mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2025-01-18 17:15:13 +01:00
Refactor API keys "super user" to "full access"
This commit is contained in:
parent
128be0a352
commit
0a572fba92
@ -187,7 +187,7 @@ class PermissionsCrafty:
|
||||
@staticmethod
|
||||
def get_api_key_permissions_list(key: ApiKeys):
|
||||
user = HelperUsers.get_user(key.user_id)
|
||||
if user["superuser"] and key.superuser:
|
||||
if user["superuser"] and key.full_access:
|
||||
return PermissionsCrafty.get_permissions_list()
|
||||
if user["superuser"]:
|
||||
# User is superuser but API key isn't
|
||||
|
@ -264,7 +264,7 @@ class PermissionsServers:
|
||||
@staticmethod
|
||||
def get_api_key_permissions_list(key: ApiKeys, server_id: str):
|
||||
user = HelperUsers.get_user(key.user_id)
|
||||
if user["superuser"] and key.superuser:
|
||||
if user["superuser"] and key.full_access:
|
||||
return PermissionsServers.get_permissions_list()
|
||||
roles_list = HelperUsers.get_user_roles_id(user["user_id"])
|
||||
role_server = (
|
||||
|
@ -71,7 +71,7 @@ class ApiKeys(BaseModel):
|
||||
user_id = ForeignKeyField(Users, backref="api_token", index=True)
|
||||
server_permissions = CharField(default="00000000")
|
||||
crafty_permissions = CharField(default="000")
|
||||
superuser = BooleanField(default=False)
|
||||
full_access = BooleanField(default=False)
|
||||
|
||||
class Meta:
|
||||
table_name = "api_keys"
|
||||
@ -408,7 +408,7 @@ class HelperUsers:
|
||||
def add_user_api_key(
|
||||
name: str,
|
||||
user_id: str,
|
||||
superuser: bool = False,
|
||||
full_access: bool = False,
|
||||
server_permissions_mask: t.Optional[str] = None,
|
||||
crafty_permissions_mask: t.Optional[str] = None,
|
||||
):
|
||||
@ -426,7 +426,7 @@ class HelperUsers:
|
||||
if crafty_permissions_mask is not None
|
||||
else {}
|
||||
),
|
||||
ApiKeys.superuser: superuser,
|
||||
ApiKeys.full_access: full_access,
|
||||
}
|
||||
).execute()
|
||||
|
||||
|
@ -191,7 +191,7 @@ class BaseHandler(tornado.web.RequestHandler):
|
||||
|
||||
superuser = user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
|
||||
exec_user_role = set()
|
||||
if superuser:
|
||||
|
@ -168,7 +168,7 @@ class PanelHandler(BaseHandler):
|
||||
# Commented out because there is no server access control for API keys,
|
||||
# they just inherit from the host user
|
||||
# if api_key is not None:
|
||||
# superuser = superuser and api_key.superuser
|
||||
# superuser = superuser and api_key.full_access
|
||||
|
||||
if server_id is None:
|
||||
self.redirect("/panel/error?error=Invalid Server ID")
|
||||
@ -242,7 +242,7 @@ class PanelHandler(BaseHandler):
|
||||
api_key, _token_data, exec_user = self.current_user
|
||||
superuser = exec_user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
|
||||
if superuser: # TODO: Figure out a better solution
|
||||
defined_servers = self.controller.servers.list_defined_servers()
|
||||
@ -351,7 +351,7 @@ class PanelHandler(BaseHandler):
|
||||
"created": api_key.created,
|
||||
"server_permissions": api_key.server_permissions,
|
||||
"crafty_permissions": api_key.crafty_permissions,
|
||||
"superuser": api_key.superuser,
|
||||
"full_access": api_key.full_access,
|
||||
}
|
||||
if api_key is not None
|
||||
else None
|
||||
|
@ -75,7 +75,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
|
||||
"name": key.name,
|
||||
"server_permissions": key.server_permissions,
|
||||
"crafty_permissions": key.crafty_permissions,
|
||||
"superuser": key.superuser,
|
||||
"full_access": key.full_access,
|
||||
}
|
||||
)
|
||||
self.finish_json(
|
||||
@ -99,7 +99,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
|
||||
"type": "string",
|
||||
"pattern": "^[01]{3}$", # 8 bits, see EnumPermissionsCrafty
|
||||
},
|
||||
"superuser": {"type": "boolean"},
|
||||
"full_access": {"type": "boolean"},
|
||||
},
|
||||
"additionalProperties": False,
|
||||
"minProperties": 1,
|
||||
@ -163,7 +163,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
|
||||
key_id = self.controller.users.add_user_api_key(
|
||||
data["name"],
|
||||
user_id,
|
||||
data["superuser"],
|
||||
data["full_access"],
|
||||
data["server_permissions_mask"],
|
||||
data["crafty_permissions_mask"],
|
||||
)
|
||||
|
@ -30,7 +30,7 @@ class ServerHandler(BaseHandler):
|
||||
) = self.current_user
|
||||
superuser = exec_user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
|
||||
if superuser:
|
||||
defined_servers = self.controller.servers.list_defined_servers()
|
||||
@ -124,7 +124,7 @@ class ServerHandler(BaseHandler):
|
||||
"created": api_key.created,
|
||||
"server_permissions": api_key.server_permissions,
|
||||
"crafty_permissions": api_key.crafty_permissions,
|
||||
"superuser": api_key.superuser,
|
||||
"full_access": api_key.full_access,
|
||||
}
|
||||
if api_key is not None
|
||||
else None
|
||||
|
@ -42,7 +42,7 @@ class UploadHandler(BaseHandler):
|
||||
if self.upload_type == "server_import":
|
||||
superuser = exec_user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
user_id = exec_user["user_id"]
|
||||
stream_size_value = self.helper.get_setting("stream_size_GB")
|
||||
|
||||
@ -133,7 +133,7 @@ class UploadHandler(BaseHandler):
|
||||
elif self.upload_type == "background":
|
||||
superuser = exec_user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
user_id = exec_user["user_id"]
|
||||
stream_size_value = self.helper.get_setting("stream_size_GB")
|
||||
|
||||
@ -212,7 +212,7 @@ class UploadHandler(BaseHandler):
|
||||
server_id = self.get_argument("server_id", None)
|
||||
superuser = exec_user["superuser"]
|
||||
if api_key is not None:
|
||||
superuser = superuser and api_key.superuser
|
||||
superuser = superuser and api_key.full_access
|
||||
user_id = exec_user["user_id"]
|
||||
stream_size_value = self.helper.get_setting("stream_size_GB")
|
||||
|
||||
|
@ -70,7 +70,7 @@
|
||||
<td>{{ apikey.name }}</td>
|
||||
<td>{{ apikey.created.strftime('%d/%m/%Y %H:%M:%S') }}</td>
|
||||
<td>
|
||||
{% if apikey.superuser %}
|
||||
{% if apikey.full_access %}
|
||||
<span class="text-success">
|
||||
<i class="fas fa-check-square"></i> {{
|
||||
translate('apiKeys', 'yes', data['lang']) }}
|
||||
@ -158,8 +158,8 @@
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<label for="superuser">Superuser</label>
|
||||
<input type="checkbox" class="" id="superuser" name="superuser" value="1">
|
||||
<label for="full_access">Superuser</label>
|
||||
<input type="checkbox" class="" id="full_access" name="full_access" value="1">
|
||||
|
||||
<br />
|
||||
|
||||
@ -240,7 +240,7 @@
|
||||
"name": formDataObject.name,
|
||||
"server_permissions_mask": server_permissions,
|
||||
"crafty_permissions_mask": crafty_permissions,
|
||||
"superuser": $("#superuser").prop('checked'),
|
||||
"full_access": $("#full_access").prop('checked'),
|
||||
});
|
||||
console.log(formDataJsonString);
|
||||
|
||||
|
17
app/migrations/20240317_apikey_full_access.py
Normal file
17
app/migrations/20240317_apikey_full_access.py
Normal file
@ -0,0 +1,17 @@
|
||||
# Generated by database migrator
|
||||
import peewee
|
||||
|
||||
|
||||
def migrate(migrator, database, **kwargs):
|
||||
migrator.rename_column("api_keys", "superuser", "full_access")
|
||||
|
||||
"""
|
||||
Write your migrations here.
|
||||
"""
|
||||
|
||||
|
||||
def rollback(migrator, database, **kwargs):
|
||||
migrator.rename_column("api_keys", "full_access", "superuser")
|
||||
"""
|
||||
Write your rollback migrations here.
|
||||
"""
|
Loading…
x
Reference in New Issue
Block a user