StarMC/Astral-nook
StarMC/Astral-nook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update all of the permissions checking to be constant based

Browse source
This commit is contained in:
Dane Everitt 2020-03-22 15:31:25 -07:00
parent 605c154812
commit 23d594f655
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
18 changed files with 98 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

19
app/Http/Requests/Api/Client/Servers/SendPowerRequest.php
View file

@ -2,7 +2,7 @@
namespace Pterodactyl\Http\Requests\Api\Client\Servers;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class SendPowerRequest extends ClientApiRequest
@ -10,11 +10,22 @@ class SendPowerRequest extends ClientApiRequest
/**
* Determine if the user has permission to send a power command to a server.
*
* @return bool
* @return string
*/
public function authorize(): bool
public function permission(): string
{
return $this->user()->can('control.' . $this->input('signal', ''), $this->getModel(Server::class));
switch ($this->input('signal')) {
case 'start':
return Permission::ACTION_CONTROL_START;
case 'stop':
return Permission::ACTION_CONTROL_STOP;
case 'restart':
return Permission::ACTION_CONTROL_RESTART;
case 'kill':
return Permission::ACTION_CONTROL_KILL;
}
return '__invalid';
}
/**