From b39e0e3a627753257d4941a99be8022bc13ff429 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 6 Aug 2021 00:34:57 -0400 Subject: [PATCH] Added users to servers. Fixed some bugs with assigning users to role/servers. Fixed bug where user could not edit server config --- app/classes/shared/controller.py | 11 ++-- app/classes/shared/models.py | 52 +++++++++++++----- app/classes/web/panel_handler.py | 53 +++++++++++++------ .../templates/panel/panel_edit_user.html | 4 +- 4 files changed, 87 insertions(+), 33 deletions(-) diff --git a/app/classes/shared/controller.py b/app/classes/shared/controller.py index 272615a4..74174e27 100644 --- a/app/classes/shared/controller.py +++ b/app/classes/shared/controller.py @@ -112,10 +112,15 @@ class Controller: @staticmethod def list_authorized_servers(userId): - #servers = db_helper.get_authorized_servers(userId) - servers = db_helper.get_authorized_servers_from_roles(userId) + servers = db_helper.get_authorized_servers(userId) + server_list = [] + for item in servers: + server_list.append(item) + role_servers = db_helper.get_authorized_servers_from_roles(userId) + for item in role_servers: + server_list.append(item) logger.debug("servers list = {}".format(servers)) - return servers + return server_list def get_server_data(self, server_id): for s in self.servers_list: diff --git a/app/classes/shared/models.py b/app/classes/shared/models.py index 13a37aaa..4402d02a 100644 --- a/app/classes/shared/models.py +++ b/app/classes/shared/models.py @@ -130,6 +130,16 @@ class Servers(BaseModel): class Meta: table_name = "servers" + +class User_Servers(BaseModel): + user_id = ForeignKeyField(Users, backref='user_server') + server_id = ForeignKeyField(Servers, backref='user_server') + + class Meta: + table_name = 'user_servers' + primary_key = CompositeKey('user_id', 'server_id') + + class Role_Servers(BaseModel): role_id = ForeignKeyField(Roles, backref='role_server') server_id = ForeignKeyField(Servers, backref='role_server') @@ -222,6 +232,7 @@ class db_builder: Users, Roles, User_Roles, + User_Servers, Host_Stats, Webhooks, Servers, @@ -396,13 +407,28 @@ class db_shortcuts: user_servers = User_Servers.select().where(User_Servers.user_id == user_id) authorized_servers = [] server_data = [] + user_roles = User_Roles.select().where(User_Roles.user_id == user_id) + roles_list = [] + role_server = [] for u in user_servers: authorized_servers.append(db_helper.get_server_data_by_id(u.server_id)) + for u in user_roles: + roles_list.append(db_helper.get_role(u.role_id)) + + for r in roles_list: + role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id')) + for t in role_test: + role_server.append(t) + + for s in role_server: + authorized_servers.append(db_helper.get_server_data_by_id(s.server_id)) + for s in authorized_servers: - latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1) - server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)}) + latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by( + Server_Stats.created.desc()).limit(1) + server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)[0]}) return server_data @@ -531,13 +557,13 @@ class db_shortcuts: roles = set() for r in roles_query: roles.add(r.role_id.role_id) - #servers_query = User_Servers.select().join(Servers, JOIN.INNER).where(User_Servers.user_id == user_id) + servers_query = User_Servers.select().join(Servers, JOIN.INNER).where(User_Servers.user_id == user_id) ## TODO: this query needs to be narrower servers = set() - #for s in servers_query: - # servers.add(s.server_id.server_id) + for s in servers_query: + servers.add(s.server_id.server_id) user['roles'] = roles - #user['servers'] = servers + user['servers'] = servers #logger.debug("user: ({}) {}".format(user_id, user)) return user @@ -557,7 +583,7 @@ class db_shortcuts: superuser: False, api_token: None, roles: [], - servers: [] + servers: [], } user = model_to_dict(Users.get(Users.user_id == user_id)) @@ -583,9 +609,9 @@ class db_shortcuts: elif key == "roles": added_roles = user_data['roles'].difference(base_data['roles']) removed_roles = base_data['roles'].difference(user_data['roles']) - #elif key == "servers": - # added_servers = user_data['servers'].difference(base_data['servers']) - # removed_servers = base_data['servers'].difference(user_data['servers']) + elif key == "servers": + added_servers = user_data['servers'].difference(base_data['servers']) + removed_servers = base_data['servers'].difference(user_data['servers']) elif key == "regen_api": if user_data['regen_api']: up_data['api_token'] = db_shortcuts.new_api_token() @@ -602,10 +628,10 @@ class db_shortcuts: # TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point User_Roles.delete().where(User_Roles.user_id == user_id).where(User_Roles.role_id.in_(removed_roles)).execute() - #for server in added_servers: - # User_Servers.get_or_create(user_id=user_id, server_id=server) + for server in added_servers: + User_Servers.get_or_create(user_id=user_id, server_id=server) # # TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point - #User_Servers.delete().where(User_Servers.user_id == user_id).where(User_Servers.server_id.in_(removed_servers)).execute() + User_Servers.delete().where(User_Servers.user_id == user_id).where(User_Servers.server_id.in_(removed_servers)).execute() if up_data: Users.update(up_data).where(Users.user_id == user_id).execute() diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index e5f578d3..dab6af8f 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -53,7 +53,7 @@ class PanelHandler(BaseHandler): 'running': len(self.controller.list_running_servers()), 'stopped': (len(self.controller.list_defined_servers()) - len(self.controller.list_running_servers())) }, - 'menu_servers': defined_servers, + 'menu_servers': self.controller.list_authorized_servers(exec_user_id), 'hosts_data': db_helper.get_latest_hosts_stats(), 'show_contribute': helper.get_setting("show_contribute_link", True), 'error': error, @@ -109,10 +109,9 @@ class PanelHandler(BaseHandler): if exec_user['superuser'] == 1: page_data['servers'] = db_helper.get_all_servers_stats() else: - #page_data['servers'] = db_helper.get_authorized_servers_stats(exec_user_id) - ras = db_helper.get_authorized_servers_stats_from_roles(exec_user_id) - logger.debug("ASFR: {}".format(ras)) - page_data['servers'] = ras + user_auth = db_helper.get_authorized_servers_stats(exec_user_id) + logger.debug("ASFR: {}".format(user_auth)) + page_data['servers'] = user_auth for s in page_data['servers']: try: @@ -137,10 +136,10 @@ class PanelHandler(BaseHandler): return if exec_user['superuser'] != 1: - #if not db_helper.server_id_authorized(server_id, exec_user_id): - if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): - self.redirect("/panel/error?error=Invalid Server ID") - return False + if not db_helper.server_id_authorized(server_id, exec_user_id): + if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): + self.redirect("/panel/error?error=Invalid Server ID") + return False valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls'] @@ -286,10 +285,17 @@ class PanelHandler(BaseHandler): template = "panel/panel_edit_user.html" elif page == "edit_user": - page_data['new_user'] = False user_id = self.get_argument('id', None) + role_servers = db_helper.get_authorized_servers_stats_from_roles(user_id) + user_servers = db_helper.get_authorized_servers(user_id) + servers = set() + for server in role_servers: + servers.add(server['server_id']) + for server in user_servers: + servers.add(server['server_id']) + page_data['new_user'] = False page_data['user'] = db_helper.get_user(user_id) - page_data['servers'] = db_helper.get_authorized_servers_stats_from_roles(user_id) + page_data['servers'] = servers page_data['roles_all'] = db_helper.get_all_roles() page_data['servers_all'] = self.controller.list_defined_servers() @@ -433,8 +439,10 @@ class PanelHandler(BaseHandler): subpage = self.get_argument('subpage', None) if not exec_user['superuser']: - self.redirect("/panel/error?error=Unauthorized access: not superuser") - return + if not db_helper.server_id_authorized(server_id, exec_user_id): + if not db_helper.server_id_authorized_from_roles(server_id, exec_user_id): + self.redirect("/panel/error?error=Unauthorized access: invalid server id") + return elif server_id is None: self.redirect("/panel/error?error=Invalid Server ID") return @@ -538,17 +546,28 @@ class PanelHandler(BaseHandler): if argument: roles.add(role.role_id) + servers = set() + for server in self.controller.list_defined_servers(): + argument = int(float( + bleach.clean( + self.get_argument('server_{}_access'.format(server['server_id']), '0') + ) + )) + if argument: + servers.add(server['server_id']) + user_data = { "username": username, "password": password0, "enabled": enabled, "regen_api": regen_api, "roles": roles, + "servers": servers, } db_helper.update_user(user_id, user_data=user_data) db_helper.add_to_audit_log(exec_user['user_id'], - "Edited user {} (UID:{}) with roles {}".format(username, user_id, roles), + "Edited user {} (UID:{}) with roles {} and servers {}".format(username, user_id, roles, servers), server_id=0, source_ip=self.get_remote_ip()) self.redirect("/panel/panel_config") @@ -597,7 +616,11 @@ class PanelHandler(BaseHandler): servers.add(server['server_id']) user_id = db_helper.add_user(username, password=password0, enabled=enabled) - db_helper.update_user(user_id, {"roles":roles}) + user_data = { + "roles": roles, + "servers": servers, + } + db_helper.update_user(user_id, user_data) db_helper.add_to_audit_log(exec_user['user_id'], "Added user {} (UID:{})".format(username, user_id), diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html index 36ff4120..022a738e 100644 --- a/app/frontend/templates/panel/panel_edit_user.html +++ b/app/frontend/templates/panel/panel_edit_user.html @@ -123,9 +123,9 @@ {{ server['server_name'] }} {% if server['server_id'] in data['servers'] %} - + {% else %} - + {% end %}