Merge branch 'bugfix/clone-server' into 'dev'

Do not allow users at server limit to clone servers See merge request crafty-controller/crafty-4!718
2024-08-30 18:23:09 +00:00 · 2024-02-20 03:15:11 +00:00 · 2024-02-20 03:15:11 +00:00 · 6bf03d5c33
commit 6bf03d5c33
parent f9dc4083b9 0c16e99925
3 changed files with 38 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,7 @@ TBD
 ### Bug fixes
 - Fix Bedrock cert issues ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/719))
 - Make sure default.json is read from correct location ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/714))
+- Do not allow users at server limit to clone servers ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/718))
 ### Tweaks
 - Bump pyOpenSSL & cryptography for CVE-2024-0727, CVE-2023-50782 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/716))
 ### Lang
--- a/app/classes/web/routes/api/servers/server/action.py
+++ b/app/classes/web/routes/api/servers/server/action.py
@ -30,7 +30,15 @@ class ApiServersServerActionHandler(BaseApiHandler):
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if action == "clone_server":
-            return self._clone_server(server_id, auth_data[4]["user_id"])
+            if (
+                self.controller.crafty_perms.can_create_server(auth_data[4]["user_id"])
+                or auth_data[4]["superuser"]
+            ):
+                self._clone_server(server_id, auth_data[4]["user_id"])
+                return self.finish_json(200, {"status": "ok"})
+            return self.finish_json(
+                200, {"status": "error", "error": "SERVER_LIMIT_REACHED"}
+            )
        if action == "eula":
            return self._agree_eula(server_id, auth_data[4]["user_id"])

@ -94,6 +102,13 @@ class ApiServersServerActionHandler(BaseApiHandler):
            user_id,
            server_data.get("server_port"),
        )
+        for role in self.controller.server_perms.get_server_roles(server_id):
+            mask = self.controller.server_perms.get_permissions_mask(
+                role.role_id, server_id
+            )
+            self.controller.server_perms.add_role_server(
+                new_server_id, role.role_id, mask
+            )

        self.controller.servers.init_all_servers()

--- a/app/frontend/templates/panel/dashboard.html
+++ b/app/frontend/templates/panel/dashboard.html
@ -598,26 +598,30 @@
 </script>
 <script>

-  function send_command(server_id, command) {
+  async function send_command(server_id, command) {
    /* this getCookie function is in base.html */
    const token = getCookie("_xsrf");
-    $.ajax({
-      type: "POST",
-      headers: { 'X-XSRFToken': token },
-      url: `/api/v2/servers/${server_id}/action/${command}`,
-      success: function (data) {
-        console.log("got response:");
-        console.log(data);
-        if (command === "clone_server" && data.status === "ok") {
-          window.location.reload();
-        }
-        /*setTimeout(function () {
-          if (command != 'start_server') {
-            location.reload();
-          }
-        }, 10000);*/
-      }
+    let res = await fetch(`/api/v2/servers/${server_id}/action/${command}`, {
+      method: 'POST',
+      headers: {
+        'token': token,
+      },
    });
+    let responseData = await res.json();
+    if (responseData.status === "ok") {
+      if (command === "clone_server"){
+        window.location.reload()
+      }
+      console.log("Command received successfully")
+    } else {
+      setTimeout(function(){
+        $('.modal').modal('hide');
+      bootbox.alert({
+        title: responseData.status,
+        message: responseData.error
+      });
+      }, 2000)
+    }
  }