User access to servers operating

app/classes/shared/controller.py

@@ -107,6 +107,11 @@ class Controller:
         servers = db_helper.get_all_defined_servers()
         return servers
         
+    @staticmethod
+    def list_authorized_servers(userId):
+        servers = db_helper.get_authorized_servers(userId)
+        return servers
+
     def get_server_data(self, server_id):
         for s in self.servers_list:
             if int(s['server_id']) == int(server_id):

app/classes/shared/models.py

@@ -270,6 +270,16 @@ class db_shortcuts:
         query = Servers.select()
         return db_helper.return_rows(query)
         
+    @staticmethod
+    def get_authorized_servers(userId):
+        userServers = User_Servers.select().where(User_Servers.user_id == userId)
+        server_data = []
+
+        for u in userServers:
+            server_data.append(db_helper.get_server_data_by_id(u.server_id))
+
+        return server_data
+
     @staticmethod
     def get_all_servers_stats():
         servers = db_helper.get_all_defined_servers()
@@ -280,6 +290,20 @@ class db_shortcuts:
             server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
         return server_data
 
+    @staticmethod
+    def get_authorized_servers_stats(userId):
+        userServers = User_Servers.select().where(User_Servers.user_id == userId)
+        authorizedServers = []
+        server_data = []
+
+        for u in userServers:
+            authorizedServers.append(db_helper.get_server_data_by_id(u.server_id))
+
+        for s in authorizedServers:
+            latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1)
+            server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
+        return server_data
+
     @staticmethod
     def get_server_stats_by_id(server_id):
         stats = Server_Stats.select().where(Server_Stats.server_id == server_id).order_by(Server_Stats.created.desc()).limit(1)
@@ -291,6 +315,16 @@ class db_shortcuts:
             return False
         return True
         
+    @staticmethod
+    def server_id_authorized(serverId, userId):
+        userServer = User_Servers.select().where(User_Servers.server_id == serverId)
+        authorized = userServer.select().where(User_Servers.user_id == userId)      
+        #authorized = db_helper.return_rows(authorized)
+
+        if authorized.count() == 0:
+            return False
+        return True
+
     @staticmethod
     def get_latest_hosts_stats():
         query = Host_Stats.select().order_by(Host_Stats.id.desc()).get()

app/classes/web/panel_handler.py

@@ -29,7 +29,14 @@ class PanelHandler(BaseHandler):
         now = time.time()
         formatted_time = str(datetime.datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S'))
 
-        defined_servers = controller.list_defined_servers()
+        userId = user_data['user_id']
+        user = db_helper.get_user(userId)
+        
+        if user['superuser'] == 1:
+            defined_servers = controller.list_defined_servers()
+        else:
+            defined_servers = controller.list_authorized_servers(userId)
+
 
         page_data = {
             # todo: make this actually pull and compare version data
@@ -81,7 +88,10 @@ class PanelHandler(BaseHandler):
             return
 
         elif page == 'dashboard':
-            page_data['servers'] = db_helper.get_all_servers_stats()
+            if user['superuser'] == 1:
+                page_data['servers'] = db_helper.get_all_servers_stats()
+            else:
+                page_data['servers'] = db_helper.get_authorized_servers_stats(userId)
 
             for s in page_data['servers']:
                 try:
@@ -107,6 +117,10 @@ class PanelHandler(BaseHandler):
                     self.redirect("/panel/error?error=Invalid Server ID")
                     return False
 
+                if not db_helper.server_id_authorized(server_id, userId):
+                    self.redirect("/panel/error?error=Invalid Server ID")
+                    return False
+
             valid_subpages = ['term', 'logs', 'config', 'files', 'admin_controls']
 
             if subpage not in valid_subpages:
@@ -164,7 +178,7 @@ class PanelHandler(BaseHandler):
             page_data['user']['created'] = "N/A"
             page_data['user']['last_login'] = "N/A"
             page_data['user']['last_ip'] = "N/A"
-            page_data['role']['last_update'] = "N/A"
+            page_data['user']['last_update'] = "N/A"
             page_data['user']['roles'] = set()
             page_data['user']['servers'] = set()