bug fix: dashboard for non-admin users

This commit is contained in:
usmannasir
2025-07-01 14:11:16 +05:00
parent bac657f1dd
commit 501121c837
5 changed files with 50 additions and 14 deletions

View File

@@ -118,6 +118,10 @@ class secMiddleware:
if request.path.find('gitNotify') > -1:
break
# Skip validation for ports key to allow port ranges with colons
if key == 'ports':
continue
if type(value) == str or type(value) == bytes:
pass
elif type(value) == list:

View File

@@ -191,4 +191,7 @@ LANGUAGES = (
MEDIA_URL = '/usr/local/CyberCP/tmp/'
MEDIA_ROOT = MEDIA_URL
DATA_UPLOAD_MAX_MEMORY_SIZE = 2147483648
DATA_UPLOAD_MAX_MEMORY_SIZE = 2147483648
# Security settings for CSF compliance
X_FRAME_OPTIONS = 'SAMEORIGIN'

View File

@@ -911,6 +911,9 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
$scope.totalDBs = 0;
$scope.totalEmails = 0;
$scope.totalFTPUsers = 0;
// Hide system charts for non-admin users
$scope.hideSystemCharts = false;
// Top Processes
$scope.topProcesses = [];
@@ -1030,6 +1033,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
function pollTraffic() {
console.log('pollTraffic called');
$http.get('/base/getTrafficStats').then(function(response) {
if (response.data.admin_only) {
// Hide chart for non-admin users
$scope.hideSystemCharts = true;
return;
}
if (response.data.status === 1) {
var now = new Date();
var rx = response.data.rx_bytes;
@@ -1079,6 +1087,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
function pollDiskIO() {
$http.get('/base/getDiskIOStats').then(function(response) {
if (response.data.admin_only) {
// Hide chart for non-admin users
$scope.hideSystemCharts = true;
return;
}
if (response.data.status === 1) {
var now = new Date();
var read = response.data.read_bytes;
@@ -1117,6 +1130,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
function pollCPU() {
$http.get('/base/getCPULoadGraph').then(function(response) {
if (response.data.admin_only) {
// Hide chart for non-admin users
$scope.hideSystemCharts = true;
return;
}
if (response.data.status === 1 && response.data.cpu_times && response.data.cpu_times.length >= 4) {
var now = new Date();
var cpuTimes = response.data.cpu_times;
@@ -1433,8 +1451,19 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
// Initial setup
$timeout(function() {
setupCharts();
// Immediately poll once so charts are updated on first load
// Check if user is admin before setting up charts
$http.get('/base/getAdminStatus').then(function(response) {
if (response.data && response.data.admin === 1) {
setupCharts();
} else {
$scope.hideSystemCharts = true;
}
}).catch(function() {
// If error, assume non-admin and hide charts
$scope.hideSystemCharts = true;
});
// Immediately poll once so stats are updated on first load
pollDashboardStats();
pollTraffic();
pollDiskIO();

View File

@@ -494,19 +494,19 @@
{$ securityAlerts.length $}
</span>
</button>
<button class="activity-tab" onclick="switchTab('top-process', this)">
<button class="activity-tab" onclick="switchTab('top-process', this)" ng-hide="hideSystemCharts">
<i class="fas fa-microchip"></i>
<span>Top Process</span>
</button>
<button class="activity-tab" onclick="switchTab('traffic', this)">
<button class="activity-tab" onclick="switchTab('traffic', this)" ng-hide="hideSystemCharts">
<i class="fas fa-chart-line"></i>
<span>Traffic</span>
</button>
<button class="activity-tab" onclick="switchTab('diskio', this)">
<button class="activity-tab" onclick="switchTab('diskio', this)" ng-hide="hideSystemCharts">
<i class="fas fa-hard-drive"></i>
<span>Disk IO</span>
</button>
<button class="activity-tab" onclick="switchTab('cpu-usage', this)">
<button class="activity-tab" onclick="switchTab('cpu-usage', this)" ng-hide="hideSystemCharts">
<i class="fas fa-tachometer-alt"></i>
<span>CPU Usage</span>
</button>
@@ -687,7 +687,7 @@
</div>
<!-- Top Process Tab -->
<div id="top-process" class="tab-content">
<div id="top-process" class="tab-content" ng-hide="hideSystemCharts">
<div ng-if="loadingTopProcesses" style="text-align: center; padding: 20px; color: #8893a7;">
Loading top processes...
</div>
@@ -720,21 +720,21 @@
</div>
<!-- Traffic Tab -->
<div id="traffic" class="tab-content">
<div id="traffic" class="tab-content" ng-hide="hideSystemCharts">
<div class="chart-container">
<canvas id="trafficChart"></canvas>
</div>
</div>
<!-- Disk IO Tab -->
<div id="diskio" class="tab-content">
<div id="diskio" class="tab-content" ng-hide="hideSystemCharts">
<div class="chart-container">
<canvas id="diskIOChart"></canvas>
</div>
</div>
<!-- CPU Usage Tab -->
<div id="cpu-usage" class="tab-content">
<div id="cpu-usage" class="tab-content" ng-hide="hideSystemCharts">
<div class="chart-container">
<canvas id="cpuChart"></canvas>
</div>

View File

@@ -508,7 +508,7 @@ def getTrafficStats(request):
# Only admins should see system-wide network stats
if not currentACL.get('admin', 0):
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
# Get network stats from /proc/net/dev (Linux)
rx = tx = 0
@@ -536,7 +536,7 @@ def getDiskIOStats(request):
# Only admins should see system-wide disk I/O stats
if not currentACL.get('admin', 0):
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
# Parse /proc/diskstats for all disks
read_sectors = 0
@@ -570,7 +570,7 @@ def getCPULoadGraph(request):
# Only admins should see system-wide CPU stats
if not currentACL.get('admin', 0):
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
# Parse /proc/stat for the 'cpu' line
with open('/proc/stat', 'r') as f: