updated views to use is_staff

dlareau · Dec 22, 2015 · 2aca007 · 2aca007
1 parent f656e05
commit 2aca007
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 34 deletions.
diff --git a/huntserver/migrations/0031_auto_20151221_1105.py b/huntserver/migrations/0031_auto_20151221_1105.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('huntserver', '0030_auto_20151016_1021'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='hunt',
+            options={'permissions': (('view_task', 'Can see available tasks'),)},
+        ),
+    ]
diff --git a/huntserver/migrations/0032_auto_20151221_1242.py b/huntserver/migrations/0032_auto_20151221_1242.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('huntserver', '0031_auto_20151221_1105'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='hunt',
+            options={},
+        ),
+    ]
diff --git a/huntserver/puzzle.py b/huntserver/puzzle.py
@@ -67,7 +67,7 @@ def unlock_puzzles(team):
 # and convert it to PNGs. It first clears the old PNGs and PDFs.
 # Has to also get number of pages so that the whole pdf doesn't become one image
 def download_puzzles(hunt):
-    directory = "/home/hunt/puzzlehunt_server/huntserver/static/huntserver/puzzles"
+    directory = "static/huntserver/puzzles"
     # TODO: maybe move folder, see if success, then delete.
     # maybe overwrite files with wget?
 
@@ -86,7 +86,7 @@ def download_puzzles(hunt):
         for i in range(pages):
             call(["convert", "-density", "200", "-scale", "x1000", file_str + "[" + str(i) + "]", directory + "/" + puzzle.puzzle_id + "-" + str(i) + ".png"])
 
-    call(["python", "/home/hunt/puzzlehunt_server/manage.py", "collectstatic"])
+    call(["python", "kmanage.py", "collectstatic"])
     #get document: wget {{URL}} -O {{FILENAME}}
     #get pages: pdfinfo {{FILENAME}} | grep Pages | awk '{print $2}'
     #convert: convert -density 200 -scale x1000 {{FILENAME}}[i] {{OUTFILE}}

diff --git a/huntserver/views.py b/huntserver/views.py
@@ -8,19 +8,14 @@
 from subprocess import check_output
 from django.http import HttpResponse, HttpResponseNotFound
 from django.contrib.auth import authenticate
+from django.contrib.admin.views.decorators import staff_member_required
 import json
 
 from .models import *
 from .forms import *
 from .puzzle import *
 from .redis import *
 
-def is_admin(request):
-    if request.user.is_authenticated():
-        if request.user.username in settings.ADMIN_ACCTS:
-            return True
-    return False
-
 # All static file requests are routed through here with file_path resembling:
 # huntserver/puzzles/001.pdf or admin/js/somefile.js etc...
 def protected_static(request, file_path):
@@ -134,7 +129,7 @@ def hunt(request, hunt_num):
 
     # Admins get all access, wrong teams/early lookers get an error page
     # real teams get appropriate puzzles, and puzzles from past hunts are public
-    if(is_admin(request)):
+    if(request.user.is_staff):
         puzzle_list = hunt.puzzle_set.all()
     # Hunt has not yet started
     elif(hunt.is_locked):
@@ -191,7 +186,7 @@ def puzzle(request, puzzle_id):
             form = AnswerForm()
             # Directory for puzzle PNGs
             # TODO: what do we do if this doesn't exist
-            directory = "/home/hunt/puzzlehunt_server/static/huntserver/puzzles"
+            directory = "static/huntserver/puzzles"
             file_str = directory + "/" +  puzzle.puzzle_id + ".pdf"
             # Ideally this should be done some other way to reduce command calls
             print("pdfinfo " + file_str + " | grep Pages | awk '{print $2}'")
@@ -203,10 +198,8 @@ def puzzle(request, puzzle_id):
             return render(request, 'access_error.html')
 
 
-@login_required
+@staff_member_required
 def queue(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
 
     # Process admin responses to submissions
     if request.method == 'POST':
@@ -229,11 +222,9 @@ def queue(request):
         return render(request, 'queue.html', context)
 
 
-@login_required
-def progress(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
 
+@staff_member_required
+def progress(request):
     # Admin unlocking a puzzle
     if request.method == 'POST':
         form = UnlockForm(request.POST)
@@ -272,11 +263,8 @@ def progress(request):
         context = {'puzzle_list':puzzles, 'team_list':teams, 'sol_array':sol_array}
         return render(request, 'progress.html', context)
 
-@login_required
+@staff_member_required
 def charts(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
-
     curr_hunt = Hunt.objects.get(hunt_number=settings.CURRENT_HUNT_NUM)
     puzzles = curr_hunt.puzzle_set.all().order_by('puzzle_number')
     #submissions = Submission.objects.filter(puzzle__hunt=curr_hunt).all().order_by('submission_time')
@@ -325,11 +313,8 @@ def unlockables(request):
     unlockables = Unlockable.objects.filter(puzzle__in=team.solved.all())
     return render(request, 'unlockables.html', {'unlockables': unlockables})
 
-@login_required
+@staff_member_required
 def admin_chat(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
-
     curr_hunt = Hunt.objects.get(hunt_number=settings.CURRENT_HUNT_NUM)
     messages = Message.objects.filter(team__hunt=curr_hunt).order_by('team', 'time')
     message_list = []
@@ -340,11 +325,8 @@ def admin_chat(request):
     return render(request, 'staff_chat.html', {'messages': message_list})
 
 # Not actually a page, just various control functions
-@login_required
+@staff_member_required
 def control(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
-
     curr_hunt = Hunt.objects.get(hunt_number=settings.CURRENT_HUNT_NUM)
     teams = curr_hunt.team_set.all().order_by('team_name')
     if request.GET.get('initial'):
@@ -371,10 +353,8 @@ def public_stats(request):
     newest_hunt = 1
     return hunt(request, newest_hunt)
 
+@staff_member_required
 def emails(request):
-    if(not is_admin(request)):
-        return render(request, 'access_error.html')
-
     people = Person.objects.filter(team__hunt__hunt_number=settings.CURRENT_HUNT_NUM)
     emails = []
     for person in people:

diff --git a/puzzlehunt_server/settings.py b/puzzlehunt_server/settings.py
@@ -14,7 +14,7 @@
 from secret_settings import *
 
 """ PLEASE UPDATE BEFORE STARTING HUNT DEVELOPMENT """
-CURRENT_HUNT_NUM = 2
+CURRENT_HUNT_NUM = 1
 
 """ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! """
 
@@ -31,7 +31,7 @@
 # Key now in file not tracked by git
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
+DEBUG = True
 
 ALLOWED_HOSTS = ['*']