.BANCHO. Add more privileges check through direct privilege value

2016-11-15 19:27:21 +01:00 · 2016-11-15 19:27:21 +01:00 · 7b06f2921e
commit 7b06f2921e
parent ef940771d8
5 changed files with 22 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ filters.txt
 common_funzia
 common_refractor
 common_memato
+redistest.py
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 5c4ce6b7c8d03de8c25b379b2ebfb2229982af97
+Subproject commit cccd6208170f34ab070a15bbbc0fc768bb3bd4df
--- a/events/changeActionEvent.py
+++ b/events/changeActionEvent.py
@ -11,14 +11,17 @@ def handle(userToken, packetData):
 	userID = userToken.userID
 	username = userToken.username

+	# Update privileges
+	userToken.updatePrivileges()
+
 	# Make sure we are not banned
-	if userUtils.isBanned(userID):
+	if userUtils.isBanned(priv=userToken.privileges):
 		userToken.enqueue(serverPackets.loginBanned())
 		return

 	# Send restricted message if needed
 	if not userToken.restricted:
-		if userUtils.isRestricted(userID):
+		if userUtils.isRestricted(priv=userToken.privileges):
 			userToken.setRestricted()

 	# Change action packet
--- a/events/loginEvent.py
+++ b/events/loginEvent.py
@ -64,9 +64,9 @@ def handle(tornadoRequest):

 		# Make sure we are not banned or locked
 		priv = userUtils.getPrivileges(userID)
-		if userUtils.isBanned(userID) == True and priv & privileges.USER_PENDING_VERIFICATION == 0:
+		if userUtils.isBanned(priv=priv) == True and not userUtils.isPending(priv=priv):
 			raise exceptions.loginBannedException()
-		if userUtils.isLocked(userID) == True and priv & privileges.USER_PENDING_VERIFICATION == 0:
+		if userUtils.isLocked(priv=priv) == True and not userUtils.isPending(priv=priv):
 			raise exceptions.loginLockedException()

 		# 2FA check
@ -195,6 +195,10 @@ def handle(tornadoRequest):
 			location = locationHelper.getLocation(requestIP)
 			countryLetters = locationHelper.getCountry(requestIP)
 			country = countryHelper.getCountryID(countryLetters)
+
+			# Set country in db if user has no country (first bancho login)
+			if userUtils.getCountry(userID) == "XX":
+				userUtils.setCountry(userID, countryLetters)
 		else:
 			# Set location to 0,0 and get country from db
 			log.warning("Location skipped")
@ -206,10 +210,6 @@ def handle(tornadoRequest):
 		responseToken.setLocation(location)
 		responseToken.setCountry(country)

-		# Set country in db if user has no country (first bancho login)
-		if userUtils.getCountry(userID) == "XX":
-			userUtils.setCountry(userID, countryLetters)
-
 		# Send to everyone our userpanel if we are not restricted or tournament
 		if not responseToken.restricted:
 			glob.streams.broadcast("main", serverPackets.userPanel(userID))
--- a/objects/osuToken.py
+++ b/objects/osuToken.py
@ -30,7 +30,7 @@ class token:
 		self.privileges = userUtils.getPrivileges(self.userID)
 		self.admin = userUtils.isInPrivilegeGroup(self.userID, "developer") or userUtils.isInPrivilegeGroup(self.userID, "community manager")
 		self.irc = irc
-		self.restricted = userUtils.isRestricted(self.userID)
+		self.restricted = userUtils.isRestricted(priv=self.privileges)
 		self.loginTime = int(time.time())
 		self.pingTime = self.loginTime
 		self.timeOffset = timeOffset
@ -440,4 +440,11 @@ class token:
 		if self.awayMessage == "" or userID in self.sentAway:
 			return False
 		self.sentAway.append(userID)
-		return True
+		return True
+
+	def updatePrivileges(self):
+		"""
+		Force updating self.privileges from db
+		:return:
+		"""
+		self.privileges = userUtils.getPrivileges(self.userID)