diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 92dcce7e..3fc237a7 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler): exec_user_role = set() if superuser: - authorized_servers = self.controller.servers.get_all_defined_servers() + allowed_servers = self.controller.servers.get_all_defined_servers() exec_user_role.add("Super User") exec_user_crafty_permissions = ( self.controller.crafty_perms.list_defined_crafty_permissions() @@ -205,11 +205,19 @@ class BaseHandler(tornado.web.RequestHandler): authorized_servers = self.controller.servers.get_authorized_servers( user["user_id"] # TODO: API key authorized servers? ) + page_servers = [] + for server in authorized_servers: + if server not in page_servers: + page_servers.append( + DatabaseShortcuts.get_data_obj(server.server_object) + ) + allowed_servers = page_servers + allowed_servers = [str(i) for i in allowed_servers] logger.debug("Checking results") if user: return ( - authorized_servers, + allowed_servers, exec_user_crafty_permissions, exec_user_role, superuser, diff --git a/app/classes/web/routes/api/servers/index.py b/app/classes/web/routes/api/servers/index.py index bab060ea..7db12f45 100644 --- a/app/classes/web/routes/api/servers/index.py +++ b/app/classes/web/routes/api/servers/index.py @@ -3,7 +3,6 @@ import logging from jsonschema import ValidationError, validate import orjson from app.classes.models.crafty_permissions import EnumPermissionsCrafty -from app.classes.shared.main_models import DatabaseShortcuts from app.classes.web.base_api_handler import BaseApiHandler logger = logging.getLogger(__name__) @@ -629,10 +628,7 @@ class ApiServersIndexHandler(BaseApiHandler): # TODO: limit some columns for specific permissions - servers_data = [ - DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0] - ] - self.finish_json(200, {"status": "ok", "data": servers_data}) + self.finish_json(200, {"status": "ok", "data": auth_data[0]}) def post(self): diff --git a/app/classes/web/routes/api/servers/server/action.py b/app/classes/web/routes/api/servers/server/action.py index 565b55b0..cf9163b9 100644 --- a/app/classes/web/routes/api/servers/server/action.py +++ b/app/classes/web/routes/api/servers/server/action.py @@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 195a1878..11f8620b 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) @@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): # DELETE /api/v2/servers/server?files=true remove_files = self.get_query_argument("files", None) == "true" - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/logs.py b/app/classes/web/routes/api/servers/server/logs.py index a2c16009..641a1163 100644 --- a/app/classes/web/routes/api/servers/server/logs.py +++ b/app/classes/web/routes/api/servers/server/logs.py @@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler): # GET /api/v2/servers/server/logs?html=true use_html = self.get_query_argument("html", None) == "true" - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stats.py b/app/classes/web/routes/api/servers/server/stats.py index b2ac96ef..2e220d2b 100644 --- a/app/classes/web/routes/api/servers/server/stats.py +++ b/app/classes/web/routes/api/servers/server/stats.py @@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py index ec3c8584..a52f0c0d 100644 --- a/app/classes/web/routes/api/servers/server/stdin.py +++ b/app/classes/web/routes/api/servers/server/stdin.py @@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py index 7f045ce4..3c567fdd 100644 --- a/app/classes/web/routes/api/servers/server/tasks/task/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py @@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler): }, ) - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) diff --git a/app/classes/web/routes/api/servers/server/users.py b/app/classes/web/routes/api/servers/server/users.py index 9cda0f9a..c4df8832 100644 --- a/app/classes/web/routes/api/servers/server/users.py +++ b/app/classes/web/routes/api/servers/server/users.py @@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler): if not auth_data: return - if server_id not in [str(x.server_id) for x in auth_data[0]]: + if server_id not in [str(x["server_id"]) for x in auth_data[0]]: # if the user doesn't have access to the server, return an error return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})