Refactor API keys "super user" to "full access"

2024-08-30 18:23:09 +00:00 · 2024-03-17 12:50:11 -04:00 · 2024-03-17 12:50:11 -04:00 · 0a572fba92
commit 0a572fba92
parent 128be0a352
10 changed files with 38 additions and 21 deletions
--- a/app/classes/models/crafty_permissions.py
+++ b/app/classes/models/crafty_permissions.py
@ -187,7 +187,7 @@ class PermissionsCrafty:
    @staticmethod
    def get_api_key_permissions_list(key: ApiKeys):
        user = HelperUsers.get_user(key.user_id)
-        if user["superuser"] and key.superuser:
+        if user["superuser"] and key.full_access:
            return PermissionsCrafty.get_permissions_list()
        if user["superuser"]:
            # User is superuser but API key isn't
--- a/app/classes/models/server_permissions.py
+++ b/app/classes/models/server_permissions.py
@ -264,7 +264,7 @@ class PermissionsServers:
    @staticmethod
    def get_api_key_permissions_list(key: ApiKeys, server_id: str):
        user = HelperUsers.get_user(key.user_id)
-        if user["superuser"] and key.superuser:
+        if user["superuser"] and key.full_access:
            return PermissionsServers.get_permissions_list()
        roles_list = HelperUsers.get_user_roles_id(user["user_id"])
        role_server = (
--- a/app/classes/models/users.py
+++ b/app/classes/models/users.py
@ -71,7 +71,7 @@ class ApiKeys(BaseModel):
    user_id = ForeignKeyField(Users, backref="api_token", index=True)
    server_permissions = CharField(default="00000000")
    crafty_permissions = CharField(default="000")
-    superuser = BooleanField(default=False)
+    full_access = BooleanField(default=False)

    class Meta:
        table_name = "api_keys"
@ -408,7 +408,7 @@ class HelperUsers:
    def add_user_api_key(
        name: str,
        user_id: str,
-        superuser: bool = False,
+        full_access: bool = False,
        server_permissions_mask: t.Optional[str] = None,
        crafty_permissions_mask: t.Optional[str] = None,
    ):
@ -426,7 +426,7 @@ class HelperUsers:
                    if crafty_permissions_mask is not None
                    else {}
                ),
-                ApiKeys.superuser: superuser,
+                ApiKeys.full_access: full_access,
            }
        ).execute()

--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@ -191,7 +191,7 @@ class BaseHandler(tornado.web.RequestHandler):

            superuser = user["superuser"]
            if api_key is not None:
-                superuser = superuser and api_key.superuser
+                superuser = superuser and api_key.full_access

            exec_user_role = set()
            if superuser:
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -168,7 +168,7 @@ class PanelHandler(BaseHandler):
        # Commented out because there is no server access control for API keys,
        # they just inherit from the host user
        # if api_key is not None:
-        #     superuser = superuser and api_key.superuser
+        #     superuser = superuser and api_key.full_access

        if server_id is None:
            self.redirect("/panel/error?error=Invalid Server ID")
@ -242,7 +242,7 @@ class PanelHandler(BaseHandler):
        api_key, _token_data, exec_user = self.current_user
        superuser = exec_user["superuser"]
        if api_key is not None:
-            superuser = superuser and api_key.superuser
+            superuser = superuser and api_key.full_access

        if superuser:  # TODO: Figure out a better solution
            defined_servers = self.controller.servers.list_defined_servers()
@ -351,7 +351,7 @@ class PanelHandler(BaseHandler):
                    "created": api_key.created,
                    "server_permissions": api_key.server_permissions,
                    "crafty_permissions": api_key.crafty_permissions,
-                    "superuser": api_key.superuser,
+                    "full_access": api_key.full_access,
                }
                if api_key is not None
                else None
--- a/app/classes/web/routes/api/users/user/api.py
+++ b/app/classes/web/routes/api/users/user/api.py
@ -75,7 +75,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
                    "name": key.name,
                    "server_permissions": key.server_permissions,
                    "crafty_permissions": key.crafty_permissions,
-                    "superuser": key.superuser,
+                    "full_access": key.full_access,
                }
            )
        self.finish_json(
@ -99,7 +99,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
                    "type": "string",
                    "pattern": "^[01]{3}$",  # 8 bits, see EnumPermissionsCrafty
                },
-                "superuser": {"type": "boolean"},
+                "full_access": {"type": "boolean"},
            },
            "additionalProperties": False,
            "minProperties": 1,
@ -163,7 +163,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
        key_id = self.controller.users.add_user_api_key(
            data["name"],
            user_id,
-            data["superuser"],
+            data["full_access"],
            data["server_permissions_mask"],
            data["crafty_permissions_mask"],
        )
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@ -30,7 +30,7 @@ class ServerHandler(BaseHandler):
        ) = self.current_user
        superuser = exec_user["superuser"]
        if api_key is not None:
-            superuser = superuser and api_key.superuser
+            superuser = superuser and api_key.full_access

        if superuser:
            defined_servers = self.controller.servers.list_defined_servers()
@ -124,7 +124,7 @@ class ServerHandler(BaseHandler):
                    "created": api_key.created,
                    "server_permissions": api_key.server_permissions,
                    "crafty_permissions": api_key.crafty_permissions,
-                    "superuser": api_key.superuser,
+                    "full_access": api_key.full_access,
                }
                if api_key is not None
                else None
--- a/app/classes/web/upload_handler.py
+++ b/app/classes/web/upload_handler.py
@ -42,7 +42,7 @@ class UploadHandler(BaseHandler):
        if self.upload_type == "server_import":
            superuser = exec_user["superuser"]
            if api_key is not None:
-                superuser = superuser and api_key.superuser
+                superuser = superuser and api_key.full_access
            user_id = exec_user["user_id"]
            stream_size_value = self.helper.get_setting("stream_size_GB")

@ -133,7 +133,7 @@ class UploadHandler(BaseHandler):
        elif self.upload_type == "background":
            superuser = exec_user["superuser"]
            if api_key is not None:
-                superuser = superuser and api_key.superuser
+                superuser = superuser and api_key.full_access
            user_id = exec_user["user_id"]
            stream_size_value = self.helper.get_setting("stream_size_GB")

@ -212,7 +212,7 @@ class UploadHandler(BaseHandler):
            server_id = self.get_argument("server_id", None)
            superuser = exec_user["superuser"]
            if api_key is not None:
-                superuser = superuser and api_key.superuser
+                superuser = superuser and api_key.full_access
            user_id = exec_user["user_id"]
            stream_size_value = self.helper.get_setting("stream_size_GB")

--- a/app/frontend/templates/panel/panel_edit_user_apikeys.html
+++ b/app/frontend/templates/panel/panel_edit_user_apikeys.html
@ -70,7 +70,7 @@
                                                        <td>{{ apikey.name }}</td>
                                                        <td>{{ apikey.created.strftime('%d/%m/%Y %H:%M:%S') }}</td>
                                                        <td>
-                                                            {% if apikey.superuser %}
+                                                            {% if apikey.full_access %}
                                                            <span class="text-success">
                                                                <i class="fas fa-check-square"></i> {{
                                                                translate('apiKeys', 'yes', data['lang']) }}
@ -158,8 +158,8 @@
                                            </tbody>
                                        </table>

-                                        <label for="superuser">Superuser</label>
-                                        <input type="checkbox" class="" id="superuser" name="superuser" value="1">
+                                        <label for="full_access">Superuser</label>
+                                        <input type="checkbox" class="" id="full_access" name="full_access" value="1">

                                        <br />

@ -240,7 +240,7 @@
                "name": formDataObject.name,
                "server_permissions_mask": server_permissions,
                "crafty_permissions_mask": crafty_permissions,
-                "superuser": $("#superuser").prop('checked'),
+                "full_access": $("#full_access").prop('checked'),
            });
            console.log(formDataJsonString);

--- a/app/migrations/20240317_apikey_full_access.py
+++ b/app/migrations/20240317_apikey_full_access.py
@ -0,0 +1,17 @@
+# Generated by database migrator
+import peewee
+
+
+def migrate(migrator, database, **kwargs):
+    migrator.rename_column("api_keys", "superuser", "full_access")
+
+    """
+    Write your migrations here.
+    """
+
+
+def rollback(migrator, database, **kwargs):
+    migrator.rename_column("api_keys", "full_access", "superuser")
+    """
+    Write your rollback migrations here.
+    """