diff --git a/CTFd/api/v1/teams.py b/CTFd/api/v1/teams.py index 863752e0..487220ad 100644 --- a/CTFd/api/v1/teams.py +++ b/CTFd/api/v1/teams.py @@ -18,6 +18,7 @@ from CTFd.schemas.submissions import SubmissionSchema from CTFd.schemas.teams import TeamSchema from CTFd.utils import get_config from CTFd.utils.decorators import admins_only, authed_only, require_team +from CTFd.utils.decorators.modes import require_team_mode from CTFd.utils.decorators.visibility import ( check_account_visibility, check_score_visibility, @@ -50,6 +51,8 @@ teams_namespace.schema_model( @teams_namespace.route("") class TeamList(Resource): + method_decorators = [require_team_mode] + @check_account_visibility @teams_namespace.doc( description="Endpoint to get Team objects in bulk", @@ -159,6 +162,8 @@ class TeamList(Resource): @teams_namespace.route("/") @teams_namespace.param("team_id", "Team ID") class TeamPublic(Resource): + method_decorators = [require_team_mode] + @check_account_visibility @teams_namespace.doc( description="Endpoint to get a specific Team object", @@ -247,6 +252,8 @@ class TeamPublic(Resource): @teams_namespace.route("/me") @teams_namespace.param("team_id", "Current Team") class TeamPrivate(Resource): + method_decorators = [require_team_mode] + @authed_only @require_team @teams_namespace.doc( @@ -376,6 +383,8 @@ class TeamPrivate(Resource): @teams_namespace.route("/me/members") class TeamPrivateMembers(Resource): + method_decorators = [require_team_mode] + @authed_only @require_team def post(self): @@ -397,6 +406,8 @@ class TeamPrivateMembers(Resource): @teams_namespace.route("//members") @teams_namespace.param("team_id", "Team ID") class TeamMembers(Resource): + method_decorators = [require_team_mode] + @admins_only def get(self, team_id): team = Teams.query.filter_by(id=team_id).first_or_404() @@ -485,6 +496,8 @@ class TeamMembers(Resource): @teams_namespace.route("/me/solves") class TeamPrivateSolves(Resource): + method_decorators = [require_team_mode] + @authed_only @require_team def get(self): @@ -504,6 +517,8 @@ class TeamPrivateSolves(Resource): @teams_namespace.route("/me/fails") class TeamPrivateFails(Resource): + method_decorators = [require_team_mode] + @authed_only @require_team def get(self): @@ -532,6 +547,8 @@ class TeamPrivateFails(Resource): @teams_namespace.route("/me/awards") class TeamPrivateAwards(Resource): + method_decorators = [require_team_mode] + @authed_only @require_team def get(self): @@ -551,6 +568,8 @@ class TeamPrivateAwards(Resource): @teams_namespace.route("//solves") @teams_namespace.param("team_id", "Team ID") class TeamPublicSolves(Resource): + method_decorators = [require_team_mode] + @check_account_visibility @check_score_visibility def get(self, team_id): @@ -574,6 +593,8 @@ class TeamPublicSolves(Resource): @teams_namespace.route("//fails") @teams_namespace.param("team_id", "Team ID") class TeamPublicFails(Resource): + method_decorators = [require_team_mode] + @check_account_visibility @check_score_visibility def get(self, team_id): @@ -606,6 +627,8 @@ class TeamPublicFails(Resource): @teams_namespace.route("//awards") @teams_namespace.param("team_id", "Team ID") class TeamPublicAwards(Resource): + method_decorators = [require_team_mode] + @check_account_visibility @check_score_visibility def get(self, team_id): diff --git a/CTFd/utils/decorators/__init__.py b/CTFd/utils/decorators/__init__.py index 78201643..4824797c 100644 --- a/CTFd/utils/decorators/__init__.py +++ b/CTFd/utils/decorators/__init__.py @@ -150,7 +150,9 @@ def require_team(f): abort(403) else: return redirect(url_for("teams.private", next=request.full_path)) - return f(*args, **kwargs) + return f(*args, **kwargs) + else: + abort(404) return require_team_wrapper