Deprecates storing user type in session (#1323)

* Deprecates storing session["type"] as a means of referring to the user's current level. Instead you should refer to the database. * Adds `CTFd.utils.user.get_current_user_type()` to get the current user's type or return None if the user is unauthed. * Closes #1279
2025-12-17 22:14:25 +01:00 · 2020-04-15 03:04:18 -04:00
parent c21707c14d
commit 578b5261b2
9 changed files with 24 additions and 18 deletions
--- a/CTFd/api/v1/users.py
+++ b/CTFd/api/v1/users.py
@@ -1,4 +1,4 @@
-from flask import abort, request, session
+from flask import abort, request
 from flask_restx import Namespace, Resource

 from CTFd.cache import clear_standings
@@ -22,7 +22,7 @@ from CTFd.utils.decorators.visibility import (
    check_score_visibility,
 )
 from CTFd.utils.email import sendmail, user_created_notification
-from CTFd.utils.user import get_current_user, is_admin
+from CTFd.utils.user import get_current_user, get_current_user_type, is_admin

 users_namespace = Namespace("users", description="Endpoint to retrieve Users")

@@ -80,7 +80,8 @@ class UserPublic(Resource):
        if (user.banned or user.hidden) and is_admin() is False:
            abort(404)

-        response = UserSchema(view=session.get("type", "user")).dump(user)
+        user_type = get_current_user_type(fallback="user")
+        response = UserSchema(view=user_type).dump(user)

        if response.errors:
            return {"success": False, "errors": response.errors}, 400