General cleanup after merge, hopefully improved roles with backup

This commit is contained in:
computergeek125 2021-03-21 23:44:22 -05:00
parent c5f8afebb2
commit fb08d77a80
3 changed files with 17 additions and 21 deletions

View File

@ -10,7 +10,7 @@ from distutils import dir_util
from app.classes.shared.helpers import helper from app.classes.shared.helpers import helper
from app.classes.shared.console import console from app.classes.shared.console import console
from app.classes.shared.models import db_helper, Servers, User_Servers from app.classes.shared.models import db_helper, Servers
from app.classes.shared.server import Server from app.classes.shared.server import Server
from app.classes.minecraft.server_props import ServerProps from app.classes.minecraft.server_props import ServerProps
@ -345,7 +345,7 @@ class Controller:
self.stop_server(server_id) self.stop_server(server_id)
# remove the server from the DB # remove the server from the DB
User_Servers.delete().where(User_Servers.server_id == server_id).execute() #User_Servers.delete().where(User_Servers.server_id == server_id).execute()
Servers.delete().where(Servers.server_id == server_id).execute() Servers.delete().where(Servers.server_id == server_id).execute()
# remove the server from servers list # remove the server from servers list

View File

@ -39,7 +39,7 @@ class BaseHandler(tornado.web.RequestHandler):
) -> Optional[str]: ) -> Optional[str]:
arg = self._get_argument(name, default, self.request.arguments, strip) arg = self._get_argument(name, default, self.request.arguments, strip)
logger.debug("Bleaching {}: {}".format(name, arg)) logger.debug("Bleaching {}: {}".format(name, arg))
return bleach.clean(arg) return self.autobleach(arg)
def get_arguments(self, name: str, strip: bool = True) -> List[str]: def get_arguments(self, name: str, strip: bool = True) -> List[str]:
assert isinstance(strip, bool) assert isinstance(strip, bool)
@ -47,5 +47,5 @@ class BaseHandler(tornado.web.RequestHandler):
args_ret = [] args_ret = []
for arg in args: for arg in args:
logger.debug("Bleaching {}: {}".format(name, arg)) logger.debug("Bleaching {}: {}".format(name, arg))
args_ret += bleach.clean(arg) args_ret += self.autobleach(arg)
return args_ret return args_ret

View File

@ -33,10 +33,10 @@ class PanelHandler(BaseHandler):
user_role = [] user_role = []
if user['superuser'] == 1: if user['superuser'] == 1:
defined_servers = controller.list_defined_servers() defined_servers = self.controller.list_defined_servers()
user_role = {"Super User"} user_role = {"Super User"}
else: else:
defined_servers = controller.list_authorized_servers(userId) defined_servers = self.controller.list_authorized_servers(userId)
for r in user['roles']: for r in user['roles']:
role = db_helper.get_role(r) role = db_helper.get_role(r)
user_role.append(role['role_name']) user_role.append(role['role_name'])
@ -84,7 +84,7 @@ class PanelHandler(BaseHandler):
elif page == "remove_server": elif page == "remove_server":
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
server_data = controller.get_server_data(server_id) server_data = self.controller.get_server_data(server_id)
server_name = server_data['server_name'] server_name = server_data['server_name']
db_helper.add_to_audit_log(user_data['user_id'], db_helper.add_to_audit_log(user_data['user_id'],
@ -120,8 +120,6 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return return
else: else:
server_id = bleach.clean(server_id)
# does this server id exist? # does this server id exist?
if not db_helper.server_id_exists(server_id): if not db_helper.server_id_exists(server_id):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
@ -182,18 +180,16 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return return
else: else:
server_id = bleach.clean(server_id)
# does this server id exist? # does this server id exist?
if not db_helper.server_id_exists(server_id): if not db_helper.server_id_exists(server_id):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return return
exec_user = db_helper.get_user(user_data['user_id']) if user['superuser'] != 1:
#if not db_helper.server_id_authorized(server_id, userId):
if not exec_user['superuser']: if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
self.redirect("/panel/error?error=Unauthorized access: not superuser") self.redirect("/panel/error?error=Invalid Server ID")
return return False
server_info = db_helper.get_server_data_by_id(server_id) server_info = db_helper.get_server_data_by_id(server_id)
backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file)) backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file))
@ -238,11 +234,11 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return return
exec_user = db_helper.get_user(user_data['user_id']) if user['superuser'] != 1:
#if not db_helper.server_id_authorized(server_id, userId):
if not exec_user['superuser']: if not db_helper.server_id_authorized_from_roles(int(server_id), userId):
self.redirect("/panel/error?error=Unauthorized access: not superuser") self.redirect("/panel/error?error=Invalid Server ID")
return return False
server = self.controller.get_server_obj(server_id).backup_server() server = self.controller.get_server_obj(server_id).backup_server()
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id)) self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))