mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2025-01-19 01:35:28 +01:00
Added users to servers. Fixed some bugs with assigning users to role/servers. Fixed bug where user could not edit server config
This commit is contained in:
Andrew
parent
2f8abc25bd
commit
b39e0e3a62
@ -112,10 +112,15 @@ class Controller:
|
||||
|
||||
@staticmethod
|
||||
def list_authorized_servers(userId):
|
||||
#servers = db_helper.get_authorized_servers(userId)
|
||||
servers = db_helper.get_authorized_servers_from_roles(userId)
|
||||
servers = db_helper.get_authorized_servers(userId)
|
||||
server_list = []
|
||||
for item in servers:
|
||||
server_list.append(item)
|
||||
role_servers = db_helper.get_authorized_servers_from_roles(userId)
|
||||
for item in role_servers:
|
||||
server_list.append(item)
|
||||
logger.debug("servers list = {}".format(servers))
|
||||
return servers
|
||||
return server_list
|
||||
|
||||
def get_server_data(self, server_id):
|
||||
for s in self.servers_list:
|
||||
|
||||
@ -130,6 +130,16 @@ class Servers(BaseModel):
|
||||
class Meta:
|
||||
table_name = "servers"
|
||||
|
||||
|
||||
class User_Servers(BaseModel):
|
||||
user_id = ForeignKeyField(Users, backref='user_server')
|
||||
server_id = ForeignKeyField(Servers, backref='user_server')
|
||||
|
||||
class Meta:
|
||||
table_name = 'user_servers'
|
||||
primary_key = CompositeKey('user_id', 'server_id')
|
||||
|
||||
|
||||
class Role_Servers(BaseModel):
|
||||
role_id = ForeignKeyField(Roles, backref='role_server')
|
||||
server_id = ForeignKeyField(Servers, backref='role_server')
|
||||
@ -222,6 +232,7 @@ class db_builder:
|
||||
Users,
|
||||
Roles,
|
||||
User_Roles,
|
||||
User_Servers,
|
||||
Host_Stats,
|
||||
Webhooks,
|
||||
Servers,
|
||||
@ -396,13 +407,28 @@ class db_shortcuts:
|
||||
user_servers = User_Servers.select().where(User_Servers.user_id == user_id)
|
||||
authorized_servers = []
|
||||
server_data = []
|
||||
user_roles = User_Roles.select().where(User_Roles.user_id == user_id)
|
||||
roles_list = []
|
||||
role_server = []
|
||||
|
||||
for u in user_servers:
|
||||
authorized_servers.append(db_helper.get_server_data_by_id(u.server_id))
|
||||
|
||||
for u in user_roles:
|
||||
roles_list.append(db_helper.get_role(u.role_id))
|
||||
|
||||
for r in roles_list:
|
||||
role_test = Role_Servers.select().where(Role_Servers.role_id == r.get('role_id'))
|
||||
for t in role_test:
|
||||
role_server.append(t)
|
||||
|
||||
for s in role_server:
|
||||
authorized_servers.append(db_helper.get_server_data_by_id(s.server_id))
|
||||
|
||||
for s in authorized_servers:
|
||||
latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(Server_Stats.created.desc()).limit(1)
|
||||
server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)})
|
||||
latest = Server_Stats.select().where(Server_Stats.server_id == s.get('server_id')).order_by(
|
||||
Server_Stats.created.desc()).limit(1)
|
||||
server_data.append({'server_data': s, "stats": db_helper.return_rows(latest)[0]})
|
||||
return server_data
|
||||
|
||||
|
||||
@ -531,13 +557,13 @@ class db_shortcuts:
|
||||
roles = set()
|
||||
for r in roles_query:
|
||||
roles.add(r.role_id.role_id)
|
||||
#servers_query = User_Servers.select().join(Servers, JOIN.INNER).where(User_Servers.user_id == user_id)
|
||||
servers_query = User_Servers.select().join(Servers, JOIN.INNER).where(User_Servers.user_id == user_id)
|
||||
## TODO: this query needs to be narrower
|
||||
servers = set()
|
||||
#for s in servers_query:
|
||||
# servers.add(s.server_id.server_id)
|
||||
for s in servers_query:
|
||||
servers.add(s.server_id.server_id)
|
||||
user['roles'] = roles
|
||||
#user['servers'] = servers
|
||||
user['servers'] = servers
|
||||
#logger.debug("user: ({}) {}".format(user_id, user))
|
||||
return user
|
||||
|
||||
@ -557,7 +583,7 @@ class db_shortcuts:
|
||||
superuser: False,
|
||||
api_token: None,
|
||||
roles: [],
|
||||
servers: []
|
||||
servers: [],
|
||||
}
|
||||
user = model_to_dict(Users.get(Users.user_id == user_id))
|
||||
|
||||
@ -583,9 +609,9 @@ class db_shortcuts:
|
||||
elif key == "roles":
|
||||
added_roles = user_data['roles'].difference(base_data['roles'])
|
||||
removed_roles = base_data['roles'].difference(user_data['roles'])
|
||||
#elif key == "servers":
|
||||
# added_servers = user_data['servers'].difference(base_data['servers'])
|
||||
# removed_servers = base_data['servers'].difference(user_data['servers'])
|
||||
elif key == "servers":
|
||||
added_servers = user_data['servers'].difference(base_data['servers'])
|
||||
removed_servers = base_data['servers'].difference(user_data['servers'])
|
||||
elif key == "regen_api":
|
||||
if user_data['regen_api']:
|
||||
up_data['api_token'] = db_shortcuts.new_api_token()
|
||||
@ -602,10 +628,10 @@ class db_shortcuts:
|
||||
# TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point
|
||||
User_Roles.delete().where(User_Roles.user_id == user_id).where(User_Roles.role_id.in_(removed_roles)).execute()
|
||||
|
||||
#for server in added_servers:
|
||||
# User_Servers.get_or_create(user_id=user_id, server_id=server)
|
||||
for server in added_servers:
|
||||
User_Servers.get_or_create(user_id=user_id, server_id=server)
|
||||
# # TODO: This is horribly inefficient and we should be using bulk queries but im going for functionality at this point
|
||||
#User_Servers.delete().where(User_Servers.user_id == user_id).where(User_Servers.server_id.in_(removed_servers)).execute()
|
||||
User_Servers.delete().where(User_Servers.user_id == user_id).where(User_Servers.server_id.in_(removed_servers)).execute()
|
||||
if up_data:
|
||||
Users.update(up_data).where(Users.user_id == user_id).execute()
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ class PanelHandler(BaseHandler):
|
||||
'running': len(self.controller.list_running_servers()),
|
||||
'stopped': (len(self.controller.list_defined_servers()) - len(self.controller.list_running_servers()))
|
||||
},
|
||||
'menu_servers': defined_servers,
|
||||
'menu_servers': self.controller.list_authorized_servers(exec_user_id),
|
||||
'hosts_data': db_helper.get_latest_hosts_stats(),
|
||||
'show_contribute': helper.get_setting("show_contribute_link", True),
|
||||
'error': error,
|
||||
@ -109,10 +109,9 @@ class PanelHandler(BaseHandler):
|
||||
if exec_user['superuser'] == 1:
|
||||
page_data['servers'] = db_helper.get_all_servers_stats()
|
||||
else:
|
||||
#page_data['servers'] = db_helper.get_authorized_servers_stats(exec_user_id)
|
||||
ras = db_helper.get_authorized_servers_stats_from_roles(exec_user_id)
|
||||
logger.debug("ASFR: {}".format(ras))
|
||||
page_data['servers'] = ras
|
||||
user_auth = db_helper.get_authorized_servers_stats(exec_user_id)
|
||||
logger.debug("ASFR: {}".format(user_auth))
|
||||
page_data['servers'] = user_auth
|
||||
|
||||
for s in page_data['servers']:
|
||||
try:
|
||||
@ -137,10 +136,10 @@ class PanelHandler(BaseHandler):
|
||||
return
|
||||
|
||||
if exec_user['superuser'] != 1:
|
||||
#if not db_helper.server_id_authorized(server_id, exec_user_id):
|
||||
if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id):
|
||||
self.redirect("/panel/error?error=Invalid Server ID")
|
||||
return False
|
||||
if not db_helper.server_id_authorized(server_id, exec_user_id):
|
||||
if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id):
|
||||
self.redirect("/panel/error?error=Invalid Server ID")
|
||||
return False
|
||||
|
||||
valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls']
|
||||
|
||||
@ -286,10 +285,17 @@ class PanelHandler(BaseHandler):
|
||||
template = "panel/panel_edit_user.html"
|
||||
|
||||
elif page == "edit_user":
|
||||
page_data['new_user'] = False
|
||||
user_id = self.get_argument('id', None)
|
||||
role_servers = db_helper.get_authorized_servers_stats_from_roles(user_id)
|
||||
user_servers = db_helper.get_authorized_servers(user_id)
|
||||
servers = set()
|
||||
for server in role_servers:
|
||||
servers.add(server['server_id'])
|
||||
for server in user_servers:
|
||||
servers.add(server['server_id'])
|
||||
page_data['new_user'] = False
|
||||
page_data['user'] = db_helper.get_user(user_id)
|
||||
page_data['servers'] = db_helper.get_authorized_servers_stats_from_roles(user_id)
|
||||
page_data['servers'] = servers
|
||||
page_data['roles_all'] = db_helper.get_all_roles()
|
||||
page_data['servers_all'] = self.controller.list_defined_servers()
|
||||
|
||||
@ -433,8 +439,10 @@ class PanelHandler(BaseHandler):
|
||||
subpage = self.get_argument('subpage', None)
|
||||
|
||||
if not exec_user['superuser']:
|
||||
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
||||
return
|
||||
if not db_helper.server_id_authorized(server_id, exec_user_id):
|
||||
if not db_helper.server_id_authorized_from_roles(server_id, exec_user_id):
|
||||
self.redirect("/panel/error?error=Unauthorized access: invalid server id")
|
||||
return
|
||||
elif server_id is None:
|
||||
self.redirect("/panel/error?error=Invalid Server ID")
|
||||
return
|
||||
@ -538,17 +546,28 @@ class PanelHandler(BaseHandler):
|
||||
if argument:
|
||||
roles.add(role.role_id)
|
||||
|
||||
servers = set()
|
||||
for server in self.controller.list_defined_servers():
|
||||
argument = int(float(
|
||||
bleach.clean(
|
||||
self.get_argument('server_{}_access'.format(server['server_id']), '0')
|
||||
)
|
||||
))
|
||||
if argument:
|
||||
servers.add(server['server_id'])
|
||||
|
||||
user_data = {
|
||||
"username": username,
|
||||
"password": password0,
|
||||
"enabled": enabled,
|
||||
"regen_api": regen_api,
|
||||
"roles": roles,
|
||||
"servers": servers,
|
||||
}
|
||||
db_helper.update_user(user_id, user_data=user_data)
|
||||
|
||||
db_helper.add_to_audit_log(exec_user['user_id'],
|
||||
"Edited user {} (UID:{}) with roles {}".format(username, user_id, roles),
|
||||
"Edited user {} (UID:{}) with roles {} and servers {}".format(username, user_id, roles, servers),
|
||||
server_id=0,
|
||||
source_ip=self.get_remote_ip())
|
||||
self.redirect("/panel/panel_config")
|
||||
@ -597,7 +616,11 @@ class PanelHandler(BaseHandler):
|
||||
servers.add(server['server_id'])
|
||||
|
||||
user_id = db_helper.add_user(username, password=password0, enabled=enabled)
|
||||
db_helper.update_user(user_id, {"roles":roles})
|
||||
user_data = {
|
||||
"roles": roles,
|
||||
"servers": servers,
|
||||
}
|
||||
db_helper.update_user(user_id, user_data)
|
||||
|
||||
db_helper.add_to_audit_log(exec_user['user_id'],
|
||||
"Added user {} (UID:{})".format(username, user_id),
|
||||
|
||||
@ -123,9 +123,9 @@
|
||||
<td>{{ server['server_name'] }}</td>
|
||||
<td>
|
||||
{% if server['server_id'] in data['servers'] %}
|
||||
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" checked="" disabled>
|
||||
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" checked="" value="1">
|
||||
{% else %}
|
||||
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" disabled>
|
||||
<input type="checkbox" class="form-check-input" id="server_{{ server['server_id'] }}_access" name="server_{{ server['server_id'] }}_access" value="1">
|
||||
{% end %}
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user