From a7e6c0a324e5f4d9725ea4efdce0394d805c0edd Mon Sep 17 00:00:00 2001 From: Pavel Loginov Date: Wed, 26 Feb 2020 19:31:04 +0100 Subject: [PATCH] v4.0.0.0 Changelog: https://haproxy-wi.org/changelog.py#4 --- app/funct.py | 15 ++++++++++++++- app/options.py | 10 +++++----- app/sql.py | 17 ++--------------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/app/funct.py b/app/funct.py index 3f241064..2393935b 100644 --- a/app/funct.py +++ b/app/funct.py @@ -924,4 +924,17 @@ def get_users_params(**kwargs): else: servers = sql.get_dick_permit() - return user, user_id, role, token, servers \ No newline at end of file + return user, user_id, role, token, servers + + +def check_group(group, role_id): + import http.cookies + import sql + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_id = cookie.get('uuid') + user_group = sql.get_user_group_by_uuid(user_id.value) + if user_group == group or user_group == '1' or role_id == 1: + return True + else: + logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1) + return False \ No newline at end of file diff --git a/app/options.py b/app/options.py index 4bddb16d..ef56ce51 100644 --- a/app/options.py +++ b/app/options.py @@ -378,7 +378,7 @@ if serv is not None and act == "stats": data = response.content if form.getvalue('service') == 'nginx': from jinja2 import Environment, FileSystemLoader - env = Environment(loader=FileSystemLoader('templates/')) + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ajax/nginx_stats.html') servers_with_status = list() @@ -1112,11 +1112,11 @@ if form.getvalue('newuser') is not None: activeuser = form.getvalue('activeuser') role_id = sql.get_role_id_by_name(role) - if sql.check_group(group, role_id): + if funct.check_group(group, role_id): if funct.is_admin(level=role_id): if sql.add_user(new_user, email, password, role, group, activeuser): from jinja2 import Environment, FileSystemLoader - env = Environment(loader=FileSystemLoader('templates/')) + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ajax/new_user.html') template = template.render(users=sql.select_users(user=new_user), @@ -1148,7 +1148,7 @@ if form.getvalue('updateuser') is not None: activeuser = form.getvalue('activeuser') role_id = sql.get_role_id_by_name(role) - if sql.check_group(group, role_id): + if funct.check_group(group, role_id): if funct.is_admin(level=role_id): sql.update_user(new_user, email, role, group, id, activeuser) funct.logging(new_user, ' has updated user ', haproxywi=1, login=1) @@ -1184,7 +1184,7 @@ if form.getvalue('newserver') is not None: if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx): from jinja2 import Environment, FileSystemLoader - env = Environment(loader=FileSystemLoader('templates/')) + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ajax/new_server.html') template = template.render(groups = sql.select_groups(), diff --git a/app/sql.py b/app/sql.py index 67bbcdd7..2a0cd6c2 100644 --- a/app/sql.py +++ b/app/sql.py @@ -1601,22 +1601,9 @@ def check_token(): sys.exit() -def check_group(group, role_id): - import http.cookies - import os - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_id = cookie.get('uuid') - user_group = get_user_group_by_uuid(user_id.value) - if user_group == group or user_group == '1' or role_id == 1: - return True - else: - funct.logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1) - return False - - def show_update_option(option): from jinja2 import Environment, FileSystemLoader - env = Environment(loader=FileSystemLoader('templates/ajax')) + env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) template = env.get_template('/new_option.html') print('Content-type: text/html\n') @@ -1626,7 +1613,7 @@ def show_update_option(option): def show_update_savedserver(server): from jinja2 import Environment, FileSystemLoader - env = Environment(loader=FileSystemLoader('templates/ajax')) + env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) template = env.get_template('/new_saved_servers.html') print('Content-type: text/html\n')