diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 3fc237a7..92dcce7e 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - allowed_servers = self.controller.servers.get_all_defined_servers() + authorized_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -205,19 +205,11 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) - page_servers = [] - for server in authorized_servers: - if server not in page_servers: - page_servers.append( - DatabaseShortcuts.get_data_obj(server.server_object) - ) - allowed_servers = page_servers - allowed_servers = [str(i) for i in allowed_servers] logger.debug("Checking results") if user: return ( - allowed_servers, + authorized_servers, exec_user_crafty_permissions, exec_user_role, superuser, diff --git a/app/classes/web/routes/api/servers/index.py b/app/classes/web/routes/api/servers/index.py index 7db12f45..bab060ea 100644 --- a/app/classes/web/routes/api/servers/index.py +++ b/app/classes/web/routes/api/servers/index.py @@ -3,6 +3,7 @@ import logging from jsonschema import ValidationError, validate import orjson from app.classes.models.crafty_permissions import EnumPermissionsCrafty +from app.classes.shared.main_models import DatabaseShortcuts from app.classes.web.base_api_handler import BaseApiHandler logger = logging.getLogger(__name__) @@ -628,7 +629,10 @@ class ApiServersIndexHandler(BaseApiHandler): # TODO: limit some columns for specific permissions - self.finish_json(200, {"status": "ok", "data": auth_data[0]}) + servers_data = [ + DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0] + ] + self.finish_json(200, {"status": "ok", "data": servers_data}) def post(self): diff --git a/app/classes/web/routes/api/servers/server/action.py b/app/classes/web/routes/api/servers/server/action.py index cf9163b9..565b55b0 100644 --- a/app/classes/web/routes/api/servers/server/action.py +++ b/app/classes/web/routes/api/servers/server/action.py @@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 11f8620b..195a1878 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): # DELETE /api/v2/servers/server?files=true remove_files = self.get_query_argument("files", None) == "true" - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/logs.py b/app/classes/web/routes/api/servers/server/logs.py index 641a1163..a2c16009 100644 --- a/app/classes/web/routes/api/servers/server/logs.py +++ b/app/classes/web/routes/api/servers/server/logs.py @@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler): # GET /api/v2/servers/server/logs?html=true use_html = self.get_query_argument("html", None) == "true" - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stats.py b/app/classes/web/routes/api/servers/server/stats.py index 2e220d2b..b2ac96ef 100644 --- a/app/classes/web/routes/api/servers/server/stats.py +++ b/app/classes/web/routes/api/servers/server/stats.py @@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py index a52f0c0d..ec3c8584 100644 --- a/app/classes/web/routes/api/servers/server/stdin.py +++ b/app/classes/web/routes/api/servers/server/stdin.py @@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py index 3c567fdd..7f045ce4 100644 --- a/app/classes/web/routes/api/servers/server/tasks/task/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py @@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/users.py b/app/classes/web/routes/api/servers/server/users.py index c4df8832..9cda0f9a 100644 --- a/app/classes/web/routes/api/servers/server/users.py +++ b/app/classes/web/routes/api/servers/server/users.py @@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})