Merge branch 'bugfix/api-permissions' into 'dev'

Fix bug where full access gives minimal access

See merge request crafty-controller/crafty-4!768

CHANGELOG.md

@@ -4,6 +4,7 @@
 TBD
 ### Bug fixes
 - Fix zip imports so the root dir selection is functional ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/764))
+- Fix bug where full access gives minimal access ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/768))
 ### Tweaks
 - Add info note to default creds file ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/760))
 - Remove navigation label from sidebar ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/766))

app/classes/web/base_handler.py

@@ -6,6 +6,7 @@ import nh3
 import tornado.web
 
 from app.classes.models.crafty_permissions import EnumPermissionsCrafty
+from app.classes.models.server_permissions import EnumPermissionsServer
 from app.classes.models.users import ApiKeys
 from app.classes.shared.helpers import Helpers
 from app.classes.shared.file_helpers import FileHelpers
@@ -195,6 +196,8 @@ class BaseHandler(tornado.web.RequestHandler):
             if api_key is not None:
                 superuser = superuser and api_key.full_access
                 server_permissions_api_mask = api_key.server_permissions
+                if api_key.full_access:
+                    server_permissions_api_mask = "1" * len(EnumPermissionsServer)
             exec_user_role = set()
             if superuser:
                 authorized_servers = self.controller.servers.get_all_defined_servers()