Merge branch 'tweak/server-directories' into 'dev'

Make server directories non-configurable

See merge request crafty-controller/crafty-4!511

CHANGELOG.md

@@ -11,7 +11,7 @@ TBD
 - Remove Pathlib from sub path check ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/507))
 - Fix root dir selection in Upload Zip Import ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/508))
 ### Tweaks
-TBD
+- Make server directories non-configurable ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/511))
 ### Lang
 TBD
 <br><br>

app/classes/web/panel_handler.py

@@ -808,9 +808,15 @@ class PanelHandler(BaseHandler):
                 user_roles_list = self.controller.users.get_user_roles_names(
                     user.user_id
                 )
-                user_servers = self.controller.servers.get_authorized_servers(
-                    user.user_id
-                )
+                try:
+                    user_servers = self.controller.servers.get_authorized_servers(
+                        user.user_id
+                    )
+                except:
+                    return self.redirect(
+                        "/panel/error?error=Cannot load panel config"
+                        " while servers are unloaded"
+                    )
                 servers = []
                 for server in user_servers:
                     if server.name not in servers:
@@ -1606,7 +1612,6 @@ class PanelHandler(BaseHandler):
                 if Helpers.validate_traversal(
                     self.helper.get_servers_root_dir(), server_path
                 ):
-                    server_obj.path = server_path
                     server_obj.log_path = log_path
                 if Helpers.validate_traversal(
                     self.helper.get_servers_root_dir(), executable
@@ -1618,7 +1623,6 @@ class PanelHandler(BaseHandler):
                 server_obj.executable_update_url = executable_update_url
                 server_obj.show_status = show_status
             else:
-                server_obj.path = server_obj.path
                 server_obj.log_path = server_obj.log_path
                 server_obj.executable = server_obj.executable
                 server_obj.execution_command = execution_command

app/classes/web/routes/api/servers/server/index.py

@@ -90,7 +90,8 @@ class ApiServersServerIndexHandler(BaseApiHandler):
         server_obj = self.controller.servers.get_server_obj(server_id)
         for key in data:
             # If we don't validate the input there could be security issues
-            setattr(server_obj, key, data[key])
+            if key != "path":
+                setattr(server_obj, key, data[key])
         self.controller.servers.update_server(server_obj)
 
         self.controller.management.add_to_audit_log(

app/frontend/templates/panel/server_config.html

@@ -62,9 +62,10 @@
                   <label for="server_path">{{ translate('serverConfig', 'serverPath', data['lang']) }} <small
                       class="text-muted ml-1"> - {{ translate('serverConfig', 'serverPathDesc', data['lang']) }}</small>
                   </label>
-                  <input type="text" class="form-control" name="server_path" id="server_path"
-                    value="{{ data['server_stats']['server_id']['path']  }}"
-                    placeholder="{{ translate('serverConfig', 'serverPath', data['lang']) }}" required>
+                  <div class="card-header header-sm d-flex justify-content-between align-items-center">
+                    <span style="color: gray;   font-size: 12px;">{{ data['server_stats']['server_id']['path'] }}</span>
+                    🔒
+                  </div>
 
                 </div>
                 {% if data['server_stats']['server_type'] != "minecraft-bedrock" %}