Merge branch 'bug/API_Users' into 'dev'

Fix bug where any user could see all stats

See merge request crafty-controller/crafty-commander!242
This commit is contained in:
Andrew 2022-04-10 21:32:56 +00:00
commit bb66b85b9d

View File

@ -95,9 +95,15 @@ class ServersStats(ApiHandler):
def get(self):
"""Get details about all servers"""
authenticated = self.authenticate_user()
user_obj = self.controller.users.get_user_by_api_token(self.api_token)
if not authenticated:
return
raw_stats = self.controller.servers.get_all_servers_stats()
if user_obj["superuser"]:
raw_stats = self.controller.servers.get_all_servers_stats()
else:
raw_stats = self.controller.servers.get_authorized_servers_stats(
user_obj["user_id"]
)
stats = []
for rs in raw_stats:
s = {}