backend: check the team has access to the exercice/flag before doing the action
This commit is contained in:
parent
ff7c89af9f
commit
15d108497e
@ -25,6 +25,12 @@ func treatWantChoices(pathname string, team fic.Team) {
|
||||
os.Remove(pathname)
|
||||
} else if flag, err := fic.GetFlagKey(ask.FlagId); err != nil {
|
||||
log.Println("[ERR]", err)
|
||||
} else if !team.CanSeeFlag(flag) {
|
||||
log.Println("[!!!] The team asks to display choices whereas it doesn't have access to the flag")
|
||||
} else if exercice, err := flag.GetExercice(); err != nil {
|
||||
log.Println("[ERR] Unable to retrieve the flag's underlying exercice:", err)
|
||||
} else if !team.HasAccess(exercice) {
|
||||
log.Println("[!!!] The team asks to display choices whereas it doesn't have access to the exercice")
|
||||
} else if err = team.DisplayChoices(flag); err != nil {
|
||||
log.Println("[ERR]", err)
|
||||
} else {
|
||||
|
@ -25,14 +25,16 @@ func treatOpeningHint(pathname string, team fic.Team) {
|
||||
log.Println("[WRN] Invalid content in hint file: ", pathname)
|
||||
os.Remove(pathname)
|
||||
} else if hint, err := fic.GetHint(ask.HintId); err != nil {
|
||||
log.Println("[ERR]", err)
|
||||
log.Println("[ERR] Unable to retrieve the given hint:", err)
|
||||
} else if exercice, err := hint.GetExercice(); err != nil {
|
||||
log.Println("[ERR] Unable to retrieve the hint's underlying exercice:", err)
|
||||
} else if !team.HasAccess(exercice) {
|
||||
log.Println("[!!!] The team asks to open an hint whereas it doesn't have access to the exercice")
|
||||
} else if err = team.OpenHint(hint); err != nil {
|
||||
log.Println("[ERR]", err)
|
||||
log.Println("[ERR] Unable to open hint", err)
|
||||
} else {
|
||||
// Write event
|
||||
if exercice, err := hint.GetExercice(); err != nil {
|
||||
log.Println("[WRN]", err)
|
||||
} else if lvl, err := exercice.GetLevel(); err != nil {
|
||||
if lvl, err := exercice.GetLevel(); err != nil {
|
||||
log.Println("[WRN]", err)
|
||||
} else if theme, err := fic.GetTheme(exercice.IdTheme); err != nil {
|
||||
log.Println("[WRN]", err)
|
||||
|
@ -43,6 +43,12 @@ func treatSubmission(pathname string, team fic.Team, exercice_id string) {
|
||||
return
|
||||
}
|
||||
|
||||
// Check the team can access this exercice
|
||||
if !team.HasAccess(exercice) {
|
||||
log.Println("[!!!] The team submits something for an exercice it doesn't have access yet")
|
||||
return
|
||||
}
|
||||
|
||||
// Find the corresponding theme
|
||||
theme, err := fic.GetTheme(exercice.IdTheme)
|
||||
if err != nil {
|
||||
|
@ -266,3 +266,13 @@ func (k FlagKey) Check(v interface{}) int {
|
||||
func (k FlagKey) FoundBy(t Team) {
|
||||
DBExec("INSERT INTO flag_found (id_flag, id_team, time) VALUES (?, ?, ?)", k.Id, t.Id, time.Now())
|
||||
}
|
||||
|
||||
// GetExercice returns the parent Exercice where this flag can be found.
|
||||
func (k FlagKey) GetExercice() (Exercice, error) {
|
||||
var eid int64
|
||||
if err := DBQueryRow("SELECT id_exercice FROM exercice_flags WHERE id_flag = ?", k.Id).Scan(&eid); err != nil {
|
||||
return Exercice{}, err
|
||||
}
|
||||
|
||||
return GetExercice(eid)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user