mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Merge branch 'experimental/feature/permission-matrix' into 'dev'
Add a permission matrix to the role add and edit See merge request crafty-controller/crafty-4!262
This commit is contained in:
Iain Powrie
commit
34d260462d
@ -29,9 +29,8 @@ class ServerPermsController:
|
||||
return permissions_mask
|
||||
|
||||
@staticmethod
|
||||
def get_role_permissions(role_id):
|
||||
permissions_list = PermissionsServers.get_role_permissions_list(role_id)
|
||||
return permissions_list
|
||||
def get_role_permissions_dict(role_id):
|
||||
return PermissionsServers.get_role_permissions_dict(role_id)
|
||||
|
||||
@staticmethod
|
||||
def add_role_server(server_id, role_id, rs_permissions="00000000"):
|
||||
@ -71,10 +70,6 @@ class ServerPermsController:
|
||||
permission_mask, permission_tested, value
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def get_role_permissions_list(role_id):
|
||||
return PermissionsServers.get_role_permissions_list(role_id)
|
||||
|
||||
@staticmethod
|
||||
def get_user_id_permissions_list(user_id: str, server_id: str):
|
||||
return PermissionsServers.get_user_id_permissions_list(user_id, server_id)
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import typing as t
|
||||
from enum import Enum
|
||||
import logging
|
||||
from peewee import (
|
||||
@ -154,6 +155,18 @@ class PermissionsServers:
|
||||
permissions_list = PermissionsServers.get_permissions(permissions_mask)
|
||||
return permissions_list
|
||||
|
||||
@staticmethod
|
||||
def get_role_permissions_dict(role_id):
|
||||
permissions_dict: t.Dict[str, t.List[EnumPermissionsServer]] = {}
|
||||
role_servers = RoleServers.select(
|
||||
RoleServers.server_id, RoleServers.permissions
|
||||
).where(RoleServers.role_id == role_id)
|
||||
for role_server in role_servers:
|
||||
permissions_dict[
|
||||
role_server.server_id_id
|
||||
] = PermissionsServers.get_permissions(role_server.permissions)
|
||||
return permissions_dict
|
||||
|
||||
@staticmethod
|
||||
def update_role_permission(role_id, server_id, permissions_mask):
|
||||
role_server = (
|
||||
|
||||
@ -17,7 +17,11 @@ from tornado import iostream
|
||||
from tzlocal import get_localzone
|
||||
from croniter import croniter
|
||||
|
||||
from app.classes.models.server_permissions import EnumPermissionsServer
|
||||
from app.classes.models.roles import HelperRoles
|
||||
from app.classes.models.server_permissions import (
|
||||
EnumPermissionsServer,
|
||||
PermissionsServers,
|
||||
)
|
||||
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
||||
from app.classes.models.management import HelpersManagement
|
||||
from app.classes.shared.helpers import Helpers
|
||||
@ -39,15 +43,21 @@ class PanelHandler(BaseHandler):
|
||||
def get_role_servers(self) -> set:
|
||||
servers = set()
|
||||
for server in self.controller.list_defined_servers():
|
||||
argument = int(
|
||||
float(
|
||||
bleach.clean(
|
||||
self.get_argument(f"server_{server['server_id']}_access", "0")
|
||||
argument = self.get_argument(f"server_{server['server_id']}_access", "0")
|
||||
if argument == "0":
|
||||
continue
|
||||
|
||||
permission_mask = "0" * len(EnumPermissionsServer)
|
||||
for permission in self.controller.server_perms.list_defined_permissions():
|
||||
argument = self.get_argument(
|
||||
f"permission_{server['server_id']}_{permission.name}", "0"
|
||||
)
|
||||
if argument == "1":
|
||||
permission_mask = self.controller.server_perms.set_permission(
|
||||
permission_mask, permission, "1"
|
||||
)
|
||||
)
|
||||
if argument:
|
||||
servers.add(server["server_id"])
|
||||
|
||||
servers.add((server["server_id"], permission_mask))
|
||||
return servers
|
||||
|
||||
def get_perms_quantity(self) -> Tuple[str, dict]:
|
||||
@ -85,19 +95,9 @@ class PanelHandler(BaseHandler):
|
||||
permission
|
||||
) in self.controller.crafty_perms.list_defined_crafty_permissions():
|
||||
argument = self.get_argument(f"permission_{permission.name}", None)
|
||||
if argument is not None:
|
||||
if argument is not None and argument == "1":
|
||||
permissions_mask = self.controller.crafty_perms.set_permission(
|
||||
permissions_mask, permission, 1 if argument == "1" else 0
|
||||
)
|
||||
return permissions_mask
|
||||
|
||||
def get_perms_server(self) -> str:
|
||||
permissions_mask = "00000000"
|
||||
for permission in self.controller.server_perms.list_defined_permissions():
|
||||
argument = self.get_argument(f"permission_{permission.name}", None)
|
||||
if argument is not None:
|
||||
permissions_mask = self.controller.server_perms.set_permission(
|
||||
permissions_mask, permission, 1 if argument == "1" else 0
|
||||
permissions_mask, permission, "1"
|
||||
)
|
||||
return permissions_mask
|
||||
|
||||
@ -158,7 +158,7 @@ class PanelHandler(BaseHandler):
|
||||
if not self.controller.servers.server_id_authorized_api_key(
|
||||
server_id, api_key
|
||||
):
|
||||
print(
|
||||
logger.debug(
|
||||
f"API key {api_key.name} (id: {api_key.token_id}) "
|
||||
f"does not have permission"
|
||||
)
|
||||
@ -168,7 +168,9 @@ class PanelHandler(BaseHandler):
|
||||
if not self.controller.servers.server_id_authorized(
|
||||
server_id, exec_user["user_id"]
|
||||
):
|
||||
print(f'User {exec_user["user_id"]} does not have permission')
|
||||
logger.debug(
|
||||
f'User {exec_user["user_id"]} does not have permission'
|
||||
)
|
||||
self.redirect("/pandel/error?error=Invalid Server ID")
|
||||
return None
|
||||
return server_id
|
||||
@ -1087,7 +1089,7 @@ class PanelHandler(BaseHandler):
|
||||
page_data[
|
||||
"permissions_all"
|
||||
] = self.controller.server_perms.list_defined_permissions()
|
||||
page_data["permissions_list"] = set()
|
||||
page_data["permissions_dict"] = {}
|
||||
template = "panel/panel_edit_role.html"
|
||||
|
||||
elif page == "edit_role":
|
||||
@ -1100,8 +1102,8 @@ class PanelHandler(BaseHandler):
|
||||
"permissions_all"
|
||||
] = self.controller.server_perms.list_defined_permissions()
|
||||
page_data[
|
||||
"permissions_list"
|
||||
] = self.controller.server_perms.get_role_permissions(role_id)
|
||||
"permissions_dict"
|
||||
] = self.controller.server_perms.get_role_permissions_dict(role_id)
|
||||
page_data["user-roles"] = user_roles
|
||||
page_data["users"] = self.controller.users.get_all_users()
|
||||
|
||||
@ -2007,16 +2009,40 @@ class PanelHandler(BaseHandler):
|
||||
return
|
||||
|
||||
servers = self.get_role_servers()
|
||||
permissions_mask = self.get_perms_server()
|
||||
|
||||
role_data = {"role_name": role_name, "servers": servers}
|
||||
self.controller.roles.update_role(
|
||||
role_id, role_data=role_data, permissions_mask=permissions_mask
|
||||
# TODO: use update_role_advanced when API v2 gets merged
|
||||
base_data = self.controller.roles.get_role_with_servers(role_id)
|
||||
|
||||
server_ids = {server[0] for server in servers}
|
||||
server_permissions_map = {server[0]: server[1] for server in servers}
|
||||
|
||||
added_servers = server_ids.difference(set(base_data["servers"]))
|
||||
removed_servers = set(base_data["servers"]).difference(server_ids)
|
||||
same_servers = server_ids.intersection(set(base_data["servers"]))
|
||||
logger.debug(
|
||||
f"role: {role_id} +server:{added_servers} -server{removed_servers}"
|
||||
)
|
||||
for server_id in added_servers:
|
||||
PermissionsServers.get_or_create(
|
||||
role_id, server_id, server_permissions_map[server_id]
|
||||
)
|
||||
for server_id in same_servers:
|
||||
PermissionsServers.update_role_permission(
|
||||
role_id, server_id, server_permissions_map[server_id]
|
||||
)
|
||||
if len(removed_servers) != 0:
|
||||
PermissionsServers.delete_roles_permissions(role_id, removed_servers)
|
||||
|
||||
up_data = {
|
||||
"role_name": role_name,
|
||||
"last_update": Helpers.get_time_as_string(),
|
||||
}
|
||||
# TODO: do the last_update on the db side
|
||||
HelperRoles.update_role(role_id, up_data)
|
||||
|
||||
self.controller.management.add_to_audit_log(
|
||||
exec_user["user_id"],
|
||||
f"Edited role {role_name} (RID:{role_id}) with servers {servers}",
|
||||
f"edited role {role_name} (RID:{role_id}) with servers {servers}",
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip(),
|
||||
)
|
||||
@ -2048,22 +2074,15 @@ class PanelHandler(BaseHandler):
|
||||
return
|
||||
|
||||
servers = self.get_role_servers()
|
||||
permissions_mask = self.get_perms_server()
|
||||
|
||||
role_id = self.controller.roles.add_role(role_name)
|
||||
self.controller.roles.update_role(
|
||||
role_id, {"servers": servers}, permissions_mask
|
||||
)
|
||||
# TODO: use add_role_advanced when API v2 gets merged
|
||||
for server in servers:
|
||||
PermissionsServers.get_or_create(role_id, server[0], server[1])
|
||||
|
||||
self.controller.management.add_to_audit_log(
|
||||
exec_user["user_id"],
|
||||
f"Added role {role_name} (RID:{role_id})",
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip(),
|
||||
)
|
||||
self.controller.management.add_to_audit_log(
|
||||
exec_user["user_id"],
|
||||
f"Edited role {role_name} (RID:{role_id}) with servers {servers}",
|
||||
f"created role {role_name} (RID:{role_id})",
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip(),
|
||||
)
|
||||
|
||||
@ -47,13 +47,9 @@
|
||||
<i class="fas fa-folder-tree"></i>Other</a>
|
||||
</li> -->
|
||||
</ul>
|
||||
<div class="row">
|
||||
<div class="col-md-6 col-sm-12">
|
||||
{% if data['new_role'] %}
|
||||
<form class="forms-sample" method="post" action="/panel/add_role">
|
||||
{% else %}
|
||||
<form class="forms-sample" method="post" action="/panel/edit_role">
|
||||
{% end %}
|
||||
<div class="">
|
||||
<div class="">
|
||||
<form class="forms-sample" method="post" action="{{ '/panel/add_role' if data['new_role'] else '/panel/edit_role' }}">
|
||||
{% raw xsrf_form_html() %}
|
||||
<input type="hidden" name="id" value="{{ data['role']['role_id'] }}">
|
||||
<input type="hidden" name="subpage" value="config">
|
||||
@ -76,12 +72,92 @@
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="form-group">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-hover">
|
||||
<div class="table-responsive rotate-table-parent">
|
||||
<table class="table table-hover rotate-table">
|
||||
<thead>
|
||||
<style>
|
||||
.rotate-table-parent {
|
||||
padding-top: 2.5rem;
|
||||
padding-right: 4rem;
|
||||
}
|
||||
|
||||
/* https://css-tricks.com/rotated-table-column-headers-now-with-fewer-magic-numbers/ */
|
||||
table.rotate-table {
|
||||
--table-border-width: 1px;
|
||||
border-collapse: collapse;
|
||||
}
|
||||
th.rotate-column-header {
|
||||
/* Something you can count on */
|
||||
height: 140px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
th.rotate-column-header > div {
|
||||
transform:
|
||||
/* Magic Numbers */
|
||||
translate(0px, 51px)
|
||||
/* 315 is 360 - 45 */
|
||||
rotate(315deg);
|
||||
width: 30px;
|
||||
}
|
||||
th.rotate-column-header > div > span {
|
||||
border-bottom: 1px solid #ccc;
|
||||
padding: 5px 10px;
|
||||
}
|
||||
th.rotate {
|
||||
white-space: nowrap;
|
||||
position: relative;
|
||||
}
|
||||
th.rotate > div {
|
||||
/* place div at bottom left of the th parent */
|
||||
position: absolute;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
/* Make sure short labels still meet the corner of the parent otherwise you'll get a gap */
|
||||
text-align: left;
|
||||
/* Move the top left corner of the span's bottom-border to line up with the top left corner of the td's border-right border so that the border corners are matched
|
||||
* Rotate 315 (-45) degrees about matched border corners */
|
||||
transform:
|
||||
translate(calc(100% - var(--table-border-width) / 2), var(--table-border-width))
|
||||
rotate(-45deg);
|
||||
transform-origin: 0% calc(100% - var(--table-border-width));
|
||||
transition: transform 500ms;
|
||||
width: 100%;
|
||||
}
|
||||
th.rotate > div > span {
|
||||
/* make sure the bottom of the span is matched up with the bottom of the parent div */
|
||||
position: absolute;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
border-bottom: var(--table-border-width) solid #383e5d;
|
||||
transition: border-bottom-color 500ms;
|
||||
padding-bottom: 5px;
|
||||
user-select: none;
|
||||
}
|
||||
table.rotate-table > tbody td {
|
||||
border-right: var(--table-border-width) solid #383e5d;
|
||||
/* make sure this is at least as wide as sqrt(2) * height of the tallest letter in your font or the headers will overlap each other*/
|
||||
min-width: 30px;
|
||||
padding-top: 2px;
|
||||
padding-left: 5px;
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
@media screen and (min-width: 1650px) {
|
||||
th.rotate > div {
|
||||
transform: translate(15px, 0px) rotate(0deg);
|
||||
}
|
||||
th.rotate > div > span {
|
||||
border-bottom-color: transparent;
|
||||
}
|
||||
}
|
||||
</style>
|
||||
<tr class="rounded">
|
||||
<th>{{ translate('rolesConfig', 'serverName', data['lang']) }}</th>
|
||||
<th>{{ translate('rolesConfig', 'serverAccess', data['lang']) }}</th>
|
||||
<th class="rotate"><div><span>{{ translate('rolesConfig', 'serverAccess', data['lang']) }}</span></div></th>
|
||||
{% for permission in data['permissions_all'] %}
|
||||
<th class="rotate"><div><span>{{ permission.name }}</span></div></th>
|
||||
{% end %}
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
@ -89,12 +165,30 @@
|
||||
<tr>
|
||||
<td>{{ server['server_name'] }}</td>
|
||||
<td>
|
||||
{% if server['server_id'] in data['role']['servers'] %}
|
||||
<input type="checkbox" class="" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" checked="" value="1">
|
||||
{% else %}
|
||||
<input type="checkbox" class="" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" value="1">
|
||||
{% end %}
|
||||
<input type="checkbox" class="" onclick="enable_disable(event)" data-id="{{server['server_id']}}"
|
||||
id="server_{{ server['server_id'] }}_access"
|
||||
name="server_{{ server['server_id'] }}_access"
|
||||
{{ 'checked' if server['server_id'] in data['role']['servers'] else '' }}
|
||||
autocomplete="off" value="1">
|
||||
</td>
|
||||
{% for permission in data['permissions_all'] %}
|
||||
{% if server['server_id'] in data['role']['servers'] %}
|
||||
<td>
|
||||
<input type="checkbox" class="{{server['server_id']}}_perms"
|
||||
id="permission_{{ server['server_id'] }}_{{ permission.name }}"
|
||||
name="permission_{{ server['server_id'] }}_{{ permission.name }}"
|
||||
{{ 'checked' if permission in data['permissions_dict'].get(server['server_id'], []) else '' }}
|
||||
autocomplete="off" value="1">
|
||||
</td>
|
||||
{% else %}
|
||||
<td>
|
||||
<input type="checkbox" class="{{server['server_id']}}_perms"
|
||||
id="permission_{{ server['server_id'] }}_{{ permission.name }}"
|
||||
name="permission_{{ server['server_id'] }}_{{ permission.name }}"
|
||||
autocomplete="off" value="1" disabled>
|
||||
</td>
|
||||
{% end %}
|
||||
{% end %}
|
||||
</tr>
|
||||
{% end %}
|
||||
|
||||
@ -107,45 +201,15 @@
|
||||
|
||||
<div class="card">
|
||||
<div class="card-header header-sm d-flex justify-content-between align-items-center">
|
||||
<h4 class="card-title"><i class="fas fa-user-lock"></i> {{ translate('rolesConfig', 'rolePerms', data['lang']) }}<small class="text-muted ml-1"> - {{ translate('rolesConfig', 'permsServer', data['lang']) }} </small></h4>
|
||||
<h4 class="card-title"><i class="fas fa-settings"></i> {{ translate('panelConfig', 'save', data['lang']) }}</h4>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="form-group">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr class="rounded">
|
||||
<th>{{ translate('rolesConfig', 'permName', data['lang']) }}</th>
|
||||
<th>{{ translate('rolesConfig', 'permAccess', data['lang']) }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for permission in data['permissions_all'] %}
|
||||
<tr>
|
||||
<td>{{ permission.name }}</td>
|
||||
<td>
|
||||
{% if permission in data['permissions_list'] %}
|
||||
<input type="checkbox" class="" id="permission_{{ permission.name }}" name="permission_{{ permission.name }}" checked="" value="1">
|
||||
{% else %}
|
||||
<input type="checkbox" class="" id="permission_{{ permission.name }}" name="permission_{{ permission.name }}" value="1">
|
||||
{% end %}
|
||||
</td>
|
||||
</tr>
|
||||
{% end %}
|
||||
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<button type="submit" class="btn btn-success mr-2"><i class="fas fa-save"></i> {{ translate('panelConfig', 'save', data['lang']) }}</button>
|
||||
<button type="reset" onclick="location.href='/panel/panel_config'" class="btn btn-light"><i class="fas fa-undo-alt"></i> {{ translate('panelConfig', 'cancel', data['lang']) }}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
</div>
|
||||
<div class="col-md-3 col-sm-12">
|
||||
<div class="card">
|
||||
<div class="card-header header-sm d-flex justify-content-between align-items-center">
|
||||
<h4 class="card-title"><i class="fas fa-users"></i> {{ translate('rolesConfig', 'roleUsers', data['lang']) }}</h4>
|
||||
@ -177,9 +241,7 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<br>
|
||||
</div>
|
||||
<div class="col-md-3 col-sm-12">
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
<h4 class="card-title">{{ translate('rolesConfig', 'roleConfigArea', data['lang']) }}</h4>
|
||||
@ -208,10 +270,6 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
<!-- content-wrapper ends -->
|
||||
|
||||
{% end %}
|
||||
@ -219,7 +277,19 @@
|
||||
{% block js %}
|
||||
<script>
|
||||
|
||||
function enable_disable(event) {
|
||||
let server_id = event.target.getAttribute('data-id');
|
||||
console.log(server_id);
|
||||
if (document.getElementById("server_" + server_id + "_access").checked) {
|
||||
$('.'+server_id+'_perms').attr('disabled', false);
|
||||
$('.'+server_id+'_perms').attr('enabled', true);
|
||||
}else{
|
||||
$('.'+server_id+'_perms').prop('checked', false);
|
||||
$('.'+server_id+'_perms').attr('disabled', true);
|
||||
$('.'+server_id+'_perms').attr('enabled', false);
|
||||
}
|
||||
|
||||
}
|
||||
//used to get cookies from browser - this is part of tornados xsrf protection - it's for extra security
|
||||
function getCookie(name) {
|
||||
var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user