NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-19 09:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert changes on base_handler, fixing things in the api methods

Browse Source
This commit is contained in:
Silversthorn 2022-07-17 12:17:45 +02:00
parent a6afd18201
commit f863357633
9 changed files with 16 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/classes/web/base_handler.py
View File

@ -179,7 +179,7 @@ class BaseHandler(tornado.web.RequestHandler):
exec_user_role = set() exec_user_role = set()
if superuser: if superuser:
allowed_servers = self.controller.servers.get_all_defined_servers() authorized_servers = self.controller.servers.get_all_defined_servers()
exec_user_role.add("Super User") exec_user_role.add("Super User")
exec_user_crafty_permissions = ( exec_user_crafty_permissions = (
self.controller.crafty_perms.list_defined_crafty_permissions() self.controller.crafty_perms.list_defined_crafty_permissions()
@ -205,19 +205,11 @@ class BaseHandler(tornado.web.RequestHandler):
authorized_servers = self.controller.servers.get_authorized_servers( authorized_servers = self.controller.servers.get_authorized_servers(
user["user_id"] # TODO: API key authorized servers? user["user_id"] # TODO: API key authorized servers?
) )
page_servers = []
for server in authorized_servers:
if server not in page_servers:
page_servers.append(
DatabaseShortcuts.get_data_obj(server.server_object)
)
allowed_servers = page_servers
allowed_servers = [str(i) for i in allowed_servers]
logger.debug("Checking results") logger.debug("Checking results")
if user: if user:
return ( return (
allowed_servers, authorized_servers,
exec_user_crafty_permissions, exec_user_crafty_permissions,
exec_user_role, exec_user_role,
superuser, superuser,

6
app/classes/web/routes/api/servers/index.py
View File

@ -3,6 +3,7 @@ import logging
from jsonschema import ValidationError, validate from jsonschema import ValidationError, validate
import orjson import orjson
from app.classes.models.crafty_permissions import EnumPermissionsCrafty from app.classes.models.crafty_permissions import EnumPermissionsCrafty
from app.classes.shared.main_models import DatabaseShortcuts
from app.classes.web.base_api_handler import BaseApiHandler from app.classes.web.base_api_handler import BaseApiHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -628,7 +629,10 @@ class ApiServersIndexHandler(BaseApiHandler):
# TODO: limit some columns for specific permissions # TODO: limit some columns for specific permissions
self.finish_json(200, {"status": "ok", "data": auth_data[0]}) servers_data = [
DatabaseShortcuts.get_data_obj(x.server_object) for x in auth_data[0]
]
self.finish_json(200, {"status": "ok", "data": servers_data})
def post(self): def post(self):

2
app/classes/web/routes/api/servers/server/action.py
View File

@ -16,7 +16,7 @@ class ApiServersServerActionHandler(BaseApiHandler):
if not auth_data: if not auth_data:
return return
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

6
app/classes/web/routes/api/servers/server/index.py
View File

@ -39,7 +39,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
if not auth_data: if not auth_data:
return return
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@ -74,7 +74,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
}, },
) )
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@ -110,7 +110,7 @@ class ApiServersServerIndexHandler(BaseApiHandler):
# DELETE /api/v2/servers/server?files=true # DELETE /api/v2/servers/server?files=true
remove_files = self.get_query_argument("files", None) == "true" remove_files = self.get_query_argument("files", None) == "true"
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/logs.py
View File

@ -27,7 +27,7 @@ class ApiServersServerLogsHandler(BaseApiHandler):
# GET /api/v2/servers/server/logs?html=true # GET /api/v2/servers/server/logs?html=true
use_html = self.get_query_argument("html", None) == "true" use_html = self.get_query_argument("html", None) == "true"
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/stats.py
View File

@ -12,7 +12,7 @@ class ApiServersServerStatsHandler(BaseApiHandler):
if not auth_data: if not auth_data:
return return
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/stdin.py
View File

@ -13,7 +13,7 @@ class ApiServersServerStdinHandler(BaseApiHandler):
if not auth_data: if not auth_data:
return return
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/tasks/task/index.py
View File

@ -79,7 +79,7 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler):
}, },
) )
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/servers/server/users.py
View File

@ -12,7 +12,7 @@ class ApiServersServerUsersHandler(BaseApiHandler):
if not auth_data: if not auth_data:
return return
if server_id not in [str(x["server_id"]) for x in auth_data[0]]: if server_id not in [str(x.server_id) for x in auth_data[0]]:
# if the user doesn't have access to the server, return an error # if the user doesn't have access to the server, return an error
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})