Merge branch 'dev-Silversthorn' into dev

This commit is contained in:
computergeek125 2021-03-21 23:24:49 -05:00
commit da97597d52
6 changed files with 156 additions and 7 deletions

View File

@ -10,7 +10,7 @@ from distutils import dir_util
from app.classes.shared.helpers import helper from app.classes.shared.helpers import helper
from app.classes.shared.console import console from app.classes.shared.console import console
from app.classes.shared.models import db_helper, Servers from app.classes.shared.models import db_helper, Servers, User_Servers
from app.classes.shared.server import Server from app.classes.shared.server import Server
from app.classes.minecraft.server_props import ServerProps from app.classes.minecraft.server_props import ServerProps
@ -106,6 +106,13 @@ class Controller:
def list_defined_servers(): def list_defined_servers():
servers = db_helper.get_all_defined_servers() servers = db_helper.get_all_defined_servers()
return servers return servers
@staticmethod
def list_authorized_servers(userId):
#servers = db_helper.get_authorized_servers(userId)
servers = db_helper.get_authorized_servers_from_roles(userId)
logger.debug("servers list = {}".format(servers))
return servers
def get_server_data(self, server_id): def get_server_data(self, server_id):
for s in self.servers_list: for s in self.servers_list:
@ -329,6 +336,7 @@ class Controller:
self.stop_server(server_id) self.stop_server(server_id)
# remove the server from the DB # remove the server from the DB
User_Servers.delete().where(User_Servers.server_id == server_id).execute()
Servers.delete().where(Servers.server_id == server_id).execute() Servers.delete().where(Servers.server_id == server_id).execute()
# remove the server from servers list # remove the server from servers list
@ -336,5 +344,4 @@ class Controller:
counter += 1 counter += 1
controller = Controller() controller = Controller()

View File

@ -269,6 +269,36 @@ class db_shortcuts:
def get_all_defined_servers(): def get_all_defined_servers():
query = Servers.select() query = Servers.select()
return db_helper.return_rows(query) return db_helper.return_rows(query)
@staticmethod
def get_authorized_servers(userId):
userServers = User_Servers.select().where(User_Servers.user_id == userId)
server_data = []
for u in userServers:
server_data.append(db_helper.get_server_data_by_id(u.server_id))
return server_data
@staticmethod
def get_authorized_servers_from_roles(userId):
userRoles = User_Roles.select().where(User_Roles.user_id == userId)
roles_list = []
roleServer = []
server_data = []
for u in userRoles:
roles_list.append(db_helper.get_role(u.role_id))
for r in roles_list:
role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
for t in role_test:
roleServer.append(t)
for s in roleServer:
server_data.append(db_helper.get_server_data_by_id(s.server_id))
return server_data
@staticmethod @staticmethod
def get_all_servers_stats(): def get_all_servers_stats():
@ -280,6 +310,45 @@ class db_shortcuts:
server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)}) server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
return server_data return server_data
@staticmethod
def get_authorized_servers_stats(userId):
userServers = User_Servers.select().where(User_Servers.user_id == userId)
authorizedServers = []
server_data = []
for u in userServers:
authorizedServers.append(db_helper.get_server_data_by_id(u.server_id))
for s in authorizedServers:
latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1)
server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
return server_data
@staticmethod
def get_authorized_servers_stats_from_roles(userId):
userRoles = User_Roles.select().where(User_Roles.user_id == userId)
roles_list = []
roleServer = []
authorizedServers = []
server_data = []
for u in userRoles:
roles_list.append(db_helper.get_role(u.role_id))
for r in roles_list:
role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
for t in role_test:
roleServer.append(t)
for s in roleServer:
authorizedServers.append(db_helper.get_server_data_by_id(s.server_id))
for s in authorizedServers:
latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1)
server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
return server_data
@staticmethod @staticmethod
def get_server_stats_by_id(server_id): def get_server_stats_by_id(server_id):
stats = Server_Stats.select().where(Server_Stats.server_id == server_id).order_by(Server_Stats.created.desc()).limit(1) stats = Server_Stats.select().where(Server_Stats.server_id == server_id).order_by(Server_Stats.created.desc()).limit(1)
@ -290,6 +359,38 @@ class db_shortcuts:
if not db_helper.get_server_data_by_id(server_id): if not db_helper.get_server_data_by_id(server_id):
return False return False
return True return True
@staticmethod
def server_id_authorized(serverId, userId):
userServer = User_Servers.select().where(User_Servers.server_id == serverId)
authorized = userServer.select().where(User_Servers.user_id == userId)
#authorized = db_helper.return_rows(authorized)
if authorized.count() == 0:
return False
return True
@staticmethod
def server_id_authorized_from_roles(serverId, userId):
cpt_authorized = 0
roles_list = []
roleServer = []
authorized = []
userRoles = User_Roles.select().where(User_Roles.user_id == userId)
for u in userRoles:
roles_list.append(db_helper.get_role(u.role_id))
for r in roles_list:
role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
for s in role_test:
if s.server_id.server_id == serverId:
cpt_authorized += 1
if cpt_authorized == 0:
return False
return True
@staticmethod @staticmethod
def get_latest_hosts_stats(): def get_latest_hosts_stats():
@ -407,6 +508,7 @@ class db_shortcuts:
@staticmethod @staticmethod
def remove_user(user_id): def remove_user(user_id):
User_Servers.delete().where(User_Servers.user_id == user_id).execute()
user = Users.get(Users.user_id == user_id) user = Users.get(Users.user_id == user_id)
return user.delete_instance() return user.delete_instance()
@ -474,6 +576,7 @@ class db_shortcuts:
@staticmethod @staticmethod
def remove_role(role_id): def remove_role(role_id):
Role_Servers.delete().where(Role_Servers.role_id == role_id).execute()
role = Roles.get(Roles.role_id == role_id) role = Roles.get(Roles.role_id == role_id)
return role.delete_instance() return role.delete_instance()

View File

@ -29,13 +29,25 @@ class PanelHandler(BaseHandler):
now = time.time() now = time.time()
formatted_time = str(datetime.datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S')) formatted_time = str(datetime.datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S'))
defined_servers = controller.list_defined_servers() userId = user_data['user_id']
user = db_helper.get_user(userId)
user_role = []
if user['superuser'] == 1:
defined_servers = controller.list_defined_servers()
user_role = {"Super User"}
else:
defined_servers = controller.list_authorized_servers(userId)
for r in user['roles']:
role = db_helper.get_role(r)
user_role.append(role['role_name'])
page_data = { page_data = {
# todo: make this actually pull and compare version data # todo: make this actually pull and compare version data
'update_available': False, 'update_available': False,
'version_data': helper.get_version_string(), 'version_data': helper.get_version_string(),
'user_data': user_data, 'user_data': user_data,
'user_role' : user_role,
'server_stats': { 'server_stats': {
'total': len(defined_servers), 'total': len(defined_servers),
'running': len(controller.list_running_servers()), 'running': len(controller.list_running_servers()),
@ -81,7 +93,11 @@ class PanelHandler(BaseHandler):
return return
elif page == 'dashboard': elif page == 'dashboard':
page_data['servers'] = db_helper.get_all_servers_stats() if user['superuser'] == 1:
page_data['servers'] = db_helper.get_all_servers_stats()
else:
#page_data['servers'] = db_helper.get_authorized_servers_stats(userId)
page_data['servers'] = db_helper.get_authorized_servers_stats_from_roles(userId)
for s in page_data['servers']: for s in page_data['servers']:
try: try:
@ -107,6 +123,12 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return False return False
if user['superuser'] != 1:
#if not db_helper.server_id_authorized(server_id, userId):
if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
self.redirect("/panel/error?error=Invalid Server ID")
return False
valid_subpages = ['term', 'logs', 'config', 'files', 'admin_controls'] valid_subpages = ['term', 'logs', 'config', 'files', 'admin_controls']
if subpage not in valid_subpages: if subpage not in valid_subpages:
@ -164,7 +186,7 @@ class PanelHandler(BaseHandler):
page_data['user']['created'] = "N/A" page_data['user']['created'] = "N/A"
page_data['user']['last_login'] = "N/A" page_data['user']['last_login'] = "N/A"
page_data['user']['last_ip'] = "N/A" page_data['user']['last_ip'] = "N/A"
page_data['role']['last_update'] = "N/A" page_data['user']['last_update'] = "N/A"
page_data['user']['roles'] = set() page_data['user']['roles'] = set()
page_data['user']['servers'] = set() page_data['user']['servers'] = set()

View File

@ -32,6 +32,19 @@ class ServerHandler(BaseHandler):
def get(self, page): def get(self, page):
# name = tornado.escape.json_decode(self.current_user) # name = tornado.escape.json_decode(self.current_user)
user_data = json.loads(self.get_secure_cookie("user_data")) user_data = json.loads(self.get_secure_cookie("user_data"))
userId = user_data['user_id']
user = db_helper.get_user(userId)
user_role = []
if user['superuser'] == 1:
defined_servers = controller.list_defined_servers()
user_role = "Super User"
else:
defined_servers = controller.list_authorized_servers(userId)
for r in user['roles']:
role = db_helper.get_role(r)
user_role.append(role['role_name'])
template = "public/404.html" template = "public/404.html"
@ -40,6 +53,7 @@ class ServerHandler(BaseHandler):
page_data = { page_data = {
'version_data': helper.get_version_string(), 'version_data': helper.get_version_string(),
'user_data': user_data, 'user_data': user_data,
'user_role' : user_role,
'server_stats': { 'server_stats': {
'total': len(controller.list_defined_servers()), 'total': len(controller.list_defined_servers()),
'running': len(controller.list_running_servers()), 'running': len(controller.list_running_servers()),

View File

@ -23,7 +23,10 @@
<div class="dropdown-header text-center"> <div class="dropdown-header text-center">
<img class="img-md rounded-circle" src="/static/assets/images/faces-clipart/pic-1.png" alt="Profile image"> <img class="img-md rounded-circle" src="/static/assets/images/faces-clipart/pic-1.png" alt="Profile image">
<p class="mb-1 mt-3 font-weight-semibold">{{ data['user_data']['username'] }}</p> <p class="mb-1 mt-3 font-weight-semibold">{{ data['user_data']['username'] }}</p>
<p class="font-weight-light text-muted mb-0">Role: Admin</p> <p class="font-weight-light text-muted mb-0">Roles: </p>
{% for r in data['user_role'] %}
<p class="font-weight-light text-muted mb-0">{{ r }}</p>
{% end %}
</div> </div>
<a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a> <a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a>
<a class="dropdown-item" href="/public/login"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a> <a class="dropdown-item" href="/public/login"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a>

View File

@ -4,7 +4,7 @@ certifi==2020.6.20
cffi==1.14.1 cffi==1.14.1
chardet==3.0.4 chardet==3.0.4
colorama==0.4.3 colorama==0.4.3
cryptography==3.0 cryptography==3.4
idna==2.10 idna==2.10
packaging==20.4 packaging==20.4
peewee==3.13.3 peewee==3.13.3