Use flags instead of permission list

Author: shortcutme

src/Ui/UiWebsocket.py

@@ -24,13 +24,6 @@
 
 @PluginManager.acceptPlugins
 class UiWebsocket(object):
-    admin_commands = set([
-        "sitePause", "siteResume", "siteDelete", "siteList", "siteSetLimit", "siteAdd", "siteListModifiedFiles", "siteSetSettingsValue",
-        "channelJoinAllsite", "serverUpdate", "serverPortcheck", "serverShutdown", "serverShowdirectory", "serverGetWrapperNonce",
-        "certSet", "certList", "configSet", "permissionAdd", "permissionRemove", "announcerStats", "userSetGlobalSettings"
-    ])
-    async_commands = set(["fileGet", "fileList", "dirList", "fileNeed", "serverPortcheck", "siteListModifiedFiles"])
-
     def __init__(self, ws, site, server, user, request):
         self.ws = ws
         self.site = site
@@ -376,6 +369,7 @@ def actionServerInfo(self, to):
         self.response(to, back)
 
     # Create a new wrapper nonce that allows to load html file
+    @flag.admin
     def actionServerGetWrapperNonce(self, to):
         wrapper_nonce = self.request.getWrapperNonce()
         self.response(to, wrapper_nonce)
@@ -384,6 +378,7 @@ def actionAnnouncerInfo(self, to):
         back = self.formatAnnouncerInfo(self.site)
         self.response(to, back)
 
+    @flag.admin
     def actionAnnouncerStats(self, to):
         back = {}
         trackers = self.site.announcer.getTrackers()
@@ -646,6 +641,7 @@ def actionFileQuery(self, to, dir_inner_path, query=None):
         return self.response(to, rows)
 
     # List files in directory
+    @flag.async_run
     def actionFileList(self, to, inner_path):
         try:
             return list(self.site.storage.walk(inner_path))
@@ -654,6 +650,7 @@ def actionFileList(self, to, inner_path):
             return {"error": Debug.formatExceptionMessage(err)}
 
     # List directories in a directory
+    @flag.async_run
     def actionDirList(self, to, inner_path):
         try:
             return list(self.site.storage.list(inner_path))
@@ -679,6 +676,7 @@ def actionDbQuery(self, to, query, params=None, wait_for=None):
         return self.response(to, rows)
 
     # Return file content
+    @flag.async_run
     def actionFileGet(self, to, inner_path, required=True, format="text", timeout=300):
         try:
             if required or inner_path in self.site.bad_files:
@@ -698,6 +696,7 @@ def actionFileGet(self, to, inner_path, required=True, format="text", timeout=30
             body = body.decode()
         self.response(to, body)
 
+    @flag.async_run
     def actionFileNeed(self, to, inner_path, timeout=300):
         try:
             with gevent.Timeout(timeout):
@@ -824,19 +823,22 @@ def actionCertSelect(self, to, accepted_domains=[], accept_any=False, accepted_p
 
     # - Admin actions -
 
+    @flag.admin
     def actionPermissionAdd(self, to, permission):
         if permission not in self.site.settings["permissions"]:
             self.site.settings["permissions"].append(permission)
             self.site.saveSettings()
             self.site.updateWebsocket(permission_added=permission)
         self.response(to, "ok")
 
+    @flag.admin
     def actionPermissionRemove(self, to, permission):
         self.site.settings["permissions"].remove(permission)
         self.site.saveSettings()
         self.site.updateWebsocket(permission_removed=permission)
         self.response(to, "ok")
 
+    @flag.admin
     def actionPermissionDetails(self, to, permission):
         if permission == "ADMIN":
             self.response(to, _["Modify your client's configuration and access all site"] + " <span style='color: red'>" + _["(Dangerous!)"] + "</span>")
@@ -848,12 +850,14 @@ def actionPermissionDetails(self, to, permission):
             self.response(to, "")
 
     # Set certificate that used for authenticate user for site
+    @flag.admin
     def actionCertSet(self, to, domain):
         self.user.setCert(self.site.address, domain)
         self.site.updateWebsocket(cert_changed=domain)
         self.response(to, "ok")
 
     # List user's certificates
+    @flag.admin
     def actionCertList(self, to):
         back = []
         auth_address = self.user.getAuthAddress(self.site.address)
@@ -868,6 +872,7 @@ def actionCertList(self, to):
         return back
 
     # List all site info
+    @flag.admin
     def actionSiteList(self, to, connecting_sites=False):
         ret = []
         SiteManager.site_manager.load()  # Reload sites
@@ -878,6 +883,7 @@ def actionSiteList(self, to, connecting_sites=False):
         self.response(to, ret)
 
     # Join to an event channel on all sites
+    @flag.admin
     def actionChannelJoinAllsite(self, to, channel):
         if channel not in self.channels:  # Add channel to channels
             self.channels.append(channel)
@@ -905,6 +911,7 @@ def updateThread():
             self.response(to, {"error": "Unknown site: %s" % address})
 
     # Pause site serving
+    @flag.admin
     def actionSitePause(self, to, address):
         site = self.server.sites.get(address)
         if site:
@@ -917,6 +924,7 @@ def actionSitePause(self, to, address):
             self.response(to, {"error": "Unknown site: %s" % address})
 
     # Resume site serving
+    @flag.admin
     def actionSiteResume(self, to, address):
         site = self.server.sites.get(address)
         if site:
@@ -929,6 +937,8 @@ def actionSiteResume(self, to, address):
         else:
             self.response(to, {"error": "Unknown site: %s" % address})
 
+    @flag.admin
+    @flag.no_multiuser
     def actionSiteDelete(self, to, address):
         site = self.server.sites.get(address)
         if site:
@@ -965,6 +975,7 @@ def cbSiteClone(self, to, address, root_inner_path="", target_address=None, redi
         self.response(to, response)
         return "ok"
 
+    @flag.no_multiuser
     def actionSiteClone(self, to, address, root_inner_path="", target_address=None, redirect=True):
         if not SiteManager.site_manager.isAddress(address):
             self.response(to, {"error": "Not a site: %s" % address})
@@ -991,13 +1002,16 @@ def actionSiteClone(self, to, address, root_inner_path="", target_address=None,
                 lambda res: self.cbSiteClone(to, address, root_inner_path, target_address, redirect)
             )
 
+    @flag.admin
+    @flag.no_multiuser
     def actionSiteSetLimit(self, to, size_limit):
         self.site.settings["size_limit"] = int(size_limit)
         self.site.saveSettings()
         self.response(to, "ok")
         self.site.updateWebsocket()
         self.site.download(blind_includes=True)
 
+    @flag.admin
     def actionSiteAdd(self, to, address):
         site_manager = SiteManager.site_manager
         if address in site_manager.sites:
@@ -1008,6 +1022,8 @@ def actionSiteAdd(self, to, address):
             else:
                 return {"error": "Invalid address"}
 
+    @flag.admin
+    @flag.async_run
     def actionSiteListModifiedFiles(self, to, content_inner_path="content.json"):
         content = self.site.content_manager.contents[content_inner_path]
         min_mtime = content.get("modified", 0)
@@ -1058,6 +1074,7 @@ def actionSiteListModifiedFiles(self, to, content_inner_path="content.json"):
         self.site.settings["cache"]["modified_files"] = modified_files
         return {"modified_files": modified_files}
 
+    @flag.admin
     def actionSiteSetSettingsValue(self, to, key, value):
         if key not in ["modified_files_notification"]:
             return {"error": "Can't change this key"}
@@ -1078,11 +1095,14 @@ def actionUserGetGlobalSettings(self, to):
         settings = self.user.settings
         self.response(to, settings)
 
+    @flag.admin
     def actionUserSetGlobalSettings(self, to, settings):
         self.user.settings = settings
         self.user.save()
         self.response(to, "ok")
 
+    @flag.admin
+    @flag.no_multiuser
     def actionServerUpdate(self, to):
         def cbServerUpdate(res):
             self.response(to, res)
@@ -1107,19 +1127,26 @@ def cbServerUpdate(res):
             cbServerUpdate
         )
 
+    @flag.admin
+    @flag.async_run
+    @flag.no_multiuser
     def actionServerPortcheck(self, to):
         import main
         file_server = main.file_server
         file_server.portCheck()
         self.response(to, file_server.port_opened)
 
+    @flag.admin
+    @flag.no_multiuser
     def actionServerShutdown(self, to, restart=False):
         import main
         if restart:
             main.restart_after_shutdown = True
         main.file_server.stop()
         main.ui_server.stop()
 
+    @flag.admin
+    @flag.no_multiuser
     def actionServerShowdirectory(self, to, directory="backup", inner_path=""):
         if self.request.env["REMOTE_ADDR"] != "127.0.0.1":
             return self.response(to, {"error": "Only clients from 127.0.0.1 allowed to run this command"})
@@ -1139,6 +1166,8 @@ def actionServerShowdirectory(self, to, directory="backup", inner_path=""):
         else:
             return self.response(to, {"error": "Not a directory"})
 
+    @flag.admin
+    @flag.no_multiuser
     def actionConfigSet(self, to, key, value):
         import main
         if key not in config.keys_api_change_allowed: