Update all the client API endpoints to use new permissions codes
This commit is contained in:
Dane Everitt
parent
1153101a57
commit
867dbf3bd2
32 changed files with 141 additions and 1187 deletions
|
|
@ -45,7 +45,7 @@ class WebsocketController extends ClientApiController
|
|||
*/
|
||||
public function __invoke(Request $request, Server $server)
|
||||
{
|
||||
if (! $request->user()->can('connect-to-ws', $server)) {
|
||||
if (! $request->user()->can('websocket.*', $server)) {
|
||||
throw new HttpException(
|
||||
Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.'
|
||||
);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'delete-database';
|
||||
return 'database.delete';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -12,6 +12,6 @@ class GetDatabasesRequest extends ClientApiRequest implements ClientPermissionsR
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'view-databases';
|
||||
return 'database.read';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,6 @@ class RotatePasswordRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('reset-db-password', $this->getModel(Server::class));
|
||||
return $this->user()->can('database.update', $this->getModel(Server::class));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ class StoreDatabaseRequest extends ClientApiRequest implements ClientPermissions
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'create-database';
|
||||
return 'database.create';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ class CopyFileRequest extends ClientApiRequest implements ClientPermissionsReque
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'copy-files';
|
||||
return 'file.create';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ class CreateFolderRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('create-files', $this->getModel(Server::class));
|
||||
return $this->user()->can('file.create', $this->getModel(Server::class));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'delete-files';
|
||||
return 'file.delete';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@ class DownloadFileRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('download-files', $this->getModel(Server::class));
|
||||
return $this->user()->can('file.read', $this->getModel(Server::class));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'edit-files';
|
||||
return 'file.read';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class ListFilesRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('list-files', $this->getModel(Server::class));
|
||||
return $this->user()->can('file.read', $this->getModel(Server::class));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'move-files';
|
||||
return 'file.update';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
|
|||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return 'save-files';
|
||||
return 'file.create';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@ class GetNetworkRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('view-allocations', $this->getModel(Server::class));
|
||||
return $this->user()->can('allocation.read', $this->getModel(Server::class));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ class SendCommandRequest extends GetServerRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('send-command', $this->getModel(Server::class));
|
||||
return $this->user()->can('control.console', $this->getModel(Server::class));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ class SendPowerRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('power-' . $this->input('signal', '_undefined'), $this->getModel(Server::class));
|
||||
return $this->user()->can('control.' . $this->input('signal', ''), $this->getModel(Server::class));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -13,6 +13,6 @@ class GetSubuserRequest extends ClientApiRequest
|
|||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return $this->user()->can('view-subusers', $this->route()->parameter('server'));
|
||||
return $this->user()->can('user.read', $this->route()->parameter('server'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Database;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class DeleteServerDatabaseRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return config('pterodactyl.client_features.databases.enabled');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the user permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'delete-database';
|
||||
}
|
||||
|
||||
/**
|
||||
* Rules to validate this request against.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Database;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class StoreServerDatabaseRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return config('pterodactyl.client_features.databases.enabled');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the user permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'create-database';
|
||||
}
|
||||
|
||||
/**
|
||||
* Rules to validate this request against.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'database' => 'required|string|min:1',
|
||||
'remote' => 'required|string|regex:/^[0-9%.]{1,15}$/',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -1,79 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
class ScheduleCreationFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
if ($this->method() === 'PATCH') {
|
||||
return 'edit-schedule';
|
||||
}
|
||||
|
||||
return 'create-schedule';
|
||||
}
|
||||
|
||||
/**
|
||||
* Validation rules to apply to the request.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'name' => 'nullable|string|max:255',
|
||||
'cron_day_of_week' => 'required|string',
|
||||
'cron_day_of_month' => 'required|string',
|
||||
'cron_hour' => 'required|string',
|
||||
'cron_minute' => 'required|string',
|
||||
'tasks' => 'sometimes|array|size:4',
|
||||
'tasks.time_value' => 'required_with:tasks|max:5',
|
||||
'tasks.time_interval' => 'required_with:tasks|max:5',
|
||||
'tasks.action' => 'required_with:tasks|max:5',
|
||||
'tasks.payload' => 'required_with:tasks|max:5',
|
||||
'tasks.time_value.*' => 'numeric|between:0,59',
|
||||
'tasks.time_interval.*' => 'string|in:s,m',
|
||||
'tasks.action.*' => 'string|in:power,command',
|
||||
'tasks.payload.*' => 'string',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalize the request into a format that can be used by the application.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function normalize()
|
||||
{
|
||||
return $this->only('name', 'cron_day_of_week', 'cron_day_of_month', 'cron_hour', 'cron_minute');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the tasks provided in the request that are associated with this schedule.
|
||||
*
|
||||
* @return array|null
|
||||
*/
|
||||
public function getTasks()
|
||||
{
|
||||
$restructured = [];
|
||||
foreach (array_get($this->all(), 'tasks', []) as $key => $values) {
|
||||
for ($i = 0; $i < count($values); $i++) {
|
||||
$restructured[$i][$key] = $values[$i];
|
||||
}
|
||||
}
|
||||
|
||||
return empty($restructured) ? null : $restructured;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
|
||||
|
||||
abstract class ServerFormRequest extends FrontendUserFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
abstract protected function permission(): string;
|
||||
|
||||
/**
|
||||
* Determine if a user has permission to access this resource.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->user()->can($this->permission(), $this->getServer());
|
||||
}
|
||||
|
||||
public function getServer(): Server
|
||||
{
|
||||
return $this->attributes->get('server');
|
||||
}
|
||||
}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Settings;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class ChangeServerNameRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Permission to use when checking if a user can access this resource.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'edit-name';
|
||||
}
|
||||
|
||||
/**
|
||||
* Rules to use when validating the submitted data.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'name' => Server::getRules()['name'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Subuser;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class SubuserStoreFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'create-subuser';
|
||||
}
|
||||
|
||||
/**
|
||||
* The rules to validate this request submission against.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'email' => 'required|email',
|
||||
'permissions' => 'sometimes|array',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Subuser;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class SubuserUpdateFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'edit-subuser';
|
||||
}
|
||||
|
||||
/**
|
||||
* The rules to validate this request submission against.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'permissions' => 'present|array',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use GuzzleHttp\Exception\RequestException;
|
||||
use Illuminate\Contracts\Config\Repository;
|
||||
use Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
|
||||
use Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException;
|
||||
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
|
||||
|
||||
class UpdateFileContentsFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the permission string to validate this request against.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'edit-files';
|
||||
}
|
||||
|
||||
/**
|
||||
* Authorize a request to edit a file.
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException
|
||||
* @throws \Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$server = $this->attributes->get('server');
|
||||
$token = $this->attributes->get('server_token');
|
||||
|
||||
return $this->checkFileCanBeEdited($server, $token);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given file can be edited by a user on this server.
|
||||
*
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param string $token
|
||||
* @return bool
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException
|
||||
* @throws \Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException
|
||||
*/
|
||||
private function checkFileCanBeEdited($server, $token)
|
||||
{
|
||||
$config = app()->make(Repository::class);
|
||||
$repository = app()->make(FileRepositoryInterface::class);
|
||||
|
||||
try {
|
||||
$stats = $repository->setServer($server)->setToken($token)->getFileStat($this->route()->parameter('file'));
|
||||
} catch (RequestException $exception) {
|
||||
switch ($exception->getCode()) {
|
||||
case 404:
|
||||
throw new NotFoundHttpException;
|
||||
default:
|
||||
throw new DaemonConnectionException($exception);
|
||||
}
|
||||
}
|
||||
|
||||
if ((! $stats->file && ! $stats->symlink) || ! in_array($stats->mime, $config->get('pterodactyl.files.editable'))) {
|
||||
throw new FileTypeNotEditableException(trans('server.files.exceptions.invalid_mime'));
|
||||
}
|
||||
|
||||
if ($stats->size > $config->get('pterodactyl.files.max_edit_size')) {
|
||||
throw new FileSizeTooLargeException(trans('server.files.exceptions.max_size'));
|
||||
}
|
||||
|
||||
$this->attributes->set('file_stats', $stats);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
|
||||
use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
|
||||
|
||||
class UpdateStartupParametersFormRequest extends FrontendUserFormRequest
|
||||
{
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
private $validationAttributes = [];
|
||||
|
||||
/**
|
||||
* Determine if the user has permission to update the startup parameters
|
||||
* for this server.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->user()->can('edit-startup', $this->attributes->get('server'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that all of the required fields were passed and that the environment
|
||||
* variable values meet the defined criteria for those fields.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
$repository = $this->container->make(EggVariableRepositoryInterface::class);
|
||||
|
||||
$variables = $repository->getEditableVariables($this->attributes->get('server')->egg_id);
|
||||
$rules = $variables->mapWithKeys(function ($variable) {
|
||||
$this->validationAttributes['environment.' . $variable->env_variable] = $variable->name;
|
||||
|
||||
return ['environment.' . $variable->env_variable => $variable->rules];
|
||||
})->toArray();
|
||||
|
||||
return array_merge($rules, [
|
||||
'environment' => 'required|array',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return attributes to provide better naming conventions for error messages.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function attributes()
|
||||
{
|
||||
return $this->validationAttributes;
|
||||
}
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Models;
|
||||
|
||||
use Illuminate\Support\Collection;
|
||||
|
||||
class Permission extends Validable
|
||||
{
|
||||
/**
|
||||
|
|
@ -48,12 +50,130 @@ class Permission extends Validable
|
|||
'permission' => 'required|string',
|
||||
];
|
||||
|
||||
/**
|
||||
* All of the permissions available on the system. You should use self::permissions()
|
||||
* to retrieve them, and not directly access this array as it is subject to change.
|
||||
*
|
||||
* @var array
|
||||
* @see \Pterodactyl\Models\Permission::permissions()
|
||||
*/
|
||||
protected static $permissions = [
|
||||
'websocket' => [
|
||||
// Allows the user to connect to the server websocket, this will give them
|
||||
// access to view the console output as well as realtime server stats (CPU
|
||||
// and Memory usage).
|
||||
'*',
|
||||
],
|
||||
|
||||
'control' => [
|
||||
// Allows the user to send data to the server console process. A user with this
|
||||
// permission will not be able to stop the server directly by issuing the specified
|
||||
// stop command for the Egg, however depending on plugins and server configuration
|
||||
// they may still be able to control the server power state.
|
||||
'console', // power.send-command
|
||||
|
||||
// Allows the user to start/stop/restart/kill the server process.
|
||||
'start', // power.power-start
|
||||
'stop', // power.power-stop
|
||||
'restart', // power.power-restart
|
||||
'kill', // power.power-kill
|
||||
],
|
||||
|
||||
'user' => [
|
||||
// Allows a user to create a new user assigned to the server. They will not be able
|
||||
// to assign any permissions they do not already have on their account as well.
|
||||
'create', // subuser.create-subuser
|
||||
'read', // subuser.list-subusers, subuser.view-subuser
|
||||
'update', // subuser.edit-subuser
|
||||
'delete', // subuser.delete-subuser
|
||||
],
|
||||
|
||||
'file' => [
|
||||
// Allows a user to create additional files and folders either via the Panel,
|
||||
// or via a direct upload.
|
||||
'create', // files.create-files, files.upload-files, files.copy-files, files.move-files
|
||||
|
||||
// Allows a user to view the contents of a directory as well as read the contents
|
||||
// of a given file. A user with this permission will be able to download files
|
||||
// as well.
|
||||
'read', // files.list-files, files.download-files
|
||||
|
||||
// Allows a user to update the contents of an existing file or directory.
|
||||
'update', // files.edit-files, files.save-files
|
||||
|
||||
// Allows a user to delete a file or directory.
|
||||
'delete', // files.delete-files
|
||||
|
||||
// Allows a user to archive the contents of a directory as well as decompress existing
|
||||
// archives on the system.
|
||||
'archive', // files.compress-files, files.decompress-files
|
||||
|
||||
// Allows the user to connect and manage server files using their account
|
||||
// credentials and a SFTP client.
|
||||
'sftp', // files.access-sftp
|
||||
],
|
||||
|
||||
// Controls permissions for editing or viewing a server's allocations.
|
||||
'allocation' => [
|
||||
'read', // server.view-allocations
|
||||
'update', // server.edit-allocation
|
||||
],
|
||||
|
||||
// Controls permissions for editing or viewing a server's startup parameters.
|
||||
'startup' => [
|
||||
'read', // server.view-startup
|
||||
'update', // server.edit-startup
|
||||
],
|
||||
|
||||
'database' => [
|
||||
// Allows a user to create a new database for a server.
|
||||
'create', // database.create-database
|
||||
|
||||
// Allows a user to view the databases associated with the server. If they do not also
|
||||
// have the view_password permission they will only be able to see the connection address
|
||||
// and the name of the user.
|
||||
'read', // database.view-databases
|
||||
|
||||
// Allows a user to rotate the password on a database instance. If the user does not
|
||||
// alow have the view_password permission they will not be able to see the updated password
|
||||
// anywhere, but it will still be rotated.
|
||||
'update', // database.reset-db-password
|
||||
|
||||
// Allows a user to delete a database instance.
|
||||
'delete', // database.delete-database
|
||||
|
||||
// Allows a user to view the password associated with a database instance for the
|
||||
// server. Note that a user without this permission may still be able to access these
|
||||
// credentials by viewing files or the console.
|
||||
'view_password', // database.reset-db-password
|
||||
],
|
||||
|
||||
'schedule' => [
|
||||
'create', // task.create-schedule
|
||||
'read', // task.view-schedule, task.list-schedules
|
||||
'update', // task.edit-schedule, task.queue-schedule, task.toggle-schedule
|
||||
'delete', // task.delete-schedule
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* Returns all of the permissions available on the system for a user to
|
||||
* have when controlling a server.
|
||||
*
|
||||
* @return \Illuminate\Support\Collection
|
||||
*/
|
||||
public static function permissions(): Collection
|
||||
{
|
||||
return Collection::make(self::$permissions);
|
||||
}
|
||||
|
||||
/**
|
||||
* A list of all permissions available for a user.
|
||||
*
|
||||
* @var array
|
||||
* @deprecated
|
||||
*/
|
||||
protected static $permissions = [
|
||||
protected static $deprecatedPermissions = [
|
||||
'power' => [
|
||||
'power-start' => 's:power:start',
|
||||
'power-stop' => 's:power:stop',
|
||||
|
|
@ -110,16 +230,17 @@ class Permission extends Validable
|
|||
*
|
||||
* @param bool $array
|
||||
* @return array|\Illuminate\Support\Collection
|
||||
* @deprecated
|
||||
*/
|
||||
public static function getPermissions($array = false)
|
||||
{
|
||||
if ($array) {
|
||||
return collect(self::$permissions)->mapWithKeys(function ($item) {
|
||||
return collect(self::$deprecatedPermissions)->mapWithKeys(function ($item) {
|
||||
return $item;
|
||||
})->all();
|
||||
}
|
||||
|
||||
return collect(self::$permissions);
|
||||
return collect(self::$deprecatedPermissions);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Reference in a new issue