StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Improved logic for handling permissions on API routes.

Browse source 
Still only partially implemented, however this method will allow the
inclusion of data that is granted with servers (such as viewing more
about the node, node location, allocations, etc) while still limiting
someone from doing `?include=node.servers` and listing all servers when
they don’t have list-servers as a permission.
This commit is contained in:
Dane Everitt 2017-04-08 12:05:29 -04:00
parent db4df2bfa1
commit 4479d3bf19
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
16 changed files with 296 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/Policies/APIKeyPolicy.php
View file

@ -42,7 +42,9 @@ class APIKeyPolicy
*/
private function checkPermission(User $user, Key $key, $permission)
{
$permissions = Cache::remember('APIKeyPolicy.' . $user->uuid . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
// We don't tag this cache key with the user uuid because the key is already unique,
// and multiple users are not defiend for a single key.
$permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
return $key->permissions()->get()->transform(function ($item) {
return $item->permission;
})->values();