backend: check the team has access to the exercice/flag before doing the action

2019-02-05 03:24:52 +01:00 · 2019-02-05 03:24:52 +01:00 · 15d108497e
commit 15d108497e
parent ff7c89af9f
4 changed files with 29 additions and 5 deletions
--- a/libfic/flag_key.go
+++ b/libfic/flag_key.go
@ -266,3 +266,13 @@ func (k FlagKey) Check(v interface{}) int {
 func (k FlagKey) FoundBy(t Team) {
 	DBExec("INSERT INTO flag_found (id_flag, id_team, time) VALUES (?, ?, ?)", k.Id, t.Id, time.Now())
 }
+
+// GetExercice returns the parent Exercice where this flag can be found.
+func (k FlagKey) GetExercice() (Exercice, error) {
+	var eid int64
+	if err := DBQueryRow("SELECT id_exercice FROM exercice_flags WHERE id_flag = ?", k.Id).Scan(&eid); err != nil {
+		return Exercice{}, err
+	}
+
+	return GetExercice(eid)
+}