Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bug/API_Users' into 'dev'

Browse Source 
Fix bug where any user could see all stats

See merge request crafty-controller/crafty-commander!242
This commit is contained in:
Andrew 2022-04-10 21:32:56 +00:00
commit bb66b85b9d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/classes/web/api_handler.py
View File

@ -95,9 +95,15 @@ class ServersStats(ApiHandler):
def get(self): def get(self):
"""Get details about all servers""" """Get details about all servers"""
authenticated = self.authenticate_user() authenticated = self.authenticate_user()
user_obj = self.controller.users.get_user_by_api_token(self.api_token)
if not authenticated: if not authenticated:
return return
if user_obj["superuser"]:
raw_stats = self.controller.servers.get_all_servers_stats() raw_stats = self.controller.servers.get_all_servers_stats()
else:
raw_stats = self.controller.servers.get_authorized_servers_stats(
user_obj["user_id"]
)
stats = [] stats = []
for rs in raw_stats: for rs in raw_stats:
s = {} s = {}