Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-13 08:46:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

add security checks for gdrive

Browse Source
This commit is contained in:
Usman Nasir
2020-06-20 22:44:55 +05:00
parent 04c2b65d38
commit 5ec5182246
2 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
backup/backupManager.py
View File

@@ -60,7 +60,7 @@ class BackupManager:
admin = Administrator.objects.get(pk=userID)
if ACLManager.currentContextPermission(currentACL, 'addDeleteDestinations') == 0:
if ACLManager.currentContextPermission(currentACL, 'createBackup') == 0:
return ACLManager.loadError()
gDriveAcctsList = []
@@ -81,7 +81,7 @@ class BackupManager:
currentACL = ACLManager.loadedACL(userID)
admin = Administrator.objects.get(pk=userID)
if ACLManager.currentContextPermission(currentACL, 'addDeleteDestinations') == 0:
if ACLManager.currentContextPermission(currentACL, 'createBackup') == 0:
return ACLManager.loadError()
gDriveData = {}
@@ -114,6 +114,11 @@ class BackupManager:
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('status', 0)
logs = gD.gdrivejoblogs_set.all().order_by('-id')
from s3Backups.s3Backups import S3Backups
@@ -150,7 +155,6 @@ class BackupManager:
json_data = json_data + ']'
data_ret = {'status': 1, 'logs': json_data, 'pagination': pagination}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@@ -176,6 +180,11 @@ class BackupManager:
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('status', 0)
websites = gD.gdrivesites_set.all()
from s3Backups.s3Backups import S3Backups
@@ -232,6 +241,11 @@ class BackupManager:
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL) == 1 and ACLManager.checkOwnership(selectedWebsite, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('status', 0)
gdSite = GDriveSites(owner=gD, domain=selectedWebsite)
gdSite.save()
@@ -257,6 +271,11 @@ class BackupManager:
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL):
pass
else:
return ACLManager.loadErrorJson('status', 0)
gD.delete()
data_ret = {'status': 1}
@@ -281,6 +300,12 @@ class BackupManager:
backupFrequency = data['backupFrequency']
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL):
pass
else:
return ACLManager.loadErrorJson('status', 0)
gD.runTime = backupFrequency
gD.save()
@@ -307,6 +332,12 @@ class BackupManager:
website = data['website']
gD = GDrive.objects.get(name=selectedAccount)
if ACLManager.checkGDriveOwnership(gD, admin, currentACL) == 1 and ACLManager.checkOwnership(website, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('status', 0)
sites = GDriveSites.objects.filter(owner=gD, domain=website)
for items in sites:

16
plogical/acl.py
View File

@@ -562,6 +562,22 @@ class ACLManager:
else:
return 0
@staticmethod
def checkGDriveOwnership(gD, admin, currentACL):
try:
if currentACL['admin'] == 1:
return 1
elif gD.owner == admin:
return 1
elif gD.owner.owner == admin.pk:
return 1
return 0
except:
return 0
@staticmethod
def checkOwnershipZone(domain, admin, currentACL):
domain = Websites.objects.get(domain=domain)