StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't return things a user shouldn't be able to see via the API includes

Browse source
This commit is contained in:
Dane Everitt 2020-08-22 16:54:12 -07:00
parent 9b16f5883c
commit 1b69d82daa
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

23
app/Transformers/Api/Client/ServerTransformer.php
View file

@ -6,10 +6,10 @@ use Pterodactyl\Models\Egg;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\Permission;
use Illuminate\Container\Container;
use Pterodactyl\Models\EggVariable;
use Pterodactyl\Services\Servers\StartupCommandService;
use Pterodactyl\Transformers\Api\Client\EggVariableTransformer;
class ServerTransformer extends BaseClientTransformer
{
@ -76,11 +76,16 @@ class ServerTransformer extends BaseClientTransformer
* Returns the allocations associated with this server.
*
* @param \Pterodactyl\Models\Server $server
* @return \League\Fractal\Resource\Collection
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
public function includeAllocations(Server $server)
{
if (! $this->getUser()->can(Permission::ACTION_ALLOCATION_READ, $server)) {
return $this->null();
}
return $this->collection(
$server->allocations,
$this->makeTransformer(AllocationTransformer::class),
@ -90,11 +95,16 @@ class ServerTransformer extends BaseClientTransformer
/**
* @param \Pterodactyl\Models\Server $server
* @return \League\Fractal\Resource\Collection
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
public function includeVariables(Server $server)
{
if (! $this->getUser()->can(Permission::ACTION_STARTUP_READ, $server)) {
return $this->null();
}
return $this->collection(
$server->variables->where('user_viewable', true),
$this->makeTransformer(EggVariableTransformer::class),
@ -118,11 +128,16 @@ class ServerTransformer extends BaseClientTransformer
* Returns the subusers associated with this server.
*
* @param \Pterodactyl\Models\Server $server
* @return \League\Fractal\Resource\Collection
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
public function includeSubusers(Server $server)
{
if (! $this->getUser()->can(Permission::ACTION_USER_READ, $server)) {
return $this->null();
}
return $this->collection($server->subusers, $this->makeTransformer(SubuserTransformer::class), Subuser::RESOURCE_NAME);
}
}