NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-19 09:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Revert changes on base_handler, fixing things in the api methods"

Browse Source 
This reverts commit f863357633eb197699ccfd131ea7698abc271c74.
This commit is contained in:
Silversthorn 2022-07-18 20:53:49 +02:00
parent f863357633
commit bc16e0df2b
9 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/classes/web/base_handler.py
View File

@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler):
exec_user_role = set()
if superuser:
authorized_servers = self.controller.servers.get_all_defined_servers()
allowed_servers = self.controller.servers.get_all_defined_servers()
exec_user_role.add("Super User")
exec_user_crafty_permissions = (
self.controller.crafty_perms.list_defined_crafty_permissions()
@ -205,11 +205,19 @@ class BaseHandler(tornado.web.RequestHandler):
authorized_servers = self.controller.servers.get_authorized_servers(
user["user_id"] # TODO: API key authorized servers?
)
page_servers = []
for server in authorized_servers:
if server not in page_servers:
page_servers.append(
DatabaseShortcuts.get_data_obj(server.server_object)
)
allowed_servers = page_servers
allowed_servers = [str(i) for i in allowed_servers]
logger.debug("Checking results")
if user:
return (
authorized_servers,
allowed_servers,
exec_user_crafty_permissions,
exec_user_role,
superuser,

6
app/classes/web/routes/api/servers/index.py
View File

@ -3,7 +3,6 @@ import logging
from jsonschema import ValidationError, validate
import orjson
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
from app.classes.shared.main_models import DatabaseShortcuts
from app.classes.web.base_api_handler import BaseApiHandler
logger = logging.getLogger(__name__)
@ -629,10 +628,7 @@ class ApiServersIndexHandler(BaseApiHandler):
# TODO: limit some columns for specific permissions
servers_data = [
DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0]
]
self.finish_json(200, {"status": "ok", "data": servers_data})
self.finish_json(200, {"status": "ok", "data": auth_data[0]})
def post(self):

2
app/classes/web/routes/api/servers/server/action.py
View File

@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler):
if not auth_data:
return
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

6
app/classes/web/routes/api/servers/server/index.py
View File

@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
if not auth_data:
return
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
},
)
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
# DELETE /api/v2/servers/server?files=true
remove_files = self.get_query_argument("files", None) == "true"
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/logs.py
View File

@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler):
# GET /api/v2/servers/server/logs?html=true
use_html = self.get_query_argument("html", None) == "true"
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/stats.py
View File

@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler):
if not auth_data:
return
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/stdin.py
View File

@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler):
if not auth_data:
return
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/tasks/task/index.py
View File

@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
},
)
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/users.py
View File

@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler):
if not auth_data:
return
if server_id not in [str(x.server_id) for x in auth_data[0]]:
if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})