From 8737c15fcff49858ba1aafb96d67faba58ed3df9 Mon Sep 17 00:00:00 2001 From: luukas Date: Wed, 18 May 2022 01:09:58 +0300 Subject: [PATCH 1/5] Add a permission matrix to the role add and edit --- .../controllers/server_perms_controller.py | 9 +- app/classes/models/server_permissions.py | 13 + app/classes/web/panel_handler.py | 106 ++++-- .../templates/panel/panel_edit_role.html | 357 ++++++++++-------- 4 files changed, 284 insertions(+), 201 deletions(-) diff --git a/app/classes/controllers/server_perms_controller.py b/app/classes/controllers/server_perms_controller.py index 3ee5ea18..95395fec 100644 --- a/app/classes/controllers/server_perms_controller.py +++ b/app/classes/controllers/server_perms_controller.py @@ -29,9 +29,8 @@ class ServerPermsController: return permissions_mask @staticmethod - def get_role_permissions(role_id): - permissions_list = PermissionsServers.get_role_permissions_list(role_id) - return permissions_list + def get_role_permissions_dict(role_id): + return PermissionsServers.get_role_permissions_dict(role_id) @staticmethod def add_role_server(server_id, role_id, rs_permissions="00000000"): @@ -71,10 +70,6 @@ class ServerPermsController: permission_mask, permission_tested, value ) - @staticmethod - def get_role_permissions_list(role_id): - return PermissionsServers.get_role_permissions_list(role_id) - @staticmethod def get_user_id_permissions_list(user_id: str, server_id: str): return PermissionsServers.get_user_id_permissions_list(user_id, server_id) diff --git a/app/classes/models/server_permissions.py b/app/classes/models/server_permissions.py index b36a275d..02a4572c 100644 --- a/app/classes/models/server_permissions.py +++ b/app/classes/models/server_permissions.py @@ -6,6 +6,7 @@ from peewee import ( CompositeKey, JOIN, ) +import typing as t from app.classes.models.base_model import BaseModel from app.classes.models.servers import Servers @@ -154,6 +155,18 @@ class PermissionsServers: permissions_list = PermissionsServers.get_permissions(permissions_mask) return permissions_list + @staticmethod + def get_role_permissions_dict(role_id): + permissions_dict: t.Dict[str, t.List[EnumPermissionsServer]] = {} + role_servers = RoleServers.select( + RoleServers.server_id, RoleServers.permissions + ).where(RoleServers.role_id == role_id) + for role_server in role_servers: + permissions_dict[ + role_server.server_id_id + ] = PermissionsServers.get_permissions(role_server.permissions) + return permissions_dict + @staticmethod def update_role_permission(role_id, server_id, permissions_mask): role_server = ( diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 5c61d3ac..4c0e0746 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -16,8 +16,12 @@ from tornado import iostream # TZLocal is set as a hidden import on win pipeline from tzlocal import get_localzone from cron_validator import CronValidator +from app.classes.models.roles import HelperRoles -from app.classes.models.server_permissions import EnumPermissionsServer +from app.classes.models.server_permissions import ( + EnumPermissionsServer, + PermissionsServers, +) from app.classes.models.crafty_permissions import EnumPermissionsCrafty from app.classes.models.management import HelpersManagement from app.classes.shared.helpers import Helpers @@ -39,15 +43,27 @@ class PanelHandler(BaseHandler): def get_role_servers(self) -> set: servers = set() for server in self.controller.list_defined_servers(): - argument = int( - float( - bleach.clean( - self.get_argument(f"server_{server['server_id']}_access", "0") - ) + argument = self.get_argument(f"server_{server['server_id']}_access", "0") + if argument == "0": + print("doesn't exist " + f"server_{server['server_id']}_access") + continue + + permission_mask = "0" * len(EnumPermissionsServer) + for permission in self.controller.server_perms.list_defined_permissions(): + argument = self.get_argument( + f"permission_{server['server_id']}_{permission.name}", "0" ) - ) - if argument: - servers.add(server["server_id"]) + print( + "trying to get " + + f"permission_{server['server_id']}_{permission.name}" + ) + if argument == "1": + print(f"{permission.name} is 1") + permission_mask = self.controller.server_perms.set_permission( + permission_mask, permission, "1" + ) + + servers.add((server["server_id"], permission_mask)) return servers def get_perms_quantity(self) -> Tuple[str, dict]: @@ -85,19 +101,9 @@ class PanelHandler(BaseHandler): permission ) in self.controller.crafty_perms.list_defined_crafty_permissions(): argument = self.get_argument(f"permission_{permission.name}", None) - if argument is not None: + if argument is not None and argument == "1": permissions_mask = self.controller.crafty_perms.set_permission( - permissions_mask, permission, 1 if argument == "1" else 0 - ) - return permissions_mask - - def get_perms_server(self) -> str: - permissions_mask = "00000000" - for permission in self.controller.server_perms.list_defined_permissions(): - argument = self.get_argument(f"permission_{permission.name}", None) - if argument is not None: - permissions_mask = self.controller.server_perms.set_permission( - permissions_mask, permission, 1 if argument == "1" else 0 + permissions_mask, permission, "1" ) return permissions_mask @@ -1085,7 +1091,7 @@ class PanelHandler(BaseHandler): page_data[ "permissions_all" ] = self.controller.server_perms.list_defined_permissions() - page_data["permissions_list"] = set() + page_data["permissions_dict"] = {} template = "panel/panel_edit_role.html" elif page == "edit_role": @@ -1098,8 +1104,8 @@ class PanelHandler(BaseHandler): "permissions_all" ] = self.controller.server_perms.list_defined_permissions() page_data[ - "permissions_list" - ] = self.controller.server_perms.get_role_permissions(role_id) + "permissions_dict" + ] = self.controller.server_perms.get_role_permissions_dict(role_id) page_data["user-roles"] = user_roles page_data["users"] = self.controller.users.get_all_users() @@ -1999,16 +2005,43 @@ class PanelHandler(BaseHandler): return servers = self.get_role_servers() - permissions_mask = self.get_perms_server() - role_data = {"role_name": role_name, "servers": servers} - self.controller.roles.update_role( - role_id, role_data=role_data, permissions_mask=permissions_mask + # TODO: use update_role_advanced when API v2 gets merged + base_data = self.controller.roles.get_role_with_servers(role_id) + + server_ids = {server[0] for server in servers} + server_permissions_map = {server[0]: server[1] for server in servers} + + added_servers = server_ids.difference(set(base_data["servers"])) + removed_servers = set(base_data["servers"]).difference(server_ids) + same_servers = server_ids.intersection(set(base_data["servers"])) + logger.debug( + f"role: {role_id} +server:{added_servers} -server{removed_servers}" ) + for server_id in added_servers: + PermissionsServers.get_or_create( + role_id, server_id, server_permissions_map[server_id] + ) + for server_id in same_servers: + print( + f"!!same servers? {server_id} {server_permissions_map[server_id]}" + ) + PermissionsServers.update_role_permission( + role_id, server_id, server_permissions_map[server_id] + ) + if len(removed_servers) != 0: + PermissionsServers.delete_roles_permissions(role_id, removed_servers) + + up_data = { + "role_name": role_name, + "last_update": Helpers.get_time_as_string(), + } + # TODO: do the last_update on the db side + HelperRoles.update_role(role_id, up_data) self.controller.management.add_to_audit_log( exec_user["user_id"], - f"Edited role {role_name} (RID:{role_id}) with servers {servers}", + f"edited role {role_name} (RID:{role_id}) with servers {servers}", server_id=0, source_ip=self.get_remote_ip(), ) @@ -2032,22 +2065,15 @@ class PanelHandler(BaseHandler): return servers = self.get_role_servers() - permissions_mask = self.get_perms_server() role_id = self.controller.roles.add_role(role_name) - self.controller.roles.update_role( - role_id, {"servers": servers}, permissions_mask - ) + # TODO: use add_role_advanced when API v2 gets merged + for server in servers: + PermissionsServers.get_or_create(role_id, server[0], server[1]) self.controller.management.add_to_audit_log( exec_user["user_id"], - f"Added role {role_name} (RID:{role_id})", - server_id=0, - source_ip=self.get_remote_ip(), - ) - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Edited role {role_name} (RID:{role_id}) with servers {servers}", + f"created role {role_name} (RID:{role_id})", server_id=0, source_ip=self.get_remote_ip(), ) diff --git a/app/frontend/templates/panel/panel_edit_role.html b/app/frontend/templates/panel/panel_edit_role.html index e97e081f..52442799 100644 --- a/app/frontend/templates/panel/panel_edit_role.html +++ b/app/frontend/templates/panel/panel_edit_role.html @@ -37,180 +37,229 @@
- -
-
- {% if data['new_role'] %} -
- {% else %} - - {% end %} - {% raw xsrf_form_html() %} - - + +
+
+ + {% raw xsrf_form_html() %} + + -
-
-

{{ translate('rolesConfig', 'roleTitle', data['lang']) }}

-
-
-
- - -
-
-
- -
-
-

{{ translate('rolesConfig', 'roleServers', data['lang']) }} {{ translate('rolesConfig', 'serversDesc', data['lang']) }}

-
-
-
-
- - - - - - - - - {% for server in data['servers_all'] %} - - - - - {% end %} - - -
{{ translate('rolesConfig', 'serverName', data['lang']) }}{{ translate('rolesConfig', 'serverAccess', data['lang']) }}
{{ server['server_name'] }} - {% if server['server_id'] in data['role']['servers'] %} - - {% else %} - - {% end %} -
-
-
-
-
- -
-
-

{{ translate('rolesConfig', 'rolePerms', data['lang']) }} - {{ translate('rolesConfig', 'permsServer', data['lang']) }}

-
-
-
-
- - - - - - - - - {% for permission in data['permissions_all'] %} - - - - - {% end %} - - -
{{ translate('rolesConfig', 'permName', data['lang']) }}{{ translate('rolesConfig', 'permAccess', data['lang']) }}
{{ permission.name }} - {% if permission in data['permissions_list'] %} - - {% else %} - - {% end %} -
-
-
-
-
- - - - - -
-
-
-
-

{{ translate('rolesConfig', 'roleUsers', data['lang']) }}

+
+
+

{{ translate('rolesConfig', 'roleTitle', data['lang']) }}

+
+
+
+ +
-
-
- + + + +
+
+

{{ translate('rolesConfig', 'roleServers', data['lang']) }} {{ translate('rolesConfig', 'serversDesc', data['lang']) }}

+
+
+
+
+
+ - - + + + {% for permission in data['permissions_all'] %} + + {% end %} - {% for user in data['users'] %} - {% for ruser in data['user-roles'][user.user_id] %} - {% if ruser == data['role']['role_name'] %} - - - - + {% for server in data['servers_all'] %} + + + + {% for permission in data['permissions_all'] %} + {% end %} - {% end %} + {% end %} +
{{ translate('rolesConfig', 'roleUserName', data['lang']) }}{{ translate('rolesConfig', 'serverName', data['lang']) }}
{{ translate('rolesConfig', 'serverAccess', data['lang']) }}
{{ permission.name }}
{{ user.username }} - -
{{ server['server_name'] }} + + + +
-
-
-
-
-
-

{{ translate('rolesConfig', 'roleConfigArea', data['lang']) }}

-

{{ translate('rolesConfig', 'configDesc', data['lang']) }}

-
-

- {{ translate('rolesConfig', 'created', data['lang']) }} {{ str(data['role']['created']) }} -
- {{ translate('rolesConfig', 'configUpdate', data['lang']) }} {{ str(data['role']['last_update']) }} -
-

-
-
- {% if data['new_role'] %} - {{ translate('rolesConfig', 'delRole', data['lang']) }}
- {{ translate('rolesConfig', 'doesNotExist', data['lang']) }} - {% else %} - {{ translate('rolesConfig', 'delRole', data['lang']) }} - {% end %} -
-
+
+ +
+
+

{{ translate('panelConfig', 'save', data['lang']) }}

+
+ + +
+
+ + +
+
+

{{ translate('rolesConfig', 'roleUsers', data['lang']) }}

+
+
+
+ + + + + + + + + {% for user in data['users'] %} + {% for ruser in data['user-roles'][user.user_id] %} + {% if ruser == data['role']['role_name'] %} + + + + + {% end %} + {% end %} + {% end %} + +
{{ translate('rolesConfig', 'roleUserName', data['lang']) }}
{{ user.username }} + +
+
+
+
+ +
+
+

{{ translate('rolesConfig', 'roleConfigArea', data['lang']) }}

+

{{ translate('rolesConfig', 'configDesc', data['lang']) }}

+
+

+ {{ translate('rolesConfig', 'created', data['lang']) }} {{ str(data['role']['created']) }} +
+ {{ translate('rolesConfig', 'configUpdate', data['lang']) }} {{ str(data['role']['last_update']) }} +
+

+
+
+ {% if data['new_role'] %} + {{ translate('rolesConfig', 'delRole', data['lang']) }}
+ {{ translate('rolesConfig', 'doesNotExist', data['lang']) }} + {% else %} + {{ translate('rolesConfig', 'delRole', data['lang']) }} + {% end %} +
+
- - -
@@ -233,4 +282,4 @@ -{% end %} \ No newline at end of file +{% end %} From d67711e898051497c0231b298ece673fa3e1ead3 Mon Sep 17 00:00:00 2001 From: luukas Date: Wed, 18 May 2022 13:04:38 +0300 Subject: [PATCH 2/5] Fix cq degradation: C0411 --- app/classes/models/server_permissions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/classes/models/server_permissions.py b/app/classes/models/server_permissions.py index 02a4572c..c4ed6c48 100644 --- a/app/classes/models/server_permissions.py +++ b/app/classes/models/server_permissions.py @@ -1,3 +1,4 @@ +import typing as t from enum import Enum import logging from peewee import ( @@ -6,7 +7,6 @@ from peewee import ( CompositeKey, JOIN, ) -import typing as t from app.classes.models.base_model import BaseModel from app.classes.models.servers import Servers From 8b0da5da4c00b2feb8255eeb018d685ca9127311 Mon Sep 17 00:00:00 2001 From: luukas Date: Wed, 18 May 2022 22:06:33 +0300 Subject: [PATCH 3/5] Remove unnecessary prints or use logger.debug --- app/classes/web/panel_handler.py | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 4c0e0746..9a5f85bb 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -45,7 +45,6 @@ class PanelHandler(BaseHandler): for server in self.controller.list_defined_servers(): argument = self.get_argument(f"server_{server['server_id']}_access", "0") if argument == "0": - print("doesn't exist " + f"server_{server['server_id']}_access") continue permission_mask = "0" * len(EnumPermissionsServer) @@ -53,12 +52,7 @@ class PanelHandler(BaseHandler): argument = self.get_argument( f"permission_{server['server_id']}_{permission.name}", "0" ) - print( - "trying to get " - + f"permission_{server['server_id']}_{permission.name}" - ) if argument == "1": - print(f"{permission.name} is 1") permission_mask = self.controller.server_perms.set_permission( permission_mask, permission, "1" ) @@ -164,7 +158,7 @@ class PanelHandler(BaseHandler): if not self.controller.servers.server_id_authorized_api_key( server_id, api_key ): - print( + logger.debug( f"API key {api_key.name} (id: {api_key.token_id}) " f"does not have permission" ) @@ -174,7 +168,9 @@ class PanelHandler(BaseHandler): if not self.controller.servers.server_id_authorized( server_id, exec_user["user_id"] ): - print(f'User {exec_user["user_id"]} does not have permission') + logger.debug( + f'User {exec_user["user_id"]} does not have permission' + ) self.redirect("/pandel/error?error=Invalid Server ID") return None return server_id @@ -2023,9 +2019,6 @@ class PanelHandler(BaseHandler): role_id, server_id, server_permissions_map[server_id] ) for server_id in same_servers: - print( - f"!!same servers? {server_id} {server_permissions_map[server_id]}" - ) PermissionsServers.update_role_permission( role_id, server_id, server_permissions_map[server_id] ) From 0f661d5400d0c813789ef1363a68cd1e3c310ece Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 18 May 2022 16:37:38 -0400 Subject: [PATCH 4/5] Disable checkboxes until server access --- .../templates/panel/panel_edit_role.html | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/app/frontend/templates/panel/panel_edit_role.html b/app/frontend/templates/panel/panel_edit_role.html index 52442799..49559591 100644 --- a/app/frontend/templates/panel/panel_edit_role.html +++ b/app/frontend/templates/panel/panel_edit_role.html @@ -165,20 +165,29 @@ {{ server['server_name'] }} - {% for permission in data['permissions_all'] %} + {% if server['server_id'] in data['role']['servers'] %} - + {% else %} + + + + {% end %} {% end %} {% end %} @@ -268,7 +277,19 @@ {% block js %}