diff --git a/.gitlab/lint.yml b/.gitlab/lint.yml
index bc797808..37649e1a 100644
--- a/.gitlab/lint.yml
+++ b/.gitlab/lint.yml
@@ -5,7 +5,7 @@ yamllint:
stage: lint
image: registry.gitlab.com/pipeline-components/yamllint:latest
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
@@ -18,7 +18,7 @@ jsonlint:
stage: lint
image: registry.gitlab.com/pipeline-components/jsonlint:latest
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
@@ -33,7 +33,7 @@ black:
stage: lint
image: registry.gitlab.com/pipeline-components/black:latest
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
@@ -46,7 +46,7 @@ pylint:
stage: lint
image: registry.gitlab.com/pipeline-components/pylint:latest
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
@@ -69,7 +69,7 @@ sonarcloud-check:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$SONAR_TOKEN == null"
when: never
@@ -91,7 +91,7 @@ lang-check:
stage: lint
image: alpine:latest
tags:
- - docker
+ - saas-linux-medium-amd64
rules:
- if: "$CODE_QUALITY_DISABLED"
when: never
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3be9e1a1..5515ec9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,13 +1,16 @@
# Changelog
## --- [4.3.3] - 2024/TBD
+### Refactor
+- Refactor API keys "super user" to "full access" ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/731))
### New features
TBD
### Bug fixes
-TBD
+- Reset query arguments on login if `?next` is not available ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/750))
### Tweaks
-TBD
+- Add link to go back to dashboard on error page ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/743))
+- Set audit logging to logfile instead of DB ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/751))
### Lang
-TBD
+- Changes of phrase in `cs_CS` translation ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/749))
## --- [4.3.2] - 2024/04/07
diff --git a/app/classes/controllers/management_controller.py b/app/classes/controllers/management_controller.py
index 7085b503..cab755b6 100644
--- a/app/classes/controllers/management_controller.py
+++ b/app/classes/controllers/management_controller.py
@@ -95,9 +95,6 @@ class ManagementController:
# **********************************************************************************
# Audit_Log Methods
# **********************************************************************************
- @staticmethod
- def get_activity_log():
- return HelpersManagement.get_activity_log()
def add_to_audit_log(self, user_id, log_msg, server_id=None, source_ip=None):
return self.management_helper.add_to_audit_log(
diff --git a/app/classes/controllers/server_perms_controller.py b/app/classes/controllers/server_perms_controller.py
index 37893e9e..4586b4aa 100644
--- a/app/classes/controllers/server_perms_controller.py
+++ b/app/classes/controllers/server_perms_controller.py
@@ -17,6 +17,10 @@ class ServerPermsController:
def get_server_user_list(server_id):
return PermissionsServers.get_server_user_list(server_id)
+ @staticmethod
+ def get_permissions(permissions_mask):
+ return PermissionsServers.get_permissions(permissions_mask)
+
@staticmethod
def list_defined_permissions():
permissions_list = PermissionsServers.get_permissions_list()
@@ -61,6 +65,22 @@ class ServerPermsController:
def get_permissions_mask(role_id, server_id):
return PermissionsServers.get_permissions_mask(role_id, server_id)
+ @staticmethod
+ def get_lowest_api_perm_mask(user_server_permissions_mask, api_key_permssions_mask):
+ mask = ""
+ # If this isn't an API key we'll know the request came from basic
+ # authentication and ignore the API key permissions mask.
+ if not api_key_permssions_mask:
+ return user_server_permissions_mask
+ for _index, (user_perm, api_perm) in enumerate(
+ zip(user_server_permissions_mask, api_key_permssions_mask)
+ ):
+ if user_perm == "1" and api_perm == "1":
+ mask += "1"
+ else:
+ mask += "0"
+ return mask
+
@staticmethod
def set_permission(
permission_mask, permission_tested: EnumPermissionsServer, value
@@ -82,6 +102,11 @@ class ServerPermsController:
def get_api_key_permissions_list(key: ApiKeys, server_id: str):
return PermissionsServers.get_api_key_permissions_list(key, server_id)
+ @staticmethod
+ def get_user_permissions_mask(user_id: str, server_id: str):
+ user = HelperUsers.get_user_model(user_id)
+ return PermissionsServers.get_user_permissions_mask(user, server_id)
+
@staticmethod
def get_authorized_servers_stats_from_roles(user_id):
user_roles = HelperUsers.get_user_roles_id(user_id)
diff --git a/app/classes/logging/log_formatter.py b/app/classes/logging/log_formatter.py
new file mode 100644
index 00000000..e3f2b4f7
--- /dev/null
+++ b/app/classes/logging/log_formatter.py
@@ -0,0 +1,53 @@
+import logging
+import logging.config
+import json
+from datetime import datetime
+
+
+class JsonEncoderStrFallback(json.JSONEncoder):
+ def default(self, o):
+ try:
+ return super().default(o)
+ except TypeError as exc:
+ if "not JSON serializable" in str(exc):
+ return str(o)
+ raise
+
+
+class JsonEncoderDatetime(JsonEncoderStrFallback):
+ def default(self, o):
+ if isinstance(o, datetime):
+ return o.strftime("%Y-%m-%dT%H:%M:%S%z")
+
+ return super().default(o)
+
+
+class JsonFormatter(logging.Formatter):
+ def formatTime(self, record, datefmt=None):
+ """
+ Override formatTime to customize the time format.
+ """
+ timestamp = datetime.fromtimestamp(record.created)
+ if datefmt:
+ # Use the specified date format
+ return timestamp.strftime(datefmt)
+ # Default date format: YYYY-MM-DD HH:MM:SS,mmm
+ secs = int(record.msecs)
+ return f"{timestamp.strftime('%Y-%m-%d %H:%M:%S')},{secs:03d}"
+
+ def format(self, record):
+ log_data = {
+ "level": record.levelname,
+ "time": self.formatTime(record),
+ "log_msg": record.getMessage(),
+ }
+
+ # Filter out standard log record attributes and include only custom ones
+ custom_attrs = ["user_name", "user_id", "server_id", "source_ip"]
+ extra_attrs = {
+ key: value for key, value in record.__dict__.items() if key in custom_attrs
+ }
+
+ # Merge extra attributes with log data
+ log_data.update(extra_attrs)
+ return json.dumps(log_data)
diff --git a/app/classes/models/crafty_permissions.py b/app/classes/models/crafty_permissions.py
index 7430f332..e7a159d9 100644
--- a/app/classes/models/crafty_permissions.py
+++ b/app/classes/models/crafty_permissions.py
@@ -187,7 +187,7 @@ class PermissionsCrafty:
@staticmethod
def get_api_key_permissions_list(key: ApiKeys):
user = HelperUsers.get_user(key.user_id)
- if user["superuser"] and key.superuser:
+ if user["superuser"] and key.full_access:
return PermissionsCrafty.get_permissions_list()
if user["superuser"]:
# User is superuser but API key isn't
diff --git a/app/classes/models/management.py b/app/classes/models/management.py
index ffe207c2..e59dd39c 100644
--- a/app/classes/models/management.py
+++ b/app/classes/models/management.py
@@ -16,28 +16,10 @@ from app.classes.models.base_model import BaseModel
from app.classes.models.users import HelperUsers
from app.classes.models.servers import Servers
from app.classes.models.server_permissions import PermissionsServers
-from app.classes.shared.main_models import DatabaseShortcuts
from app.classes.shared.websocket_manager import WebSocketManager
logger = logging.getLogger(__name__)
-
-
-# **********************************************************************************
-# Audit_Log Class
-# **********************************************************************************
-class AuditLog(BaseModel):
- audit_id = AutoField()
- created = DateTimeField(default=datetime.datetime.now)
- user_name = CharField(default="")
- user_id = IntegerField(default=0, index=True)
- source_ip = CharField(default="127.0.0.1")
- server_id = ForeignKeyField(
- Servers, backref="audit_server", null=True
- ) # When auditing global events, use server ID null
- log_msg = TextField(default="")
-
- class Meta:
- table_name = "audit_log"
+auth_logger = logging.getLogger("audit_log")
# **********************************************************************************
@@ -149,10 +131,6 @@ class HelpersManagement:
# **********************************************************************************
# Audit_Log Methods
# **********************************************************************************
- @staticmethod
- def get_activity_log():
- query = AuditLog.select()
- return DatabaseShortcuts.return_db_rows(query)
def add_to_audit_log(self, user_id, log_msg, server_id=None, source_ip=None):
logger.debug(f"Adding to audit log User:{user_id} - Message: {log_msg} ")
@@ -166,50 +144,28 @@ class HelpersManagement:
WebSocketManager().broadcast_user(user, "notification", audit_msg)
except Exception as e:
logger.error(f"Error broadcasting to user {user} - {e}")
-
- AuditLog.insert(
- {
- AuditLog.user_name: user_data["username"],
- AuditLog.user_id: user_id,
- AuditLog.server_id: server_id,
- AuditLog.log_msg: audit_msg,
- AuditLog.source_ip: source_ip,
- }
- ).execute()
- # deletes records when there's more than 300
- ordered = AuditLog.select().order_by(+AuditLog.created)
- for item in ordered:
- if not self.helper.get_setting("max_audit_entries"):
- max_entries = 300
- else:
- max_entries = self.helper.get_setting("max_audit_entries")
- if AuditLog.select().count() > max_entries:
- AuditLog.delete().where(AuditLog.audit_id == item.audit_id).execute()
- else:
- return
+ auth_logger.info(
+ str(log_msg),
+ extra={
+ "user_name": user_data["username"],
+ "user_id": user_id,
+ "server_id": server_id,
+ "source_ip": source_ip,
+ },
+ )
def add_to_audit_log_raw(self, user_name, user_id, server_id, log_msg, source_ip):
- AuditLog.insert(
- {
- AuditLog.user_name: user_name,
- AuditLog.user_id: user_id,
- AuditLog.server_id: server_id,
- AuditLog.log_msg: log_msg,
- AuditLog.source_ip: source_ip,
- }
- ).execute()
- # deletes records when there's more than 300
- ordered = AuditLog.select().order_by(+AuditLog.created)
- for item in ordered:
- # configurable through app/config/config.json
- if not self.helper.get_setting("max_audit_entries"):
- max_entries = 300
- else:
- max_entries = self.helper.get_setting("max_audit_entries")
- if AuditLog.select().count() > max_entries:
- AuditLog.delete().where(AuditLog.audit_id == item.audit_id).execute()
- else:
- return
+ if isinstance(server_id, Servers) and server_id is not None:
+ server_id = server_id.server_id
+ auth_logger.info(
+ str(log_msg),
+ extra={
+ "user_name": user_name,
+ "user_id": user_id,
+ "server_id": server_id,
+ "source_ip": source_ip,
+ },
+ )
@staticmethod
def create_crafty_row():
diff --git a/app/classes/models/server_permissions.py b/app/classes/models/server_permissions.py
index 56f9d8ac..12301e30 100644
--- a/app/classes/models/server_permissions.py
+++ b/app/classes/models/server_permissions.py
@@ -264,7 +264,7 @@ class PermissionsServers:
@staticmethod
def get_api_key_permissions_list(key: ApiKeys, server_id: str):
user = HelperUsers.get_user(key.user_id)
- if user["superuser"] and key.superuser:
+ if user["superuser"] and key.full_access:
return PermissionsServers.get_permissions_list()
roles_list = HelperUsers.get_user_roles_id(user["user_id"])
role_server = (
diff --git a/app/classes/models/users.py b/app/classes/models/users.py
index e44d06fb..3f96e651 100644
--- a/app/classes/models/users.py
+++ b/app/classes/models/users.py
@@ -71,7 +71,7 @@ class ApiKeys(BaseModel):
user_id = ForeignKeyField(Users, backref="api_token", index=True)
server_permissions = CharField(default="00000000")
crafty_permissions = CharField(default="000")
- superuser = BooleanField(default=False)
+ full_access = BooleanField(default=False)
class Meta:
table_name = "api_keys"
@@ -408,7 +408,7 @@ class HelperUsers:
def add_user_api_key(
name: str,
user_id: str,
- superuser: bool = False,
+ full_access: bool = False,
server_permissions_mask: t.Optional[str] = None,
crafty_permissions_mask: t.Optional[str] = None,
):
@@ -426,7 +426,7 @@ class HelperUsers:
if crafty_permissions_mask is not None
else {}
),
- ApiKeys.superuser: superuser,
+ ApiKeys.full_access: full_access,
}
).execute()
diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py
index ced6cb97..7cca08e8 100644
--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@@ -182,6 +182,7 @@ class BaseHandler(tornado.web.RequestHandler):
t.List[str],
bool,
t.Dict[str, t.Any],
+ str,
]
]:
try:
@@ -190,9 +191,10 @@ class BaseHandler(tornado.web.RequestHandler):
)
superuser = user["superuser"]
+ server_permissions_api_mask = ""
if api_key is not None:
- superuser = superuser and api_key.superuser
-
+ superuser = superuser and api_key.full_access
+ server_permissions_api_mask = api_key.server_permissions
exec_user_role = set()
if superuser:
authorized_servers = self.controller.servers.get_all_defined_servers()
@@ -214,6 +216,7 @@ class BaseHandler(tornado.web.RequestHandler):
user["user_id"]
)
)
+
logger.debug(user["roles"])
for r in user["roles"]:
role = self.controller.roles.get_role(r)
@@ -234,6 +237,7 @@ class BaseHandler(tornado.web.RequestHandler):
exec_user_role,
superuser,
user,
+ server_permissions_api_mask,
)
logging.debug("Auth unsuccessful")
auth_log.error(
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 4a3242a5..bbbc9d9e 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -168,7 +168,7 @@ class PanelHandler(BaseHandler):
# Commented out because there is no server access control for API keys,
# they just inherit from the host user
# if api_key is not None:
- # superuser = superuser and api_key.superuser
+ # superuser = superuser and api_key.full_access
if server_id is None:
self.redirect("/panel/error?error=Invalid Server ID")
@@ -242,7 +242,7 @@ class PanelHandler(BaseHandler):
api_key, _token_data, exec_user = self.current_user
superuser = exec_user["superuser"]
if api_key is not None:
- superuser = superuser and api_key.superuser
+ superuser = superuser and api_key.full_access
if superuser: # TODO: Figure out a better solution
defined_servers = self.controller.servers.list_defined_servers()
@@ -351,7 +351,7 @@ class PanelHandler(BaseHandler):
"created": api_key.created,
"server_permissions": api_key.server_permissions,
"crafty_permissions": api_key.crafty_permissions,
- "superuser": api_key.superuser,
+ "full_access": api_key.full_access,
}
if api_key is not None
else None
@@ -1358,6 +1358,9 @@ class PanelHandler(BaseHandler):
page_data["crafty_permissions_all"] = (
self.controller.crafty_perms.list_defined_crafty_permissions()
)
+ page_data["user_crafty_permissions"] = (
+ self.controller.crafty_perms.get_crafty_permissions_list(user_id)
+ )
if user_id is None:
self.redirect("/panel/error?error=Invalid User ID")
@@ -1505,8 +1508,6 @@ class PanelHandler(BaseHandler):
template = "panel/panel_edit_role.html"
elif page == "activity_logs":
- page_data["audit_logs"] = self.controller.management.get_activity_log()
-
template = "panel/activity_logs.html"
elif page == "download_file":
diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py
index 21e2d495..a3d89d25 100644
--- a/app/classes/web/public_handler.py
+++ b/app/classes/web/public_handler.py
@@ -48,7 +48,10 @@ class PublicHandler(BaseHandler):
}
if self.request.query:
- page_data["query"] = self.request.query_arguments.get("next")[0].decode()
+ request_query = self.request.query_arguments.get("next")
+ if not request_query:
+ self.redirect("/login")
+ page_data["query"] = request_query[0].decode()
# sensible defaults
template = "public/404.html"
diff --git a/app/classes/web/routes/api/crafty/clogs/index.py b/app/classes/web/routes/api/crafty/clogs/index.py
index 97a24a34..f42d7e2c 100644
--- a/app/classes/web/routes/api/crafty/clogs/index.py
+++ b/app/classes/web/routes/api/crafty/clogs/index.py
@@ -1,3 +1,5 @@
+import os
+import json
from app.classes.web.base_api_handler import BaseApiHandler
@@ -22,9 +24,17 @@ class ApiCraftyLogIndexHandler(BaseApiHandler):
raise NotImplementedError
if log_type == "audit":
+ with open(
+ os.path.join(self.controller.project_root, "logs", "audit.log"),
+ "r",
+ encoding="utf-8",
+ ) as f:
+ log_lines = [json.loads(line) for line in f]
+ rev_log_lines = log_lines[::-1]
+
return self.finish_json(
200,
- {"status": "ok", "data": self.controller.management.get_activity_log()},
+ {"status": "ok", "data": rev_log_lines},
)
if log_type == "session":
diff --git a/app/classes/web/routes/api/servers/server/action.py b/app/classes/web/routes/api/servers/server/action.py
index 526899b5..aba06da3 100644
--- a/app/classes/web/routes/api/servers/server/action.py
+++ b/app/classes/web/routes/api/servers/server/action.py
@@ -18,13 +18,14 @@ class ApiServersServerActionHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.COMMANDS
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.COMMANDS not in server_permissions:
# if the user doesn't have Commands permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/backups/backup/index.py b/app/classes/web/routes/api/servers/server/backups/backup/index.py
index 70ceb2b2..1b9ff915 100644
--- a/app/classes/web/routes/api/servers/server/backups/backup/index.py
+++ b/app/classes/web/routes/api/servers/server/backups/backup/index.py
@@ -26,12 +26,14 @@ class ApiServersServerBackupsBackupIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.BACKUP not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
self.finish_json(200, self.controller.management.get_backup_config(server_id))
@@ -41,12 +43,14 @@ class ApiServersServerBackupsBackupIndexHandler(BaseApiHandler):
backup_conf = self.controller.management.get_backup_config(server_id)
if not auth_data:
return
- if (
- EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.BACKUP not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -89,12 +93,14 @@ class ApiServersServerBackupsBackupIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.BACKUP not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/backups/index.py b/app/classes/web/routes/api/servers/server/backups/index.py
index 9e47bcfc..865fe25a 100644
--- a/app/classes/web/routes/api/servers/server/backups/index.py
+++ b/app/classes/web/routes/api/servers/server/backups/index.py
@@ -42,12 +42,14 @@ class ApiServersServerBackupsIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.BACKUP not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
self.finish_json(200, self.controller.management.get_backup_config(server_id))
@@ -82,13 +84,14 @@ class ApiServersServerBackupsIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.BACKUP not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/files.py b/app/classes/web/routes/api/servers/server/files.py
index 8e70d4fe..2951ff25 100644
--- a/app/classes/web/routes/api/servers/server/files.py
+++ b/app/classes/web/routes/api/servers/server/files.py
@@ -80,16 +80,16 @@ class ApiServersServerFilesIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
+ auth_data[4]["user_id"], server_id
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
- auth_data[4]["user_id"], server_id
- )
- and EnumPermissionsServer.BACKUP
- not in self.controller.server_perms.get_user_id_permissions_list(
- auth_data[4]["user_id"], server_id
- )
+ EnumPermissionsServer.FILES not in server_permissions
+ and EnumPermissionsServer.BACKUP not in server_permissions
):
# if the user doesn't have Files or Backup permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -197,13 +197,14 @@ class ApiServersServerFilesIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
@@ -254,13 +255,14 @@ class ApiServersServerFilesIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
@@ -307,13 +309,14 @@ class ApiServersServerFilesIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
@@ -373,13 +376,14 @@ class ApiServersServerFilesCreateHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
@@ -438,13 +442,14 @@ class ApiServersServerFilesCreateHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
@@ -504,13 +509,14 @@ class ApiServersServerFilesZipHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.FILES
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.FILES not in server_permissions:
# if the user doesn't have Files permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
try:
diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py
index 81035bd0..9bfc3a9a 100644
--- a/app/classes/web/routes/api/servers/server/index.py
+++ b/app/classes/web/routes/api/servers/server/index.py
@@ -102,13 +102,14 @@ class ApiServersServerIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Config permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -154,13 +155,14 @@ class ApiServersServerIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Config permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/logs.py b/app/classes/web/routes/api/servers/server/logs.py
index 94a8a71b..eb6ede00 100644
--- a/app/classes/web/routes/api/servers/server/logs.py
+++ b/app/classes/web/routes/api/servers/server/logs.py
@@ -30,13 +30,14 @@ class ApiServersServerLogsHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.LOGS
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.LOGS not in server_permissions:
# if the user doesn't have Logs permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py
index ba8400b7..ca2cd7d9 100644
--- a/app/classes/web/routes/api/servers/server/stdin.py
+++ b/app/classes/web/routes/api/servers/server/stdin.py
@@ -16,13 +16,14 @@ class ApiServersServerStdinHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.COMMANDS
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.COMMANDS not in server_permissions:
# if the user doesn't have Commands permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/tasks/index.py b/app/classes/web/routes/api/servers/server/tasks/index.py
index 8e98bbbe..0c03319c 100644
--- a/app/classes/web/routes/api/servers/server/tasks/index.py
+++ b/app/classes/web/routes/api/servers/server/tasks/index.py
@@ -78,13 +78,14 @@ class ApiServersServerTasksIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.SCHEDULE
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.SCHEDULE not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
data["server_id"] = server_id
diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py
index 742312a6..dac60762 100644
--- a/app/classes/web/routes/api/servers/server/tasks/task/index.py
+++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py
@@ -54,12 +54,14 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.SCHEDULE
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.SCHEDULE not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
self.finish_json(200, self.controller.management.get_scheduled_task(task_id))
@@ -68,12 +70,14 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.SCHEDULE
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.SCHEDULE not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -120,13 +124,14 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.SCHEDULE
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.SCHEDULE not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
diff --git a/app/classes/web/routes/api/servers/server/webhooks/index.py b/app/classes/web/routes/api/servers/server/webhooks/index.py
index 223171c8..2557c309 100644
--- a/app/classes/web/routes/api/servers/server/webhooks/index.py
+++ b/app/classes/web/routes/api/servers/server/webhooks/index.py
@@ -38,12 +38,14 @@ class ApiServersServerWebhooksIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
self.finish_json(
@@ -81,13 +83,14 @@ class ApiServersServerWebhooksIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
data["server_id"] = server_id
diff --git a/app/classes/web/routes/api/servers/server/webhooks/webhook/index.py b/app/classes/web/routes/api/servers/server/webhooks/webhook/index.py
index 4b58011e..c94aa975 100644
--- a/app/classes/web/routes/api/servers/server/webhooks/webhook/index.py
+++ b/app/classes/web/routes/api/servers/server/webhooks/webhook/index.py
@@ -39,12 +39,14 @@ class ApiServersServerWebhooksManagementIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
if (
@@ -66,12 +68,14 @@ class ApiServersServerWebhooksManagementIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user()
if not auth_data:
return
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -117,13 +121,14 @@ class ApiServersServerWebhooksManagementIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@@ -159,13 +164,14 @@ class ApiServersServerWebhooksManagementIndexHandler(BaseApiHandler):
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
-
- if (
- EnumPermissionsServer.CONFIG
- not in self.controller.server_perms.get_user_id_permissions_list(
+ mask = self.controller.server_perms.get_lowest_api_perm_mask(
+ self.controller.server_perms.get_user_permissions_mask(
auth_data[4]["user_id"], server_id
- )
- ):
+ ),
+ auth_data[5],
+ )
+ server_permissions = self.controller.server_perms.get_permissions(mask)
+ if EnumPermissionsServer.CONFIG not in server_permissions:
# if the user doesn't have Schedule permission, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
webhook = self.controller.management.get_webhook_by_id(webhook_id)
diff --git a/app/classes/web/routes/api/users/user/api.py b/app/classes/web/routes/api/users/user/api.py
index 9bdafadf..2abb8463 100644
--- a/app/classes/web/routes/api/users/user/api.py
+++ b/app/classes/web/routes/api/users/user/api.py
@@ -75,7 +75,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
"name": key.name,
"server_permissions": key.server_permissions,
"crafty_permissions": key.crafty_permissions,
- "superuser": key.superuser,
+ "full_access": key.full_access,
}
)
self.finish_json(
@@ -99,7 +99,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
"type": "string",
"pattern": "^[01]{3}$", # 8 bits, see EnumPermissionsCrafty
},
- "superuser": {"type": "boolean"},
+ "full_access": {"type": "boolean"},
},
"additionalProperties": False,
"minProperties": 1,
@@ -163,7 +163,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
key_id = self.controller.users.add_user_api_key(
data["name"],
user_id,
- data["superuser"],
+ data["full_access"],
data["server_permissions_mask"],
data["crafty_permissions_mask"],
)
diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py
index 62b76f3c..11853a47 100644
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@@ -30,7 +30,7 @@ class ServerHandler(BaseHandler):
) = self.current_user
superuser = exec_user["superuser"]
if api_key is not None:
- superuser = superuser and api_key.superuser
+ superuser = superuser and api_key.full_access
if superuser:
defined_servers = self.controller.servers.list_defined_servers()
@@ -124,7 +124,7 @@ class ServerHandler(BaseHandler):
"created": api_key.created,
"server_permissions": api_key.server_permissions,
"crafty_permissions": api_key.crafty_permissions,
- "superuser": api_key.superuser,
+ "full_access": api_key.full_access,
}
if api_key is not None
else None
diff --git a/app/classes/web/upload_handler.py b/app/classes/web/upload_handler.py
index 0667dd12..747fa63b 100644
--- a/app/classes/web/upload_handler.py
+++ b/app/classes/web/upload_handler.py
@@ -42,7 +42,7 @@ class UploadHandler(BaseHandler):
if self.upload_type == "server_import":
superuser = exec_user["superuser"]
if api_key is not None:
- superuser = superuser and api_key.superuser
+ superuser = superuser and api_key.full_access
user_id = exec_user["user_id"]
stream_size_value = self.helper.get_setting("stream_size_GB")
@@ -133,7 +133,7 @@ class UploadHandler(BaseHandler):
elif self.upload_type == "background":
superuser = exec_user["superuser"]
if api_key is not None:
- superuser = superuser and api_key.superuser
+ superuser = superuser and api_key.full_access
user_id = exec_user["user_id"]
stream_size_value = self.helper.get_setting("stream_size_GB")
@@ -212,7 +212,7 @@ class UploadHandler(BaseHandler):
server_id = self.get_argument("server_id", None)
superuser = exec_user["superuser"]
if api_key is not None:
- superuser = superuser and api_key.superuser
+ superuser = superuser and api_key.full_access
user_id = exec_user["user_id"]
stream_size_value = self.helper.get_setting("stream_size_GB")
diff --git a/app/config/logging.json b/app/config/logging.json
index fd1173eb..d0a20cdf 100644
--- a/app/config/logging.json
+++ b/app/config/logging.json
@@ -14,6 +14,9 @@
"auth": {
"format": "%(asctime)s - [AUTH] - %(levelname)s - %(message)s"
},
+ "audit": {
+ "()": "app.classes.logging.log_formatter.JsonFormatter"
+ },
"cmd_queue": {
"format": "%(asctime)s - [CMD_QUEUE] - %(levelname)s - %(message)s"
}
@@ -70,6 +73,14 @@
"maxBytes": 10485760,
"backupCount": 20,
"encoding": "utf8"
+ },
+ "audit_log_handler": {
+ "class": "logging.handlers.RotatingFileHandler",
+ "formatter": "audit",
+ "filename": "logs/audit.log",
+ "maxBytes": 10485760,
+ "backupCount": 20,
+ "encoding": "utf8"
}
},
"loggers": {
@@ -108,6 +119,12 @@
"cmd_queue_file_handler"
],
"propagate": false
+ },
+ "audit_log": {
+ "level": "INFO",
+ "handlers": [
+ "audit_log_handler"
+ ]
}
}
}
\ No newline at end of file
diff --git a/app/frontend/templates/panel/activity_logs.html b/app/frontend/templates/panel/activity_logs.html
index 389edaf5..e053e50e 100644
--- a/app/frontend/templates/panel/activity_logs.html
+++ b/app/frontend/templates/panel/activity_logs.html
@@ -36,25 +36,21 @@
Username | -Time | -Action | -Server ID | -IP | +Time | +Username | +Action | +Server ID | +IP |
---|---|---|---|---|---|---|---|---|---|
{{ row['user_name'] }} | -- {{ row['created'].strftime('%Y-%m-%d %H:%M:%S') }} + |
+ {{ translate('datatables', + 'loadingRecords', data['lang'])}} |
- {{ row['log_msg'] }} | -{{ row['server_id'] }} | -{{ row['source_ip'] }} |