def patch(self, user_id):
user = Users.query.filter_by(id=user_id).first_or_404()
data = request.get_json()
data["id"] = user_id
# Admins should not be able to ban themselves
if data["id"] == session["id"] and (data.get("banned") is True
or data.get("banned") == "true"):
return (
{
"success": False,
"errors": {
"id": "You cannot ban yourself"
}
},
400,
)
schema = UserSchema(view="admin", instance=user, partial=True)
response = schema.load(data)
if response.errors:
return {"success": False, "errors": response.errors}, 400
# This generates the response first before actually changing the type
# This avoids an error during User type changes where we change
# the polymorphic identity resulting in an ObjectDeletedError
# https://github.com/CTFd/CTFd/issues/1794
response = schema.dump(response.data)
db.session.commit()
db.session.close()
clear_user_session(user_id=user_id)
clear_standings()
return {"success": True, "data": response.data}
def patch(self, user_id):
user = Users.query.filter_by(id=user_id).first_or_404()
data = request.get_json()
data["id"] = user_id
# Admins should not be able to ban themselves
if data["id"] == session["id"] and (data.get("banned") is True
or data.get("banned") == "true"):
return (
{
"success": False,
"errors": {
"id": "You cannot ban yourself"
}
},
400,
)
schema = UserSchema(view="admin", instance=user, partial=True)
response = schema.load(data)
if response.errors:
return {"success": False, "errors": response.errors}, 400
db.session.commit()
response = schema.dump(response.data)
db.session.close()
clear_user_session(user_id=user_id)
clear_standings()
return {"success": True, "data": response}
def get(self, user_id):
user = Users.query.filter_by(id=user_id).first_or_404()
response = UserSchema(view=session.get('type', 'user')).dump(user)
if response.errors:
return {'success': False, 'errors': response.errors}, 400
response.data['place'] = user.place
response.data['score'] = user.score
return {'success': True, 'data': response.data}
def load_users_csv(dict_reader):
schema = UserSchema()
errors = []
for i, line in enumerate(dict_reader):
response = schema.load(line)
if response.errors:
errors.append((i, response.errors))
else:
db.session.add(response.data)
db.session.commit()
if errors:
return errors
return True
def get(self, user_id):
user = Users.query.filter_by(id=user_id).first_or_404()
if (user.banned or user.hidden) and is_admin() is False:
abort(404)
response = UserSchema(view=session.get("type", "user")).dump(user)
if response.errors:
return {"success": False, "errors": response.errors}, 400
response.data["place"] = user.place
response.data["score"] = user.score
return {"success": True, "data": response.data}
def get(self, query_args):
q = query_args.pop("q", None)
field = str(query_args.pop("field", None))
filters = build_model_filters(model=Users, query=q, field=field)
if is_admin() and request.args.get("view") == "admin":
users = (Users.query.filter_by(**query_args).filter(
*filters).paginate(per_page=50, max_per_page=100))
else:
users = (Users.query.filter_by(
banned=False, hidden=False,
**query_args).filter(*filters).paginate(per_page=50,
max_per_page=100))
response = UserSchema(view="user", many=True).dump(users.items)
if response.errors:
return {"success": False, "errors": response.errors}, 400
return {
"meta": {
"pagination": {
"page": users.page,
"next": users.next_num,
"prev": users.prev_num,
"pages": users.pages,
"per_page": users.per_page,
"total": users.total,
}
},
"success": True,
"data": response.data,
}
def patch(self):
user = get_current_user()
data = request.get_json()
schema = UserSchema(view="self", instance=user, partial=True)
response = schema.load(data)
if response.errors:
return {"success": False, "errors": response.errors}, 400
db.session.commit()
response = schema.dump(response.data)
db.session.close()
clear_standings()
return {"success": True, "data": response.data}
def post(self):
req = request.get_json()
schema = UserSchema('admin')
response = schema.load(req)
if response.errors:
return {'success': False, 'errors': response.errors}, 400
db.session.add(response.data)
db.session.commit()
clear_standings()
response = schema.dump(response.data)
return {'success': True, 'data': response.data}
class CommentSchema(ma.ModelSchema):
class Meta:
model = Comments
include_fk = True
dump_only = ("id", "date", "html", "author", "author_id", "type")
author = fields.Nested(UserSchema(only=("name",)))
html = fields.String()
def get(self):
users = Users.query.filter_by(banned=False, hidden=False)
response = UserSchema(view="user", many=True).dump(users)
if response.errors:
return {"success": False, "errors": response.errors}, 400
return {"success": True, "data": response.data}
def get(self):
users = Users.query.filter_by(banned=False)
response = UserSchema(view='user', many=True).dump(users)
if response.errors:
return {'success': False, 'errors': response.errors}, 400
return {'success': True, 'data': response.data}
def patch(self, user_id):
user = Users.query.filter_by(id=user_id).first_or_404()
data = request.get_json()
data["id"] = user_id
schema = UserSchema(view="admin", instance=user, partial=True)
response = schema.load(data)
if response.errors:
return {"success": False, "errors": response.errors}, 400
db.session.commit()
response = schema.dump(response.data)
db.session.close()
clear_standings()
return {"success": True, "data": response}
def post(self):
req = request.get_json()
schema = UserSchema("admin")
response = schema.load(req)
if response.errors:
return {"success": False, "errors": response.errors}, 400
db.session.add(response.data)
db.session.commit()
if request.args.get("notify"):
name = response.data.name
password = req.get("password")
clear_standings()
response = schema.dump(response.data)
return {"success": True, "data": response.data}
def get(self):
if is_admin() and request.args.get("view") == "admin":
users = Users.query.filter_by()
else:
users = Users.query.filter_by(banned=False, hidden=False)
response = UserSchema(view="user", many=True).dump(users)
if response.errors:
return {"success": False, "errors": response.errors}, 400
return {"success": True, "data": response.data}
def post(self):
req = request.get_json()
schema = UserSchema('admin')
response = schema.load(req)
if response.errors:
return {'success': False, 'errors': response.errors}, 400
db.session.add(response.data)
db.session.commit()
if request.args.get('notify'):
name = response.data.name
email = response.data.email
password = req.get('password')
user_created_notification(addr=email, name=name, password=password)
clear_standings()
response = schema.dump(response.data)
return {'success': True, 'data': response.data}
def verify(secret):
user = Users.query.filter_by(secret=secret).first()
if user is None:
return {"success": False}
if (user.banned or user.hidden) and is_admin() is False:
return {"success": False}
user_type = get_current_user_type(fallback="user")
response = UserSchema(view=user_type).dump(user)
if response.errors:
return {"success": False, "errors": response.errors}
return {"success": True, "username": response.data["name"]}
def get(self):
user = get_current_user()
response = UserSchema("self").dump(user).data
response["place"] = user.place
response["score"] = user.score
return {"success": True, "data": response}
def get(self):
user = get_current_user()
response = UserSchema('self').dump(user).data
response['place'] = user.place
response['score'] = user.score
return {'success': True, 'data': response}
