a/packet/__init__.py +++ b/packet/__init__.py @@ -7,7 +7,7 @@ import logging import os import csh_ldap -import onesignal_sdk.client as onesignal +import onesignal from flask import Flask from flask_gzip import Gzip from flask_migrate import Migrate @@ -57,7 +57,7 @@ if app.config['ONESIGNAL_USER_AUTH_KEY'] and \ app.config['ONESIGNAL_CSH_APP_ID']: csh_onesignal_client = onesignal.Client( user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'], - rest_api_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'], + app_auth_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'], app_id=app.config['ONESIGNAL_CSH_APP_ID'] ) app.logger.info('CSH Onesignal configured and notifications enabled') @@ -68,7 +68,7 @@ if app.config['ONESIGNAL_USER_AUTH_KEY'] and \ app.config['ONESIGNAL_INTRO_APP_ID']: intro_onesignal_client = onesignal.Client( user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'], - rest_api_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'], + app_auth_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'], app_id=app.config['ONESIGNAL_INTRO_APP_ID'] ) app.logger.info('Intro Onesignal configured and notifications enabled') diff --git a/packet/notifications.py b/packet/notifications.py index dea47d8..c665125 100644 --- a/packet/notifications.py +++ b/packet/notifications.py @@ -1,7 +1,7 @@ from datetime import datetime from typing import Any, Callable, TypeVar, cast -import onesignal_sdk.client as onesignal +import onesignal from packet import app, intro_onesignal_client, csh_onesignal_client from packet.models import NotificationSubscription, Packet diff --git a/packet/routes/api.py b/packet/routes/api.py index 21d9f0d..c364962 100644 --- a/packet/routes/api.py +++ b/packet/routes/api.py @@ -96,10 +96,14 @@ def sync_ldap(): @app.route('/api/v1/packets/<username>', methods=['GET']) @packet_auth -def get_packets_by_user(username: str) -> dict: +@before_request +def get_packets_by_user(username: str, info=None) -> dict: """ Return a dictionary of packets for a freshman by username, giving packet start and end date by packet id """ + + if info['ritdn'] != username: + return 'Forbidden - not your packet', 403 frosh = Freshman.by_username(username) return {packet.id: { @@ -110,10 +114,15 @@ def get_packets_by_user(username: str) -> dict: @app.route('/api/v1/packets/<username>/newest', methods=['GET']) @packet_auth -def get_newest_packet_by_user(username: str) -> dict: +@before_request +def get_newest_packet_by_user(username: str, info=None) -> dict: """ Return a user's newest packet """ + + if not info['is_upper'] and info['ritdn'] != username: + return 'Forbidden - not your packet', 403 + frosh = Freshman.by_username(username) packet = frosh.packets[-1] @@ -130,13 +139,17 @@ def get_newest_packet_by_user(username: str) -> dict: @app.route('/api/v1/packet/<packet_id>', methods=['GET']) @packet_auth -def get_packet_by_id(packet_id: int) -> dict: +@before_request +def get_packet_by_id(packet_id: int, info=None) -> dict: """ Return the scores of the packet in question """ packet = Packet.by_id(packet_id) + if not info['is_upper'] and info['ritdn'] != packet.freshman.rit_username: + return 'Forbidden - not your packet', 403 + return { 'required': vars(packet.signatures_required()), 'received': vars(packet.signatures_received()), @@ -198,13 +211,20 @@ def report(info): @app.route('/api/v1/stats/packet/<packet_id>') @packet_auth -def packet_stats(packet_id): +@before_request +def packet_stats(packet_id, info=None): + if not info['is_upper'] and info['ritdn'] != Packet.by_id(packet_id).freshman.rit_username: + return 'Forbidden - not your packet', 403 return stats.packet_stats(packet_id) @app.route('/api/v1/stats/upperclassman/<uid>') @packet_auth -def upperclassman_stats(uid): +@before_request +def upperclassman_stats(uid, info=None): + if not info['is_upper']: + return 'Forbidden', 403 + return stats.upperclassman_stats(uid) diff --git a/packet/templates/active_packets.html b/packet/templates/active_packets.html index 343649a..bd8fdc3 100644 --- a/packet/templates/active_packets.html +++ b/packet/templates/active_packets.html @@ -112,5 +112,7 @@ {% block scripts %} {{ super() }} - <script src="{{ url_for('static', filename='js/tables.min.js') }}"></script> + {% if info.realm == "csh" %} + <script src="{{ url_for('static', filename='js/tables.min.js') }}"></script> + {% endif %} {% endblock %} diff --git a/requirements.txt b/requirements.txt index 4b0024a..33c1bbe 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ ddtrace flask_sqlalchemy~=2.5.1 gunicorn~=20.0.4 mypy -onesignal-sdk~=2.0.0 +onesignal-sdk~=1.0.0 psycopg2-binary~=2.8.6 pylint-quotes~=0.2.1 pylint~=2.7.2 |