From a1e8b7afe71d690a049cb5f451687a6b9db61af3 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sat, 17 Dec 2022 12:21:15 -0500
Subject: [PATCH] Make server directories non-configurable

---
 app/classes/web/panel_handler.py                   | 14 +++++++++-----
 app/classes/web/routes/api/servers/server/index.py |  3 ++-
 app/frontend/templates/panel/server_config.html    |  7 ++++---
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 6c6b398f..322ca807 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -808,9 +808,15 @@ class PanelHandler(BaseHandler):
                 user_roles_list = self.controller.users.get_user_roles_names(
                     user.user_id
                 )
-                user_servers = self.controller.servers.get_authorized_servers(
-                    user.user_id
-                )
+                try:
+                    user_servers = self.controller.servers.get_authorized_servers(
+                        user.user_id
+                    )
+                except:
+                    return self.redirect(
+                        "/panel/error?error=Cannot load panel config"
+                        " while servers are unloaded"
+                    )
                 servers = []
                 for server in user_servers:
                     if server.name not in servers:
@@ -1606,7 +1612,6 @@ class PanelHandler(BaseHandler):
                 if Helpers.validate_traversal(
                     self.helper.get_servers_root_dir(), server_path
                 ):
-                    server_obj.path = server_path
                     server_obj.log_path = log_path
                 if Helpers.validate_traversal(
                     self.helper.get_servers_root_dir(), executable
@@ -1618,7 +1623,6 @@ class PanelHandler(BaseHandler):
                 server_obj.executable_update_url = executable_update_url
                 server_obj.show_status = show_status
             else:
-                server_obj.path = server_obj.path
                 server_obj.log_path = server_obj.log_path
                 server_obj.executable = server_obj.executable
                 server_obj.execution_command = execution_command
diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py
index 11f8620b..3d5e3e2f 100644
--- a/app/classes/web/routes/api/servers/server/index.py
+++ b/app/classes/web/routes/api/servers/server/index.py
@@ -90,7 +90,8 @@ class ApiServersServerIndexHandler(BaseApiHandler):
         server_obj = self.controller.servers.get_server_obj(server_id)
         for key in data:
             # If we don't validate the input there could be security issues
-            setattr(server_obj, key, data[key])
+            if key != "path":
+                setattr(server_obj, key, data[key])
         self.controller.servers.update_server(server_obj)
 
         self.controller.management.add_to_audit_log(
diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html
index d0c0d42f..d1310a91 100644
--- a/app/frontend/templates/panel/server_config.html
+++ b/app/frontend/templates/panel/server_config.html
@@ -62,9 +62,10 @@
                   <label for="server_path">{{ translate('serverConfig', 'serverPath', data['lang']) }} <small
                       class="text-muted ml-1"> - {{ translate('serverConfig', 'serverPathDesc', data['lang']) }}</small>
                   </label>
-                  <input type="text" class="form-control" name="server_path" id="server_path"
-                    value="{{ data['server_stats']['server_id']['path']  }}"
-                    placeholder="{{ translate('serverConfig', 'serverPath', data['lang']) }}" required>
+                  <div class="card-header header-sm d-flex justify-content-between align-items-center">
+                    <span style="color: gray;   font-size: 12px;">{{ data['server_stats']['server_id']['path'] }}</span>
+                    🔒
+                  </div>
 
                 </div>
                 {% if data['server_stats']['server_type'] != "minecraft-bedrock" %}