From 8e58d5f8ac014e76d28721d13f378178f741008c Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Sat, 16 Jul 2022 10:49:48 +0200 Subject: [PATCH 1/6] Trying Fixing issue #106 --- app/classes/web/base_handler.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index fd3ee638..3fc237a7 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -10,6 +10,7 @@ from app.classes.models.users import ApiKeys from app.classes.shared.helpers import Helpers from app.classes.shared.main_controller import Controller from app.classes.shared.translation import Translation +from app.classes.models.management import DatabaseShortcuts logger = logging.getLogger(__name__) @@ -178,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - authorized_servers = self.controller.servers.get_all_defined_servers() + allowed_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -204,11 +205,19 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) + page_servers = [] + for server in authorized_servers: + if server not in page_servers: + page_servers.append( + DatabaseShortcuts.get_data_obj(server.server_object) + ) + allowed_servers = page_servers + allowed_servers = [str(i) for i in allowed_servers] logger.debug("Checking results") if user: return ( - authorized_servers, + allowed_servers, exec_user_crafty_permissions, exec_user_role, superuser, From a6afd18201d80e65b564a4bce45ab6f25ed3328b Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Sat, 16 Jul 2022 18:55:31 +0200 Subject: [PATCH 2/6] Adding modification to Changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b4ffba8..94fac6e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Task toggle (!398+) - Basic API for modifying tasks (!398+) ### Bug fixes +- Fix issue with API Server Instance is not serializable ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/401)) - Remove redundant path check on backup restore ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/390)) - Fix issue with stats pinging on slow starting servers ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/391)) - Fix unhandled exeption when serverjars api returns 'None' ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/392)) From f863357633eb197699ccfd131ea7698abc271c74 Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Sun, 17 Jul 2022 12:17:45 +0200 Subject: [PATCH 3/6] Revert changes on base_handler, fixing things in the api methods --- app/classes/web/base_handler.py | 12 ++---------- app/classes/web/routes/api/servers/index.py | 6 +++++- app/classes/web/routes/api/servers/server/action.py | 2 +- app/classes/web/routes/api/servers/server/index.py | 6 +++--- app/classes/web/routes/api/servers/server/logs.py | 2 +- app/classes/web/routes/api/servers/server/stats.py | 2 +- app/classes/web/routes/api/servers/server/stdin.py | 2 +- .../routes/api/servers/server/tasks/task/index.py | 2 +- app/classes/web/routes/api/servers/server/users.py | 2 +- 9 files changed, 16 insertions(+), 20 deletions(-) diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 3fc237a7..92dcce7e 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - allowed_servers = self.controller.servers.get_all_defined_servers() + authorized_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -205,19 +205,11 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) - page_servers = [] - for server in authorized_servers: - if server not in page_servers: - page_servers.append( - DatabaseShortcuts.get_data_obj(server.server_object) - ) - allowed_servers = page_servers - allowed_servers = [str(i) for i in allowed_servers] logger.debug("Checking results") if user: return ( - allowed_servers, + authorized_servers, exec_user_crafty_permissions, exec_user_role, superuser, diff --git a/app/classes/web/routes/api/servers/index.py b/app/classes/web/routes/api/servers/index.py index 7db12f45..bab060ea 100644 --- a/app/classes/web/routes/api/servers/index.py +++ b/app/classes/web/routes/api/servers/index.py @@ -3,6 +3,7 @@ import logging from jsonschema import ValidationError, validate import orjson from app.classes.models.crafty_permissions import EnumPermissionsCrafty +from app.classes.shared.main_models import DatabaseShortcuts from app.classes.web.base_api_handler import BaseApiHandler logger = logging.getLogger(__name__) @@ -628,7 +629,10 @@ class ApiServersIndexHandler(BaseApiHandler): # TODO: limit some columns for specific permissions - self.finish_json(200, {"status": "ok", "data": auth_data[0]}) + servers_data = [ + DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0] + ] + self.finish_json(200, {"status": "ok", "data": servers_data}) def post(self): diff --git a/app/classes/web/routes/api/servers/server/action.py b/app/classes/web/routes/api/servers/server/action.py index cf9163b9..565b55b0 100644 --- a/app/classes/web/routes/api/servers/server/action.py +++ b/app/classes/web/routes/api/servers/server/action.py @@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 11f8620b..195a1878 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): # DELETE /api/v2/servers/server?files=true remove_files = self.get_query_argument("files", None) == "true" - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/logs.py b/app/classes/web/routes/api/servers/server/logs.py index 641a1163..a2c16009 100644 --- a/app/classes/web/routes/api/servers/server/logs.py +++ b/app/classes/web/routes/api/servers/server/logs.py @@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler): # GET /api/v2/servers/server/logs?html=true use_html = self.get_query_argument("html", None) == "true" - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stats.py b/app/classes/web/routes/api/servers/server/stats.py index 2e220d2b..b2ac96ef 100644 --- a/app/classes/web/routes/api/servers/server/stats.py +++ b/app/classes/web/routes/api/servers/server/stats.py @@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py index a52f0c0d..ec3c8584 100644 --- a/app/classes/web/routes/api/servers/server/stdin.py +++ b/app/classes/web/routes/api/servers/server/stdin.py @@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py index 3c567fdd..7f045ce4 100644 --- a/app/classes/web/routes/api/servers/server/tasks/task/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py @@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/users.py b/app/classes/web/routes/api/servers/server/users.py index c4df8832..9cda0f9a 100644 --- a/app/classes/web/routes/api/servers/server/users.py +++ b/app/classes/web/routes/api/servers/server/users.py @@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x["server_id"]) for x in auth_data[0]]: + if server_id not in [str(x.server_id) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) From bc16e0df2be05a72b366a376aa1fe972ab3f1523 Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Mon, 18 Jul 2022 20:53:49 +0200 Subject: [PATCH 4/6] Revert "Revert changes on base_handler, fixing things in the api methods" This reverts commit f863357633eb197699ccfd131ea7698abc271c74. --- app/classes/web/base_handler.py | 12 ++++++++++-- app/classes/web/routes/api/servers/index.py | 6 +----- app/classes/web/routes/api/servers/server/action.py | 2 +- app/classes/web/routes/api/servers/server/index.py | 6 +++--- app/classes/web/routes/api/servers/server/logs.py | 2 +- app/classes/web/routes/api/servers/server/stats.py | 2 +- app/classes/web/routes/api/servers/server/stdin.py | 2 +- .../routes/api/servers/server/tasks/task/index.py | 2 +- app/classes/web/routes/api/servers/server/users.py | 2 +- 9 files changed, 20 insertions(+), 16 deletions(-) diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 92dcce7e..3fc237a7 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - authorized_servers = self.controller.servers.get_all_defined_servers() + allowed_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -205,11 +205,19 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) + page_servers = [] + for server in authorized_servers: + if server not in page_servers: + page_servers.append( + DatabaseShortcuts.get_data_obj(server.server_object) + ) + allowed_servers = page_servers + allowed_servers = [str(i) for i in allowed_servers] logger.debug("Checking results") if user: return ( - authorized_servers, + allowed_servers, exec_user_crafty_permissions, exec_user_role, superuser, diff --git a/app/classes/web/routes/api/servers/index.py b/app/classes/web/routes/api/servers/index.py index bab060ea..7db12f45 100644 --- a/app/classes/web/routes/api/servers/index.py +++ b/app/classes/web/routes/api/servers/index.py @@ -3,7 +3,6 @@ import logging from jsonschema import ValidationError, validate import orjson from app.classes.models.crafty_permissions import EnumPermissionsCrafty -from app.classes.shared.main_models import DatabaseShortcuts from app.classes.web.base_api_handler import BaseApiHandler logger = logging.getLogger(__name__) @@ -629,10 +628,7 @@ class ApiServersIndexHandler(BaseApiHandler): # TODO: limit some columns for specific permissions - servers_data = [ - DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0] - ] - self.finish_json(200, {"status": "ok", "data": servers_data}) + self.finish_json(200, {"status": "ok", "data": auth_data[0]}) def post(self): diff --git a/app/classes/web/routes/api/servers/server/action.py b/app/classes/web/routes/api/servers/server/action.py index 565b55b0..cf9163b9 100644 --- a/app/classes/web/routes/api/servers/server/action.py +++ b/app/classes/web/routes/api/servers/server/action.py @@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 195a1878..11f8620b 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): # DELETE /api/v2/servers/server?files=true remove_files = self.get_query_argument("files", None) == "true" - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/logs.py b/app/classes/web/routes/api/servers/server/logs.py index a2c16009..641a1163 100644 --- a/app/classes/web/routes/api/servers/server/logs.py +++ b/app/classes/web/routes/api/servers/server/logs.py @@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler): # GET /api/v2/servers/server/logs?html=true use_html = self.get_query_argument("html", None) == "true" - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stats.py b/app/classes/web/routes/api/servers/server/stats.py index b2ac96ef..2e220d2b 100644 --- a/app/classes/web/routes/api/servers/server/stats.py +++ b/app/classes/web/routes/api/servers/server/stats.py @@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py index ec3c8584..a52f0c0d 100644 --- a/app/classes/web/routes/api/servers/server/stdin.py +++ b/app/classes/web/routes/api/servers/server/stdin.py @@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py index 7f045ce4..3c567fdd 100644 --- a/app/classes/web/routes/api/servers/server/tasks/task/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py @@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/users.py b/app/classes/web/routes/api/servers/server/users.py index 9cda0f9a..c4df8832 100644 --- a/app/classes/web/routes/api/servers/server/users.py +++ b/app/classes/web/routes/api/servers/server/users.py @@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) From 98fa8e894037f6721a0b6056ee13f5644346305b Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Mon, 18 Jul 2022 20:57:04 +0200 Subject: [PATCH 5/6] Giving json to auth_data --- app/classes/web/base_handler.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 3fc237a7..b9a69c48 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - allowed_servers = self.controller.servers.get_all_defined_servers() + authorized_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -205,19 +205,15 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) - page_servers = [] - for server in authorized_servers: - if server not in page_servers: - page_servers.append( - DatabaseShortcuts.get_data_obj(server.server_object) - ) - allowed_servers = page_servers - allowed_servers = [str(i) for i in allowed_servers] + authorized_servers = [ + DatabaseShortcuts.get_data_obj(x.server_object) + for x in authorized_servers + ] logger.debug("Checking results") if user: return ( - allowed_servers, + authorized_servers, exec_user_crafty_permissions, exec_user_role, superuser, From cbb1cd7d3bd152356610cb900f73fa565780d71f Mon Sep 17 00:00:00 2001 From: Zedifus Date: Mon, 18 Jul 2022 21:19:03 +0100 Subject: [PATCH 6/6] Update changelog !401 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37199831..b88a1b51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ ### Bug fixes - Fixes stats recording for Oracle hosts ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/397)) - Improve the use of the object oriented architecture ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/400)) +- Fix issue with API Server Instance is not serializable ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/401)) ### Tweaks None ### Lang @@ -16,7 +17,6 @@ None ## --- [4.0.6] - 2022/07/06 ### Bug fixes -- Fix issue with API Server Instance is not serializable ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/401)) - Remove redundant path check on backup restore ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/390)) - Fix issue with stats pinging on slow starting servers ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/391)) - Fix unhandled exeption when serverjars api returns 'None' ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/392))