mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Updated user manager to support server selection
This commit is contained in:
parent
8bba57d950
commit
d91361efa5
@ -118,7 +118,7 @@ class User_Servers(BaseModel):
|
|||||||
|
|
||||||
|
|
||||||
class Role_Servers(BaseModel):
|
class Role_Servers(BaseModel):
|
||||||
user_id = ForeignKeyField(Roles, backref='role_server')
|
role_id = ForeignKeyField(Roles, backref='role_server')
|
||||||
server_id = ForeignKeyField(Servers, backref='role_server')
|
server_id = ForeignKeyField(Servers, backref='role_server')
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
@ -198,6 +198,8 @@ class db_builder:
|
|||||||
Host_Stats,
|
Host_Stats,
|
||||||
Webhooks,
|
Webhooks,
|
||||||
Servers,
|
Servers,
|
||||||
|
User_Servers,
|
||||||
|
Role_Servers,
|
||||||
Server_Stats,
|
Server_Stats,
|
||||||
Commands,
|
Commands,
|
||||||
Audit_Log
|
Audit_Log
|
||||||
@ -316,33 +318,69 @@ class db_shortcuts:
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_user(uid):
|
def get_user(user_id):
|
||||||
query = Users.select(Users, Roles).join(User_Roles, JOIN.LEFT_OUTER).join(Roles, JOIN.LEFT_OUTER).where(Users.user_id == uid)
|
user = model_to_dict(Users.get(Users.user_id == user_id))
|
||||||
query = [model_to_dict(r) for r in query]
|
|
||||||
if len(query) > 0:
|
if user:
|
||||||
user = query[0].copy()
|
roles_query = User_Roles.select().join(Roles, JOIN.INNER).where(User_Roles.user_id == user_id)
|
||||||
|
# TODO: this query needs to be narrower
|
||||||
|
roles = set()
|
||||||
|
for r in roles_query:
|
||||||
|
roles.add(r.role_id.role_id)
|
||||||
|
servers_query = User_Servers.select().join(Servers, JOIN.INNER).where(User_Servers.user_id == user_id)
|
||||||
|
# TODO: this query needs to be narrower
|
||||||
|
servers = set()
|
||||||
|
for s in servers_query:
|
||||||
|
servers.add(s.server_id.server_id)
|
||||||
|
user['roles'] = roles
|
||||||
|
user['servers'] = servers
|
||||||
|
logger.debug("user: ({}) {}".format(user_id, user))
|
||||||
return user
|
return user
|
||||||
else:
|
else:
|
||||||
|
logger.debug("user: ({}) {}".format(user_id, {}))
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def update_user(user_id, user_data={}):
|
def update_user(user_id, user_data={}):
|
||||||
base_data = db_helper.get_user(user_id)
|
base_data = db_helper.get_user(user_id)
|
||||||
up_data = {}
|
up_data = {}
|
||||||
|
added_roles = set()
|
||||||
|
removed_roles = set()
|
||||||
|
added_servers = set()
|
||||||
|
removed_servers = set()
|
||||||
for key in user_data:
|
for key in user_data:
|
||||||
if key == "user_id":
|
if key == "user_id":
|
||||||
continue
|
continue
|
||||||
elif key == "roles":
|
elif key == "roles":
|
||||||
continue
|
added_roles = user_data['roles'].difference(base_data['roles'])
|
||||||
|
removed_roles = base_data['roles'].difference(user_data['roles'])
|
||||||
|
elif key == "servers":
|
||||||
|
added_servers = user_data['servers'].difference(base_data['servers'])
|
||||||
|
removed_servers = base_data['servers'].difference(user_data['servers'])
|
||||||
elif key == "regen_api":
|
elif key == "regen_api":
|
||||||
|
if user_data['regen_api']:
|
||||||
up_data['api_token'] = db_shortcuts.new_api_token()
|
up_data['api_token'] = db_shortcuts.new_api_token()
|
||||||
elif key == "password":
|
elif key == "password":
|
||||||
|
if user_data['password'] is not None and user_data['password'] != "":
|
||||||
up_data['password'] = helper.encode_pass(user_data['password'])
|
up_data['password'] = helper.encode_pass(user_data['password'])
|
||||||
elif base_data[key] != user_data[key]:
|
elif base_data[key] != user_data[key]:
|
||||||
up_data[key] = user_data[key]
|
up_data[key] = user_data[key]
|
||||||
|
logger.debug("user: {} +role:{} -role:{} +server:{} -server{}".format(user_data, added_roles, removed_roles, added_servers, removed_servers))
|
||||||
|
with database.atomic():
|
||||||
|
for role in added_roles:
|
||||||
|
User_Roles.get_or_create(user_id=user_id, role_id=role)
|
||||||
|
# TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point
|
||||||
|
User_Roles.delete().where(User_Roles.user_id == user_id).where(User_Roles.role_id.in_(removed_roles)).execute()
|
||||||
|
|
||||||
|
for server in added_servers:
|
||||||
|
User_Servers.get_or_create(user_id=user_id, server_id=server)
|
||||||
|
# TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point
|
||||||
|
User_Servers.delete().where(User_Servers.user_id == user_id).where(User_Servers.server_id.in_(removed_servers)).execute()
|
||||||
|
if up_data:
|
||||||
Users.update(up_data).where(Users.user_id == user_id).execute()
|
Users.update(up_data).where(Users.user_id == user_id).execute()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def add_user(username, password=None, api_token=None, enabled=True, superuser=False):
|
def add_user(username, password=None, api_token=None, enabled=True, superuser=False):
|
||||||
if password is not None:
|
if password is not None:
|
||||||
|
@ -120,6 +120,10 @@ class PanelHandler(BaseHandler):
|
|||||||
|
|
||||||
elif page == 'panel_config':
|
elif page == 'panel_config':
|
||||||
page_data['users'] = db_helper.get_all_users()
|
page_data['users'] = db_helper.get_all_users()
|
||||||
|
exec_user = db_helper.get_user(user_data['user_id'])
|
||||||
|
for user in page_data['users']:
|
||||||
|
if user.user_id != exec_user['user_id']:
|
||||||
|
user.api_token = "********"
|
||||||
template = "panel/panel_config.html"
|
template = "panel/panel_config.html"
|
||||||
|
|
||||||
elif page == "add_user":
|
elif page == "add_user":
|
||||||
@ -129,9 +133,15 @@ class PanelHandler(BaseHandler):
|
|||||||
page_data['user']['user_id'] = -1
|
page_data['user']['user_id'] = -1
|
||||||
page_data['user']['enabled'] = True
|
page_data['user']['enabled'] = True
|
||||||
page_data['user']['superuser'] = False
|
page_data['user']['superuser'] = False
|
||||||
page_data['user']['roles'] = []
|
page_data['user']['api_token'] = "N/A"
|
||||||
|
page_data['user']['created'] = "N/A"
|
||||||
|
page_data['user']['last_login'] = "N/A"
|
||||||
|
page_data['user']['last_ip'] = "N/A"
|
||||||
|
page_data['user']['roles'] = set()
|
||||||
|
page_data['user']['servers'] = set()
|
||||||
|
|
||||||
page_data['roles_all'] = db_helper.get_all_roles()
|
page_data['roles_all'] = db_helper.get_all_roles()
|
||||||
|
page_data['servers_all'] = controller.list_defined_servers()
|
||||||
template = "panel/panel_edit_user.html"
|
template = "panel/panel_edit_user.html"
|
||||||
|
|
||||||
elif page == "edit_user":
|
elif page == "edit_user":
|
||||||
@ -139,6 +149,12 @@ class PanelHandler(BaseHandler):
|
|||||||
uid = self.get_argument('id', None)
|
uid = self.get_argument('id', None)
|
||||||
page_data['user'] = db_helper.get_user(uid)
|
page_data['user'] = db_helper.get_user(uid)
|
||||||
page_data['roles_all'] = db_helper.get_all_roles()
|
page_data['roles_all'] = db_helper.get_all_roles()
|
||||||
|
page_data['servers_all'] = controller.list_defined_servers()
|
||||||
|
|
||||||
|
exec_user = db_helper.get_user(user_data['user_id'])
|
||||||
|
|
||||||
|
if exec_user['user_id'] != page_data['user']['user_id']:
|
||||||
|
page_data['user']['api_token'] = "********"
|
||||||
template = "panel/panel_edit_user.html"
|
template = "panel/panel_edit_user.html"
|
||||||
|
|
||||||
elif page == "remove_user":
|
elif page == "remove_user":
|
||||||
@ -269,17 +285,38 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Passwords must match")
|
self.redirect("/panel/error?error=Passwords must match")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
roles = set()
|
||||||
|
for server in db_helper.get_all_roles():
|
||||||
|
argument = int(float(
|
||||||
|
bleach.clean(
|
||||||
|
self.get_argument('role_{}_membership'.format(role['role_id']), '0')
|
||||||
|
)
|
||||||
|
))
|
||||||
|
if argument:
|
||||||
|
servers.add(role['role_id'])
|
||||||
|
|
||||||
|
servers = set()
|
||||||
|
for server in controller.list_defined_servers():
|
||||||
|
argument = int(float(
|
||||||
|
bleach.clean(
|
||||||
|
self.get_argument('server_{}_access'.format(server['server_id']), '0')
|
||||||
|
)
|
||||||
|
))
|
||||||
|
if argument:
|
||||||
|
servers.add(server['server_id'])
|
||||||
|
|
||||||
user_data = {
|
user_data = {
|
||||||
"username": username,
|
"username": username,
|
||||||
"password": password0,
|
"password": password0,
|
||||||
"enabled": enabled,
|
"enabled": enabled,
|
||||||
"regen_api": regen_api,
|
"regen_api": regen_api,
|
||||||
"roles": []
|
"roles": roles,
|
||||||
|
"servers": servers
|
||||||
}
|
}
|
||||||
db_helper.update_user(user_id, user_data=user_data)
|
db_helper.update_user(user_id, user_data=user_data)
|
||||||
|
|
||||||
db_helper.add_to_audit_log(exec_user['user_id'],
|
db_helper.add_to_audit_log(exec_user['user_id'],
|
||||||
"Edited user {} (UID:{})".format(username, user_id),
|
"Edited user {} (UID:{}) with roles {} and servers {}".format(username, user_id, roles, servers),
|
||||||
server_id=0,
|
server_id=0,
|
||||||
source_ip=self.get_remote_ip())
|
source_ip=self.get_remote_ip())
|
||||||
self.redirect("/panel/panel_config")
|
self.redirect("/panel/panel_config")
|
||||||
@ -309,14 +346,35 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Passwords must match")
|
self.redirect("/panel/error?error=Passwords must match")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
roles = set()
|
||||||
|
for server in db_helper.get_all_roles():
|
||||||
|
argument = int(float(
|
||||||
|
bleach.clean(
|
||||||
|
self.get_argument('role_{}_membership'.format(role['role_id']), '0')
|
||||||
|
)
|
||||||
|
))
|
||||||
|
if argument:
|
||||||
|
roles.add(role['role_id'])
|
||||||
|
|
||||||
|
servers = set()
|
||||||
|
for server in controller.list_defined_servers():
|
||||||
|
argument = int(float(
|
||||||
|
bleach.clean(
|
||||||
|
self.get_argument('server_{}_access'.format(server['server_id']), '0')
|
||||||
|
)
|
||||||
|
))
|
||||||
|
if argument:
|
||||||
|
servers.add(server['server_id'])
|
||||||
|
|
||||||
user_id = db_helper.add_user(username, password=password0, enabled=enabled)
|
user_id = db_helper.add_user(username, password=password0, enabled=enabled)
|
||||||
|
db_helper.update_user(user_id, {"roles":roles, "servers": servers})
|
||||||
|
|
||||||
db_helper.add_to_audit_log(exec_user['user_id'],
|
db_helper.add_to_audit_log(exec_user['user_id'],
|
||||||
"Added user {} (UID:{})".format(username, user_id),
|
"Added user {} (UID:{})".format(username, user_id),
|
||||||
server_id=0,
|
server_id=0,
|
||||||
source_ip=self.get_remote_ip())
|
source_ip=self.get_remote_ip())
|
||||||
db_helper.add_to_audit_log(exec_user['user_id'],
|
db_helper.add_to_audit_log(exec_user['user_id'],
|
||||||
"Edited user {} (UID:{})".format(username, user_id),
|
"Edited user {} (UID:{}) with roles {} and servers {}".format(username, user_id, roles, servers),
|
||||||
server_id=0,
|
server_id=0,
|
||||||
source_ip=self.get_remote_ip())
|
source_ip=self.get_remote_ip())
|
||||||
self.redirect("/panel/panel_config")
|
self.redirect("/panel/panel_config")
|
@ -75,11 +75,6 @@
|
|||||||
<input type="password" class="form-control" name="password1" id="password1" value="" placeholder="Repeat Password" >
|
<input type="password" class="form-control" name="password1" id="password1" value="" placeholder="Repeat Password" >
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="auto_start_delay">Server Autostart Delay <small class="text-muted ml-1"> - Delay before auto starting (if enabled below)</small> </label>
|
|
||||||
<input type="number" class="form-control" name="auto_start_delay" id="auto_start_delay" value="{{ 10 }}" step="1" max="999" min="10" >
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="role_membership">Roles <small class="text-muted ml-1"> - the roles this user is a member of</small> </label>
|
<label for="role_membership">Roles <small class="text-muted ml-1"> - the roles this user is a member of</small> </label>
|
||||||
<div class="table-responsive">
|
<div class="table-responsive">
|
||||||
@ -95,15 +90,10 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td>{{ role.role_name }}</td>
|
<td>{{ role.role_name }}</td>
|
||||||
<td>
|
<td>
|
||||||
{% if role.role_name in data['user']['roles'] %}
|
{% if role['role_id'] in data['user']['roles'] %}
|
||||||
<span class="text-success">
|
<input type="checkbox" class="form-check-input" id="role_{{ role['role_id'] }}_access" name="role_{{ role['role_id'] }}_access" checked="" value="1">
|
||||||
<i class="fas fa-check-square"></i> Yes
|
|
||||||
</span>
|
|
||||||
{% else %}
|
{% else %}
|
||||||
<span class="text-danger">
|
<input type="checkbox" class="form-check-input" id="role_{{ role['role_id'] }}_access" name="role_{{ role['role_id'] }}_access" value="1">
|
||||||
<i class="far fa-times-square"></i> No
|
|
||||||
</span>
|
|
||||||
|
|
||||||
{% end %}
|
{% end %}
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
@ -115,6 +105,35 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="server_membership">Servers <small class="text-muted ml-1"> - servers this user is allowed to access </small> </label>
|
||||||
|
<div class="table-responsive">
|
||||||
|
<table class="table">
|
||||||
|
<thead>
|
||||||
|
<tr class="rounded">
|
||||||
|
<th>Server Name</th>
|
||||||
|
<th>Access?</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{% for server in data['servers_all'] %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ server['server_name'] }}</td>
|
||||||
|
<td>
|
||||||
|
{% if server['server_id'] in data['user']['servers'] %}
|
||||||
|
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" checked="" value="1">
|
||||||
|
{% else %}
|
||||||
|
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" value="1">
|
||||||
|
{% end %}
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{% end %}
|
||||||
|
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-check-flat">
|
<div class="form-check-flat">
|
||||||
<label for="enabled" class="form-check-label ml-4 mb-4">
|
<label for="enabled" class="form-check-label ml-4 mb-4">
|
||||||
{% if data['user']['enabled'] %}
|
{% if data['user']['enabled'] %}
|
||||||
@ -154,19 +173,14 @@
|
|||||||
<p class="card-description"> Here is where you can change the configuration of your user</p>
|
<p class="card-description"> Here is where you can change the configuration of your user</p>
|
||||||
<blockquote class="blockquote">
|
<blockquote class="blockquote">
|
||||||
<p class="mb-0">
|
<p class="mb-0">
|
||||||
It is recommended to <code>NOT</code> change the paths of a server managed by Crafty.
|
Created: {{ str(data['user']['created']) }}
|
||||||
Changing paths <code>CAN</code> break things, especially on Linux type operating systems where
|
|
||||||
file permissions are more locked down.
|
|
||||||
<br /><br/>
|
|
||||||
If you feel you have to change a where a server is located
|
|
||||||
you may do so as long as you give the "Crafty" user permission to read / write to the server path.
|
|
||||||
<br />
|
<br />
|
||||||
|
Last login: {{ str(data['user']['last_login']) }}
|
||||||
|
<br />
|
||||||
|
Last IP: {{ data['user']['last_ip'] }}
|
||||||
|
<br />
|
||||||
|
API Key: {{ data['user']['api_token'] }}
|
||||||
<br />
|
<br />
|
||||||
On Linux this is best done by executing the following:<br />
|
|
||||||
<code>
|
|
||||||
sudo chown crafty:crafty /path/to/your/server -R<br />
|
|
||||||
sudo chmod 2775 /path/to/your/server -R<br />
|
|
||||||
</code>
|
|
||||||
</p>
|
</p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user