Fix authorization checking for subusers

app/Policies/ServerPolicy.php

@@ -1,21 +1,29 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Policies;
 
-use Cache;
-use Carbon;
+use Carbon\Carbon;
 use Pterodactyl\Models\User;
 use Pterodactyl\Models\Server;
+use Illuminate\Contracts\Cache\Repository as CacheRepository;
 
 class ServerPolicy
 {
+    /**
+     * @var \Illuminate\Contracts\Cache\Repository
+     */
+    private $cache;
+
+    /**
+     * ServerPolicy constructor.
+     *
+     * @param \Illuminate\Contracts\Cache\Repository $cache
+     */
+    public function __construct(CacheRepository $cache)
+    {
+        $this->cache = $cache;
+    }
+
     /**
      * Checks if the user has the given permission on/for the server.
      *
@@ -26,13 +34,16 @@ class ServerPolicy
      */
     protected function checkPermission(User $user, Server $server, $permission)
     {
-        $permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(5), function () use ($user, $server) {
-            return $user->permissions()->server($server)->get()->transform(function ($item) {
-                return $item->permission;
-            })->values();
+        $key = sprintf('ServerPolicy.%s.%s', $user->uuid, $server->uuid);
+
+        $permissions = $this->cache->remember($key, Carbon::now()->addSeconds(5), function () use ($user, $server) {
+            /** @var \Pterodactyl\Models\Subuser|null $subuser */
+            $subuser = $server->subusers()->where('user_id', $user->id)->first();
+
+            return $subuser ? $subuser->permissions : [];
         });
 
-        return $permissions->search($permission, true) !== false;
+        return in_array($permission, $permissions);
     }
 
     /**