mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
General cleanup after merge, hopefully improved roles with backup
This commit is contained in:
parent
c5f8afebb2
commit
fb08d77a80
@ -10,7 +10,7 @@ from distutils import dir_util
|
|||||||
from app.classes.shared.helpers import helper
|
from app.classes.shared.helpers import helper
|
||||||
from app.classes.shared.console import console
|
from app.classes.shared.console import console
|
||||||
|
|
||||||
from app.classes.shared.models import db_helper, Servers, User_Servers
|
from app.classes.shared.models import db_helper, Servers
|
||||||
|
|
||||||
from app.classes.shared.server import Server
|
from app.classes.shared.server import Server
|
||||||
from app.classes.minecraft.server_props import ServerProps
|
from app.classes.minecraft.server_props import ServerProps
|
||||||
@ -345,7 +345,7 @@ class Controller:
|
|||||||
self.stop_server(server_id)
|
self.stop_server(server_id)
|
||||||
|
|
||||||
# remove the server from the DB
|
# remove the server from the DB
|
||||||
User_Servers.delete().where(User_Servers.server_id == server_id).execute()
|
#User_Servers.delete().where(User_Servers.server_id == server_id).execute()
|
||||||
Servers.delete().where(Servers.server_id == server_id).execute()
|
Servers.delete().where(Servers.server_id == server_id).execute()
|
||||||
|
|
||||||
# remove the server from servers list
|
# remove the server from servers list
|
||||||
|
@ -39,7 +39,7 @@ class BaseHandler(tornado.web.RequestHandler):
|
|||||||
) -> Optional[str]:
|
) -> Optional[str]:
|
||||||
arg = self._get_argument(name, default, self.request.arguments, strip)
|
arg = self._get_argument(name, default, self.request.arguments, strip)
|
||||||
logger.debug("Bleaching {}: {}".format(name, arg))
|
logger.debug("Bleaching {}: {}".format(name, arg))
|
||||||
return bleach.clean(arg)
|
return self.autobleach(arg)
|
||||||
|
|
||||||
def get_arguments(self, name: str, strip: bool = True) -> List[str]:
|
def get_arguments(self, name: str, strip: bool = True) -> List[str]:
|
||||||
assert isinstance(strip, bool)
|
assert isinstance(strip, bool)
|
||||||
@ -47,5 +47,5 @@ class BaseHandler(tornado.web.RequestHandler):
|
|||||||
args_ret = []
|
args_ret = []
|
||||||
for arg in args:
|
for arg in args:
|
||||||
logger.debug("Bleaching {}: {}".format(name, arg))
|
logger.debug("Bleaching {}: {}".format(name, arg))
|
||||||
args_ret += bleach.clean(arg)
|
args_ret += self.autobleach(arg)
|
||||||
return args_ret
|
return args_ret
|
||||||
|
@ -33,10 +33,10 @@ class PanelHandler(BaseHandler):
|
|||||||
|
|
||||||
user_role = []
|
user_role = []
|
||||||
if user['superuser'] == 1:
|
if user['superuser'] == 1:
|
||||||
defined_servers = controller.list_defined_servers()
|
defined_servers = self.controller.list_defined_servers()
|
||||||
user_role = {"Super User"}
|
user_role = {"Super User"}
|
||||||
else:
|
else:
|
||||||
defined_servers = controller.list_authorized_servers(userId)
|
defined_servers = self.controller.list_authorized_servers(userId)
|
||||||
for r in user['roles']:
|
for r in user['roles']:
|
||||||
role = db_helper.get_role(r)
|
role = db_helper.get_role(r)
|
||||||
user_role.append(role['role_name'])
|
user_role.append(role['role_name'])
|
||||||
@ -84,7 +84,7 @@ class PanelHandler(BaseHandler):
|
|||||||
|
|
||||||
elif page == "remove_server":
|
elif page == "remove_server":
|
||||||
server_id = self.get_argument('id', None)
|
server_id = self.get_argument('id', None)
|
||||||
server_data = controller.get_server_data(server_id)
|
server_data = self.controller.get_server_data(server_id)
|
||||||
server_name = server_data['server_name']
|
server_name = server_data['server_name']
|
||||||
|
|
||||||
db_helper.add_to_audit_log(user_data['user_id'],
|
db_helper.add_to_audit_log(user_data['user_id'],
|
||||||
@ -120,8 +120,6 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Invalid Server ID")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
server_id = bleach.clean(server_id)
|
|
||||||
|
|
||||||
# does this server id exist?
|
# does this server id exist?
|
||||||
if not db_helper.server_id_exists(server_id):
|
if not db_helper.server_id_exists(server_id):
|
||||||
self.redirect("/panel/error?error=Invalid Server ID")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
@ -182,18 +180,16 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Invalid Server ID")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
server_id = bleach.clean(server_id)
|
|
||||||
|
|
||||||
# does this server id exist?
|
# does this server id exist?
|
||||||
if not db_helper.server_id_exists(server_id):
|
if not db_helper.server_id_exists(server_id):
|
||||||
self.redirect("/panel/error?error=Invalid Server ID")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return
|
||||||
|
|
||||||
exec_user = db_helper.get_user(user_data['user_id'])
|
if user['superuser'] != 1:
|
||||||
|
#if not db_helper.server_id_authorized(server_id, userId):
|
||||||
if not exec_user['superuser']:
|
if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
|
||||||
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return False
|
||||||
|
|
||||||
server_info = db_helper.get_server_data_by_id(server_id)
|
server_info = db_helper.get_server_data_by_id(server_id)
|
||||||
backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file))
|
backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file))
|
||||||
@ -238,11 +234,11 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Invalid Server ID")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return
|
||||||
|
|
||||||
exec_user = db_helper.get_user(user_data['user_id'])
|
if user['superuser'] != 1:
|
||||||
|
#if not db_helper.server_id_authorized(server_id, userId):
|
||||||
if not exec_user['superuser']:
|
if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
|
||||||
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
self.redirect("/panel/error?error=Invalid Server ID")
|
||||||
return
|
return False
|
||||||
|
|
||||||
server = self.controller.get_server_obj(server_id).backup_server()
|
server = self.controller.get_server_obj(server_id).backup_server()
|
||||||
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
|
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
|
||||||
|
Loading…
Reference in New Issue
Block a user