Update all of the permissions checking to be constant based
This commit is contained in:
Dane Everitt
parent
605c154812
commit
23d594f655
18 changed files with 98 additions and 40 deletions
|
|
@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
|||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Database;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -14,7 +15,7 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'database.delete';
|
||||
return Permission::ACTION_DATABASE_DELETE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,6 +13,6 @@ class GetDatabasesRequest extends ClientApiRequest implements ClientPermissionsR
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'database.read';
|
||||
return Permission::ACTION_DATABASE_READ;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class RotatePasswordRequest extends ClientApiRequest
|
||||
|
|
@ -10,10 +10,10 @@ class RotatePasswordRequest extends ClientApiRequest
|
|||
/**
|
||||
* Check that the user has permission to rotate the password.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('database.update', $this->getModel(Server::class));
|
||||
return Permission::ACTION_DATABASE_UPDATE;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class StoreDatabaseRequest extends ClientApiRequest implements ClientPermissions
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'database.create';
|
||||
return Permission::ACTION_DATABASE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class CopyFileRequest extends ClientApiRequest implements ClientPermissionsReque
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.create';
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class CreateFolderRequest extends ClientApiRequest
|
||||
|
|
@ -10,11 +10,11 @@ class CreateFolderRequest extends ClientApiRequest
|
|||
/**
|
||||
* Checks that the authenticated user is allowed to create files on the server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('file.create', $this->getModel(Server::class));
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.delete';
|
||||
return Permission::ACTION_FILE_DELETE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -16,7 +17,7 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.read';
|
||||
return Permission::ACTION_FILE_READ;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class ListFilesRequest extends ClientApiRequest
|
||||
|
|
@ -11,11 +11,11 @@ class ListFilesRequest extends ClientApiRequest
|
|||
* Check that the user making this request to the API is authorized to list all
|
||||
* of the files that exist for a given server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('file.read', $this->getModel(Server::class));
|
||||
return Permission::ACTION_FILE_READ;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -15,7 +16,7 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.update';
|
||||
return Permission::ACTION_FILE_UPDATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -16,7 +17,7 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.create';
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class GetNetworkRequest extends ClientApiRequest
|
||||
|
|
@ -11,10 +11,10 @@ class GetNetworkRequest extends ClientApiRequest
|
|||
* Check that the user has permission to view the allocations for
|
||||
* this server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('allocation.read', $this->getModel(Server::class));
|
||||
return Permission::ACTION_ALLOCATION_READ;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,18 +2,18 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
|
||||
class SendCommandRequest extends GetServerRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the API user has permission to perform this action.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('control.console', $this->getModel(Server::class));
|
||||
return Permission::ACTION_CONTROL_CONSOLE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class SendPowerRequest extends ClientApiRequest
|
||||
|
|
@ -10,11 +10,22 @@ class SendPowerRequest extends ClientApiRequest
|
|||
/**
|
||||
* Determine if the user has permission to send a power command to a server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('control.' . $this->input('signal', ''), $this->getModel(Server::class));
|
||||
switch ($this->input('signal')) {
|
||||
case 'start':
|
||||
return Permission::ACTION_CONTROL_START;
|
||||
case 'stop':
|
||||
return Permission::ACTION_CONTROL_STOP;
|
||||
case 'restart':
|
||||
return Permission::ACTION_CONTROL_RESTART;
|
||||
case 'kill':
|
||||
return Permission::ACTION_CONTROL_KILL;
|
||||
}
|
||||
|
||||
return '__invalid';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Settings;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -17,7 +18,7 @@ class RenameServerRequest extends ClientApiRequest implements ClientPermissionsR
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'settings.rename';
|
||||
return Permission::ACTION_SETTINGS_RENAME;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Subusers;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class GetSubuserRequest extends ClientApiRequest
|
||||
|
|
@ -9,10 +10,10 @@ class GetSubuserRequest extends ClientApiRequest
|
|||
/**
|
||||
* Confirm that a user is able to view subusers for the specified server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('user.read', $this->route()->parameter('server'));
|
||||
return Permission::ACTION_USER_READ;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue