Update all of the permissions checking to be constant based
This commit is contained in:
Dane Everitt
parent
605c154812
commit
23d594f655
18 changed files with 98 additions and 40 deletions
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class CopyFileRequest extends ClientApiRequest implements ClientPermissionsReque
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.create';
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class CreateFolderRequest extends ClientApiRequest
|
||||
|
|
@ -10,11 +10,11 @@ class CreateFolderRequest extends ClientApiRequest
|
|||
/**
|
||||
* Checks that the authenticated user is allowed to create files on the server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('file.create', $this->getModel(Server::class));
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.delete';
|
||||
return Permission::ACTION_FILE_DELETE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -16,7 +17,7 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.read';
|
||||
return Permission::ACTION_FILE_READ;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class ListFilesRequest extends ClientApiRequest
|
||||
|
|
@ -11,11 +11,11 @@ class ListFilesRequest extends ClientApiRequest
|
|||
* Check that the user making this request to the API is authorized to list all
|
||||
* of the files that exist for a given server.
|
||||
*
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function authorize(): bool
|
||||
public function permission(): string
|
||||
{
|
||||
return $this->user()->can('file.read', $this->getModel(Server::class));
|
||||
return Permission::ACTION_FILE_READ;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -15,7 +16,7 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.update';
|
||||
return Permission::ACTION_FILE_UPDATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
|
|
@ -16,7 +17,7 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'file.create';
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Reference in a new issue