diff --git a/api/api.py b/api/api.py index 45bb8745..a9917159 100644 --- a/api/api.py +++ b/api/api.py @@ -66,7 +66,8 @@ def index(): 'haproxy//log': 'show HAProxy logs by id or hostname or ip. May to have config next Headers: rows(format INT) default: 10 grep, waf(if needs WAF log) default: 0, start_hour(format: 24) default: 00, start_minute, end_hour(format: 24) default: 24, end_minute. METHOD: GET', 'haproxy//section': 'show a certain section, headers: section-name. METHOD: GET', 'haproxy//section/add': 'add a section to the HAProxy config by id or hostname or ip. Has to have config header with section and action header for action after upload. Section header must consist type: listen, frontend, etc. Action header accepts next value: save, test, reload and restart. Can be empty for just save. METHOD: POST', - 'haproxy//section/edit': 'edit a section in the HAProxy config by id or hostname or ip. Has to have config header with section, action header for action after upload and body of a new section configuration. Section header must consist type: listen, frontend, etc. Action header accepts next value: save, test, reload and restart. Can be empty for just save. METHOD: POST', + 'haproxy//section/edit': 'edit a section in the HAProxy config by id or hostname or ip. Has to have config header section-name, action header for action after upload and body of a new section configuration. Section header must consist type: listen, frontend, etc. Action header accepts next value: save, test, reload and restart. Can be empty for just save. METHOD: POST', + 'haproxy//section/delete': 'delete a section in the HAProxy config by id or hostname or ip. Has to have config header section-name, action header for action after upload and body of a new section configuration. Section header must consist type: listen, frontend, etc. Action header accepts next value: save, test, reload and restart. Can be empty for just save. METHOD: POST', 'haproxy//acl': 'add an acl to certain section. Must be JSON body: "section-name", "if", "then", "if_value", "then_value" and "action" for action after upload. Action accepts next value: "save", "test", "reload" and "restart". METHOD: POST', 'haproxy//acl': 'delete an acl to certain section. Must be JSON body: "section-name", "if", "then", "if_value", "then_value" and "action" for action after upload. Action accepts next value: "save", "test", "reload" and "restart". METHOD: DELETE', 'nginx/': 'show info about the NGINX by id or hostname or ip. METHOD: GET', @@ -218,6 +219,14 @@ def haproxy_section_add(haproxy_id): return api_funct.add_to_config(haproxy_id) +@route('/haproxy//section/delete', method=['POST']) +@route('/haproxy//section/delete', method=['POST']) +def haproxy_section_add(haproxy_id): + if not check_login(required_service=1): + return dict(error=_error_auth) + return api_funct.edit_section(haproxy_id, delete=1) + + @route('/haproxy//section/edit', method=['POST']) @route('/haproxy//section/edit', method=['POST']) def haproxy_sectiond_edit(haproxy_id): diff --git a/api/api_funct.py b/api/api_funct.py index 15c0ac80..f5dfc01f 100644 --- a/api/api_funct.py +++ b/api/api_funct.py @@ -57,7 +57,7 @@ def get_token(): if login in user.username and password == user.password: import uuid user_token = str(uuid.uuid4()) - role_id = sql.get_role_id_by_name(user.role) + role_id = sql.get_role_id(user.user_id, group_id) sql.write_api_token(user_token, group_id, role_id, user.username) return user_token else: @@ -340,7 +340,7 @@ def get_section(server_id): return dict(section=data) -def edit_section(server_id): +def edit_section(server_id, delete=0): body = request.body.getvalue().decode('utf-8') section_name = request.headers.get('section-name') save = request.headers.get('action') @@ -356,6 +356,12 @@ def edit_section(server_id): elif save == 'reload': save = 'reload' + if delete == 1: + body = '' + action = 'deleted' + else: + action = 'edited' + for s in servers: ip = s[2] cfg = f'/tmp/{ip}.cfg' @@ -376,9 +382,9 @@ def edit_section(server_id): return_mess = 'section has been updated' os.system(f"/bin/cp {cfg} {cfg_for_save}") out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login) - roxywi_common.logging('localhost', f" section {section_name} has been edited via API", login=login) + roxywi_common.logging('localhost', f" section {section_name} has been {action} via API", login=login) roxywi_common.logging( - ip, f'Section {section_name} has been edited via API', roxywi=1, + ip, f'Section {section_name} has been {action} via API', roxywi=1, login=login, keep_history=1, service='haproxy' ) diff --git a/app/create_db.py b/app/create_db.py index e65e0d74..b8b7bf30 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -148,9 +148,9 @@ def default_values(): print(str(e)) data_source = [ - {'username': 'admin', 'email': 'admin@localhost', 'password': '21232f297a57a5a743894a0e4a801fc3', 'role': 'superAdmin', 'groups': '1'}, - {'username': 'editor', 'email': 'editor@localhost', 'password': '5aee9dbd2a188839105073571bee1b1f', 'role': 'admin', 'groups': '1'}, - {'username': 'guest', 'email': 'guest@localhost', 'password': '084e0343a0486ff05530df6c705c8bb4', 'role': 'guest', 'groups': '1'} + {'username': 'admin', 'email': 'admin@localhost', 'password': '21232f297a57a5a743894a0e4a801fc3', 'role': '1', 'groups': '1'}, + {'username': 'editor', 'email': 'editor@localhost', 'password': '5aee9dbd2a188839105073571bee1b1f', 'role': '2', 'groups': '1'}, + {'username': 'guest', 'email': 'guest@localhost', 'password': '084e0343a0486ff05530df6c705c8bb4', 'role': '4', 'groups': '1'} ] try: @@ -681,78 +681,6 @@ def update_db_v_4_3_0(): print("An error occurred:", e) -def update_db_v_5_2_4(): - cursor = conn.cursor() - sql = """ALTER TABLE `user` ADD COLUMN user_services varchar(20) DEFAULT '1 2 3 4';""" - try: - cursor.execute(sql) - except Exception as e: - if str(e) == 'duplicate column name: user_services' or str(e) == '(1060, "Duplicate column name \'user_services\'")': - print('Updating... DB has been updated to version 5.2.4') - else: - print("An error occurred:", e) - else: - print("Updating... DB has been updated to version 5.2.4") - - -def update_db_v_5_2_4_1(): - cursor = conn.cursor() - sql = """ALTER TABLE `servers` ADD COLUMN nginx_metrics integer DEFAULT 0;""" - try: - cursor.execute(sql) - except Exception as e: - if str(e) == 'duplicate column name: nginx_metrics' or str(e) == '(1060, "Duplicate column name \'nginx_metrics\'")': - print('Updating... DB has been updated to version 5.2.4-1') - else: - print("An error occurred:", e) - else: - print("Updating... DB has been updated to version 5.2.4-1") - - -def update_db_v_5_2_5_1(): - query = User.update(role='user').where(User.role == 'editor') - try: - query.execute() - except Exception as e: - print("An error occurred:", e) - else: - print("Updating... DB has been updated to version 5.2.5-1") - - -def update_db_v_5_2_5_2(): - query = Role.delete().where(Role.name == 'editor') - try: - query.execute() - except Exception as e: - print("An error occurred:", e) - else: - print("Updating... DB has been updated to version 5.2.5-2") - - -def update_db_v_5_2_5_3(): - cursor = conn.cursor() - sql = list() - sql.append("alter table user add column last_login_date timestamp default '0000-00-00 00:00:00'") - sql.append("alter table user add column last_login_ip VARCHAR ( 64 )") - for i in sql: - try: - cursor.execute(i) - except Exception: - pass - else: - print('Updating... DB has been updated to version 5.2.5-3') - - -def update_db_v_5_2_6(): - query = Setting.delete().where(Setting.param == 'haproxy_enterprise') - try: - query.execute() - except Exception as e: - print("An error occurred:", e) - else: - print("Updating... DB has been updated to version 5.2.6") - - def update_db_v_5_3_0(): groups = '' query = Groups.select() @@ -996,9 +924,28 @@ def update_db_v_6_3_5(): print("Updating... DB has been updated to version 6.3.5.0") +def update_db_v_6_3_6(): + cursor = conn.cursor() + sql = list() + sql.append("ALTER TABLE `user_groups` ADD COLUMN user_role_id integer;") + if mysql_enable == '1': + sql.append("update user_groups u_g inner join user as u on u_g.user_id = u.id inner join role as r on r.name = u.role set user_role_id = r.id where u_g.user_role_id is NULL;") + sql.append("update user u inner join role as r on r.name = u.role set u.role = r.id;") + else: + sql.append("update user_groups as u_g set user_role_id = (select r.id from role as r inner join user as u on u.role = r.name where u_g.user_id = u.id) where user_role_id is null;") + sql.append("update user as u set role = (select r.id from role as r where r.name = u.role);") + for i in sql: + try: + cursor.execute(i) + except Exception: + pass + else: + print("Updating... DB has been updated to version 6.3.6.0") + + def update_ver(): try: - Version.update(version='6.3.6.0').execute() + Version.update(version='6.3.7.0').execute() except Exception: print('Cannot update version') @@ -1016,12 +963,6 @@ def update_all(): if check_ver() is None: update_db_v_3_4_5_22() update_db_v_4_3_0() - update_db_v_5_2_4() - update_db_v_5_2_4_1() - update_db_v_5_2_5_1() - update_db_v_5_2_5_2() - update_db_v_5_2_5_3() - update_db_v_5_2_6() update_db_v_5_3_0() update_db_v_5_3_1() update_db_v_5_3_2_2() @@ -1036,6 +977,7 @@ def update_all(): update_db_v_6_2_1() update_db_v_6_3_4() update_db_v_6_3_5() + update_db_v_6_3_6() update_ver() diff --git a/app/login.py b/app/login.py index ba0e5dbf..ee85c303 100644 --- a/app/login.py +++ b/app/login.py @@ -185,7 +185,7 @@ except Exception as e: error = f'error: {e}' try: - role = sql.get_user_role_by_uuid(user_id.value) + role = sql.get_user_role_by_uuid(user_id.value, user_group_id) user = sql.get_user_name_by_uuid(user_id.value) except Exception: role = "" diff --git a/app/modules/config/config.py b/app/modules/config/config.py index 0e214ccf..916c4e2f 100644 --- a/app/modules/config/config.py +++ b/app/modules/config/config.py @@ -25,7 +25,7 @@ def get_config(server_ip, cfg, **kwargs): kwargs.get("nginx") or kwargs.get("service") == 'nginx' or kwargs.get("apache") or kwargs.get("service") == 'apache' ): - config_path = kwargs.get('config_file_name') + config_path = common.checkAjaxInput(kwargs.get('config_file_name')) elif kwargs.get("waf") or kwargs.get("service") == 'waf': if kwargs.get("waf") == 'haproxy': config_path = f'{sql.get_setting("haproxy_dir")}/waf/rules/{kwargs.get("waf_rule_file")}' @@ -34,6 +34,9 @@ def get_config(server_ip, cfg, **kwargs): else: config_path = sql.get_setting('haproxy_config_path') + if '..' in config_path: + return 'error: nice try' + try: with mod_ssh.ssh_connect(server_ip) as ssh: ssh.get_sftp(config_path, cfg) @@ -119,7 +122,7 @@ def upload_and_restart(server_ip: str, cfg: str, **kwargs): login = 1 try: - os.system(f"dos2unix {cfg}") + os.system(f"dos2unix -q {cfg}") except OSError: return 'error: there is no dos2unix' @@ -504,7 +507,9 @@ def show_config(server_ip: str) -> None: cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_uuid = cookie.get('uuid') - role_id = sql.get_user_role_by_uuid(user_uuid.value) + group_id = cookie.get('group') + group_id = int(group_id.value) + role_id = sql.get_user_role_by_uuid(user_uuid.value, group_id) service = form.getvalue('service') try: config_file_name = form.getvalue('config_file_name').replace('/', '92') diff --git a/app/modules/db/db_model.py b/app/modules/db/db_model.py index 1797f2aa..35780886 100644 --- a/app/modules/db/db_model.py +++ b/app/modules/db/db_model.py @@ -161,6 +161,7 @@ class Groups(BaseModel): class UserGroups(BaseModel): user_id = IntegerField() user_group_id = IntegerField() + user_role_id = IntegerField() class Meta: table_name = 'user_groups' diff --git a/app/modules/db/sql.py b/app/modules/db/sql.py index a85e2781..61d5dd0b 100755 --- a/app/modules/db/sql.py +++ b/app/modules/db/sql.py @@ -73,18 +73,22 @@ def add_user(user, email, password, role, activeuser, group): if password != 'aduser': try: hashed_pass = roxy_wi_tools.Tools.get_hash(password) - User.insert( + last_id = User.insert( username=user, email=email, password=hashed_pass, role=role, activeuser=activeuser, groups=group ).execute() except Exception as e: out_error(e) + else: + return last_id else: try: - User.insert( + last_id = User.insert( username=user, email=email, role=role, ldap_user=1, activeuser=activeuser, groups=group ).execute() except Exception as e: out_error(e) + else: + return last_id def update_user(user, email, role, user_id, activeuser): @@ -99,16 +103,6 @@ def update_user(user, email, role, user_id, activeuser): return True -def update_user_groups(groups, user_group_id): - try: - UserGroups.insert(user_id=user_group_id, user_group_id=groups).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - def delete_user_groups(user_id): group_for_delete = UserGroups.delete().where(UserGroups.user_id == user_id) try: @@ -440,9 +434,16 @@ def select_user_groups_with_names(user_id, **kwargs): query = (UserGroups.select( UserGroups.user_group_id, UserGroups.user_id, Groups.name ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id))) + elif kwargs.get("user_not_in_group") is not None: + query = (Groups.select( + Groups.group_id, Groups.name + ).join(UserGroups, on=( + (UserGroups.user_group_id == Groups.group_id) & + (UserGroups.user_id == user_id) + ), join_type=JOIN.LEFT_OUTER).group_by(Groups.name).where(UserGroups.user_id.is_null(True))) else: query = (UserGroups.select( - UserGroups.user_group_id, Groups.name + UserGroups.user_group_id, UserGroups.user_role_id, Groups.name, Groups.group_id ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id)).where(UserGroups.user_id == user_id)) try: query_res = query.execute() @@ -767,27 +768,21 @@ def get_user_id_by_username(username: str): return query -def get_user_role_by_uuid(uuid): +def get_user_role_by_uuid(uuid, group_id): query = ( - Role.select(Role.role_id).join(User, on=(Role.name == User.role)).join( - UUID, on=(User.user_id == UUID.user_id) - ).where(UUID.uuid == uuid)) + UserGroups.select(UserGroups.user_role_id).join(UUID, on=(UserGroups.user_id == UUID.user_id) + ).where( + (UUID.uuid == uuid) & + (UserGroups.user_group_id == group_id) + ) + ) try: query_res = query.execute() except Exception as e: out_error(e) else: for user_id in query_res: - return int(user_id.role_id) - - -def get_role_id_by_name(name): - try: - role_id = Role.get(Role.name == name) - except Exception as e: - out_error(e) - else: - return int(role_id.role_id) + return int(user_id.user_role_id) def get_user_telegram_by_group(group): @@ -3917,3 +3912,19 @@ def get_smon_alert_status(service_ip: str, alert: str) -> int: out_error(e) else: return alert_value + + +def update_user_role(user_id: int, group_id: int, role_id: int) -> None: + try: + UserGroups.insert(user_id=user_id, user_group_id=group_id, user_role_id=role_id).on_conflict('replace').execute() + except Exception as e: + out_error(e) + + +def get_role_id(user_id: int, group_id: int) -> int: + try: + role_id = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id)) + except Exception as e: + out_error(e) + else: + return int(role_id.user_role_id) diff --git a/app/modules/roxywi/auth.py b/app/modules/roxywi/auth.py index 915009a5..5012ddff 100644 --- a/app/modules/roxywi/auth.py +++ b/app/modules/roxywi/auth.py @@ -42,9 +42,11 @@ def is_admin(level=1, **kwargs): cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_id = cookie.get('uuid') user_id = user_id.value + group_id = cookie.get('group') + group_id = int(group_id.value) try: - role = sql.get_user_role_by_uuid(user_id) + role = sql.get_user_role_by_uuid(user_id, group_id) except Exception: role = 4 pass diff --git a/app/modules/roxywi/common.py b/app/modules/roxywi/common.py index fa353225..1a31555d 100644 --- a/app/modules/roxywi/common.py +++ b/app/modules/roxywi/common.py @@ -230,8 +230,16 @@ def get_users_params(**kwargs): except Exception: print('') return + try: - role = sql.get_user_role_by_uuid(user_uuid.value) + group_id = cookie.get('group') + group_id = int(group_id.value) + except Exception: + print('') + return + + try: + role = sql.get_user_role_by_uuid(user_uuid.value, group_id) except Exception: print('') return diff --git a/app/modules/roxywi/overview.py b/app/modules/roxywi/overview.py index 8ea914b1..e6156764 100644 --- a/app/modules/roxywi/overview.py +++ b/app/modules/roxywi/overview.py @@ -17,6 +17,7 @@ def user_ovw() -> None: template = env.get_template('ajax/show_users_ovw.html') lang = roxywi_common.get_user_lang() + roles = sql.select_roles() user_params = roxywi_common.get_users_params() users_groups = sql.select_user_groups_with_names(1, all=1) user_group = roxywi_common.get_user_group(id=1) @@ -26,7 +27,7 @@ def user_ovw() -> None: else: users = sql.select_users() - template = template.render(users=users, users_groups=users_groups, lang=lang) + template = template.render(users=users, users_groups=users_groups, lang=lang, roles=roles) print(template) @@ -113,13 +114,15 @@ def show_overview(serv) -> None: template = env.get_template('overview.html') cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_uuid = cookie.get('uuid') + group_id = cookie.get('group') + group_id = int(group_id.value) futures = [async_get_overview(server[1], server[2], user_uuid.value, server[0]) for server in sql.select_servers(server=serv)] for i, future in enumerate(asyncio.as_completed(futures)): result = await future servers.append(result) servers_sorted = sorted(servers, key=common.get_key) - template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_uuid.value)) + template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_uuid.value, group_id)) print(template) ioloop = asyncio.get_event_loop() diff --git a/app/modules/roxywi/user.py b/app/modules/roxywi/user.py index 51240394..ecc486f9 100644 --- a/app/modules/roxywi/user.py +++ b/app/modules/roxywi/user.py @@ -16,8 +16,13 @@ def create_user(new_user: str, email: str, password: str, role: str, activeuser: if roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')): try: - sql.add_user(new_user, email, password, role, activeuser, group) + user_id = sql.add_user(new_user, email, password, role, activeuser, group) + sql.update_user_role(user_id, group, role) roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1) + try: + sql.update_user_role(user_id, group_id, role_id) + except Exception as e: + print(str(e)) try: if password == 'aduser': password = 'your domain password' @@ -55,15 +60,16 @@ def delete_user(): def update_user(): email = form.getvalue('email') - role = form.getvalue('role') + role_id = int(form.getvalue('role')) new_user = form.getvalue('updateuser') user_id = form.getvalue('id') activeuser = form.getvalue('activeuser') - role_id = sql.get_role_id_by_name(role) + group_id = int(form.getvalue('usergroup')) if roxywi_common.check_user_group(): if roxywi_auth.is_admin(level=role_id): - sql.update_user(new_user, email, role, user_id, activeuser) + sql.update_user(new_user, email, role_id, user_id, activeuser) + sql.update_user_role(user_id, group_id, role_id) roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1) else: roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) @@ -88,11 +94,7 @@ def update_user_password(): def get_user_services() -> None: user_id = common.checkAjaxInput(form.getvalue('getuserservices')) lang = roxywi_common.get_user_lang() - groups = [] - u_g = sql.select_user_groups(user_id) services = sql.select_services() - for g in u_g: - groups.append(g.user_group_id) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ajax/show_user_services.html') @@ -101,47 +103,35 @@ def get_user_services() -> None: def change_user_services() -> None: + import json + user_id = common.checkAjaxInput(form.getvalue('changeUserServicesId')) - services = common.checkAjaxInput(form.getvalue('changeUserServices')) user = common.checkAjaxInput(form.getvalue('changeUserServicesUser')) + services = '' + user_services = json.loads(form.getvalue('jsonDatas')) + + for k, v in user_services.items(): + for k2, v2 in v.items(): + services += ' ' + k2 try: if sql.update_user_services(services=services, user_id=user_id): - roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', - roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1) except Exception as e: print(e) -def get_user_groups() -> None: - user_id = common.checkAjaxInput(form.getvalue('getusergroups')) +def move_user_service(action) -> None: + service_id = common.checkAjaxInput(form.getvalue('service_id')) + service_name = common.checkAjaxInput(form.getvalue('service_name')) + length_tr = common.checkAjaxInput(form.getvalue('length_tr')) lang = roxywi_common.get_user_lang() - groups = [] - u_g = sql.select_user_groups(user_id) - for g in u_g: - groups.append(g.user_group_id) - env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) - template = env.get_template('ajax/show_user_groups.html') - template = template.render(groups=sql.select_groups(), user_groups=groups, id=user_id, lang=lang) + template = env.get_template('ajax/move_user_service.html') + template = template.render(lang=lang, service_id=service_id, service_name=service_name, length_tr=length_tr, action=action) print(template) -def change_user_group() -> None: - group_id = common.checkAjaxInput(form.getvalue('changeUserGroupId')) - groups = common.checkAjaxInput(form.getvalue('changeUserGroups')) - user = common.checkAjaxInput(form.getvalue('changeUserGroupsUser')) - if sql.delete_user_groups(group_id): - for group in groups: - if group[0] == ',': - continue - try: - sql.update_user_groups(groups=group[0], user_group_id=group_id) - except Exception as e: - print(e) - - roxywi_common.logging('Roxy-WI server', f'Groups has been updated for user: {user}', roxywi=1, login=1) - def change_user_active_group() -> None: group_id = common.checkAjaxInput(form.getvalue('changeUserCurrentGroupId')) @@ -164,3 +154,61 @@ def get_user_active_group(user_id: str, group: str) -> None: template = env.get_template('ajax/show_user_current_group.html') template = template.render(groups=groups, group=group.value, id=group_id, lang=lang) print(template) + + +def show_user_groups_and_roles() -> None: + user_id = common.checkAjaxInput(form.getvalue('user_id')) + groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1) + roles = sql.select_roles() + lang = roxywi_common.get_user_lang() + user_groups = sql.select_user_groups_with_names(user_id) + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) + template = env.get_template('ajax/show_user_groups_and_roles.html') + template = template.render(groups=groups, user_groups=user_groups, roles=roles, lang=lang) + print(template) + + +def add_user_group_and_role() -> None: + group_id = common.checkAjaxInput(form.getvalue('group_id')) + group_name = common.checkAjaxInput(form.getvalue('group_name')) + length_tr = common.checkAjaxInput(form.getvalue('length_tr')) + roles = sql.select_roles() + lang = roxywi_common.get_user_lang() + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) + template = env.get_template('ajax/add_user_group_and_role.html') + template = template.render(roles=roles, lang=lang, group_id=group_id, group_name=group_name, length_tr=length_tr) + print(template) + + +def remove_user_group_and_role() -> None: + group_id = common.checkAjaxInput(form.getvalue('group_id')) + group_name = common.checkAjaxInput(form.getvalue('group_name')) + length_tr = common.checkAjaxInput(form.getvalue('length_tr')) + lang = roxywi_common.get_user_lang() + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) + template = env.get_template('ajax/remove_user_group_and_role.html') + template = template.render(lang=lang, group_id=group_id, group_name=group_name, length_tr=length_tr) + print(template) + + +def save_user_group_and_role() -> None: + import json + + user = common.checkAjaxInput(form.getvalue('changeUserGroupsUser')) + groups_and_roles = json.loads(form.getvalue('jsonDatas')) + + for k, v in groups_and_roles.items(): + user_id = int(k) + if not sql.delete_user_groups(user_id): + print('error: cannot delete old groups') + for k2, v2 in v.items(): + group_id = int(k2) + role_id = int(v2['role_id']) + try: + sql.update_user_role(user_id, group_id, role_id) + except Exception as e: + print(e) + break + else: + roxywi_common.logging('Roxy-WI server', f'Groups and roles have been updated for user: {user}', roxywi=1, login=1) + print('ok') diff --git a/app/modules/roxywi/waf.py b/app/modules/roxywi/waf.py index e6224cf4..323680af 100644 --- a/app/modules/roxywi/waf.py +++ b/app/modules/roxywi/waf.py @@ -21,6 +21,8 @@ def waf_overview(serv, waf_service) -> None: servers = sql.select_servers(server=serv) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_id = cookie.get('uuid') + group_id = cookie.get('group') + group_id = int(group_id.value) config_path = '' returned_servers = [] @@ -77,7 +79,7 @@ def waf_overview(serv, waf_service) -> None: lang = roxywi_common.get_user_lang() servers_sorted = sorted(returned_servers, key=common.get_key) - template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_id.value), + template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_id.value, group_id), waf_service=waf_service, lang=lang) print(template) diff --git a/app/modules/service/common.py b/app/modules/service/common.py index 2c299cd4..82e58051 100644 --- a/app/modules/service/common.py +++ b/app/modules/service/common.py @@ -5,6 +5,7 @@ import modules.db.sql as sql import modules.server.ssh as mod_ssh import modules.common.common as common import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common import modules.roxy_wi_tools as roxy_wi_tools time_zone = sql.get_setting('time_zone') @@ -26,7 +27,9 @@ def check_haproxy_version(server_ip): def is_restarted(server_ip: str, action: str) -> None: cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_uuid = cookie.get('uuid') - user_role = sql.get_user_role_by_uuid(user_uuid.value) + group_id = cookie.get('group') + group_id = int(group_id.value) + user_role = sql.get_user_role_by_uuid(user_uuid.value, group_id) if sql.is_serv_protected(server_ip) and int(user_role) > 2: print(f'error: This server is protected. You cannot {action} it') @@ -137,8 +140,8 @@ def overview_backends(server_ip: str, service: str) -> None: import modules.config.section as section_mod import modules.roxywi.common as roxywi_common - env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) - template = env.get_template('haproxyservers_backends.html') + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) + template = env.get_template('ajax/haproxyservers_backends.html') format_file = 'cfg' if service == 'haproxy': @@ -196,6 +199,8 @@ def overview_service(server_ip: str, server_id: int, name: str, service: str) -> import asyncio from jinja2 import Environment, FileSystemLoader + user_params = roxywi_common.get_users_params() + async def async_get_overviewServers(serv1, serv2, service): if service == 'haproxy': cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % ( @@ -217,20 +222,22 @@ def overview_service(server_ip: str, server_id: int, name: str, service: str) -> return server_status async def get_runner_overviewServers(**kwargs): - env = Environment(loader=FileSystemLoader('templates/ajax'), extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do']) - template = env.get_template('overviewServers.html') + env = Environment(loader=FileSystemLoader('templates/'), extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do']) + template = env.get_template('ajax/overviewServers.html') servers = [] cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_id = cookie.get('uuid') - role = sql.get_user_role_by_uuid(user_id.value) + group_id = cookie.get('group') + group_id = int(group_id.value) + role = sql.get_user_role_by_uuid(user_id.value, group_id) futures = [async_get_overviewServers(kwargs.get('server1'), kwargs.get('server2'), kwargs.get('service'))] for i, future in enumerate(asyncio.as_completed(futures)): result = await future servers.append(result) servers_sorted = sorted(servers, key=common.get_key) - template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service) + template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service, lang=user_params['lang']) print(template) ioloop = asyncio.get_event_loop() diff --git a/app/options.py b/app/options.py index fef04541..df3c477f 100644 --- a/app/options.py +++ b/app/options.py @@ -1085,22 +1085,41 @@ if form.getvalue('getuserservices'): roxy_user.get_user_services() - -if form.getvalue('getusergroups'): +if act == 'show_user_group_and_role': import modules.roxywi.user as roxy_user - roxy_user.get_user_groups() + roxy_user.show_user_groups_and_roles() -if form.getvalue('changeUserGroupId') is not None: +if act == 'add_user_group_and_role': import modules.roxywi.user as roxy_user - roxy_user.change_user_group() + roxy_user.add_user_group_and_role() + +if act == 'remove_user_group_and_role': + import modules.roxywi.user as roxy_user + + roxy_user.remove_user_group_and_role() + +if act == 'save_user_group_and_role': + import modules.roxywi.user as roxy_user + + roxy_user.save_user_group_and_role() if form.getvalue('changeUserServicesId') is not None: import modules.roxywi.user as roxy_user roxy_user.change_user_services() +if act == 'add_user_service': + import modules.roxywi.user as roxy_user + + roxy_user.move_user_service('add') + +if act == 'remove_user_service': + import modules.roxywi.user as roxy_user + + roxy_user.move_user_service('remove') + if form.getvalue('changeUserCurrentGroupId') is not None: import modules.roxywi.user as roxy_user @@ -1561,7 +1580,9 @@ if any((form.getvalue('do_new_name'), form.getvalue('aws_new_name'), form.getval if is_add: cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_uuid = cookie.get('uuid') - role_id = sql.get_user_role_by_uuid(user_uuid.value) + group_id = cookie.get('group') + group_id = int(group_id.value) + role_id = sql.get_user_role_by_uuid(user_uuid.value, group_id) params = sql.select_provisioning_params() providers = sql.select_providers(provider_group, key=provider_token) diff --git a/app/servers.py b/app/servers.py index d1b5bf22..e227347f 100644 --- a/app/servers.py +++ b/app/servers.py @@ -33,6 +33,7 @@ try: servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1) masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'].value) is_needed_tool = common.is_tool('ansible') + user_roles = sql.select_user_roles_by_group(user_group) except Exception: pass @@ -54,6 +55,6 @@ rendered_template = template.render( token=user_params['token'], settings=settings, backups=sql.select_backups(), page="servers.py", geoip_country_codes=geoip_country_codes, user_services=user_params['user_services'], ldap_enable=ldap_enable, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits, - is_needed_tool=is_needed_tool, lang=user_params['lang'] + is_needed_tool=is_needed_tool, lang=user_params['lang'], user_roles=user_roles ) print(rendered_template) diff --git a/app/templates/admin.html b/app/templates/admin.html index 52bcc926..18ae9bf7 100644 --- a/app/templates/admin.html +++ b/app/templates/admin.html @@ -1,4 +1,6 @@ {% extends "base.html" %} +{% block title %}{{lang.words.admin_area|title()}}{% endblock %} +{% block h2 %}{{lang.words.admin_area|title()}}{% endblock %} {% block content %} {% from 'include/input_macros.html' import input, select, copy_to_clipboard, checkbox %} @@ -142,9 +144,6 @@ {% include 'include/admins_dialogs.html' %} -