Skip to content

Conversation

@JJ-8
Copy link
Collaborator

@JJ-8 JJ-8 commented Apr 2, 2022

Now we first evaluate ctfnote_private.can_play_ctf before adding a task.

If it is not true (value can also be null), then we do not create and add the pad.
This prevents guests from adding tasks to CTFs they are not allowed to participate in.

Now we first evaluate `ctfnote_private.can_play_ctf` before adding a task.
If it is not true (value can also be `null`), then we do not create
and add the pad.
This prevents guests from adding tasks to CTFs they
are not allowed to participate in.
@JJ-8 JJ-8 added the security Something is incorreclty implemented label Apr 2, 2022
@JJ-8 JJ-8 changed the title Limit task creation by access controll Limit task creation by access control Apr 2, 2022
@JJ-8 JJ-8 requested a review from XeR April 2, 2022 10:23
Copy link
Contributor

@XeR XeR left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch.

@JJ-8 JJ-8 merged commit b3a9cb2 into TFNS:dev Apr 5, 2022
@JJ-8 JJ-8 deleted the create-task-access-control branch April 5, 2022 05:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security Something is incorreclty implemented

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants