diff --git a/packet/__init__.py b/packet/__init__.py index 82e21194..85102f50 100644 --- a/packet/__init__.py +++ b/packet/__init__.py @@ -7,7 +7,7 @@ import os import csh_ldap -import onesignal_sdk.client as onesignal +import onesignal from flask import Flask from flask_gzip import Gzip from flask_migrate import Migrate @@ -57,7 +57,7 @@ app.config['ONESIGNAL_CSH_APP_ID']: csh_onesignal_client = onesignal.Client( user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'], - rest_api_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'], + app_auth_key=app.config['ONESIGNAL_CSH_APP_AUTH_KEY'], app_id=app.config['ONESIGNAL_CSH_APP_ID'] ) app.logger.info('CSH Onesignal configured and notifications enabled') @@ -68,7 +68,7 @@ app.config['ONESIGNAL_INTRO_APP_ID']: intro_onesignal_client = onesignal.Client( user_auth_key=app.config['ONESIGNAL_USER_AUTH_KEY'], - rest_api_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'], + app_auth_key=app.config['ONESIGNAL_INTRO_APP_AUTH_KEY'], app_id=app.config['ONESIGNAL_INTRO_APP_ID'] ) app.logger.info('Intro Onesignal configured and notifications enabled') diff --git a/packet/notifications.py b/packet/notifications.py index 49b89fb7..5ec511a3 100644 --- a/packet/notifications.py +++ b/packet/notifications.py @@ -1,7 +1,7 @@ from datetime import datetime from typing import Any, Callable, TypeVar, cast -import onesignal_sdk.client as onesignal +import onesignal from packet import app, intro_onesignal_client, csh_onesignal_client from packet.models import NotificationSubscription, Packet @@ -48,7 +48,7 @@ def packet_signed_notification(packet: Packet, signer: str) -> None: subscriptions = NotificationSubscription.query.filter_by(freshman_username=packet.freshman_username) if subscriptions: notification_body = post_body - notification_body['contents']['en'] = signer + " signed your packet! Congrats or I'm Sorry" + notification_body['contents']['en'] = signer + ' signed your packet!' notification_body['headings']['en'] = 'New Packet Signature!' notification_body['chrome_web_icon'] = 'https://profiles.csh.rit.edu/image/' + signer notification_body['url'] = app.config['PROTOCOL'] + app.config['PACKET_INTRO'] diff --git a/packet/routes/api.py b/packet/routes/api.py index 21d9f0d9..c3649622 100644 --- a/packet/routes/api.py +++ b/packet/routes/api.py @@ -96,10 +96,14 @@ def sync_ldap(): @app.route('/api/v1/packets/', methods=['GET']) @packet_auth -def get_packets_by_user(username: str) -> dict: +@before_request +def get_packets_by_user(username: str, info=None) -> dict: """ Return a dictionary of packets for a freshman by username, giving packet start and end date by packet id """ + + if info['ritdn'] != username: + return 'Forbidden - not your packet', 403 frosh = Freshman.by_username(username) return {packet.id: { @@ -110,10 +114,15 @@ def get_packets_by_user(username: str) -> dict: @app.route('/api/v1/packets//newest', methods=['GET']) @packet_auth -def get_newest_packet_by_user(username: str) -> dict: +@before_request +def get_newest_packet_by_user(username: str, info=None) -> dict: """ Return a user's newest packet """ + + if not info['is_upper'] and info['ritdn'] != username: + return 'Forbidden - not your packet', 403 + frosh = Freshman.by_username(username) packet = frosh.packets[-1] @@ -130,13 +139,17 @@ def get_newest_packet_by_user(username: str) -> dict: @app.route('/api/v1/packet/', methods=['GET']) @packet_auth -def get_packet_by_id(packet_id: int) -> dict: +@before_request +def get_packet_by_id(packet_id: int, info=None) -> dict: """ Return the scores of the packet in question """ packet = Packet.by_id(packet_id) + if not info['is_upper'] and info['ritdn'] != packet.freshman.rit_username: + return 'Forbidden - not your packet', 403 + return { 'required': vars(packet.signatures_required()), 'received': vars(packet.signatures_received()), @@ -198,13 +211,20 @@ def report(info): @app.route('/api/v1/stats/packet/') @packet_auth -def packet_stats(packet_id): +@before_request +def packet_stats(packet_id, info=None): + if not info['is_upper'] and info['ritdn'] != Packet.by_id(packet_id).freshman.rit_username: + return 'Forbidden - not your packet', 403 return stats.packet_stats(packet_id) @app.route('/api/v1/stats/upperclassman/') @packet_auth -def upperclassman_stats(uid): +@before_request +def upperclassman_stats(uid, info=None): + if not info['is_upper']: + return 'Forbidden', 403 + return stats.upperclassman_stats(uid) diff --git a/packet/static/js/signing.js b/packet/static/js/signing.js index 40b3872c..da7281a1 100644 --- a/packet/static/js/signing.js +++ b/packet/static/js/signing.js @@ -26,7 +26,7 @@ $(document).ready(function () { method: "POST", success: function (data) { dialogs.fire({ - title: "Congratulations or I'm sorry", + title: "Packet Signed", text: "You've signed " + packetData.freshman_name + "'s packet", type: "success", }) diff --git a/packet/templates/active_packets.html b/packet/templates/active_packets.html index 343649a9..bd8fdc3e 100644 --- a/packet/templates/active_packets.html +++ b/packet/templates/active_packets.html @@ -112,5 +112,7 @@

Active Packets

{% block scripts %} {{ super() }} - + {% if info.realm == "csh" %} + + {% endif %} {% endblock %} diff --git a/requirements.txt b/requirements.txt index 4b0024a2..33c1bbe4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ ddtrace flask_sqlalchemy~=2.5.1 gunicorn~=20.0.4 mypy -onesignal-sdk~=2.0.0 +onesignal-sdk~=1.0.0 psycopg2-binary~=2.8.6 pylint-quotes~=0.2.1 pylint~=2.7.2