Made it so only super user can see other roles/users

2024-08-30 18:23:09 +00:00 · 2021-08-06 01:05:46 -04:00 · 2021-08-06 01:05:46 -04:00 · 41846e34a9
commit 41846e34a9
parent b39e0e3a62
2 changed files with 12 additions and 2 deletions
--- a/app/classes/shared/models.py
+++ b/app/classes/shared/models.py
@ -431,6 +431,12 @@ class db_shortcuts:
            server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)[0]})
        return server_data

+    @staticmethod
+    def get_user_roles(user_id):
+        user_roles = User_Roles.select().where(User_Roles.user_id == user_id)
+        return user_roles
+
+
        
    @staticmethod
    def get_authorized_servers_stats_from_roles(user_id):
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -254,8 +254,12 @@ class PanelHandler(BaseHandler):
            self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))

        elif page == 'panel_config':
-            page_data['users'] = db_helper.get_all_users()
-            page_data['roles'] = db_helper.get_all_roles()
+            if exec_user['super_user']:
+                page_data['users'] = db_helper.get_all_users()
+                page_data['roles'] = db_helper.get_all_roles()
+            else:
+                page_data['users'] = db_helper.get_user(exec_user_id)
+                page_data['roles'] = db_helper.get_user_roles(exec_user_id)
            for user in page_data['users']:
                if user.user_id != exec_user['user_id']:
                    user.api_token = "********"