def check_private_or_public(match, team1, team2): if match.is_private_match(): if not g.user: raise BadRequestError("Please login before viewing this match.") # Get team lists, and check if logged in user is part of match. if (g.user.id == match.user_id) or ( config_setting('ADMINS_ACCESS_ALL_MATCHES') and g.user.admin) or g.user.super_admin: isPlayer = False playerstats_steam = [ r.steam_id for r in PlayerStats.query.filter( PlayerStats.match_id == match.id) ] playerList = list( set(team1.auths + team2.auths + playerstats_steam)) app.logger.info("Our list: {}".format(playerList)) if (config_setting('ADMINS_ACCESS_ALL_MATCHES') and g.user.admin) or g.user.super_admin: isPlayer = True else: for player in playerList: if g.user.steam_id == player: isPlayer = True break if not isPlayer: raise BadRequestError( "You cannot view this match as you were not a part of it!")
def admintools_check(user, tournament): if user is None: raise BadRequestError('You do not have access to this page') grant_admin_access = user.admin and get5.config_setting( 'ADMINS_ACCESS_ALL_TOURNAMENTS') if user.id != tournament.user_id and not grant_admin_access: raise BadRequestError('You do not have access to this page') if tournament.cancelled: raise BadRequestError('tournament is cancelled')
def super_admintools_check(match): if not g.user: raise BadRequestError('You do not have access to this page') if not g.user.super_admin: raise BadRequestError('You do not have access to this page') if match.finished(): raise BadRequestError('Match already finished') if match.cancelled: raise BadRequestError('Match is cancelled')
def super_admintools_check(user, match): if user is None: raise BadRequestError('You do not have access to this page') if not util.is_super_admin(user): raise BadRequestError('You do not have access to this page') if match.finished(): raise BadRequestError('Match already finished') if match.cancelled: raise BadRequestError('Match is cancelled')
def admintools_check(user, match): if user is None: raise BadRequestError('You do not have access to this page') grant_admin_access = user.admin and get5.config_setting( 'ADMINS_ACCESS_ALL_MATCHES') if user.id != match.user_id and not grant_admin_access: raise BadRequestError('You do not have access to this page') if match.finished(): raise BadRequestError('Match already finished') if match.cancelled: raise BadRequestError('Match is cancelled')
def match_adduser(matchid): match = Match.query.get_or_404(matchid) app.logger.info("Our user: {}".format(g.user)) admintools_check(match) server = GameServer.query.get_or_404(match.server_id) team = request.values.get('team') if not team: raise BadRequestError('No team specified') auth = request.values.get('auth') suc, new_auth = steamid.auth_to_steam64(auth) if suc: try: command = 'get5_addplayer {} {}'.format(new_auth, team) response = server.send_rcon_command(command, raise_errors=True) match_audit.create(g.user.id, matchid, datetime.now(), command) if (team == "spec"): MatchSpectator.set_or_create(matchid, new_auth) db.session.commit() flash(response) except util.RconError as e: flash('Failed to send command: ' + str(e)) else: flash('Invalid steamid: {}'.format(auth)) return redirect('/match/{}'.format(matchid))
def match_rcon(matchid): match = Match.query.get_or_404(matchid) command = request.values.get('command') server = GameServer.query.get_or_404(match.server_id) owns_server = util.is_server_owner(g.user, server) is_sadmin = g.user.super_admin # Check to see if user owns server. if not owns_server: if not is_sadmin: raise BadRequestError('You are not the server owner.') if command: try: rcon_response = server.send_rcon_command(command, raise_errors=True) if rcon_response: rcon_response = Markup(rcon_response.replace('\n', '<br>')) else: rcon_response = 'No output' flash(rcon_response) # Store the command. match_audit.create(g.user.id, matchid, datetime.now(), command) db.session.commit() except util.RconError as e: print(e) flash('Failed to send command: ' + str(e)) return redirect('/match/{}'.format(matchid))
def server_delete(serverid): server = GameServer.query.get_or_404(serverid) is_owner = g.user and (g.user.id == server.user_id) is_sadmin = g.user and util.is_super_admin(g.user) if not is_owner: if not is_sadmin: raise BadRequestError('You do not have access to this server.') if server.in_use: raise BadRequestError('Cannot delete server when in use.') matches = g.user.matches.filter_by(server_id=serverid) for m in matches: m.server_id = None GameServer.query.filter_by(id=serverid).delete() db.session.commit() return redirect('myservers')
def team_delete(teamid): team = Team.query.get_or_404(teamid) if not team.can_delete(g.user): raise BadRequestError("Cannot delete this team.") if Team.query.filter_by(id=teamid).delete(): db.session.commit() return redirect('/myteams')
def server_edit(serverid): server = GameServer.query.get_or_404(serverid) is_owner = (g.user and (util.is_server_owner(g.user, server))) is_sadmin = (g.user and util.is_super_admin(g.user)) app.logger.info("Owner: {} Sadmin: {}".format(is_owner, is_sadmin)) if not is_owner: if not is_sadmin: raise BadRequestError('You do not have access to this server.') # Attempt encryption/decryption rconDecrypt = util.decrypt(dbKey, server.rcon_password) form = ServerForm(request.form, display_name=server.display_name, ip_string=server.ip_string, port=server.port, rcon_password=server.rcon_password if rconDecrypt is None else rconDecrypt, public_server=server.public_server) if request.method == 'POST': if form.validate(): mock = app.config['TESTING'] data = form.data if not mock: encRcon = util.encrypt(dbKey, str(data['rcon_password'])) else: encRcon = data['rcon_password'] server.display_name = data['display_name'] server.ip_string = data['ip_string'] server.port = data['port'] server.rcon_password = encRcon server.public_server = (data['public_server'] and util.is_admin(g.user)) if mock or util.check_server_connection(server, dbKey): db.session.commit() return redirect('/myservers') else: db.session.remove() flash('Failed to connect to server') else: flash_errors(form) return render_template('server_create.html', user=g.user, form=form, edit=True, is_admin=util.is_admin(g.user), is_sadmin=util.is_super_admin(g.user))
def match_adduser(matchid): match = Match.query.get_or_404(matchid) admintools_check(g.user, match) server = GameServer.query.get_or_404(match.server_id) team = request.values.get('team') if not team: raise BadRequestError('No team specified') auth = request.values.get('auth') suc, new_auth = steamid.auth_to_steam64(auth) if suc: try: command = 'get5_addplayer {} {}'.format(new_auth, team) response = server.send_rcon_command(command, raise_errors=True) flash(response) except util.RconError as e: flash('Failed to send command: ' + str(e)) else: flash('Invalid steamid: {}'.format(auth)) return redirect('/match/{}'.format(matchid))
def match_forfeit(matchid, teamwinner): match = Match.query.get_or_404(matchid) super_admintools_check(match) if teamwinner == 1: winnerId = match.team1_id elif teamwinner == 2: winnerId = match.team2_id else: raise BadRequestError('Did not select a proper team.') match.winner = winnerId map_stats = MapStats.get_or_create(match.id, 0, '', '') if teamwinner == 1: match.team1_score = 1 match.team2_score = 0 map_stats.team1_score = 16 else: match.team1_score = 0 match.team2_score = 1 map_stats.team2_score = 16 match.start_time = datetime.now() match.end_time = datetime.now() match.forfeit = 1 map_stats.end_time = datetime.now() map_stats.winner = winnerId server = GameServer.query.get(match.server_id) if server: server.in_use = False db.session.commit() try: server.send_rcon_command('get5_endmatch', raise_errors=True) except util.RconError as e: flash('Failed to cancel match: ' + str(e)) return redirect('/mymatches')
def team_edit(teamid): mock = config_setting("TESTING") customNames = config_setting("CUSTOM_PLAYER_NAMES") team = Team.query.get_or_404(teamid) if not team.can_edit(g.user): raise BadRequestError("Not your team.") form = TeamForm() # We wish to query this every time, since we can now upload photos. if not mock: form.logo.choices = logos.get_logo_choices() if request.method == 'GET': # Set values here, as per new FlaskForms. form.name.data = team.name form.tag.data = team.tag form.country_flag.data = team.flag form.logo.data = team.logo for field in form: if "auth" in field.name: try: field.data = team.auths[ int(re.search(r'\d+', field.name).group()) - 1] except: field.data = None if "pref_name" in field.name: try: field.data = team.preferred_names[ int(re.search(r'\d+', field.name).group()) - 1] except: field.data = None form.public_team.data = team.public_team return render_template('team_create.html', user=g.user, form=form, edit=True, is_admin=(g.user.admin or g.user.super_admin), MAXPLAYER=Team.MAXPLAYERS, customNames=customNames) elif request.method == 'POST': if form.validate(): data = form.data public_team = team.public_team if (g.user.admin or g.user.super_admin): public_team = data['public_team'] # Update the logo. Passing validation we have the filename in the # list now. if not mock and (g.user.admin or g.user.super_admin) and form.upload_logo.data: filename = secure_filename(form.upload_logo.data.filename) index_of_dot = filename.index('.') newLogoDetail = filename[:index_of_dot] # Reinit our logos. logos.add_new_logo(newLogoDetail) data['logo'] = newLogoDetail allAuths = form.get_auth_list() allNames = form.get_pref_list() team.set_data(data['name'], data['tag'], data['country_flag'], data['logo'], allAuths, public_team, allNames) for auth, name in itertools.izip_longest(allAuths, allNames): if auth: teamNames = TeamAuthNames.set_or_create(teamid, auth, name) db.session.commit() return redirect('/teams/{}'.format(team.user_id)) else: flash_errors(form) return render_template('team_create.html', user=g.user, form=form, edit=True, is_admin=g.user.admin, MAXPLAYER=Team.MAXPLAYERS)
def match_demo_api_check(request, match): if match.api_key != request.values.get('key'): raise BadRequestError('Wrong API key')
def match_api_check(request, match): if match.api_key != request.values.get('key'): raise BadRequestError('Wrong API key') if match.finalized(): raise BadRequestError('Match already finalized')