Workspace: Fix dojo challenge import resolve

dojo_plugin/api/v1/docker.py

@@ -82,8 +82,6 @@ def get_available_devices(docker_client):
     return devices
 
 def start_container(docker_client, user, as_user, user_mounts, dojo_challenge, practice):
-    resolved_dojo_challenge = dojo_challenge.resolve()
-
     start_time = time.time()
     hostname = "~".join(
         (["practice"] if practice else [])
@@ -101,7 +99,7 @@ def start_container(docker_client, user, as_user, user_mounts, dojo_challenge, p
 
     challenge_bin_path = "/run/challenge/bin"
     dojo_bin_path = "/run/dojo/bin"
-    image = docker_client.images.get(resolved_dojo_challenge.image)
+    image = docker_client.images.get(dojo_challenge.image)
     image_env = image.attrs["Config"].get("Env") or []
     image_path = next((env_var[len("PATH="):].split(":") for env_var in image_env if env_var.startswith("PATH=")), [])
     env_path = ":".join([challenge_bin_path, dojo_bin_path, *image_path])
@@ -128,13 +126,13 @@ def start_container(docker_client, user, as_user, user_mounts, dojo_challenge, p
     devices = [f"{device}:{device}:rwm" for device in allowed_devices if device in available_devices]
 
     capabilities = ["SYS_PTRACE"]
-    if resolved_dojo_challenge.privileged:
+    if dojo_challenge.privileged:
         capabilities.append("SYS_ADMIN")
-        if "workspace_net_admin" in resolved_dojo_challenge.dojo.permissions:
+        if "workspace_net_admin" in dojo_challenge.dojo.permissions:
             capabilities.append("NET_ADMIN")
 
     container_create_attributes = dict(
-        image=resolved_dojo_challenge.image,
+        image=dojo_challenge.image,
         entrypoint=[
             "/nix/var/nix/profiles/dojo-workspace/bin/dojo-init",
             f"{dojo_bin_path}/sleep",
@@ -180,7 +178,7 @@ def start_container(docker_client, user, as_user, user_mounts, dojo_challenge, p
         cpu_quota=400000,
         pids_limit=1024,
         mem_limit="4G",
-        runtime="io.containerd.run.kata.v2" if resolved_dojo_challenge.privileged else "runc",
+        runtime="io.containerd.run.kata.v2" if dojo_challenge.privileged else "runc",
         cap_add=capabilities,
         security_opt=[f"seccomp={SECCOMP}"],
         sysctls={"net.ipv4.ip_unprivileged_port_start": 1024},
@@ -211,7 +209,7 @@ def start_container(docker_client, user, as_user, user_mounts, dojo_challenge, p
     else:
         raise RuntimeError(f"Workspace failed to initialize after {time.time()-start_time:.1f} seconds.")
 
-    cache.set(f"user_{user.id}-running-image", resolved_dojo_challenge.image, timeout=0)
+    cache.set(f"user_{user.id}-running-image", dojo_challenge.image, timeout=0)
     return container
 
 
@@ -453,7 +451,10 @@ def post(self):
         if not dojo_challenge:
             return {"success": False, "error": "Invalid challenge"}
 
-        if not dojo_challenge.visible() and not dojo.is_admin():
+        dojo_challenge = dojo_challenge.resolve()
+        dojo = dojo_accessible(dojo_challenge.dojo.reference_id) if dojo_challenge else None
+
+        if not (dojo and dojo_challenge and (dojo_challenge.visible() or dojo.is_admin())):
             return {"success": False, "error": "Invalid challenge"}
 
         if practice and not dojo_challenge.allow_privileged:

dojo_plugin/models/__init__.py

@@ -685,11 +685,9 @@ def reference_id(self):
 
     def resolve(self):
         # TODO: We should probably refactor to correctly store a reference to the DojoChallenge
-        if not self.path_override:
-            return self
         return (DojoChallenges.query
-                .filter(DojoChallenges.challenge_id == self.challenge_id,
-                        DojoChallenges.data["path_override"] == None)
+                .filter_by(dojo_id=Dojos.hex_to_int(self.challenge.category),
+                           challenge_id=self.challenge_id)
                 .first())
 
     __repr__ = columns_repr(["module", "id", "challenge_id"])