From 12390306fd8a65c0a37ddf84f291b2a3cd3f9734 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 18 May 2022 14:33:22 -0400 Subject: [PATCH] Add permissions checks for quantity for users/role Remove the ability to add quantities for general users. --- .../controllers/crafty_perms_controller.py | 26 ++++++++++++------- app/classes/models/crafty_permissions.py | 14 ++++++++++ app/classes/web/panel_handler.py | 15 +++++++++++ .../templates/panel/panel_edit_user.html | 5 ++-- 4 files changed, 48 insertions(+), 12 deletions(-) diff --git a/app/classes/controllers/crafty_perms_controller.py b/app/classes/controllers/crafty_perms_controller.py index 04072784..1b7fad23 100644 --- a/app/classes/controllers/crafty_perms_controller.py +++ b/app/classes/controllers/crafty_perms_controller.py @@ -35,20 +35,18 @@ class CraftyPermsController: ) @staticmethod - def can_add_user(): # Add back argument 'user_id' when you work on this - return True + def can_add_user(user_id): # Add back argument 'user_id' when you work on this # TODO: Complete if we need a User Addition limit - # return crafty_permissions.can_add_in_crafty( - # user_id, Enum_Permissions_Crafty.User_Config - # ) + return PermissionsCrafty.can_add_in_crafty( + user_id, EnumPermissionsCrafty.USER_CONFIG + ) @staticmethod - def can_add_role(): # Add back argument 'user_id' when you work on this - return True + def can_add_role(user_id): # Add back argument 'user_id' when you work on this # TODO: Complete if we need a Role Addition limit - # return crafty_permissions.can_add_in_crafty( - # user_id, Enum_Permissions_Crafty.Roles_Config - # ) + return PermissionsCrafty.can_add_in_crafty( + user_id, EnumPermissionsCrafty.ROLES_CONFIG + ) @staticmethod def list_all_crafty_permissions_quantity_limits(): @@ -68,6 +66,14 @@ class CraftyPermsController: def add_server_creation(user_id): return PermissionsCrafty.add_server_creation(user_id) + @staticmethod + def add_user_creation(user_id): + return PermissionsCrafty.add_user_creation(user_id) + + @staticmethod + def add_role_creation(user_id): + return PermissionsCrafty.add_role_creation(user_id) + @staticmethod def get_api_key_permissions_list(key: ApiKeys): return PermissionsCrafty.get_api_key_permissions_list(key) diff --git a/app/classes/models/crafty_permissions.py b/app/classes/models/crafty_permissions.py index 5d4f0461..b58b3c7d 100644 --- a/app/classes/models/crafty_permissions.py +++ b/app/classes/models/crafty_permissions.py @@ -193,6 +193,20 @@ class PermissionsCrafty: UserCrafty.save(user_crafty) return user_crafty.created_server + @staticmethod + def add_user_creation(user_id): + user_crafty = PermissionsCrafty.get_user_crafty(user_id) + user_crafty.created_user += 1 + UserCrafty.save(user_crafty) + return user_crafty.created_user + + @staticmethod + def add_role_creation(user_id): + user_crafty = PermissionsCrafty.get_user_crafty(user_id) + user_crafty.created_role += 1 + UserCrafty.save(user_crafty) + return user_crafty.created_role + @staticmethod def get_api_key_permissions_list(key: ApiKeys): user = HelperUsers.get_user(key.user_id) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index a5e451ca..8bee8df7 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -768,6 +768,7 @@ class PanelHandler(BaseHandler): page_data["user"]["last_update"] = "N/A" page_data["user"]["roles"] = set() page_data["user"]["hints"] = True + page_data["superuser"] = superuser if EnumPermissionsCrafty.USER_CONFIG not in exec_user_crafty_permissions: self.redirect( @@ -955,6 +956,7 @@ class PanelHandler(BaseHandler): page_data["role-servers"] = page_role_servers page_data["roles_all"] = self.controller.roles.get_all_roles() page_data["servers_all"] = self.controller.list_defined_servers() + page_data["superuser"] = superuser page_data[ "permissions_all" ] = self.controller.crafty_perms.list_defined_crafty_permissions() @@ -1927,6 +1929,12 @@ class PanelHandler(BaseHandler): "/panel/error?error=Unauthorized access: not a user editor" ) return + + if not self.controller.crafty_perms.can_add_user(exec_user["user_id"]): + self.redirect( + "/panel/error?error=Unauthorized access: quantity limit reached" + ) + return elif username is None or username == "": self.redirect("/panel/error?error=Invalid username") return @@ -1971,6 +1979,7 @@ class PanelHandler(BaseHandler): server_id=0, source_ip=self.get_remote_ip(), ) + self.controller.crafty_perms.add_user_creation(exec_user["user_id"]) self.redirect("/panel/panel_config") elif page == "edit_role": @@ -2018,6 +2027,11 @@ class PanelHandler(BaseHandler): "/panel/error?error=Unauthorized access: not a role editor" ) return + elif not self.controller.crafty_perms.can_add_role(exec_user["user_id"]): + self.redirect( + "/panel/error?error=Unauthorized access: quantity limit reached" + ) + return elif role_name is None or role_name == "": self.redirect("/panel/error?error=Invalid role name") return @@ -2047,6 +2061,7 @@ class PanelHandler(BaseHandler): server_id=0, source_ip=self.get_remote_ip(), ) + self.controller.crafty_perms.add_role_creation(exec_user["user_id"]) self.redirect("/panel/panel_config") else: diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html index fa6f6773..c3154d7a 100644 --- a/app/frontend/templates/panel/panel_edit_user.html +++ b/app/frontend/templates/panel/panel_edit_user.html @@ -158,13 +158,14 @@ - + {% if data['superuser'] %}

{{ translate('userConfig', 'craftyPerms', data['lang']) }} - {{ translate('userConfig', 'craftyPermDesc', data['lang']) }}

+
@@ -200,7 +201,7 @@
- + {% end %}