Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor subpage perm checks

Browse Source 
Fix bug where subpages people don't still have access to are retained
This commit is contained in:
amcmanu3
2024-01-16 19:21:00 -05:00
parent 27678e93ca
commit ba8737f007
1 changed files with 43 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
app/classes/web/panel_handler.py
View File

@ -28,6 +28,17 @@ from app.classes.web.base_handler import BaseHandler
from app.classes.web.webhooks.webhook_factory import WebhookFactory
logger = logging.getLogger(__name__)
SUBPAGE_PERMS = {
"term": EnumPermissionsServer.TERMINAL,
"logs": EnumPermissionsServer.LOGS,
"schedules": EnumPermissionsServer.SCHEDULE,
"backup": EnumPermissionsServer.BACKUP,
"files": EnumPermissionsServer.FILES,
"config": EnumPermissionsServer.CONFIG,
"admin_controls": EnumPermissionsServer.PLAYERS,
"metrics": EnumPermissionsServer.LOGS,
"webhooks": EnumPermissionsServer.CONFIG,
}
class PanelHandler(BaseHandler):
@ -138,6 +149,11 @@ class PanelHandler(BaseHandler):
# increasing and will eat up the RAM
del chunk
def check_subpage_perms(self, user_perms, subpage):
if SUBPAGE_PERMS.get(subpage, False) in user_perms:
return True
return False
def check_server_id(self):
server_id = self.get_argument("id", None)
@ -489,8 +505,17 @@ class PanelHandler(BaseHandler):
server_id = self.check_server_id()
# load page the user was on last
server_subpage = self.controller.servers.server_subpage.get(server_id, "")
if subpage == "" and server_subpage != "":
subpage = self.controller.servers.server_subpage.get(server_id, "")
if (
subpage == ""
and server_subpage != ""
and self.check_subpage_perms(
self.controller.server_perms.get_user_id_permissions_list(
exec_user["user_id"], server_id
),
server_subpage,
)
):
subpage = server_subpage
else:
self.controller.servers.server_subpage[server_id] = subpage
if server_id is None:
@ -502,16 +527,6 @@ class PanelHandler(BaseHandler):
page_data["backup_failed"] = server_obj.last_backup_status()
server_obj = None
valid_subpages = [
"term",
"logs",
"backup",
"config",
"files",
"admin_controls",
"schedules",
"metrics",
]
if not self.failed_server:
server = self.controller.servers.get_server_instance_by_id(server_id)
# server_data isn't needed since the server_stats also pulls server data
@ -577,7 +592,6 @@ class PanelHandler(BaseHandler):
page_data["get_players"] = server.get_server_players()
else:
page_data["get_players"] = []
page_data["active_link"] = subpage
page_data["permissions"] = {
"Commands": EnumPermissionsServer.COMMANDS,
"Terminal": EnumPermissionsServer.TERMINAL,
@ -601,83 +615,33 @@ class PanelHandler(BaseHandler):
page_data["server_stats"][
"server_type"
] = self.controller.servers.get_server_type_by_id(server_id)
if subpage not in valid_subpages:
logger.debug("not a valid subpage")
if not subpage:
if (
page_data["permissions"]["Terminal"]
in page_data["user_permissions"]
):
subpage = "term"
elif page_data["permissions"]["Logs"] in page_data["user_permissions"]:
subpage = "logs"
elif (
page_data["permissions"]["Schedule"]
in page_data["user_permissions"]
):
subpage = "schedules"
elif (
page_data["permissions"]["Backup"] in page_data["user_permissions"]
):
subpage = "backup"
elif page_data["permissions"]["Files"] in page_data["user_permissions"]:
subpage = "files"
elif (
page_data["permissions"]["Config"] in page_data["user_permissions"]
):
subpage = "config"
elif (
page_data["permissions"]["Players"] in page_data["user_permissions"]
):
subpage = "admin_controls"
else:
for spage, perm in SUBPAGE_PERMS.items():
if perm in page_data["user_permissions"]:
subpage = spage
break
# If we still don't have a subpage we're going to assume they
# have no perms
if not subpage:
self.redirect("/panel/error?error=Unauthorized access to Server")
page_data["active_link"] = subpage
logger.debug(f'Subpage: "{subpage}"')
if subpage == "term":
if (
not page_data["permissions"]["Terminal"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect(
"/panel/error?error=Unauthorized access to Terminal"
)
return
if subpage == "logs":
if (
not page_data["permissions"]["Logs"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect("/panel/error?error=Unauthorized access to Logs")
return
if (
not self.check_subpage_perms(page_data["user_permissions"], subpage)
and not superuser
):
return self.redirect(
f"/panel/error?error=Unauthorized access to {subpage}"
)
if subpage == "schedules":
if (
not page_data["permissions"]["Schedule"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect(
"/panel/error?error=Unauthorized access To Schedules"
)
return
page_data["schedules"] = HelpersManagement.get_schedules_by_server(
server_id
)
if subpage == "config":
if (
not page_data["permissions"]["Config"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect(
"/panel/error?error=Unauthorized access Server Config"
)
return
page_data["java_versions"] = Helpers.find_java_installs()
server_obj: Servers = self.controller.servers.get_server_obj(server_id)
page_data["failed"] = self.failed_server
@ -691,26 +655,7 @@ class PanelHandler(BaseHandler):
page_java.append(version)
page_data["java_versions"] = page_java
if subpage == "files":
if (
not page_data["permissions"]["Files"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect("/panel/error?error=Unauthorized access Files")
return
if subpage == "backup":
if (
not page_data["permissions"]["Backup"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect(
"/panel/error?error=Unauthorized access to Backups"
)
return
server_info = self.controller.servers.get_server_data_by_id(server_id)
page_data[
"backup_config"
@ -761,15 +706,6 @@ class PanelHandler(BaseHandler):
server_id, hours=(days * 24)
)
if subpage == "webhooks":
if (
not page_data["permissions"]["Config"]
in page_data["user_permissions"]
):
if not superuser:
self.redirect(
"/panel/error?error=Unauthorized access to Webhooks Config"
)
return
page_data[
"webhooks"
] = self.controller.management.get_webhooks_by_server(