diff --git a/CHANGELOG.md b/CHANGELOG.md index 994a0217..cfdb4842 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,11 +3,18 @@ ### New features TBD ### Bug fixes -TBD +- Fix zip imports so the root dir selection is functional ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/764)) +- Fix bug where full access gives minimal access ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/768)) +- Bump tornado & requests for sec advisories ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/774)) +- Ensure audit.log exists or create it on Crafty startup ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/771)) +- Fix typing issue on ID comparison causing general users to not be able to delete their own API keys ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/775)) ### Tweaks -TBD +- Add info note to default creds file ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/760)) +- Remove navigation label from sidebar ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/766)) +- Add a thread dump to support logs ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/769)) +- Remove text from status page and use symbols ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/770)) ### Lang -TBD +- Add remaining `he_IL`, `th_TH` translations for 4.4.0 Release ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/761))

## --- [4.4.0] - 2024/05/11 diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py index 66feff91..e31486ea 100644 --- a/app/classes/shared/main_controller.py +++ b/app/classes/shared/main_controller.py @@ -1,4 +1,5 @@ import os +import sys import pathlib from pathlib import Path from datetime import datetime @@ -251,6 +252,19 @@ class Controller: # Copy crafty logs to archive dir full_log_name = os.path.join(crafty_path, "logs") FileHelpers.copy_dir(os.path.join(self.project_root, "logs"), full_log_name) + thread_dump = "" + for thread in threading.enumerate(): + if sys.version_info >= (3, 8): + thread_dump += ( + f"Name: {thread.name}\tIdentifier:" + f" {thread.ident}\tTID/PID: {thread.native_id}\n" + ) + else: + print(f"Name: {thread.name}\tIdentifier: {thread.ident}") + with open( + os.path.join(temp_dir, "crafty_thread_dump.txt"), "a", encoding="utf-8" + ) as f: + f.write(thread_dump) self.support_scheduler.add_job( self.log_status, "interval", diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 7cca08e8..2d9261ea 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -6,6 +6,7 @@ import nh3 import tornado.web from app.classes.models.crafty_permissions import EnumPermissionsCrafty +from app.classes.models.server_permissions import EnumPermissionsServer from app.classes.models.users import ApiKeys from app.classes.shared.helpers import Helpers from app.classes.shared.file_helpers import FileHelpers @@ -195,6 +196,8 @@ class BaseHandler(tornado.web.RequestHandler): if api_key is not None: superuser = superuser and api_key.full_access server_permissions_api_mask = api_key.server_permissions + if api_key.full_access: + server_permissions_api_mask = "1" * len(EnumPermissionsServer) exec_user_role = set() if superuser: authorized_servers = self.controller.servers.get_all_defined_servers() diff --git a/app/classes/web/routes/api/users/user/api.py b/app/classes/web/routes/api/users/user/api.py index 3891ef83..4baac898 100644 --- a/app/classes/web/routes/api/users/user/api.py +++ b/app/classes/web/routes/api/users/user/api.py @@ -217,7 +217,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler): ) if ( - target_key.user_id != auth_data[4]["user_id"] + str(target_key.user_id) != str(auth_data[4]["user_id"]) and not auth_data[4]["superuser"] ): return self.finish_json( diff --git a/app/frontend/static/assets/js/shared/root-dir.js b/app/frontend/static/assets/js/shared/root-dir.js index 6882b577..1f82c2f5 100644 --- a/app/frontend/static/assets/js/shared/root-dir.js +++ b/app/frontend/static/assets/js/shared/root-dir.js @@ -41,7 +41,7 @@ async function getTreeView(path, unzip = false, upload = false) { let responseData = await res.json(); if (responseData.status === "ok") { console.log(responseData); - process_tree_response(responseData); + process_tree_response(responseData, unzip); let x = document.querySelector('.bootbox'); if (x) { x.remove() @@ -61,7 +61,7 @@ async function getTreeView(path, unzip = false, upload = false) { } } -function process_tree_response(response) { +function process_tree_response(response, unzip) { const styles = window.getComputedStyle(document.getElementById("lower_half")); //If this value is still hidden we know the user is executing a zip import and not an upload if (styles.visibility === "hidden") { @@ -70,7 +70,9 @@ function process_tree_response(response) { document.getElementById('upload_submit').disabled = false; } let path = response.data.root_path.path; - $(".root-input").val(response.data.root_path.path); + if (unzip) { + $(".root-input").val(response.data.root_path.path); + } let text = `