Fix bug where any user could see all stats

This commit is contained in:
amcmanu3 2022-04-10 17:30:48 -04:00
parent d0b17c8d5d
commit 63c199a835

View File

@ -95,9 +95,15 @@ class ServersStats(ApiHandler):
def get(self):
"""Get details about all servers"""
authenticated = self.authenticate_user()
user_obj = self.controller.users.get_user_by_api_token(self.api_token)
if not authenticated:
return
if user_obj["superuser"]:
raw_stats = self.controller.servers.get_all_servers_stats()
else:
raw_stats = self.controller.servers.get_authorized_servers_stats(
user_obj["user_id"]
)
stats = []
for rs in raw_stats:
s = {}