Merge pull request #315 from ComputerScienceHouse/develop

Update master

Author: devinmatte

packet/__init__.py

@@ -7,7 +7,7 @@
 import os
 
 import csh_ldap
-import onesignal_sdk.client as onesignal
+import onesignal
 from flask import Flask
 from flask_gzip import Gzip
 from flask_migrate import Migrate
@@ -57,7 +57,7 @@
    app.config['ONESIGNAL_CSH_APP_ID']:
     csh_onesignal_client = onesignal.Client(
         user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'],
-        rest_api_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'],
+        app_auth_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'],
         app_id=app.config['ONESIGNAL_CSH_APP_ID']
     )
     app.logger.info('CSH Onesignal configured and notifications enabled')
@@ -68,7 +68,7 @@
    app.config['ONESIGNAL_INTRO_APP_ID']:
     intro_onesignal_client = onesignal.Client(
         user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'],
-        rest_api_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'],
+        app_auth_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'],
         app_id=app.config['ONESIGNAL_INTRO_APP_ID']
     )
     app.logger.info('Intro Onesignal configured and notifications enabled')

packet/notifications.py

@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import Any, Callable, TypeVar, cast
 
-import onesignal_sdk.client as onesignal
+import onesignal
 
 from packet import app, intro_onesignal_client, csh_onesignal_client
 from packet.models import NotificationSubscription, Packet
@@ -48,7 +48,7 @@ def packet_signed_notification(packet: Packet, signer: str) -> None:
     subscriptions = NotificationSubscription.query.filter_by(freshman_username=packet.freshman_username)
     if subscriptions:
         notification_body = post_body
-        notification_body['contents']['en'] = signer + " signed your packet! Congrats or I'm Sorry"
+        notification_body['contents']['en'] = signer + ' signed your packet!'
         notification_body['headings']['en'] = 'New Packet Signature!'
         notification_body['chrome_web_icon'] = 'https://profiles.csh.rit.edu/image/' + signer
         notification_body['url'] = app.config['PROTOCOL'] + app.config['PACKET_INTRO']

packet/routes/api.py

@@ -96,10 +96,14 @@ def sync_ldap():
 
 @app.route('/api/v1/packets/<username>', methods=['GET'])
 @packet_auth
-def get_packets_by_user(username: str) -> dict:
+@before_request
+def get_packets_by_user(username: str, info=None) -> dict:
     """
     Return a dictionary of packets for a freshman by username, giving packet start and end date by packet id
     """
+
+    if info['ritdn'] != username:
+        return 'Forbidden - not your packet', 403
     frosh = Freshman.by_username(username)
 
     return {packet.id: {
@@ -110,10 +114,15 @@ def get_packets_by_user(username: str) -> dict:
 
 @app.route('/api/v1/packets/<username>/newest', methods=['GET'])
 @packet_auth
-def get_newest_packet_by_user(username: str) -> dict:
+@before_request
+def get_newest_packet_by_user(username: str, info=None) -> dict:
     """
     Return a user's newest packet
     """
+
+    if not info['is_upper'] and info['ritdn'] != username:
+        return 'Forbidden - not your packet', 403
+
     frosh = Freshman.by_username(username)
 
     packet = frosh.packets[-1]
@@ -130,13 +139,17 @@ def get_newest_packet_by_user(username: str) -> dict:
 
 @app.route('/api/v1/packet/<packet_id>', methods=['GET'])
 @packet_auth
-def get_packet_by_id(packet_id: int) -> dict:
+@before_request
+def get_packet_by_id(packet_id: int, info=None) -> dict:
     """
     Return the scores of the packet in question
     """
 
     packet = Packet.by_id(packet_id)
 
+    if not info['is_upper'] and info['ritdn'] != packet.freshman.rit_username:
+        return 'Forbidden - not your packet', 403
+
     return {
         'required': vars(packet.signatures_required()),
         'received': vars(packet.signatures_received()),
@@ -198,13 +211,20 @@ def report(info):
 
 @app.route('/api/v1/stats/packet/<packet_id>')
 @packet_auth
-def packet_stats(packet_id):
+@before_request
+def packet_stats(packet_id, info=None):
+    if not info['is_upper'] and info['ritdn'] != Packet.by_id(packet_id).freshman.rit_username:
+        return 'Forbidden - not your packet', 403
     return stats.packet_stats(packet_id)
 
 
 @app.route('/api/v1/stats/upperclassman/<uid>')
 @packet_auth
-def upperclassman_stats(uid):
+@before_request
+def upperclassman_stats(uid, info=None):
+    if not info['is_upper']:
+        return 'Forbidden', 403
+
     return stats.upperclassman_stats(uid)
 
 

packet/static/js/signing.js

@@ -26,7 +26,7 @@ $(document).ready(function () {
                         method: "POST",
                         success: function (data) {
                             dialogs.fire({
-                                title: "Congratulations or I'm sorry",
+                                title: "Packet Signed",
                                 text: "You've signed " + packetData.freshman_name + "'s packet",
                                 type: "success",
                             })

packet/templates/active_packets.html

@@ -112,5 +112,7 @@ <h4 class="page-title">Active Packets</h4>
 
 {% block scripts %}
     {{ super() }}
-    <script src="{{ url_for('static', filename='js/tables.min.js') }}"></script>
+    {% if info.realm == "csh" %}
+        <script src="{{ url_for('static', filename='js/tables.min.js') }}"></script>
+    {% endif %}
 {% endblock %}

requirements.txt

@@ -8,7 +8,7 @@ ddtrace
 flask_sqlalchemy~=2.5.1
 gunicorn~=20.0.4
 mypy
-onesignal-sdk~=2.0.0
+onesignal-sdk~=1.0.0
 psycopg2-binary~=2.8.6
 pylint-quotes~=0.2.1
 pylint~=2.7.2