Merge branch 'bugfix/clone-server' into 'dev'

Do not allow users at server limit to clone servers

See merge request crafty-controller/crafty-4!718

CHANGELOG.md

@@ -7,6 +7,7 @@ TBD
 ### Bug fixes
 - Fix Bedrock cert issues ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/719))
 - Make sure default.json is read from correct location ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/714))
+- Do not allow users at server limit to clone servers ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/718))
 ### Tweaks
 - Bump pyOpenSSL & cryptography for CVE-2024-0727, CVE-2023-50782 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/716))
 ### Lang

app/classes/web/routes/api/servers/server/action.py

@@ -30,7 +30,15 @@ class ApiServersServerActionHandler(BaseApiHandler):
             return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
 
         if action == "clone_server":
-            return self._clone_server(server_id, auth_data[4]["user_id"])
+            if (
+                self.controller.crafty_perms.can_create_server(auth_data[4]["user_id"])
+                or auth_data[4]["superuser"]
+            ):
+                self._clone_server(server_id, auth_data[4]["user_id"])
+                return self.finish_json(200, {"status": "ok"})
+            return self.finish_json(
+                200, {"status": "error", "error": "SERVER_LIMIT_REACHED"}
+            )
         if action == "eula":
             return self._agree_eula(server_id, auth_data[4]["user_id"])
 
@@ -94,6 +102,13 @@ class ApiServersServerActionHandler(BaseApiHandler):
             user_id,
             server_data.get("server_port"),
         )
+        for role in self.controller.server_perms.get_server_roles(server_id):
+            mask = self.controller.server_perms.get_permissions_mask(
+                role.role_id, server_id
+            )
+            self.controller.server_perms.add_role_server(
+                new_server_id, role.role_id, mask
+            )
 
         self.controller.servers.init_all_servers()
 

app/frontend/templates/panel/dashboard.html

@@ -598,26 +598,30 @@
 </script>
 <script>
 
-  function send_command(server_id, command) {
+  async function send_command(server_id, command) {
     /* this getCookie function is in base.html */
     const token = getCookie("_xsrf");
-    $.ajax({
+    let res = await fetch(`/api/v2/servers/${server_id}/action/${command}`, {
-      type: "POST",
+      method: 'POST',
-      headers: { 'X-XSRFToken': token },
+      headers: {
-      url: `/api/v2/servers/${server_id}/action/${command}`,
+        'token': token,
-      success: function (data) {
+      },
-        console.log("got response:");
-        console.log(data);
-        if (command === "clone_server" && data.status === "ok") {
-          window.location.reload();
-        }
-        /*setTimeout(function () {
-          if (command != 'start_server') {
-            location.reload();
-          }
-        }, 10000);*/
-      }
     });
+    let responseData = await res.json();
+    if (responseData.status === "ok") {
+      if (command === "clone_server"){
+        window.location.reload()
+      }
+      console.log("Command received successfully")
+    } else {
+      setTimeout(function(){
+        $('.modal').modal('hide');
+      bootbox.alert({
+        title: responseData.status,
+        message: responseData.error
+      });
+      }, 2000)
+    }
   }