ENHANCEMENTS:

- New parameter "restrict_commands" in nodes.yaml to disable specific elevated commands for hosting situations.

CHANGES:
- Disabled several commands (see above), up- and downloads.

BUGFIX:
- WebService did not switch nodes properly on Master switches.

Author: karel26

MULTINODE.md

@@ -175,6 +175,18 @@ that are named DCS.release_server on any of your nodes. This can be what you wan
 I would always recommend creating the node-specific version (ex: "Multi-Node-Config" above) to avoid confusion. That's 
 what the bot will create during a default installation also.
 
+## Running a node for another group
+To run a node where you want to run servers for another group, you can use the `restrict_commands` setting in your 
+nodes.yaml. This will disable commands that can affect the integrity of your PC, like `/node shell`. 
+This is recommended for nodes that are run by you, but Admin accesses are happening without your control.
+```yaml
+Node1:  # node where I have full control
+  # ...
+Node2:  # node where I do not have full control
+  restrict_commands: true 
+  # ...
+```
+
 ### Moving a Server from one Node / Instance to another
 Each server is loosely coupled to an instance on a node. You can migrate a server to another instance though, by using
 the `/server migrate` command. 

README.md

@@ -346,6 +346,7 @@ NODENAME:                       # this will usually be your hostname
   slow_system: false            # Optional: if you are using a slower PC to run your servers, you should set this to true (default: false)
   use_upnp: true                # The bot will auto-detect if there is a UPnP IGD available and configure this setting initially for you! If you do NOT want to use UPnP, even IF it is available, put this to false.
   nodestats: true               # Enable/disable node statistics (database pool and event queue sizes), default: true
+  restrict_commands: true       # Disable commands that can affect the integrity of the server. Default: false (see MULTINODE.md)
   database:                     # Optional: It might be that you need to use different IPs to connect to the same database server. This is the place you could do that.
     url: postgres://USER:PASSWORD@DB-IP:DB-PORT/DB-NAME   # The bot will auto-move the database password from here to a secret place and replace it with SECRET.
     pool_min: 5                 # min size of the DB pool, default is 5

core/data/impl/nodeimpl.py

@@ -974,6 +974,9 @@ def run_subprocess():
             proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
             return proc.communicate(timeout=timeout)
 
+        if self.locals.get('restrict_commands', False):
+            raise discord.app_commands.CheckFailure("Shell commands are restricted on this node!")
+
         self.log.debug('Running shell-command: ' + cmd)
         try:
             stdout, stderr = await asyncio.to_thread(run_subprocess)

core/utils/discord.py

@@ -47,6 +47,7 @@
     "app_has_not_roles",
     "app_has_dcs_version",
     "cmd_has_roles",
+    "restricted",
     "get_role_ids",
     "format_embed",
     "embed_to_text",
@@ -484,6 +485,10 @@ async def wrapper(interaction: Interaction):
     return cmd_has_roles
 
 
+def restricted(interaction: discord.Interaction) -> bool:
+    return not interaction.client.node.locals.get('restrict_commands', False)
+
+
 def get_role_ids(plugin: Plugin, role_names) -> list[int]:
     role_ids = []
     if not isinstance(role_names, list):

plugins/admin/commands.py

@@ -88,8 +88,11 @@ async def label_autocomplete(interaction: discord.Interaction, current: str) ->
         config = interaction.client.cogs['Admin'].get_config(server)
         choices: list[app_commands.Choice[str]] = [
             app_commands.Choice(name=x['label'], value=x['label']) for x in config['downloads']
-            if ((not current or current.casefold() in x['label'].casefold()) and
-                (not x.get('discord') or utils.check_roles(x['discord'], interaction.user)))
+            if (
+                    (not current or current.casefold() in x['label'].casefold()) and
+                    (not x.get('discord') or utils.check_roles(x['discord'], interaction.user)) and
+                    (not x.get('restricted', False) or not server.node.locals.get('restrict_commands', False))
+            )
         ]
         return choices[:25]
     except Exception as ex:
@@ -131,6 +134,14 @@ async def file_autocomplete(interaction: discord.Interaction, current: str) -> l
             config = next(x for x in config['downloads'] if x['label'] == label)
         except StopIteration:
             return []
+
+        # check if we are allowed to display the list
+        if (
+                (config.get('discord') and not utils.check_roles(config['discord'], interaction.user)) or
+                (config.get('restricted', False) and server.node.locals.get('restrict_commands', False))
+        ):
+            return []
+
         base_dir = utils.format_string(config['directory'], server=server)
         exp_base, file_list = await server.node.list_directory(base_dir, pattern=config['pattern'], traverse=True)
         choices: list[app_commands.Choice[str]] = [
@@ -357,6 +368,7 @@ async def bans(self, interaction: discord.Interaction, user: str):
 
     @dcs.command(description=_('Update your DCS installations'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('DCS Admin')
     @app_commands.describe(warn_time=_("Time in seconds to warn users before shutdown"))
     @app_commands.autocomplete(branch=get_dcs_branches)
@@ -435,6 +447,7 @@ async def update(self, interaction: discord.Interaction,
 
     @dcs.command(name='install', description=_('Install modules in your DCS server'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(module=available_modules_autocomplete)
     async def _install(self, interaction: discord.Interaction,
@@ -457,6 +470,7 @@ async def _install(self, interaction: discord.Interaction,
 
     @dcs.command(name='uninstall', description=_('Uninstall modules from your DCS server'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(module=installed_modules_autocomplete)
     async def _uninstall(self, interaction: discord.Interaction,
@@ -504,7 +518,10 @@ async def download(self, interaction: discord.Interaction,
         await interaction.response.defer(thinking=True, ephemeral=ephemeral)
         config = next(x for x in self.get_config(server)['downloads'] if x['label'] == what)
         # double-check if that user can really download these files
-        if config.get('discord') and not utils.check_roles(config['discord'], interaction.user):
+        if (
+                (config.get('discord') and not utils.check_roles(config['discord'], interaction.user)) or
+                (config.get('restricted', False) and server.node.locals.get('restrict_commands', False))
+        ):
             raise app_commands.CheckFailure()
         if what == 'Missions':
             base_dir = await server.get_missions_dir()
@@ -757,6 +774,7 @@ async def run_on_nodes(self, interaction: discord.Interaction, method: str, node
 
     @node_group.command(description=_('Shuts a specific node down'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def shutdown(self, interaction: discord.Interaction,
                        node: Optional[app_commands.Transform[Node, utils.NodeTransformer]] = None):
@@ -767,6 +785,7 @@ async def shutdown(self, interaction: discord.Interaction,
 
     @node_group.command(description=_('Restarts a specific node'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def restart(self, interaction: discord.Interaction,
                       node: Optional[app_commands.Transform[Node, utils.NodeTransformer]] = None):
@@ -862,6 +881,7 @@ async def _node_online(node_name: str):
 
     @node_group.command(description=_('Upgrade DCSServerBot'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def upgrade(self, interaction: discord.Interaction,
                       node: Optional[app_commands.Transform[Node, utils.NodeTransformer]] = None):
@@ -887,6 +907,7 @@ async def upgrade(self, interaction: discord.Interaction,
 
     @node_group.command(description=_('Run a shell command on a node'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def shell(self, interaction: discord.Interaction,
                     node: app_commands.Transform[Node, utils.NodeTransformer],
@@ -910,6 +931,7 @@ async def shell(self, interaction: discord.Interaction,
 
     @node_group.command(description=_("Add/create an instance\n"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(name=utils.InstanceTransformer(unused=True).autocomplete)
     @app_commands.describe(name=_("Either select an existing instance or enter the name of a new one"))
@@ -965,6 +987,7 @@ async def add_instance(self, interaction: discord.Interaction,
 
     @node_group.command(description=_("Delete an instance\n"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def delete_instance(self, interaction: discord.Interaction,
                               node: app_commands.Transform[Node, utils.NodeTransformer],
@@ -1002,6 +1025,7 @@ async def delete_instance(self, interaction: discord.Interaction,
 
     @node_group.command(description=_("Rename an instance\n"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     async def rename_instance(self, interaction: discord.Interaction,
                               node: app_commands.Transform[Node, utils.NodeTransformer],
@@ -1044,6 +1068,7 @@ async def rename_instance(self, interaction: discord.Interaction,
 
     @node_group.command(description=_("Shows CPU topology"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @app_commands.check(lambda interaction: sys.platform == 'win32')
     @utils.app_has_role('Admin')
     async def cpuinfo(self, interaction: discord.Interaction,
@@ -1057,6 +1082,7 @@ async def cpuinfo(self, interaction: discord.Interaction,
 
     @plug.command(name='install', description=_("Install Plugin"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @app_commands.autocomplete(plugin=installable_plugins)
     @utils.app_has_role('Admin')
     async def _install(self, interaction: discord.Interaction, plugin: str):
@@ -1074,6 +1100,7 @@ async def _install(self, interaction: discord.Interaction, plugin: str):
 
     @plug.command(name='uninstall', description=_("Uninstall Plugin"))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @app_commands.autocomplete(plugin=uninstallable_plugins)
     @utils.app_has_role('Admin')
     async def _uninstall(self, interaction: discord.Interaction, plugin: str):
@@ -1091,6 +1118,7 @@ async def _uninstall(self, interaction: discord.Interaction, plugin: str):
 
     @plug.command(description=_('Reload Plugin'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(plugin=plugins_autocomplete)
     async def reload(self, interaction: discord.Interaction, plugin: Optional[str]):
@@ -1220,7 +1248,7 @@ async def on_message(self, message: discord.Message):
         # read the default config if there is any
         config = self.get_config().get('uploads', {})
         # check if upload is enabled
-        if not config.get('enabled', True):
+        if not config.get('enabled', True) or self.node.locals.get('restricted'):
             return
         # check if the user has the correct role to upload, defaults to Admin
         if not utils.check_roles(config.get('discord', self.bot.roles['Admin']), message.author):

plugins/admin/schemas/admin_schema.yaml

@@ -14,6 +14,7 @@ schema;downloads:
             - type: text
               nullable: false
         audit: {type: bool, nullable: false}
+        restricted: {type: bool, nullable: false}
 
 schema;uploads:
   type: map

plugins/backup/commands.py

@@ -72,6 +72,7 @@ def read_locals(self) -> dict:
 
     @command(description=_('Backup your data'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(what=backup_autocomplete)
     async def backup(self, interaction: discord.Interaction, node: app_commands.Transform[Node, utils.NodeTransformer],
@@ -95,6 +96,7 @@ async def backup(self, interaction: discord.Interaction, node: app_commands.Tran
 
     @command(description=_('Recover your data from an existing backup'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('Admin')
     @app_commands.autocomplete(what=backup_autocomplete)
     @app_commands.autocomplete(date=date_autocomplete)

plugins/lotatc/commands.py

@@ -68,6 +68,7 @@ async def get_server(self, message: discord.Message) -> Optional[Server]:
 
     @lotatc.command(description=_('Update LotAtc'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('DCS Admin')
     async def update(self, interaction: discord.Interaction,
                      server: app_commands.Transform[Server, utils.ServerTransformer(
@@ -125,6 +126,7 @@ async def _configure(self, interaction: discord.Interaction,
 
     @lotatc.command(description=_('Configure LotAtc'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_role('DCS Admin')
     async def configure(self, interaction: discord.Interaction,
                         server: app_commands.Transform[Server, utils.ServerTransformer(status=[Status.SHUTDOWN])],

plugins/missionstats/commands.py

@@ -253,7 +253,7 @@ async def history(self, interaction: discord.Interaction,
             return
 
         start = datetime.strptime(start, '%Y-%m-%d') if start else (datetime.now() - timedelta(days=30)).date()
-        end = datetime.strptime(end, '%Y-%m-%d') if end else datetime.now().date()
+        end = datetime.strptime(end, '%Y-%m-%d') if end else datetime.now()
 
         ephemeral = not utils.get_ephemeral(interaction)
         # noinspection PyUnresolvedReferences
@@ -283,7 +283,7 @@ async def history(self, interaction: discord.Interaction,
                                             ephemeral=ephemeral)
             return
 
-        # Create in-memory binary stream
+        # Create an in-memory binary stream
         excel_binary = BytesIO()
 
         # Define the desired column order

plugins/modmanager/commands.py

@@ -153,6 +153,7 @@ async def rename(self, conn: psycopg.AsyncConnection, old_name: str, new_name: s
 
     @mods.command(description=_('manage mods'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_roles(['Admin'])
     async def manage(self, interaction: discord.Interaction,
                      server: app_commands.Transform[Server, utils.ServerTransformer(
@@ -365,6 +366,7 @@ async def cancel(derived, _: discord.Interaction):
 
     @mods.command(name="install", description=_('Install mods'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_roles(['Admin'])
     @app_commands.autocomplete(mod=available_mods_autocomplete)
     @app_commands.autocomplete(version=available_versions_autocomplete)
@@ -415,6 +417,7 @@ async def _install(self, interaction: discord.Interaction,
 
     @mods.command(description=_('Uninstall mods'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_roles(['Admin'])
     @app_commands.autocomplete(mod=installed_mods_autocomplete)
     async def uninstall(self, interaction: discord.Interaction,
@@ -464,6 +467,7 @@ async def _list(self, interaction: discord.Interaction,
 
     @mods.command(description=_('Download a mod'))
     @app_commands.guild_only()
+    @app_commands.check(utils.restricted)
     @utils.app_has_roles(['Admin'])
     @app_commands.describe(url=_("GitHub repo link or download URL"))
     @app_commands.autocomplete(version=repo_version_autocomplete)