Users Access to Servers from Roles Working

Broke Users Servers Link

app/classes/shared/controller.py

@@ -10,7 +10,7 @@ from distutils import dir_util
 from app.classes.shared.helpers import helper
 from app.classes.shared.console import console
 
-from app.classes.shared.models import db_helper, Servers
+from app.classes.shared.models import db_helper, Servers, User_Servers
 
 from app.classes.shared.server import Server
 from app.classes.minecraft.server_props import ServerProps
@@ -109,7 +109,9 @@ class Controller:
         
     @staticmethod
     def list_authorized_servers(userId):
-        servers = db_helper.get_authorized_servers(userId)
+        #servers = db_helper.get_authorized_servers(userId)
+        servers = db_helper.get_authorized_servers_from_roles(userId)
+        logger.debug("servers list = {}".format(servers))
         return servers
 
     def get_server_data(self, server_id):
@@ -335,6 +337,7 @@ class Controller:
                     self.stop_server(server_id)
 
                 # remove the server from the DB
+                User_Servers.delete().where(User_Servers.server_id == server_id).execute()
                 Servers.delete().where(Servers.server_id == server_id).execute()
 
                 # remove the server from servers list
@@ -342,5 +345,4 @@ class Controller:
 
             counter += 1
 
-
 controller = Controller()

app/classes/shared/models.py

@@ -279,6 +279,26 @@ class db_shortcuts:
             server_data.append(db_helper.get_server_data_by_id(u.server_id))
 
         return server_data
+        
+    @staticmethod
+    def get_authorized_servers_from_roles(userId):
+        userRoles = User_Roles.select().where(User_Roles.user_id == userId)
+        roles_list = []
+        roleServer = []
+        server_data = []
+
+        for u in userRoles:
+            roles_list.append(db_helper.get_role(u.role_id))
+            
+        for r in roles_list:
+            role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
+            for t in role_test:
+                roleServer.append(t)
+
+        for s in roleServer:
+            server_data.append(db_helper.get_server_data_by_id(s.server_id))
+
+        return server_data
 
     @staticmethod
     def get_all_servers_stats():
@@ -304,6 +324,31 @@ class db_shortcuts:
             server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
         return server_data
 
+        
+    @staticmethod
+    def get_authorized_servers_stats_from_roles(userId):
+        userRoles = User_Roles.select().where(User_Roles.user_id == userId)
+        roles_list = []
+        roleServer = []
+        authorizedServers = []
+        server_data = []
+
+        for u in userRoles:
+            roles_list.append(db_helper.get_role(u.role_id))
+            
+        for r in roles_list:
+            role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
+            for t in role_test:
+                roleServer.append(t)
+
+        for s in roleServer:
+            authorizedServers.append(db_helper.get_server_data_by_id(s.server_id))
+
+        for s in authorizedServers:
+            latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1)
+            server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
+        return server_data
+
     @staticmethod
     def get_server_stats_by_id(server_id):
         stats = Server_Stats.select().where(Server_Stats.server_id == server_id).order_by(Server_Stats.created.desc()).limit(1)
@@ -325,6 +370,28 @@ class db_shortcuts:
             return False
         return True
 
+    @staticmethod
+    def server_id_authorized_from_roles(serverId, userId):
+        cpt_authorized = 0
+        roles_list = []
+        roleServer = []
+        authorized = []
+        userRoles = User_Roles.select().where(User_Roles.user_id == userId)
+        
+        for u in userRoles:
+            roles_list.append(db_helper.get_role(u.role_id))
+            
+        for r in roles_list:
+            role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
+
+        for s in role_test:
+            if s.server_id.server_id == serverId:
+                cpt_authorized += 1
+
+        if cpt_authorized == 0:
+            return False
+        return True
+
     @staticmethod
     def get_latest_hosts_stats():
         query = Host_Stats.select().order_by(Host_Stats.id.desc()).get()
@@ -441,6 +508,7 @@ class db_shortcuts:
 
     @staticmethod
     def remove_user(user_id):
+        User_Servers.delete().where(User_Servers.user_id == user_id).execute()
         user = Users.get(Users.user_id == user_id)
         return user.delete_instance()
 
@@ -508,6 +576,7 @@ class db_shortcuts:
 
     @staticmethod
     def remove_role(role_id):
+        Role_Servers.delete().where(Role_Servers.role_id == role_id).execute()
         role = Roles.get(Roles.role_id == role_id)
         return role.delete_instance()
 

app/classes/web/panel_handler.py

@@ -32,17 +32,22 @@ class PanelHandler(BaseHandler):
         userId = user_data['user_id']
         user = db_helper.get_user(userId)
         
+        user_role = []
         if user['superuser'] == 1:
             defined_servers = controller.list_defined_servers()
+            user_role = {"Super User"}
         else:
             defined_servers = controller.list_authorized_servers(userId)
-
+            for r in user['roles']:
+                role = db_helper.get_role(r)
+                user_role.append(role['role_name'])
 
         page_data = {
             # todo: make this actually pull and compare version data
             'update_available': False,
             'version_data': helper.get_version_string(),
             'user_data': user_data,
+            'user_role' : user_role,
             'server_stats': {
                 'total': len(defined_servers),
                 'running': len(controller.list_running_servers()),
@@ -91,7 +96,8 @@ class PanelHandler(BaseHandler):
             if user['superuser'] == 1:
                 page_data['servers'] = db_helper.get_all_servers_stats()
             else:
-                page_data['servers'] = db_helper.get_authorized_servers_stats(userId)
+                #page_data['servers'] = db_helper.get_authorized_servers_stats(userId)
+                page_data['servers'] = db_helper.get_authorized_servers_stats_from_roles(userId)
 
             for s in page_data['servers']:
                 try:
@@ -117,9 +123,11 @@ class PanelHandler(BaseHandler):
                     self.redirect("/panel/error?error=Invalid Server ID")
                     return False
 
-                if not db_helper.server_id_authorized(server_id, userId):
+                if user['superuser'] != 1:
-                    self.redirect("/panel/error?error=Invalid Server ID")
+                    #if not db_helper.server_id_authorized(server_id, userId):
-                    return False
+                    if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
+                        self.redirect("/panel/error?error=Invalid Server ID")
+                        return False
 
             valid_subpages = ['term', 'logs', 'config', 'files', 'admin_controls']
 
@@ -338,7 +346,7 @@ class PanelHandler(BaseHandler):
             user_data = json.loads(self.get_secure_cookie("user_data"))
             exec_user = db_helper.get_user(user_data['user_id'])
 
-            if not exec_user.superuser:
+            if not exec_user['superuser']:
                 self.redirect("/panel/error?error=Unauthorized access: not superuser")
                 return False
             elif server_id is None:

app/classes/web/server_handler.py

@@ -32,6 +32,19 @@ class ServerHandler(BaseHandler):
     def get(self, page):
         # name = tornado.escape.json_decode(self.current_user)
         user_data = json.loads(self.get_secure_cookie("user_data"))
+        
+        userId = user_data['user_id']
+        user = db_helper.get_user(userId)
+        
+        user_role = []
+        if user['superuser'] == 1:
+            defined_servers = controller.list_defined_servers()
+            user_role = "Super User"
+        else:
+            defined_servers = controller.list_authorized_servers(userId)
+            for r in user['roles']:
+                role = db_helper.get_role(r)
+                user_role.append(role['role_name'])
 
         template = "public/404.html"
 
@@ -40,6 +53,7 @@ class ServerHandler(BaseHandler):
         page_data = {
             'version_data': helper.get_version_string(),
             'user_data': user_data,
+            'user_role' : user_role,
             'server_stats': {
                 'total': len(controller.list_defined_servers()),
                 'running': len(controller.list_running_servers()),

app/frontend/templates/notify.html

@@ -23,7 +23,10 @@
         <div class="dropdown-header text-center">
           <img class="img-md rounded-circle" src="/static/assets/images/faces-clipart/pic-1.png" alt="Profile image">
           <p class="mb-1 mt-3 font-weight-semibold">{{ data['user_data']['username'] }}</p>
-          <p class="font-weight-light text-muted mb-0">Role: Admin</p>
+          <p class="font-weight-light text-muted mb-0">Roles: </p>
+          {% for r in data['user_role'] %}            
+            <p class="font-weight-light text-muted mb-0">{{ r }}</p>
+          {% end %}
         </div>
         <a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a>
         <a class="dropdown-item" href="/public/login"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a>

requirements.txt

@@ -4,7 +4,7 @@ certifi==2020.6.20
 cffi==1.14.1
 chardet==3.0.4
 colorama==0.4.3
-cryptography==3.0
+cryptography==3.4
 idna==2.10
 packaging==20.4
 peewee==3.13.3