diff --git a/DBCHANGES.md b/DBCHANGES.md index adcad4ae..749ea3ea 100644 --- a/DBCHANGES.md +++ b/DBCHANGES.md @@ -39,18 +39,21 @@ import peewee def migrate(migrator, database, **kwargs): + db = database + #Copy Paste here the class of the New Table from models.py class NewTable(peewee.Model): my_id = peewee.IntegerField(unique=True, primary_key=True) class Meta: table_name = 'new_table' - database = database - create_table(NewTable) + database = db + + migrator.create_table(NewTable) def rollback(migrator, database, **kwargs): - drop_table('new_table') # Can be model class OR table name + migrator.drop_table('new_table') # Can be model class OR table name ``` diff --git a/app/classes/shared/models.py b/app/classes/shared/models.py index d7314f12..e3a5bf0a 100644 --- a/app/classes/shared/models.py +++ b/app/classes/shared/models.py @@ -118,7 +118,7 @@ class Servers(Model): class Meta: table_name = "servers" database = database - + class User_Servers(Model): user_id = ForeignKeyField(Users, backref='user_server') @@ -506,36 +506,17 @@ class db_shortcuts: @staticmethod def server_id_authorized(serverId, user_id): - userServer = User_Servers.select().where(User_Servers.server_id == serverId) - authorized = userServer.select().where(User_Servers.user_id == user_id) + authorized = 0 + user_roles = User_Roles.select().where(User_Roles.user_id == user_id) + for role in user_roles: + authorized = (Role_Servers.select().where(Role_Servers.role_id == role.role_id)) + #authorized = db_helper.return_rows(authorized) if authorized.count() == 0: return False return True - @staticmethod - def server_id_authorized_from_roles(serverId, user_id): - cpt_authorized = 0 - roles_list = [] - role_server = [] - authorized = [] - user_roles = User_Roles.select().where(User_Roles.user_id == user_id) - - for u in user_roles: - roles_list.append(db_helper.get_role(u.role_id)) - - for r in roles_list: - role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id')) - - for s in role_test: - if s.server_id.server_id == serverId: - cpt_authorized += 1 - - if cpt_authorized == 0: - return False - return True - @staticmethod def get_latest_hosts_stats(): query = Host_Stats.select().order_by(Host_Stats.id.desc()).get() @@ -615,7 +596,7 @@ class db_shortcuts: def add_user_server(server_id, user_id, us_permissions): servers = User_Servers.insert({User_Servers.server_id: server_id, User_Servers.user_id: user_id, User_Servers.permissions: us_permissions}).execute() return servers - + @staticmethod def add_role_server(server_id, role_id, rs_permissions="00000000"): servers = Role_Servers.insert({Role_Servers.server_id: server_id, Role_Servers.role_id: role_id, Role_Servers.permissions: rs_permissions}).execute() diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index c765974c..06e4881c 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -139,7 +139,7 @@ class PanelHandler(BaseHandler): if exec_user['superuser'] != 1: if not db_helper.server_id_authorized(server_id, exec_user_id): - if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): + if not db_helper.server_id_authorized(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") return False @@ -212,7 +212,7 @@ class PanelHandler(BaseHandler): if exec_user['superuser'] != 1: #if not db_helper.server_id_authorized(server_id, exec_user_id): - if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): + if not db_helper.server_id_authorized(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") return @@ -261,7 +261,7 @@ class PanelHandler(BaseHandler): if exec_user['superuser'] != 1: #if not db_helper.server_id_authorized(server_id, exec_user_id): - if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): + if not db_helper.server_id_authorized(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") return @@ -516,9 +516,8 @@ class PanelHandler(BaseHandler): if not exec_user['superuser']: if not db_helper.server_id_authorized(server_id, exec_user_id): - if not db_helper.server_id_authorized_from_roles(server_id, exec_user_id): - self.redirect("/panel/error?error=Unauthorized access: invalid server id") - return + self.redirect("/panel/error?error=Unauthorized access: invalid server id") + return elif server_id is None: self.redirect("/panel/error?error=Invalid Server ID") return diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index f0a0d082..bfc5c109 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -242,7 +242,7 @@ let server_id = '{{ data['server_stats']['server_id']['server_id'] }}'; className: 'btn-danger', }, cancel: { - label: "{{ translate('serverConfig', 'noDeleteFiles') }}", + label: "{{ translate('serverConfig', 'noDeleteFiles') }}", className: 'btn-link', } },