mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Merge branch 'tweak/pretzel-cron-explain' into 'dev'
Change Cron Validation / Fix Security Issues with Role/User Creation See merge request crafty-controller/crafty-4!263
This commit is contained in:
Andrew
commit
fec92c62b4
@ -35,20 +35,16 @@ class CraftyPermsController:
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def can_add_user(): # Add back argument 'user_id' when you work on this
|
||||
return True
|
||||
# TODO: Complete if we need a User Addition limit
|
||||
# return crafty_permissions.can_add_in_crafty(
|
||||
# user_id, Enum_Permissions_Crafty.User_Config
|
||||
# )
|
||||
def can_add_user(user_id):
|
||||
return PermissionsCrafty.can_add_in_crafty(
|
||||
user_id, EnumPermissionsCrafty.USER_CONFIG
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def can_add_role(): # Add back argument 'user_id' when you work on this
|
||||
return True
|
||||
# TODO: Complete if we need a Role Addition limit
|
||||
# return crafty_permissions.can_add_in_crafty(
|
||||
# user_id, Enum_Permissions_Crafty.Roles_Config
|
||||
# )
|
||||
def can_add_role(user_id):
|
||||
return PermissionsCrafty.can_add_in_crafty(
|
||||
user_id, EnumPermissionsCrafty.ROLES_CONFIG
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def list_all_crafty_permissions_quantity_limits():
|
||||
@ -68,6 +64,14 @@ class CraftyPermsController:
|
||||
def add_server_creation(user_id):
|
||||
return PermissionsCrafty.add_server_creation(user_id)
|
||||
|
||||
@staticmethod
|
||||
def add_user_creation(user_id):
|
||||
return PermissionsCrafty.add_user_creation(user_id)
|
||||
|
||||
@staticmethod
|
||||
def add_role_creation(user_id):
|
||||
return PermissionsCrafty.add_role_creation(user_id)
|
||||
|
||||
@staticmethod
|
||||
def get_api_key_permissions_list(key: ApiKeys):
|
||||
return PermissionsCrafty.get_api_key_permissions_list(key)
|
||||
|
||||
@ -193,6 +193,20 @@ class PermissionsCrafty:
|
||||
UserCrafty.save(user_crafty)
|
||||
return user_crafty.created_server
|
||||
|
||||
@staticmethod
|
||||
def add_user_creation(user_id):
|
||||
user_crafty = PermissionsCrafty.get_user_crafty(user_id)
|
||||
user_crafty.created_user += 1
|
||||
UserCrafty.save(user_crafty)
|
||||
return user_crafty.created_user
|
||||
|
||||
@staticmethod
|
||||
def add_role_creation(user_id):
|
||||
user_crafty = PermissionsCrafty.get_user_crafty(user_id)
|
||||
user_crafty.created_role += 1
|
||||
UserCrafty.save(user_crafty)
|
||||
return user_crafty.created_role
|
||||
|
||||
@staticmethod
|
||||
def get_api_key_permissions_list(key: ApiKeys):
|
||||
user = HelperUsers.get_user(key.user_id)
|
||||
|
||||
@ -15,7 +15,7 @@ from tornado import iostream
|
||||
|
||||
# TZLocal is set as a hidden import on win pipeline
|
||||
from tzlocal import get_localzone
|
||||
from cron_validator import CronValidator
|
||||
from croniter import croniter
|
||||
|
||||
from app.classes.models.server_permissions import EnumPermissionsServer
|
||||
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
||||
@ -768,6 +768,7 @@ class PanelHandler(BaseHandler):
|
||||
page_data["user"]["last_update"] = "N/A"
|
||||
page_data["user"]["roles"] = set()
|
||||
page_data["user"]["hints"] = True
|
||||
page_data["superuser"] = superuser
|
||||
|
||||
if EnumPermissionsCrafty.USER_CONFIG not in exec_user_crafty_permissions:
|
||||
self.redirect(
|
||||
@ -955,6 +956,7 @@ class PanelHandler(BaseHandler):
|
||||
page_data["role-servers"] = page_role_servers
|
||||
page_data["roles_all"] = self.controller.roles.get_all_roles()
|
||||
page_data["servers_all"] = self.controller.list_defined_servers()
|
||||
page_data["superuser"] = superuser
|
||||
page_data[
|
||||
"permissions_all"
|
||||
] = self.controller.crafty_perms.list_defined_crafty_permissions()
|
||||
@ -1447,11 +1449,9 @@ class PanelHandler(BaseHandler):
|
||||
else:
|
||||
interval_type = ""
|
||||
cron_string = bleach.clean(self.get_argument("cron", ""))
|
||||
try:
|
||||
CronValidator.parse(cron_string)
|
||||
except Exception as e:
|
||||
if not croniter.is_valid(cron_string):
|
||||
self.redirect(
|
||||
f"/panel/error?error=INVALID FORMAT: Invalid Cron Format. {e}"
|
||||
"/panel/error?error=INVALID FORMAT: Invalid Cron Format."
|
||||
)
|
||||
return
|
||||
action = bleach.clean(self.get_argument("action", None))
|
||||
@ -1605,11 +1605,9 @@ class PanelHandler(BaseHandler):
|
||||
interval_type = ""
|
||||
cron_string = bleach.clean(self.get_argument("cron", ""))
|
||||
sch_id = self.get_argument("sch_id", None)
|
||||
try:
|
||||
CronValidator.parse(cron_string)
|
||||
except Exception as e:
|
||||
if not croniter.is_valid(cron_string):
|
||||
self.redirect(
|
||||
f"/panel/error?error=INVALID FORMAT: Invalid Cron Format. {e}"
|
||||
"/panel/error?error=INVALID FORMAT: Invalid Cron Format."
|
||||
)
|
||||
return
|
||||
action = bleach.clean(self.get_argument("action", None))
|
||||
@ -1931,6 +1929,15 @@ class PanelHandler(BaseHandler):
|
||||
"/panel/error?error=Unauthorized access: not a user editor"
|
||||
)
|
||||
return
|
||||
|
||||
if (
|
||||
not self.controller.crafty_perms.can_add_user(exec_user["user_id"])
|
||||
and not exec_user["superuser"]
|
||||
):
|
||||
self.redirect(
|
||||
"/panel/error?error=Unauthorized access: quantity limit reached"
|
||||
)
|
||||
return
|
||||
elif username is None or username == "":
|
||||
self.redirect("/panel/error?error=Invalid username")
|
||||
return
|
||||
@ -1975,6 +1982,7 @@ class PanelHandler(BaseHandler):
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip(),
|
||||
)
|
||||
self.controller.crafty_perms.add_user_creation(exec_user["user_id"])
|
||||
self.redirect("/panel/panel_config")
|
||||
|
||||
elif page == "edit_role":
|
||||
@ -2022,6 +2030,14 @@ class PanelHandler(BaseHandler):
|
||||
"/panel/error?error=Unauthorized access: not a role editor"
|
||||
)
|
||||
return
|
||||
elif (
|
||||
not self.controller.crafty_perms.can_add_role(exec_user["user_id"])
|
||||
and not exec_user["superuser"]
|
||||
):
|
||||
self.redirect(
|
||||
"/panel/error?error=Unauthorized access: quantity limit reached"
|
||||
)
|
||||
return
|
||||
elif role_name is None or role_name == "":
|
||||
self.redirect("/panel/error?error=Invalid role name")
|
||||
return
|
||||
@ -2051,6 +2067,7 @@ class PanelHandler(BaseHandler):
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip(),
|
||||
)
|
||||
self.controller.crafty_perms.add_role_creation(exec_user["user_id"])
|
||||
self.redirect("/panel/panel_config")
|
||||
|
||||
else:
|
||||
|
||||
@ -158,13 +158,14 @@
|
||||
</div>
|
||||
|
||||
<!-- Put Permissions Crafty part here -->
|
||||
|
||||
{% if data['superuser'] %}
|
||||
<div class="card">
|
||||
<div class="card-header header-sm d-flex justify-content-between align-items-center">
|
||||
<h4 class="card-title"><i class="fas fa-user-lock"></i> {{ translate('userConfig', 'craftyPerms',
|
||||
data['lang']) }} <small class="text-muted ml-1"> - {{ translate('userConfig', 'craftyPermDesc',
|
||||
data['lang']) }}</small></h4>
|
||||
</div>
|
||||
|
||||
<div class="card-body">
|
||||
<div class="form-group">
|
||||
<div class="table-responsive">
|
||||
@ -200,7 +201,7 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% end %}
|
||||
<div class="form-check-flat">
|
||||
<label for="enabled" class="form-check-label ml-4 mb-4">
|
||||
{% if data['user']['enabled'] %}
|
||||
|
||||
@ -389,7 +389,7 @@
|
||||
"command": "Command",
|
||||
"command-explain": "What command do you want us to execute? Do not include the '/'",
|
||||
"cron": "Cron",
|
||||
"cron-explain": "Enter your cron string",
|
||||
"cron-explain": "Enter your cron string -- NOTE: 0 = Monday on last option.",
|
||||
"custom": "Custom Command",
|
||||
"days": "Days",
|
||||
"enabled": "Enabled",
|
||||
|
||||
@ -4,7 +4,7 @@ argon2-cffi==20.1
|
||||
bleach==4.1
|
||||
cached_property==1.5.2
|
||||
colorama==0.4
|
||||
cron-validator==1.0.3
|
||||
crontier==1.3.5
|
||||
cryptography==3.4.8
|
||||
libgravatar==1.0.0
|
||||
peewee==3.13
|
||||
|
||||
Loading…
Reference in New Issue
Block a user