mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2026-07-04 09:48:29 +02:00
bug fix: dashboard for non-admin users
This commit is contained in:
@@ -118,6 +118,10 @@ class secMiddleware:
|
||||
if request.path.find('gitNotify') > -1:
|
||||
break
|
||||
|
||||
# Skip validation for ports key to allow port ranges with colons
|
||||
if key == 'ports':
|
||||
continue
|
||||
|
||||
if type(value) == str or type(value) == bytes:
|
||||
pass
|
||||
elif type(value) == list:
|
||||
|
||||
@@ -191,4 +191,7 @@ LANGUAGES = (
|
||||
|
||||
MEDIA_URL = '/usr/local/CyberCP/tmp/'
|
||||
MEDIA_ROOT = MEDIA_URL
|
||||
DATA_UPLOAD_MAX_MEMORY_SIZE = 2147483648
|
||||
DATA_UPLOAD_MAX_MEMORY_SIZE = 2147483648
|
||||
|
||||
# Security settings for CSF compliance
|
||||
X_FRAME_OPTIONS = 'SAMEORIGIN'
|
||||
@@ -911,6 +911,9 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
|
||||
$scope.totalDBs = 0;
|
||||
$scope.totalEmails = 0;
|
||||
$scope.totalFTPUsers = 0;
|
||||
|
||||
// Hide system charts for non-admin users
|
||||
$scope.hideSystemCharts = false;
|
||||
|
||||
// Top Processes
|
||||
$scope.topProcesses = [];
|
||||
@@ -1030,6 +1033,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
|
||||
function pollTraffic() {
|
||||
console.log('pollTraffic called');
|
||||
$http.get('/base/getTrafficStats').then(function(response) {
|
||||
if (response.data.admin_only) {
|
||||
// Hide chart for non-admin users
|
||||
$scope.hideSystemCharts = true;
|
||||
return;
|
||||
}
|
||||
if (response.data.status === 1) {
|
||||
var now = new Date();
|
||||
var rx = response.data.rx_bytes;
|
||||
@@ -1079,6 +1087,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
|
||||
|
||||
function pollDiskIO() {
|
||||
$http.get('/base/getDiskIOStats').then(function(response) {
|
||||
if (response.data.admin_only) {
|
||||
// Hide chart for non-admin users
|
||||
$scope.hideSystemCharts = true;
|
||||
return;
|
||||
}
|
||||
if (response.data.status === 1) {
|
||||
var now = new Date();
|
||||
var read = response.data.read_bytes;
|
||||
@@ -1117,6 +1130,11 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
|
||||
|
||||
function pollCPU() {
|
||||
$http.get('/base/getCPULoadGraph').then(function(response) {
|
||||
if (response.data.admin_only) {
|
||||
// Hide chart for non-admin users
|
||||
$scope.hideSystemCharts = true;
|
||||
return;
|
||||
}
|
||||
if (response.data.status === 1 && response.data.cpu_times && response.data.cpu_times.length >= 4) {
|
||||
var now = new Date();
|
||||
var cpuTimes = response.data.cpu_times;
|
||||
@@ -1433,8 +1451,19 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
|
||||
|
||||
// Initial setup
|
||||
$timeout(function() {
|
||||
setupCharts();
|
||||
// Immediately poll once so charts are updated on first load
|
||||
// Check if user is admin before setting up charts
|
||||
$http.get('/base/getAdminStatus').then(function(response) {
|
||||
if (response.data && response.data.admin === 1) {
|
||||
setupCharts();
|
||||
} else {
|
||||
$scope.hideSystemCharts = true;
|
||||
}
|
||||
}).catch(function() {
|
||||
// If error, assume non-admin and hide charts
|
||||
$scope.hideSystemCharts = true;
|
||||
});
|
||||
|
||||
// Immediately poll once so stats are updated on first load
|
||||
pollDashboardStats();
|
||||
pollTraffic();
|
||||
pollDiskIO();
|
||||
|
||||
@@ -494,19 +494,19 @@
|
||||
{$ securityAlerts.length $}
|
||||
</span>
|
||||
</button>
|
||||
<button class="activity-tab" onclick="switchTab('top-process', this)">
|
||||
<button class="activity-tab" onclick="switchTab('top-process', this)" ng-hide="hideSystemCharts">
|
||||
<i class="fas fa-microchip"></i>
|
||||
<span>Top Process</span>
|
||||
</button>
|
||||
<button class="activity-tab" onclick="switchTab('traffic', this)">
|
||||
<button class="activity-tab" onclick="switchTab('traffic', this)" ng-hide="hideSystemCharts">
|
||||
<i class="fas fa-chart-line"></i>
|
||||
<span>Traffic</span>
|
||||
</button>
|
||||
<button class="activity-tab" onclick="switchTab('diskio', this)">
|
||||
<button class="activity-tab" onclick="switchTab('diskio', this)" ng-hide="hideSystemCharts">
|
||||
<i class="fas fa-hard-drive"></i>
|
||||
<span>Disk IO</span>
|
||||
</button>
|
||||
<button class="activity-tab" onclick="switchTab('cpu-usage', this)">
|
||||
<button class="activity-tab" onclick="switchTab('cpu-usage', this)" ng-hide="hideSystemCharts">
|
||||
<i class="fas fa-tachometer-alt"></i>
|
||||
<span>CPU Usage</span>
|
||||
</button>
|
||||
@@ -687,7 +687,7 @@
|
||||
</div>
|
||||
|
||||
<!-- Top Process Tab -->
|
||||
<div id="top-process" class="tab-content">
|
||||
<div id="top-process" class="tab-content" ng-hide="hideSystemCharts">
|
||||
<div ng-if="loadingTopProcesses" style="text-align: center; padding: 20px; color: #8893a7;">
|
||||
Loading top processes...
|
||||
</div>
|
||||
@@ -720,21 +720,21 @@
|
||||
</div>
|
||||
|
||||
<!-- Traffic Tab -->
|
||||
<div id="traffic" class="tab-content">
|
||||
<div id="traffic" class="tab-content" ng-hide="hideSystemCharts">
|
||||
<div class="chart-container">
|
||||
<canvas id="trafficChart"></canvas>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Disk IO Tab -->
|
||||
<div id="diskio" class="tab-content">
|
||||
<div id="diskio" class="tab-content" ng-hide="hideSystemCharts">
|
||||
<div class="chart-container">
|
||||
<canvas id="diskIOChart"></canvas>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- CPU Usage Tab -->
|
||||
<div id="cpu-usage" class="tab-content">
|
||||
<div id="cpu-usage" class="tab-content" ng-hide="hideSystemCharts">
|
||||
<div class="chart-container">
|
||||
<canvas id="cpuChart"></canvas>
|
||||
</div>
|
||||
|
||||
@@ -508,7 +508,7 @@ def getTrafficStats(request):
|
||||
|
||||
# Only admins should see system-wide network stats
|
||||
if not currentACL.get('admin', 0):
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
|
||||
|
||||
# Get network stats from /proc/net/dev (Linux)
|
||||
rx = tx = 0
|
||||
@@ -536,7 +536,7 @@ def getDiskIOStats(request):
|
||||
|
||||
# Only admins should see system-wide disk I/O stats
|
||||
if not currentACL.get('admin', 0):
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
|
||||
|
||||
# Parse /proc/diskstats for all disks
|
||||
read_sectors = 0
|
||||
@@ -570,7 +570,7 @@ def getCPULoadGraph(request):
|
||||
|
||||
# Only admins should see system-wide CPU stats
|
||||
if not currentACL.get('admin', 0):
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required'}), content_type='application/json', status=403)
|
||||
return HttpResponse(json.dumps({'status': 0, 'error_message': 'Admin access required', 'admin_only': True}), content_type='application/json')
|
||||
|
||||
# Parse /proc/stat for the 'cpu' line
|
||||
with open('/proc/stat', 'r') as f:
|
||||
|
||||
Reference in New Issue
Block a user