diff --git a/CHANGELOG.md b/CHANGELOG.md
index 994a0217..cfdb4842 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,11 +3,18 @@
### New features
TBD
### Bug fixes
-TBD
+- Fix zip imports so the root dir selection is functional ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/764))
+- Fix bug where full access gives minimal access ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/768))
+- Bump tornado & requests for sec advisories ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/774))
+- Ensure audit.log exists or create it on Crafty startup ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/771))
+- Fix typing issue on ID comparison causing general users to not be able to delete their own API keys ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/775))
### Tweaks
-TBD
+- Add info note to default creds file ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/760))
+- Remove navigation label from sidebar ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/766))
+- Add a thread dump to support logs ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/769))
+- Remove text from status page and use symbols ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/770))
### Lang
-TBD
+- Add remaining `he_IL`, `th_TH` translations for 4.4.0 Release ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/761))
## --- [4.4.0] - 2024/05/11
diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py
index 66feff91..e31486ea 100644
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@@ -1,4 +1,5 @@
import os
+import sys
import pathlib
from pathlib import Path
from datetime import datetime
@@ -251,6 +252,19 @@ class Controller:
# Copy crafty logs to archive dir
full_log_name = os.path.join(crafty_path, "logs")
FileHelpers.copy_dir(os.path.join(self.project_root, "logs"), full_log_name)
+ thread_dump = ""
+ for thread in threading.enumerate():
+ if sys.version_info >= (3, 8):
+ thread_dump += (
+ f"Name: {thread.name}\tIdentifier:"
+ f" {thread.ident}\tTID/PID: {thread.native_id}\n"
+ )
+ else:
+ print(f"Name: {thread.name}\tIdentifier: {thread.ident}")
+ with open(
+ os.path.join(temp_dir, "crafty_thread_dump.txt"), "a", encoding="utf-8"
+ ) as f:
+ f.write(thread_dump)
self.support_scheduler.add_job(
self.log_status,
"interval",
diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py
index 7cca08e8..2d9261ea 100644
--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@@ -6,6 +6,7 @@ import nh3
import tornado.web
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
+from app.classes.models.server_permissions import EnumPermissionsServer
from app.classes.models.users import ApiKeys
from app.classes.shared.helpers import Helpers
from app.classes.shared.file_helpers import FileHelpers
@@ -195,6 +196,8 @@ class BaseHandler(tornado.web.RequestHandler):
if api_key is not None:
superuser = superuser and api_key.full_access
server_permissions_api_mask = api_key.server_permissions
+ if api_key.full_access:
+ server_permissions_api_mask = "1" * len(EnumPermissionsServer)
exec_user_role = set()
if superuser:
authorized_servers = self.controller.servers.get_all_defined_servers()
diff --git a/app/classes/web/routes/api/users/user/api.py b/app/classes/web/routes/api/users/user/api.py
index 3891ef83..4baac898 100644
--- a/app/classes/web/routes/api/users/user/api.py
+++ b/app/classes/web/routes/api/users/user/api.py
@@ -217,7 +217,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
)
if (
- target_key.user_id != auth_data[4]["user_id"]
+ str(target_key.user_id) != str(auth_data[4]["user_id"])
and not auth_data[4]["superuser"]
):
return self.finish_json(
diff --git a/app/frontend/static/assets/js/shared/root-dir.js b/app/frontend/static/assets/js/shared/root-dir.js
index 6882b577..1f82c2f5 100644
--- a/app/frontend/static/assets/js/shared/root-dir.js
+++ b/app/frontend/static/assets/js/shared/root-dir.js
@@ -41,7 +41,7 @@ async function getTreeView(path, unzip = false, upload = false) {
let responseData = await res.json();
if (responseData.status === "ok") {
console.log(responseData);
- process_tree_response(responseData);
+ process_tree_response(responseData, unzip);
let x = document.querySelector('.bootbox');
if (x) {
x.remove()
@@ -61,7 +61,7 @@ async function getTreeView(path, unzip = false, upload = false) {
}
}
-function process_tree_response(response) {
+function process_tree_response(response, unzip) {
const styles = window.getComputedStyle(document.getElementById("lower_half"));
//If this value is still hidden we know the user is executing a zip import and not an upload
if (styles.visibility === "hidden") {
@@ -70,7 +70,9 @@ function process_tree_response(response) {
document.getElementById('upload_submit').disabled = false;
}
let path = response.data.root_path.path;
- $(".root-input").val(response.data.root_path.path);
+ if (unzip) {
+ $(".root-input").val(response.data.root_path.path);
+ }
let text = `