sandvich
/
availabili.tf
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add requires_team_membership middleware

master
John Montagu, the 4th Earl of Sandvich 2024-11-18 18:24:42 -08:00
parent 9b2153266a
commit 3cb9084a69
Signed by: sandvich
GPG Key ID: 9A39BE37E602B22D
2 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
backend-flask/middleware.py
View File

@ -2,6 +2,8 @@ from functools import wraps
from flask import abort, make_response, request from flask import abort, make_response, request
from app_db import db from app_db import db
from models.auth_session import AuthSession from models.auth_session import AuthSession
from models.player import Player
from models.player_team import PlayerTeam
def requires_authentication(f): def requires_authentication(f):
@ -25,3 +27,36 @@ def requires_authentication(f):
kwargs["auth_session"] = auth_session kwargs["auth_session"] = auth_session
return f(*args, **kwargs) return f(*args, **kwargs)
return decorator return decorator
def requires_team_membership(f):
@wraps(f)
def decorator(*args, **kwargs):
player: Player | None = kwargs["player"]
team_id: int = kwargs["team_id"]
if not player:
abort(401)
player_team = db.session.query(
PlayerTeam
).where(
PlayerTeam.player == player
).where(
PlayerTeam.team_id == team_id
).one_or_none()
if not player_team:
abort(404, "Player is not a member of this team")
kwargs["player_team"] = player_team
return f(*args, **kwargs)
return decorator
def assert_team_authority(
player_team: PlayerTeam,
target_player_team: PlayerTeam | None = None,
allow_self_target: bool = False
):
if not player_team.is_team_leader:
if not allow_self_target or player_team != target_player_team:
abort(403)

30
backend-flask/team.py
View File

@ -14,7 +14,7 @@ from models.player_team_availability import PlayerTeamAvailability
from models.player_team_role import PlayerTeamRole, RoleSchema from models.player_team_role import PlayerTeamRole, RoleSchema
from models.team import Team, TeamSchema from models.team import Team, TeamSchema
from models.team_invite import TeamInvite, TeamInviteSchema from models.team_invite import TeamInvite, TeamInviteSchema
from middleware import requires_authentication from middleware import assert_team_authority, requires_authentication, requires_team_membership
import models import models
from spec import spec, BaseModel from spec import spec, BaseModel
import pytz import pytz
@ -428,18 +428,8 @@ def edit_member_roles(
operation_id="get_invites" operation_id="get_invites"
) )
@requires_authentication @requires_authentication
def get_invites(player: Player, team_id: int, **kwargs): @requires_team_membership
player_team = db.session.query( def get_invites(team_id: int, **_):
PlayerTeam
).where(
PlayerTeam.player_id == player.steam_id
).where(
PlayerTeam.team_id == team_id
).one_or_none()
if not player_team:
abort(404)
invites = db.session.query( invites = db.session.query(
TeamInvite TeamInvite
).where( ).where(
@ -464,18 +454,8 @@ def get_invites(player: Player, team_id: int, **kwargs):
operation_id="create_invite" operation_id="create_invite"
) )
@requires_authentication @requires_authentication
def create_invite(player: Player, team_id: int, **kwargs): @requires_team_membership
player_team = db.session.query( def create_invite(team_id: int, **_):
PlayerTeam
).where(
PlayerTeam.player_id == player.steam_id
).where(
PlayerTeam.team_id == team_id
).one_or_none()
if not player_team:
abort(404)
team_id_shifted = int(team_id) << 48 team_id_shifted = int(team_id) << 48
random_value_shifted = int(randint(0, (1 << 16) - 1)) << 32 random_value_shifted = int(randint(0, (1 << 16) - 1)) << 32
timestamp = int(time.time()) & ((1 << 32) - 1) timestamp = int(time.time()) & ((1 << 32) - 1)