From 5f21c7aa2e821ecaae8d7508b7e29d76ec984080 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Wed, 21 Aug 2024 20:48:41 +0500
Subject: [PATCH 1/2] server_status and monitor_queues pages secured

---
 src/apps/pages/views.py                 |  10 +-
 src/templates/pages/monitor_queues.html |  82 +++++++------
 src/templates/pages/server_status.html  | 149 +++++++++++++-----------
 3 files changed, 133 insertions(+), 108 deletions(-)

diff --git a/src/apps/pages/views.py b/src/apps/pages/views.py
index 0f21b8cf2..c0042ed98 100644
--- a/src/apps/pages/views.py
+++ b/src/apps/pages/views.py
@@ -57,8 +57,8 @@ def get_context_data(self, *args, **kwargs):
         page = self.request.GET.get('page', 1)
         submissions_per_page = 50
 
-        # Get all submissions
-        qs = Submission.objects.all()
+        # Start with an empty queryset
+        qs = Submission.objects.none()
 
         # Only if user is authenticated
         if self.request.user.is_authenticated:
@@ -67,12 +67,12 @@ def get_context_data(self, *args, **kwargs):
             # and
             # submissions running on queue which belongs to this user
             if not self.request.user.is_superuser:
-                qs = qs.filter(
+                qs = Submission.objects.filter(
                     Q(owner=self.request.user) |
                     Q(phase__competition__queue__isnull=False, phase__competition__queue__owner=self.request.user)
                 )
-        else:
-            qs = qs.none()  # This returns an empty queryset
+            else:
+                qs = Submission.objects.all()
 
         # Filter out child submissions i.e. submission has no parent
         if not show_child_submissions:
diff --git a/src/templates/pages/monitor_queues.html b/src/templates/pages/monitor_queues.html
index bcbf0c4c5..3da947e0f 100644
--- a/src/templates/pages/monitor_queues.html
+++ b/src/templates/pages/monitor_queues.html
@@ -5,45 +5,61 @@
 {% endblock %}
 
 {% block content %}
-    <div class="ui container">
-        <h1>Monitor queues</h1>
-        <div id="external_monitors" class="ui two column grid">
-            <div class="column">
-                <div class="ui fluid card">
-                    <a class="image" href="{{ RABBITMQ_MANAGEMENT_URL}}" target="_blank">
-                        <img class="ui large image" src="/static/img/RabbitMQ.png">
-                    </a>
-                    <div class="content">
-                        <a class="header" href="{{ RABBITMQ_MANAGEMENT_URL }}" target="_blank">RabbitMQ</a>
-                        <div class="meta">
-                            This page allows admins to view connections, queued messages, message rates, channels,
-                            exchanges, and other administrative features relating to RabbitMQ e.g. Creating users,
-                            adding v-hosts, and creating policies.
+    {% if user.is_authenticated %}
+        {% if user.is_super_user %}
+            <div class="ui container">
+                <h1>Monitor queues</h1>
+                <div id="external_monitors" class="ui two column grid">
+                    <div class="column">
+                        <div class="ui fluid card">
+                            <a class="image" href="{{ RABBITMQ_MANAGEMENT_URL}}" target="_blank">
+                                <img class="ui large image" src="/static/img/RabbitMQ.png">
+                            </a>
+                            <div class="content">
+                                <a class="header" href="{{ RABBITMQ_MANAGEMENT_URL }}" target="_blank">RabbitMQ</a>
+                                <div class="meta">
+                                    This page allows admins to view connections, queued messages, message rates, channels,
+                                    exchanges, and other administrative features relating to RabbitMQ e.g. Creating users,
+                                    adding v-hosts, and creating policies.
+                                </div>
+                            </div>
                         </div>
                     </div>
-                </div>
-            </div>
-            <div class="column">
-                <div class="ui fluid card">
-                    <a class="image" href="{{ FLOWER_URL }}" target="_blank">
-                        <img class="ui large image" src="/static/img/Flower.png">
-                    </a>
-                    <div class="content">
-                        <a class="header" href="{{ FLOWER_URL }}" target="_blank">Flower</a>
-                        <div class="meta">
-                            Flower is a powerful web-based Celery monitoring tool designed to keep track of our
-                            tasks.
-                            Admins may view the state of which tasks were run, with what arguments, and many more
-                            features. Here you may also view which queues your celery workers are consuming, and the
-                            state of any tasks in them. At last, there is also a great monitoring page for viewing
-                            the
-                            systemic impact of your workers.
+                    <div class="column">
+                        <div class="ui fluid card">
+                            <a class="image" href="{{ FLOWER_URL }}" target="_blank">
+                                <img class="ui large image" src="/static/img/Flower.png">
+                            </a>
+                            <div class="content">
+                                <a class="header" href="{{ FLOWER_URL }}" target="_blank">Flower</a>
+                                <div class="meta">
+                                    Flower is a powerful web-based Celery monitoring tool designed to keep track of our
+                                    tasks.
+                                    Admins may view the state of which tasks were run, with what arguments, and many more
+                                    features. Here you may also view which queues your celery workers are consuming, and the
+                                    state of any tasks in them. At last, there is also a great monitoring page for viewing
+                                    the
+                                    systemic impact of your workers.
+                                </div>
+                            </div>
                         </div>
                     </div>
                 </div>
             </div>
+        {% else %}
+            <div class="ui container">
+                <div class="ui red message">
+                    You do not have access to this page!
+                </div>
+            </div>
+        {% endif %}
+    {% else %}
+        <div class="ui container">
+            <div class="ui yellow message">
+                <a href="{% url 'accounts:login' %}">Log In</a> or
+                <a href="{% url 'accounts:signup' %}">Sign Up</a> to view this page
+            </div>
         </div>
-    </div>
-
+    {% endif %}
     
 {% endblock %}
diff --git a/src/templates/pages/server_status.html b/src/templates/pages/server_status.html
index dde0138f1..42b13762b 100644
--- a/src/templates/pages/server_status.html
+++ b/src/templates/pages/server_status.html
@@ -5,81 +5,90 @@
 {% endblock %}
 
 {% block content %}
-    <div class="ui container">
-        <h1>Recent Submissions</h1>
-        <label>
-            <input type="checkbox" id="show_child_checkbox" {% if show_child_submissions %}checked{% endif %}> Show child submissions
-        </label>
-        <span class="ui mini circular icon button"
-            data-tooltip="Child submissions are created when a competition has multiple tasks (one child for each task)."
-            data-position="top center">
-            <i class="question icon"></i>
-        </span>
-        <table class="ui table">
-            <thead>
-            <th>Competition</th>
-            <th>Submission PK</th>
-            {% if show_child_submissions %}
-                <th>Parent PK</th>
-            {% endif %}
-            <th>Size</th>
-            <th>Submitter</th>
-            <th>Queue</th>
-            <th>Ingestion Hostname</th>
-            <th>Scoring Hostname</th>
-            <th>Submitted at</th>
-            <th>Status</th>
-            </thead>
-            <tbody>
-                {% if not submissions %}
-                <tr class="center aligned">
-                    <td colspan="100%"><em>No submissions, yet!</em></td>
-                </tr>
+    {% if user.is_authenticated %}
+        <div class="ui container">
+            <h1>Recent Submissions</h1>
+            <label>
+                <input type="checkbox" id="show_child_checkbox" {% if show_child_submissions %}checked{% endif %}> Show child submissions
+            </label>
+            <span class="ui mini circular icon button"
+                data-tooltip="Child submissions are created when a competition has multiple tasks (one child for each task)."
+                data-position="top center">
+                <i class="question icon"></i>
+            </span>
+            <table class="ui table">
+                <thead>
+                <th>Competition</th>
+                <th>Submission PK</th>
+                {% if show_child_submissions %}
+                    <th>Parent PK</th>
                 {% endif %}
-                {% for submission in submissions %}
-                <tr>
-                    <td><a class="link-no-deco" target="_blank" href="./competitions/{{ submission.phase.competition.id }}">{{ submission.phase.competition.title }}</a></td>
-                    <td>{{ submission.pk }}</td>
-                    {% if show_child_submissions %}
-                        <td>{{ submission.parent.pk }}</td>
+                <th>Size</th>
+                <th>Submitter</th>
+                <th>Queue</th>
+                <th>Ingestion Hostname</th>
+                <th>Scoring Hostname</th>
+                <th>Submitted at</th>
+                <th>Status</th>
+                </thead>
+                <tbody>
+                    {% if not submissions %}
+                    <tr class="center aligned">
+                        <td colspan="100%"><em>No submissions, yet!</em></td>
+                    </tr>
                     {% endif %}
-                    <td>{{ submission.file_size }}</td>
-                    <td><a target="_blank" href="/profiles/user/{{ submission.owner.username }}">{{ submission.owner_display_name }}</a></td>
-                    <td>{{ submission.competition_queue }}</td>
-                    <td>{{ submission.ingestion_worker_hostname }}</td>
-                    <td>{{ submission.scoring_worker_hostname }}</td>
-                    <td>{{ submission.created_when|timesince }} ago</td>
-                    <td>{{ submission.status }}</td>
-                </tr>
-                {% endfor %}
-            </tbody>
-        </table>
+                    {% for submission in submissions %}
+                    <tr>
+                        <td><a class="link-no-deco" target="_blank" href="./competitions/{{ submission.phase.competition.id }}">{{ submission.phase.competition.title }}</a></td>
+                        <td>{{ submission.pk }}</td>
+                        {% if show_child_submissions %}
+                            <td>{{ submission.parent.pk }}</td>
+                        {% endif %}
+                        <td>{{ submission.file_size }}</td>
+                        <td><a target="_blank" href="/profiles/user/{{ submission.owner.username }}">{{ submission.owner_display_name }}</a></td>
+                        <td>{{ submission.competition_queue }}</td>
+                        <td>{{ submission.ingestion_worker_hostname }}</td>
+                        <td>{{ submission.scoring_worker_hostname }}</td>
+                        <td>{{ submission.created_when|timesince }} ago</td>
+                        <td>{{ submission.status }}</td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
 
-        <!-- Pagination Div -->
-        {% if is_paginated %}
-        <div class="pagination-nav">
-            {% if submissions.has_previous %}
-            <span class="float-left">
-                <a class="ui button" href="?page=1{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">First</a>
-                <a class="ui button" href="?page={{ submissions.previous_page_number }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Previous</a>
-            </span>
-            {% endif %}
-            
-            <span class="center">
-                Page {{ submissions.number }} of {{ paginator.num_pages }}
-            </span>
-            
-            
-            {% if submissions.has_next %}
-            <span class="float-right">
-                <a class="ui button" href="?page={{ submissions.next_page_number }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Next</a>
-            <a class="ui button" href="?page={{ paginator.num_pages }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Last</a>
-            </span>
-            {% endif %}
+            <!-- Pagination Div -->
+            {% if is_paginated %}
+            <div class="pagination-nav">
+                {% if submissions.has_previous %}
+                <span class="float-left">
+                    <a class="ui button" href="?page=1{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">First</a>
+                    <a class="ui button" href="?page={{ submissions.previous_page_number }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Previous</a>
+                </span>
+                {% endif %}
+                
+                <span class="center">
+                    Page {{ submissions.number }} of {{ paginator.num_pages }}
+                </span>
+                
+                
+                {% if submissions.has_next %}
+                <span class="float-right">
+                    <a class="ui button" href="?page={{ submissions.next_page_number }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Next</a>
+                <a class="ui button" href="?page={{ paginator.num_pages }}{% if show_child_submissions %}&show_child_submissions={{ show_child_submissions }}{% endif %}">Last</a>
+                </span>
+                {% endif %}
 
+            </div>
+            {% endif %}
+        </div>
+    {% else %}
+        <div class="ui container">
+            <div class="ui yellow message">
+                <a href="{% url 'accounts:login' %}">Log In</a> or
+                <a href="{% url 'accounts:signup' %}">Sign Up</a> to view this page
+            </div>
         </div>
-        {% endif %}
-    </div>
+    {% endif %}
     <script>
         document.addEventListener("DOMContentLoaded", function() {
             const checkbox = document.getElementById("show_child_checkbox");

From d3396e46efe55d5a253424eff982e4818140af26 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Thu, 29 Aug 2024 21:28:44 +0500
Subject: [PATCH 2/2] Update monitor_queues.html

---
 src/templates/pages/monitor_queues.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/templates/pages/monitor_queues.html b/src/templates/pages/monitor_queues.html
index 3da947e0f..0274575f1 100644
--- a/src/templates/pages/monitor_queues.html
+++ b/src/templates/pages/monitor_queues.html
@@ -6,7 +6,7 @@
 
 {% block content %}
     {% if user.is_authenticated %}
-        {% if user.is_super_user %}
+        {% if user.is_superuser %}
             <div class="ui container">
                 <h1>Monitor queues</h1>
                 <div id="external_monitors" class="ui two column grid">