Laying groundwork for roles patch

2024-08-30 18:23:09 +00:00 · 2023-03-13 15:54:44 -04:00 · 2023-03-13 15:54:44 -04:00 · 7aa0776cb5
commit 7aa0776cb5
parent 0b1d2d5dc6
2 changed files with 85 additions and 4 deletions
--- a/app/classes/web/routes/api/roles/role/index.py
+++ b/app/classes/web/routes/api/roles/role/index.py
@ -33,6 +33,35 @@ modify_role_schema = {
    "minProperties": 1,
 }
 basic_modify_role_schema = {
    "type": "object",
    "properties": {
        "name": {
            "type": "string",
            "minLength": 1,
        },
        "servers": {
            "type": "array",
            "items": {
                "type": "object",
                "properties": {
                    "server_id": {
                        "type": "integer",
                        "minimum": 1,
                    },
                    "permissions": {
                        "type": "string",
                        "pattern": "^[01]{8}$",  # 8 bits, see EnumPermissionsServer
                    },
                },
                "required": ["server_id", "permissions"],
            },
        },
    },
    "additionalProperties": False,
    "minProperties": 1,
 }
 class ApiRolesRoleIndexHandler(BaseApiHandler):
    def get(self, role_id: str):
@ -110,7 +139,10 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
            )
        try:
-            validate(data, modify_role_schema)
+            if auth_data[4]["superuser"]:
                validate(data, modify_role_schema)
            else:
                validate(data, basic_modify_role_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
--- a/app/frontend/templates/panel/panel_edit_role.html
+++ b/app/frontend/templates/panel/panel_edit_role.html
@ -50,9 +50,6 @@
          <div class="">
            <div class="">
              <form id="role_form" class="forms-sample" method="post" action="{{ '/panel/add_role' if data['new_role'] else '/panel/edit_role' }}">
                {% raw xsrf_form_html() %}
                <input type="hidden" name="id" value="{{ data['role']['role_id'] }}">
                <input type="hidden" name="subpage" value="config">
                <div class="card">
                  <div class="card-header header-sm d-flex justify-content-between align-items-center">
@ -321,9 +318,61 @@
        return r ? r[1] : undefined;
    }
    function gather_server_json() {
      servers = [];
      for (s = 0; s < page_servers.length; s++){
        mask = ""
      for (i = 0; i < permissions.length; i++){
        if ($(`permission_${page_servers[s].id}_${permissions[i]}`).prop('checked')){
          mask += "1"
        }else{
          mask += "0"
        }
      }
      servers.push(JSON.stringify({"id": page_servers[s].id, "permissions": mask}));
    }
    return servers;
    }
    $( document ).ready(function() {
        console.log( "ready!" );
    });
    const roleId = new URLSearchParams(document.location.search).get('id');
    $("#config_form").on("submit", async function (e) {
      e.preventDefault();
      var token = getCookie("_xsrf")
      let configForm = document.getElementById("config_form");
      let formData = new FormData(configForm);
      //Create an object from the form data entries
      let formDataObject = Object.fromEntries(formData.entries());
      let send_object = Object()
      send_object.servers = []
      send_object.name = formDataObject.role_name
      // Format the plain form data as JSON
      let formDataJsonString = JSON.stringify(formDataObject, replacer);
      let res = await fetch(`/api/v2/roles/${roleId}`, {
        method: 'PATCH',
        headers: {
          'X-XSRFToken': token
        },
        body: formDataJsonString,
      });
      let responseData = await res.json();
      if (responseData.status === "ok") {
        window.location.reload();
      } else {
        bootbox.alert({
          title: responseData.error,
          message: responseData.error_data
          });
      } 
    });
 </script>