1580 fix hidden admin scores (#1581)

* Fix issue where admins could not see user graphs/api data if score visibility was set to hidden * Closes #1580
2026-01-26 01:14:24 +01:00 · 2020-08-04 13:23:46 -04:00
parent 324fdeda4a
commit 5d7e0e39c7
3 changed files with 71 additions and 4 deletions
--- a/CTFd/utils/decorators/visibility.py
+++ b/CTFd/utils/decorators/visibility.py
@@ -30,10 +30,18 @@ def check_score_visibility(f):
                    return redirect(url_for("auth.login", next=request.full_path))

        elif v == ScoreVisibilityTypes.HIDDEN:
-            return (
-                render_template("errors/403.html", error="Scores are currently hidden"),
-                403,
-            )
+            if is_admin():
+                return f(*args, **kwargs)
+            else:
+                if request.content_type == "application/json":
+                    abort(403)
+                else:
+                    return (
+                        render_template(
+                            "errors/403.html", error="Scores are currently hidden"
+                        ),
+                        403,
+                    )

        elif v == ScoreVisibilityTypes.ADMINS:
            if is_admin():