StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update all the client API endpoints to use new permissions codes

Browse source
This commit is contained in:
Dane Everitt 2019-11-03 17:13:47 -08:00
parent 1153101a57
commit 867dbf3bd2
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
32 changed files with 141 additions and 1187 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Controllers/Api/Client/Servers/WebsocketController.php
View file

@ -45,7 +45,7 @@ class WebsocketController extends ClientApiController
*/
public function __invoke(Request $request, Server $server)
{
if (! $request->user()->can('connect-to-ws', $server)) {
if (! $request->user()->can('websocket.*', $server)) {
throw new HttpException(
Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.'
);

2
app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
View file

@ -14,7 +14,7 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
*/
public function permission(): string
{
return 'delete-database';
return 'database.delete';
}
/**

2
app/Http/Requests/Api/Client/Servers/Databases/GetDatabasesRequest.php
View file

@ -12,6 +12,6 @@ class GetDatabasesRequest extends ClientApiRequest implements ClientPermissionsR
*/
public function permission(): string
{
return 'view-databases';
return 'database.read';
}
}

2
app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
View file

@ -14,6 +14,6 @@ class RotatePasswordRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('reset-db-password', $this->getModel(Server::class));
return $this->user()->can('database.update', $this->getModel(Server::class));
}
}

2
app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php
View file

@ -12,7 +12,7 @@ class StoreDatabaseRequest extends ClientApiRequest implements ClientPermissions
*/
public function permission(): string
{
return 'create-database';
return 'database.create';
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/CopyFileRequest.php
View file

@ -12,7 +12,7 @@ class CopyFileRequest extends ClientApiRequest implements ClientPermissionsReque
*/
public function permission(): string
{
return 'copy-files';
return 'file.create';
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/CreateFolderRequest.php
View file

@ -14,7 +14,7 @@ class CreateFolderRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('create-files', $this->getModel(Server::class));
return $this->user()->can('file.create', $this->getModel(Server::class));
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/DeleteFileRequest.php
View file

@ -12,7 +12,7 @@ class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsReq
*/
public function permission(): string
{
return 'delete-files';
return 'file.delete';
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/DownloadFileRequest.php
View file

@ -15,6 +15,6 @@ class DownloadFileRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('download-files', $this->getModel(Server::class));
return $this->user()->can('file.read', $this->getModel(Server::class));
}
}

2
app/Http/Requests/Api/Client/Servers/Files/GetFileContentsRequest.php
View file

@ -16,7 +16,7 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
*/
public function permission(): string
{
return 'edit-files';
return 'file.read';
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/ListFilesRequest.php
View file

@ -15,7 +15,7 @@ class ListFilesRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('list-files', $this->getModel(Server::class));
return $this->user()->can('file.read', $this->getModel(Server::class));
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/RenameFileRequest.php
View file

@ -15,7 +15,7 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
*/
public function permission(): string
{
return 'move-files';
return 'file.update';
}
/**

2
app/Http/Requests/Api/Client/Servers/Files/WriteFileContentRequest.php
View file

@ -16,7 +16,7 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
*/
public function permission(): string
{
return 'save-files';
return 'file.create';
}
/**

2
app/Http/Requests/Api/Client/Servers/Network/GetNetworkRequest.php
View file

@ -15,6 +15,6 @@ class GetNetworkRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('view-allocations', $this->getModel(Server::class));
return $this->user()->can('allocation.read', $this->getModel(Server::class));
}
}

2
app/Http/Requests/Api/Client/Servers/SendCommandRequest.php
View file

@ -13,7 +13,7 @@ class SendCommandRequest extends GetServerRequest
*/
public function authorize(): bool
{
return $this->user()->can('send-command', $this->getModel(Server::class));
return $this->user()->can('control.console', $this->getModel(Server::class));
}
/**

2
app/Http/Requests/Api/Client/Servers/SendPowerRequest.php
View file

@ -14,7 +14,7 @@ class SendPowerRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('power-' . $this->input('signal', '_undefined'), $this->getModel(Server::class));
return $this->user()->can('control.' . $this->input('signal', ''), $this->getModel(Server::class));
}
/**

2
app/Http/Requests/Api/Client/Servers/Subusers/GetSubuserRequest.php
View file

@ -13,6 +13,6 @@ class GetSubuserRequest extends ClientApiRequest
*/
public function authorize(): bool
{
return $this->user()->can('view-subusers', $this->route()->parameter('server'));
return $this->user()->can('user.read', $this->route()->parameter('server'));
}
}

40
app/Http/Requests/Server/Database/DeleteServerDatabaseRequest.php
View file

@ -1,40 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server\Database;
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
class DeleteServerDatabaseRequest extends ServerFormRequest
{
/**
* @return bool
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
return config('pterodactyl.client_features.databases.enabled');
}
/**
* Return the user permission to validate this request against.
*
* @return string
*/
protected function permission(): string
{
return 'delete-database';
}
/**
* Rules to validate this request against.
*
* @return array
*/
public function rules()
{
return [];
}
}

43
app/Http/Requests/Server/Database/StoreServerDatabaseRequest.php
View file

@ -1,43 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server\Database;
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
class StoreServerDatabaseRequest extends ServerFormRequest
{
/**
* @return bool
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
return config('pterodactyl.client_features.databases.enabled');
}
/**
* Return the user permission to validate this request against.
*
* @return string
*/
protected function permission(): string
{
return 'create-database';
}
/**
* Rules to validate this request against.
*
* @return array
*/
public function rules()
{
return [
'database' => 'required|string|min:1',
'remote' => 'required|string|regex:/^[0-9%.]{1,15}$/',
];
}
}

79
app/Http/Requests/Server/ScheduleCreationFormRequest.php
View file

@ -1,79 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Requests\Server;
class ScheduleCreationFormRequest extends ServerFormRequest
{
/**
* Permission to validate this request against.
*
* @return string
*/
protected function permission(): string
{
if ($this->method() === 'PATCH') {
return 'edit-schedule';
}
return 'create-schedule';
}
/**
* Validation rules to apply to the request.
*
* @return array
*/
public function rules()
{
return [
'name' => 'nullable|string|max:255',
'cron_day_of_week' => 'required|string',
'cron_day_of_month' => 'required|string',
'cron_hour' => 'required|string',
'cron_minute' => 'required|string',
'tasks' => 'sometimes|array|size:4',
'tasks.time_value' => 'required_with:tasks|max:5',
'tasks.time_interval' => 'required_with:tasks|max:5',
'tasks.action' => 'required_with:tasks|max:5',
'tasks.payload' => 'required_with:tasks|max:5',
'tasks.time_value.*' => 'numeric|between:0,59',
'tasks.time_interval.*' => 'string|in:s,m',
'tasks.action.*' => 'string|in:power,command',
'tasks.payload.*' => 'string',
];
}
/**
* Normalize the request into a format that can be used by the application.
*
* @return array
*/
public function normalize()
{
return $this->only('name', 'cron_day_of_week', 'cron_day_of_month', 'cron_hour', 'cron_minute');
}
/**
* Return the tasks provided in the request that are associated with this schedule.
*
* @return array|null
*/
public function getTasks()
{
$restructured = [];
foreach (array_get($this->all(), 'tasks', []) as $key => $values) {
for ($i = 0; $i < count($values); $i++) {
$restructured[$i][$key] = $values[$i];
}
}
return empty($restructured) ? null : $restructured;
}
}

35
app/Http/Requests/Server/ServerFormRequest.php
View file

@ -1,35 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server;
use Pterodactyl\Models\Server;
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
abstract class ServerFormRequest extends FrontendUserFormRequest
{
/**
* Return the user permission to validate this request against.
*
* @return string
*/
abstract protected function permission(): string;
/**
* Determine if a user has permission to access this resource.
*
* @return bool
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
return $this->user()->can($this->permission(), $this->getServer());
}
public function getServer(): Server
{
return $this->attributes->get('server');
}
}

31
app/Http/Requests/Server/Settings/ChangeServerNameRequest.php
View file

@ -1,31 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server\Settings;
use Pterodactyl\Models\Server;
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
class ChangeServerNameRequest extends ServerFormRequest
{
/**
* Permission to use when checking if a user can access this resource.
*
* @return string
*/
protected function permission(): string
{
return 'edit-name';
}
/**
* Rules to use when validating the submitted data.
*
* @return array
*/
public function rules()
{
return [
'name' => Server::getRules()['name'],
];
}
}

31
app/Http/Requests/Server/Subuser/SubuserStoreFormRequest.php
View file

@ -1,31 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server\Subuser;
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
class SubuserStoreFormRequest extends ServerFormRequest
{
/**
* Return the user permission to validate this request against.
*
* @return string
*/
protected function permission(): string
{
return 'create-subuser';
}
/**
* The rules to validate this request submission against.
*
* @return array
*/
public function rules()
{
return [
'email' => 'required|email',
'permissions' => 'sometimes|array',
];
}
}

30
app/Http/Requests/Server/Subuser/SubuserUpdateFormRequest.php
View file

@ -1,30 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server\Subuser;
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
class SubuserUpdateFormRequest extends ServerFormRequest
{
/**
* Return the user permission to validate this request against.
*
* @return string
*/
protected function permission(): string
{
return 'edit-subuser';
}
/**
* The rules to validate this request submission against.
*
* @return array
*/
public function rules()
{
return [
'permissions' => 'present|array',
];
}
}

101
app/Http/Requests/Server/UpdateFileContentsFormRequest.php
View file

@ -1,101 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Requests\Server;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Contracts\Config\Repository;
use Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
use Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException;
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
class UpdateFileContentsFormRequest extends ServerFormRequest
{
/**
* Return the permission string to validate this request against.
*
* @return string
*/
protected function permission(): string
{
return 'edit-files';
}
/**
* Authorize a request to edit a file.
*
* @return bool
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException
* @throws \Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
$server = $this->attributes->get('server');
$token = $this->attributes->get('server_token');
return $this->checkFileCanBeEdited($server, $token);
}
/**
* @return array
*/
public function rules()
{
return [];
}
/**
* Checks if a given file can be edited by a user on this server.
*
* @param \Pterodactyl\Models\Server $server
* @param string $token
* @return bool
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException
* @throws \Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException
*/
private function checkFileCanBeEdited($server, $token)
{
$config = app()->make(Repository::class);
$repository = app()->make(FileRepositoryInterface::class);
try {
$stats = $repository->setServer($server)->setToken($token)->getFileStat($this->route()->parameter('file'));
} catch (RequestException $exception) {
switch ($exception->getCode()) {
case 404:
throw new NotFoundHttpException;
default:
throw new DaemonConnectionException($exception);
}
}
if ((! $stats->file && ! $stats->symlink) || ! in_array($stats->mime, $config->get('pterodactyl.files.editable'))) {
throw new FileTypeNotEditableException(trans('server.files.exceptions.invalid_mime'));
}
if ($stats->size > $config->get('pterodactyl.files.max_edit_size')) {
throw new FileSizeTooLargeException(trans('server.files.exceptions.max_size'));
}
$this->attributes->set('file_stats', $stats);
return true;
}
}

61
app/Http/Requests/Server/UpdateStartupParametersFormRequest.php
View file

@ -1,61 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Server;
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
class UpdateStartupParametersFormRequest extends FrontendUserFormRequest
{
/**
* @var array
*/
private $validationAttributes = [];
/**
* Determine if the user has permission to update the startup parameters
* for this server.
*
* @return bool
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
return $this->user()->can('edit-startup', $this->attributes->get('server'));
}
/**
* Validate that all of the required fields were passed and that the environment
* variable values meet the defined criteria for those fields.
*
* @return array
*/
public function rules()
{
$repository = $this->container->make(EggVariableRepositoryInterface::class);
$variables = $repository->getEditableVariables($this->attributes->get('server')->egg_id);
$rules = $variables->mapWithKeys(function ($variable) {
$this->validationAttributes['environment.' . $variable->env_variable] = $variable->name;
return ['environment.' . $variable->env_variable => $variable->rules];
})->toArray();
return array_merge($rules, [
'environment' => 'required|array',
]);
}
/**
* Return attributes to provide better naming conventions for error messages.
*
* @return array
*/
public function attributes()
{
return $this->validationAttributes;
}
}