Add support for locking backups to prevent any accidental deletions

2021-05-03 21:26:09 -07:00 · 2021-05-03 21:26:09 -07:00 · 5d5e4ca7b1
commit 5d5e4ca7b1
parent 5f48712c28
18 changed files with 250 additions and 88 deletions
--- a/app/Http/Controllers/Api/Client/Servers/BackupController.php
+++ b/app/Http/Controllers/Api/Client/Servers/BackupController.php
@ -61,8 +61,6 @@ class BackupController extends ClientApiController
     * Returns all of the backups for a given server instance in a paginated
     * result set.
     *
-     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
-     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function index(Request $request, Server $server): array
@ -89,11 +87,18 @@ class BackupController extends ClientApiController
    {
        /** @var \Pterodactyl\Models\Backup $backup */
        $backup = $server->audit(AuditLog::SERVER__BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) {
-            $backup = $this->initiateBackupService
-                ->setIgnoredFiles(
-                    explode(PHP_EOL, $request->input('ignored') ?? '')
-                )
-                ->handle($server, $request->input('name'));
+            $action = $this->initiateBackupService
+                ->setIgnoredFiles(explode(PHP_EOL, $request->input('ignored') ?? ''));
+
+            // Only set the lock status if the user even has permission to delete backups,
+            // otherwise ignore this status. This gets a little funky since it isn't clear
+            // how best to allow a user to create a backup that is locked without also preventing
+            // them from just filling up a server with backups that can never be deleted?
+            if ($request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+                $action->setIsLocked((bool) $request->input('is_locked'));
+            }
+
+            $backup = $action->handle($server, $request->input('name'));

            $model->metadata = ['backup_uuid' => $backup->uuid];

@ -105,11 +110,35 @@ class BackupController extends ClientApiController
            ->toArray();
    }

+    /**
+     * Toggles the lock status of a given backup for a server.
+     *
+     * @throws \Throwable
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function toggleLock(Request $request, Server $server, Backup $backup): array
+    {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+            throw new AuthorizationException();
+        }
+
+        $action = $backup->is_locked ? AuditLog::SERVER__BACKUP_UNLOCKED : AuditLog::SERVER__BACKUP_LOCKED;
+        $server->audit($action, function (AuditLog $audit) use ($backup) {
+            $audit->metadata = ['backup_uuid' => $backup->uuid];
+
+            $backup->update(['is_locked' => !$backup->is_locked]);
+        });
+
+        $backup->refresh();
+
+        return $this->fractal->item($backup)
+            ->transformWith($this->getTransformer(BackupTransformer::class))
+            ->toArray();
+    }
+
    /**
     * Returns information about a single backup.
     *
-     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
-     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function view(Request $request, Server $server, Backup $backup): array
--- a/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php
@ -19,6 +19,7 @@ class StoreBackupRequest extends ClientApiRequest
    {
        return [
            'name' => 'nullable|string|max:191',
+            'is_locked' => 'nullable|boolean',
            'ignored' => 'nullable|string',
        ];
    }