mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Fix bug where any user could see all stats
This commit is contained in:
parent
d0b17c8d5d
commit
63c199a835
@ -95,9 +95,15 @@ class ServersStats(ApiHandler):
|
||||
def get(self):
|
||||
"""Get details about all servers"""
|
||||
authenticated = self.authenticate_user()
|
||||
user_obj = self.controller.users.get_user_by_api_token(self.api_token)
|
||||
if not authenticated:
|
||||
return
|
||||
raw_stats = self.controller.servers.get_all_servers_stats()
|
||||
if user_obj["superuser"]:
|
||||
raw_stats = self.controller.servers.get_all_servers_stats()
|
||||
else:
|
||||
raw_stats = self.controller.servers.get_authorized_servers_stats(
|
||||
user_obj["user_id"]
|
||||
)
|
||||
stats = []
|
||||
for rs in raw_stats:
|
||||
s = {}
|
||||
|
Loading…
Reference in New Issue
Block a user