From 6fe4c57ecdc098372d917527a1d462267039388d Mon Sep 17 00:00:00 2001 From: David Tomaschik Date: Fri, 22 Feb 2019 00:04:23 -0600 Subject: [PATCH 1/2] Allow anonymous users to download attachments. This still validates that the challenge is open or the current user is an admin. Fixes #176. --- scoreboard/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scoreboard/views.py b/scoreboard/views.py index c9bc32e..7caa0a8 100644 --- a/scoreboard/views.py +++ b/scoreboard/views.py @@ -66,19 +66,19 @@ def render_index(): @app.route('/attachment/') -@utils.login_required def download(filename): """Download an attachment.""" attachment = models.Attachment.query.get_or_404(filename) - valid = models.User.current().admin + cuser = models.User.current() + valid = cuser and cuser.admin for ch in attachment.challenges: if ch.unlocked: valid = True break if not valid: flask.abort(404) - app.logger.info('Download of %s by %r.', attachment, models.User.current()) + app.logger.info('Download of %s by %r.', attachment, cuser or "Anonymous") return attachments.backend.send(attachment) From 3c62341a30553a231c79cd165c148331dc2f9291 Mon Sep 17 00:00:00 2001 From: David Tomaschik Date: Fri, 22 Feb 2019 00:11:25 -0600 Subject: [PATCH 2/2] Remove unused import. --- scoreboard/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scoreboard/views.py b/scoreboard/views.py index 7caa0a8..07704d9 100644 --- a/scoreboard/views.py +++ b/scoreboard/views.py @@ -19,7 +19,6 @@ from scoreboard import attachments from scoreboard import main from scoreboard import models -from scoreboard import utils app = main.get_app()