StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Show console when an admin is viewing an installing server

Browse source
This commit is contained in:
Dane Everitt 2020-04-26 13:21:39 -07:00
parent 446dc8b33d
commit 6056b6f45d
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 130 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

22
app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php
View file

@ -17,6 +17,16 @@ class AuthenticateServerAccess
*/
private $repository;
/**
* Routes that this middleware should not apply to if the user is an admin.
*
* @var string[]
*/
protected $except = [
'api:client:server.view',
'api:client:server.ws',
];
/**
* AuthenticateServerAccess constructor.
*
@ -36,6 +46,8 @@ class AuthenticateServerAccess
*/
public function handle(Request $request, Closure $next)
{
/** @var \Pterodactyl\Models\User $user */
$user = $request->user();
$server = $request->route()->parameter('server');
if (! $server instanceof Server) {
@ -45,9 +57,9 @@ class AuthenticateServerAccess
// At the very least, ensure that the user trying to make this request is the
// server owner, a subuser, or a root admin. We'll leave it up to the controllers
// to authenticate more detailed permissions if needed.
if ($request->user()->id !== $server->owner_id && ! $request->user()->root_admin) {
if ($user->id !== $server->owner_id && ! $user->root_admin) {
// Check for subuser status.
if (! $server->subusers->contains('user_id', $request->user()->id)) {
if (! $server->subusers->contains('user_id', $user->id)) {
throw new NotFoundHttpException(trans('exceptions.api.resource_not_found'));
}
}
@ -57,7 +69,11 @@ class AuthenticateServerAccess
}
if (! $server->isInstalled()) {
throw new ConflictHttpException('Server has not completed the installation process.');
// Throw an exception for all server routes; however if the user is an admin and requesting the
// server details, don't throw the exception for them.
if (! $user->root_admin || ($user->root_admin && ! $request->routeIs($this->except))) {
throw new ConflictHttpException('Server has not completed the installation process.');
}
}
$request->attributes->set('server', $server);