diff --git a/CHANGELOG.md b/CHANGELOG.md index 390dd0fa..242a88e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ TBD - Remove Pathlib from sub path check ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/507)) - Fix root dir selection in Upload Zip Import ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/508)) ### Tweaks -TBD +- Make server directories non-configurable ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/511)) ### Lang TBD

diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 6c6b398f..322ca807 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -808,9 +808,15 @@ class PanelHandler(BaseHandler): user_roles_list = self.controller.users.get_user_roles_names( user.user_id ) - user_servers = self.controller.servers.get_authorized_servers( - user.user_id - ) + try: + user_servers = self.controller.servers.get_authorized_servers( + user.user_id + ) + except: + return self.redirect( + "/panel/error?error=Cannot load panel config" + " while servers are unloaded" + ) servers = [] for server in user_servers: if server.name not in servers: @@ -1606,7 +1612,6 @@ class PanelHandler(BaseHandler): if Helpers.validate_traversal( self.helper.get_servers_root_dir(), server_path ): - server_obj.path = server_path server_obj.log_path = log_path if Helpers.validate_traversal( self.helper.get_servers_root_dir(), executable @@ -1618,7 +1623,6 @@ class PanelHandler(BaseHandler): server_obj.executable_update_url = executable_update_url server_obj.show_status = show_status else: - server_obj.path = server_obj.path server_obj.log_path = server_obj.log_path server_obj.executable = server_obj.executable server_obj.execution_command = execution_command diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 11f8620b..3d5e3e2f 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -90,7 +90,8 @@ class ApiServersServerIndexHandler(BaseApiHandler): server_obj = self.controller.servers.get_server_obj(server_id) for key in data: # If we don't validate the input there could be security issues - setattr(server_obj, key, data[key]) + if key != "path": + setattr(server_obj, key, data[key]) self.controller.servers.update_server(server_obj) self.controller.management.add_to_audit_log( diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index d0c0d42f..d1310a91 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -62,9 +62,10 @@ - +
+ {{ data['server_stats']['server_id']['path'] }} + 🔒 +
{% if data['server_stats']['server_type'] != "minecraft-bedrock" %}