fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

backend: check the team has access to the exercice/flag before doing the action

Browse source
This commit is contained in:
nemunaire 2019-02-05 03:24:52 +01:00
commit 15d108497e
4 changed files with 29 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/choices.go
View file

@ -25,6 +25,12 @@ func treatWantChoices(pathname string, team fic.Team) {
os.Remove(pathname)
} else if flag, err := fic.GetFlagKey(ask.FlagId); err != nil {
log.Println("[ERR]", err)
} else if !team.CanSeeFlag(flag) {
log.Println("[!!!] The team asks to display choices whereas it doesn't have access to the flag")
} else if exercice, err := flag.GetExercice(); err != nil {
log.Println("[ERR] Unable to retrieve the flag's underlying exercice:", err)
} else if !team.HasAccess(exercice) {
log.Println("[!!!] The team asks to display choices whereas it doesn't have access to the exercice")
} else if err = team.DisplayChoices(flag); err != nil {
log.Println("[ERR]", err)
} else {