From f18d74540afbfc8e8db434ff021a57e59eb174f2 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Mon, 13 Sep 2021 22:02:57 -0400
Subject: [PATCH] Fixes bug where player counts would cause crash if not super
 user. Adds commands sent through terminal to audit log. Makes it so regular
 users cannot see the audit log.

---
 app/classes/web/ajax_handler.py    |  2 ++
 app/classes/web/panel_handler.py   | 10 ++++++----
 app/frontend/templates/notify.html |  2 ++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py
index 1bc2977d..d13b655e 100644
--- a/app/classes/web/ajax_handler.py
+++ b/app/classes/web/ajax_handler.py
@@ -155,6 +155,8 @@ class AjaxHandler(BaseHandler):
                 if srv_obj.check_running():
                     srv_obj.send_command(command)
 
+            db_helper.add_to_audit_log(user_data['user_id'], "Sent command: {}".format(command), server_id, self.get_remote_ip())
+
         elif page == "create_file":
             file_parent = self.get_body_argument('file_parent', default=None, strip=True)
             file_name = self.get_body_argument('file_name', default=None, strip=True)
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 8ef1b21c..19108c48 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -69,6 +69,7 @@ class PanelHandler(BaseHandler):
             'error': error,
             'time': formatted_time
         }
+        page_data['super_user'] = exec_user['superuser']
 
         # if no servers defined, let's go to the build server area
         if page_data['server_stats']['total'] == 0 and page != "error" and page != "credits" and page != "contribute":
@@ -122,14 +123,15 @@ class PanelHandler(BaseHandler):
         elif page == 'dashboard':
             if exec_user['superuser'] == 1:
                 page_data['servers'] = db_helper.get_all_servers_stats()
-                total_players = 0
-                for server in db_helper.get_all_defined_servers():
-                    total_players += len(self.controller.stats.get_server_players(server['server_id']))
-                page_data['num_players'] = total_players
             else:
                 user_auth = db_helper.get_authorized_servers_stats(exec_user_id)
                 logger.debug("ASFR: {}".format(user_auth))
                 page_data['servers'] = user_auth
+            
+            total_players = 0
+            for server in db_helper.get_all_defined_servers():
+                total_players += len(self.controller.stats.get_server_players(server['server_id']))
+            page_data['num_players'] = total_players
                 
             for s in page_data['servers']:
                 try:
diff --git a/app/frontend/templates/notify.html b/app/frontend/templates/notify.html
index 5cafcacd..20537bb6 100644
--- a/app/frontend/templates/notify.html
+++ b/app/frontend/templates/notify.html
@@ -28,7 +28,9 @@
             <p class="font-weight-light text-muted mb-0">{{ r }}</p>
           {% end %}
         </div>
+        {% if data['super_user'] %}
         <a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a>
+        {% end %}
         <a class="dropdown-item" href="/public/logout"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a>
       </div>
     </li>