def get_records_dev(users: [User]):
"""Get the records to add to the database for development"""
admins = [
Administrator(is_platform_admin=True,
user_id=users[len(users) - 4].id),
Administrator(is_platform_admin=True,
user_id=users[len(users) - 3].id),
Administrator(is_platform_admin=False,
user_id=users[len(users) - 2].id),
Administrator(is_platform_admin=False,
user_id=users[len(users) - 1].id)
]
return admins
def create_category(current_admin: Administrator):
"""Add a category """
body = flask_rebar.get_validated_body()
name = body["name"]
event_id = body["event_id"]
event = Event.query.filter_by(id=event_id).first()
if event is None:
raise errors.NotFound(f'Event with id "{event_id}" not found.')
if not current_admin.is_admin_of_event(event_id):
raise errors.Unauthorized(
"You do not have the permission to administer this event.")
category = Category.query.filter_by(name=name, event_id=event_id).first()
if category is not None:
raise errors.UnprocessableEntity(
"A category with that name already exists")
category = Category(name=name, event_id=event_id)
DB.session.add(category)
DB.session.commit()
return category
def register_administrator():
"""Register a new user"""
body = flask_rebar.get_validated_body()
email = body["email"]
username = body["username"]
password = body["password"]
# Validate user uniqueness constraint.
user = User.query.filter_by(email=email).first()
if user is not None:
administrator = user.get_administrator()
if administrator is not None:
raise errors.UnprocessableEntity("An administrator with that email already exists")
user = User.query.filter_by(username=username).first()
if user is not None:
administrator = user.get_administrator()
if administrator:
raise errors.UnprocessableEntity("An administrator with that username already exists for this event")
user = User(email=email, username=username)
user.set_password(password)
administrator = Administrator(is_platform_admin=False, user=user)
DB.session.add(administrator)
DB.session.commit()
return administrator, 201
def edit_challenge(current_admin: Administrator, challenge_id: int):
"""Edit a challenge and its associated ressources (flags, links, files)"""
body = flask_rebar.get_validated_body()
name = body["name"]
points = body["points"]
hidden = body["hidden"]
description = body["description"]
category_id = body["category_id"]
flags = body["flags"]
editable_challenge = Challenge.query.filter_by(id=challenge_id).first()
if editable_challenge is None:
raise errors.UnprocessableEntity("This challenge does not exist.")
if not current_admin.is_admin_of_event(
editable_challenge.category.event_id):
raise errors.Unauthorized(
"You do not have the permission to administer this challenge.")
if category_id != editable_challenge.category_id:
category = Category.query.filter_by(
id=category_id,
event_id=editable_challenge.category.event_id).first()
if category is None:
raise errors.UnprocessableEntity("The category doesn't exist.")
if name != editable_challenge.name:
if not name:
raise errors.UnprocessableEntity("Name must not be empty.")
challenge = Challenge.query.filter_by(name=name).first()
if challenge is not None:
raise errors.UnprocessableEntity(
"A challenge with that name already exists.")
if points != editable_challenge.points and points <= 0:
raise errors.UnprocessableEntity("Points must be positive.")
editable_challenge.name = name
editable_challenge.points = points
editable_challenge.hidden = hidden
editable_challenge.description = description
editable_challenge.category_id = category_id
flag_objects = list(
map(lambda flag: Flag(is_regex=flag['is_regex'], value=flag['value']),
flags))
editable_challenge.flags = flag_objects
DB.session.commit()
return editable_challenge
def make_challenge_hidden(current_admin: Administrator, challenge_id: int):
"""Make a challenge hidden"""
challenge = Challenge.query.filter_by(id=challenge_id).first()
if challenge is None:
raise errors.UnprocessableEntity("This challenge does not exist.")
if not current_admin.is_admin_of_event(challenge.category.event_id):
raise errors.Unauthorized(
"You do not have the permission to administer this challenge.")
challenge.hidden = True
DB.session.commit()
return {"name": "OK"}
def get_admin_challenge(current_admin: Administrator, challenge_id: int):
"""Get a single challenge by its id"""
challenge = Challenge.query.filter_by(id=challenge_id) \
.join(Challenge.category) \
.join(Challenge.flags) \
.first()
# TODOMAX : Add tags
# TODOMAX : Add files
# TODOMAX : Add links
if challenge is None:
raise errors.NotFound(f'Challenge with id "{challenge_id}" not found.')
if not current_admin.is_admin_of_event(challenge.category.event_id):
raise errors.Unauthorized(
"You do not have the permission to administer this challenge.")
return challenge
def delete_challenge(current_admin: Administrator, challenge_id: int):
"""Delete a challenge"""
challenge = Challenge.query.filter_by(id=challenge_id).first()
if challenge is None:
raise errors.UnprocessableEntity("This challenge does not exist.")
if not current_admin.is_admin_of_event(challenge.category.event_id):
raise errors.Unauthorized(
"You do not have the permission to administer this challenge.")
# Cleanup associated ressources
flags = Flag.query.filter_by(challenge_id=challenge_id).all()
submissions = Submission.query.filter_by(challenge_id=challenge_id).all()
DB.session.delete(challenge)
for flag in flags:
DB.session.delete(flag)
for submission in submissions:
DB.session.delete(submission)
DB.session.commit()
return ""
@fixture
def db_mock():
with local_patch("DB") as mock:
yield mock
@fixture
def current_user_mock():
with local_patch("current_user") as mock:
yield mock
A_EVENT = Event(id=0, name="Test Event", teams=True, is_open=False)
AN_ADMINISTRATOR = Administrator(id=0, is_platform_admin=True, user_id=0)
class TestCreateEvent:
REQUEST_BODY = {
"name": "Test Event",
"teams": True,
"is_open": False,
"is_visible": False,
"front_page": "",
"flag_format": ""
}
A_NEW_EVENT = Event(name=REQUEST_BODY["name"],
teams=REQUEST_BODY["teams"],
is_open=REQUEST_BODY["is_open"],
is_visible=REQUEST_BODY["is_visible"],
@fixture
def current_admin_mock():
with local_patch("current_admin") as mock:
yield mock
@fixture()
def require_admin_mock():
with local_patch('require_admin') as mock:
yield mock
A_EVENT = Event(id=0, name="Test Event", teams=True)
AN_ADMINISTRATOR = Administrator(id=0, is_platform_admin=True, user_id=0)
AN_ADMINISTRATOR.event_administrators = \
[EventAdministrator(id=0, administrator_id=0, event_id=A_EVENT, event=A_EVENT)]
ANOTHER_ADMINISTRATOR = Administrator(id=1, is_platform_admin=False, user_id=1)
A_CATEGORY = Category(id=None, event_id=A_EVENT, name="Category")
class TestCreateCategory:
REQUEST_BODY = {"event_id": 0, "name": "New Category"}
A_NEW_CATEGORY = Category(id=None,
event_id=REQUEST_BODY["event_id"],
name=REQUEST_BODY["name"])
@fixture(autouse=True)
def _rebar_mock(self, rebar_mock: MagicMock):
rebar_mock.get_validated_body.return_value = self.REQUEST_BODY
teams=True,
is_visible=False,
is_open=False)
A_CATEGORY_WITH_INVISIBLE_EVENT = Category(event_id=AN_INVISIBLE_EVENT,
name="event invisible")
A_CATEGORY = Category(event_id=AN_EVENT, name="event invisible")
A_CHALLENGE_WITH_INVISIBLE_EVENT = Challenge(
id=1,
name='A chall',
category_id=A_CATEGORY_WITH_INVISIBLE_EVENT.id,
category=A_CATEGORY_WITH_INVISIBLE_EVENT)
A_CHALLENGE = Challenge(id=1,
name='A chall2',
category_id=A_CATEGORY_WITH_INVISIBLE_EVENT.id,
category=A_CATEGORY_WITH_INVISIBLE_EVENT)
AN_ADMINISTRATOR = Administrator(id=0, is_platform_admin=True, user_id=0)
ANOTHER_ADMINISTRATOR = Administrator(id=1, is_platform_admin=False, user_id=1)
A_ROLE = 'role'
def has_current_administrator(*_, **kwargs):
return 'current_admin' in kwargs
def NOP(*_, **kwargs):
return kwargs
class TestRequireAdmin:
@fixture(autouse=True)