mirror of
https://github.com/lnbits/lnbits.git
synced 2025-09-20 04:21:20 +02:00
fix add user and admins-WIP remove super user id from API
This commit is contained in:
Tiago Vasconcelos
@@ -235,6 +235,8 @@ async def check_user_exists(usr: UUID4) -> User:
|
||||
if (
|
||||
len(settings.lnbits_allowed_users) > 0
|
||||
and g().user.id not in settings.lnbits_allowed_users
|
||||
and g().user.id != settings.super_user
|
||||
and g().user.id not in settings.lnbits_admin_users
|
||||
):
|
||||
raise HTTPException(
|
||||
status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
|
||||
@@ -251,4 +253,9 @@ async def check_admin(usr: UUID4) -> User:
|
||||
detail="User not authorized. No admin privileges.",
|
||||
)
|
||||
user.admin = True
|
||||
user.super_user = False
|
||||
if user.id == settings.super_user:
|
||||
user.super_user = True
|
||||
|
||||
return user
|
||||
|
||||
|
||||
@@ -81,4 +81,4 @@ class UpdateSettings(BaseModel, extra=Extra.forbid):
|
||||
|
||||
class AdminSettings(UpdateSettings):
|
||||
lnbits_allowed_funding_sources: Optional[List[str]]
|
||||
super_user: Optional[str]
|
||||
super_user: Optional[bool]
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
<q-tab-panel name="users">
|
||||
<q-card-section class="q-pa-none">
|
||||
<h6 class="q-my-none">User Management</h6>
|
||||
<br />
|
||||
<p class="q-my-none">Super Admin: {{ settings.lnbits_admin_users[0] }}</p>
|
||||
<!-- <br />
|
||||
<p class="q-my-none">Super Admin: {{ settings.super_user }}</p> -->
|
||||
<br />
|
||||
<div>
|
||||
<p>Admin Users</p>
|
||||
<q-input
|
||||
filled
|
||||
v-model="formData.admin_users_add"
|
||||
v-model="formAddAdmin"
|
||||
@keydown.enter="addAdminUser"
|
||||
type="text"
|
||||
label="User ID"
|
||||
@@ -17,16 +17,18 @@
|
||||
<q-btn @click="addAdminUser" dense flat icon="add"></q-btn>
|
||||
</q-input>
|
||||
<div>
|
||||
{%raw%}
|
||||
<q-chip
|
||||
v-for="user in settings.lnbits_admin_users"
|
||||
v-for="user in formData.lnbits_admin_users"
|
||||
:key="user"
|
||||
removable
|
||||
@remove="removeAdminUser(user)"
|
||||
color="primary"
|
||||
text-color="white"
|
||||
>
|
||||
{{ user.id }}
|
||||
{{ user }}
|
||||
</q-chip>
|
||||
{%endraw%}
|
||||
</div>
|
||||
<br />
|
||||
</div>
|
||||
@@ -34,7 +36,7 @@
|
||||
<p>Allowed Users</p>
|
||||
<q-input
|
||||
filled
|
||||
v-model="formData.allowed_users_add"
|
||||
v-model="formAddUser"
|
||||
@keydown.enter="addAllowedUser"
|
||||
type="text"
|
||||
label="User ID"
|
||||
@@ -45,7 +47,7 @@
|
||||
<div>
|
||||
{% raw %}
|
||||
<q-chip
|
||||
v-for="user in settings.lnbits_allowed_users"
|
||||
v-for="user in formData.lnbits_allowed_users"
|
||||
:key="user"
|
||||
removable
|
||||
@remove="removeAllowedUser(user)"
|
||||
|
||||
@@ -39,6 +39,7 @@
|
||||
></q-btn> -->
|
||||
<q-btn
|
||||
flat
|
||||
v-if="isSuperUser"
|
||||
label="Reset to defaults"
|
||||
color="primary"
|
||||
@click="deleteSettings"
|
||||
@@ -130,6 +131,9 @@
|
||||
return {
|
||||
settings: {},
|
||||
formData: {},
|
||||
formAddAdmin: '',
|
||||
formAddUser: '',
|
||||
isSuperUser: false,
|
||||
wallet: {},
|
||||
cancel: {},
|
||||
topUpDialog: {
|
||||
@@ -337,30 +341,30 @@
|
||||
},
|
||||
methods: {
|
||||
addAdminUser() {
|
||||
let addUser = this.formData.admin_users_add
|
||||
let admin_users = this.settings.lnbits_admin_users
|
||||
let addUser = this.formAddAdmin
|
||||
let admin_users = this.formData.lnbits_admin_users
|
||||
if (addUser && addUser.length && !admin_users.includes(addUser)) {
|
||||
admin_users.push(addUser)
|
||||
this.settings.lnbits_admin_users = admin_users
|
||||
this.formData.admin_users_add = ''
|
||||
//admin_users = [...admin_users, addUser]
|
||||
this.formData.lnbits_admin_users = [...admin_users, addUser]
|
||||
this.formAddAdmin = ''
|
||||
//console.log(this.checkChanges)
|
||||
}
|
||||
},
|
||||
removeAdminUser(user) {
|
||||
let admin_users = this.settings.lnbits_admin_users
|
||||
this.settings.lnbits_admin_users = admin_users.filter(u => u !== user)
|
||||
let admin_users = this.formData.lnbits_admin_users
|
||||
this.formData.lnbits_admin_users = admin_users.filter(u => u !== user)
|
||||
},
|
||||
addAllowedUser() {
|
||||
let addUser = this.formData.allowed_users_add
|
||||
let allowed_users = this.settings.lnbits_allowed_users
|
||||
let addUser = this.formAddUser
|
||||
let allowed_users = this.formData.lnbits_allowed_users
|
||||
if (addUser && addUser.length && !allowed_users.includes(addUser)) {
|
||||
allowed_users.push(addUser)
|
||||
this.settings.lnbits_allowed_users = allowed_users
|
||||
this.formData.allowed_users_add = ''
|
||||
this.formData.lnbits_allowed_users = [...allowed_users, addUser]
|
||||
this.formAddUser = ''
|
||||
}
|
||||
},
|
||||
removeAllowedUser(user) {
|
||||
let allowed_users = this.settings.lnbits_allowed_users
|
||||
this.settings.lnbits_allowed_users = allowed_users.filter(
|
||||
let allowed_users = this.formData.lnbits_allowed_users
|
||||
this.formData.lnbits_allowed_users = allowed_users.filter(
|
||||
u => u !== user
|
||||
)
|
||||
},
|
||||
@@ -421,18 +425,21 @@
|
||||
this.g.user.wallets[0].adminkey
|
||||
)
|
||||
.then(response => {
|
||||
this.isSuperUser = response.data.super_user || false
|
||||
this.settings = response.data
|
||||
this.formData = _.clone(this.settings)
|
||||
this.updateFundingData()
|
||||
console.log(this.settings)
|
||||
})
|
||||
.catch(function (error) {
|
||||
LNbits.utils.notifyApiError(error)
|
||||
})
|
||||
},
|
||||
updateSettings() {
|
||||
let data = {
|
||||
...this.formData
|
||||
}
|
||||
let data = _.omit(this.formData, [
|
||||
'super_user',
|
||||
'lnbits_allowed_funding_sources'
|
||||
])
|
||||
LNbits.api
|
||||
.request(
|
||||
'PUT',
|
||||
@@ -441,10 +448,12 @@
|
||||
data
|
||||
)
|
||||
.then(response => {
|
||||
console.log(response)
|
||||
if (response.status != 200) throw new Error('Request Failed')
|
||||
this.needsRestart =
|
||||
this.settings.lnbits_backend_wallet_class !==
|
||||
response.data.settings.lnbits_backend_wallet_class
|
||||
this.settings = response.data.settings
|
||||
this.formData.lnbits_backend_wallet_class
|
||||
this.settings = this.formData
|
||||
this.formData = _.clone(this.settings)
|
||||
this.updateFundingData()
|
||||
this.$q.notify({
|
||||
@@ -454,6 +463,7 @@
|
||||
})
|
||||
})
|
||||
.catch(function (error) {
|
||||
console.error(error)
|
||||
LNbits.utils.notifyApiError(error)
|
||||
})
|
||||
},
|
||||
|
||||
@@ -6,6 +6,7 @@ from fastapi.params import Depends
|
||||
from starlette.exceptions import HTTPException
|
||||
|
||||
from lnbits.core.crud import get_wallet
|
||||
from lnbits.core.models import User
|
||||
from lnbits.decorators import check_admin
|
||||
from lnbits.extensions.admin import admin_ext
|
||||
from lnbits.extensions.admin.models import AdminSettings, UpdateSettings
|
||||
@@ -27,9 +28,11 @@ async def api_restart_server() -> dict[str, str]:
|
||||
return {"status": "Success"}
|
||||
|
||||
|
||||
@admin_ext.get("/api/v1/settings/", dependencies=[Depends(check_admin)])
|
||||
async def api_get_settings() -> Optional[AdminSettings]:
|
||||
return await get_admin_settings()
|
||||
@admin_ext.get("/api/v1/settings/")
|
||||
async def api_get_settings(user: User = Depends(check_admin)) -> Optional[AdminSettings]:
|
||||
admin_settings = await get_admin_settings()
|
||||
admin_settings.super_user = user.super_user
|
||||
return admin_settings
|
||||
|
||||
|
||||
@admin_ext.put(
|
||||
|
||||
Reference in New Issue
Block a user