Matthew Penner
parent
b7b2413f3d
commit
7bfc265a7e
2 changed files with 21 additions and 7 deletions
|
|
@ -36,10 +36,17 @@ class BackupStatusController extends Controller
|
|||
|
||||
/** @var \Pterodactyl\Models\Backup $model */
|
||||
$model = Backup::query()
|
||||
->where('node_id', $node->id)
|
||||
->where('uuid', $backup)
|
||||
->firstOrFail();
|
||||
|
||||
// Check that the backup is "owned" by the node making the request. This avoids other nodes
|
||||
// from messing with backups that they don't own.
|
||||
/** @var \Pterodactyl\Models\Server $server */
|
||||
$server = $model->server;
|
||||
if ($server->node_id !== $node->id) {
|
||||
throw new HttpForbiddenException('You do not have permission to access that backup.');
|
||||
}
|
||||
|
||||
if ($model->is_successful) {
|
||||
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue