Add permissions checking to API middleware list

2017-11-19 15:23:37 -06:00 · 2017-11-19 15:23:37 -06:00 · bf9708fe4f
commit bf9708fe4f
parent 49379bd115
8 changed files with 206 additions and 210 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -24,6 +24,7 @@ use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Pterodactyl\Http\Middleware\API\AuthenticateIPAccess;
 use Pterodactyl\Http\Middleware\Daemon\DaemonAuthenticate;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
+use Pterodactyl\Http\Middleware\API\HasPermissionToResource;
 use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
 use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;
 use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
@ -95,6 +96,9 @@ class Kernel extends HttpKernel
        'bindings' => SubstituteBindings::class,
        'recaptcha' => VerifyReCaptcha::class,

+        // API specific middleware.
+        'api..user_level' => HasPermissionToResource::class,
+
        // Server specific middleware (used for authenticating access to resources)
        //
        // These are only used for individual server authentication, and not gloabl