Add support for allowing subusers to access SFTP. (#918)
This commit is contained in:
ShadowKitten
Dane Everitt
parent
f61a5fa0cb
commit
d8be167a9c
10 changed files with 64 additions and 70 deletions
|
|
@ -90,12 +90,12 @@ class Permission extends Model implements CleansAttributes, ValidableContract
|
|||
'view-startup' => null,
|
||||
'edit-startup' => null,
|
||||
],
|
||||
'sftp' => [
|
||||
'view-sftp' => null,
|
||||
'view-sftp-password' => null,
|
||||
'reset-sftp' => 's:set-password',
|
||||
'database' => [
|
||||
'view-databases' => null,
|
||||
'reset-db-password' => null,
|
||||
],
|
||||
'file' => [
|
||||
'access-sftp' => null,
|
||||
'list-files' => 's:files:get',
|
||||
'edit-files' => 's:files:read',
|
||||
'save-files' => 's:files:post',
|
||||
|
|
@ -106,7 +106,7 @@ class Permission extends Model implements CleansAttributes, ValidableContract
|
|||
'create-files' => 's:files:create',
|
||||
'upload-files' => 's:files:upload',
|
||||
'delete-files' => 's:files:delete',
|
||||
'download-files' => null,
|
||||
'download-files' => 's:files:download',
|
||||
],
|
||||
'task' => [
|
||||
'list-schedules' => null,
|
||||
|
|
@ -117,10 +117,6 @@ class Permission extends Model implements CleansAttributes, ValidableContract
|
|||
'create-schedule' => null,
|
||||
'delete-schedule' => null,
|
||||
],
|
||||
'database' => [
|
||||
'view-databases' => null,
|
||||
'reset-db-password' => null,
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
|||
use Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
|
||||
class AuthenticateUsingPasswordService
|
||||
|
|
@ -25,20 +26,28 @@ class AuthenticateUsingPasswordService
|
|||
*/
|
||||
private $userRepository;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
|
||||
*/
|
||||
private $subuserRepository;
|
||||
|
||||
/**
|
||||
* AuthenticateUsingPasswordService constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService $keyProviderService
|
||||
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
|
||||
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $userRepository
|
||||
* @param \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService $keyProviderService
|
||||
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
|
||||
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $subuserRepository
|
||||
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $userRepository
|
||||
*/
|
||||
public function __construct(
|
||||
DaemonKeyProviderService $keyProviderService,
|
||||
ServerRepositoryInterface $repository,
|
||||
SubuserRepositoryInterface $subuserRepository,
|
||||
UserRepositoryInterface $userRepository
|
||||
) {
|
||||
$this->keyProviderService = $keyProviderService;
|
||||
$this->repository = $repository;
|
||||
$this->subuserRepository = $subuserRepository;
|
||||
$this->userRepository = $userRepository;
|
||||
}
|
||||
|
||||
|
|
@ -73,10 +82,19 @@ class AuthenticateUsingPasswordService
|
|||
}
|
||||
|
||||
$server = $this->repository->setColumns(['id', 'node_id', 'owner_id', 'uuid', 'installed', 'suspended'])->getByUuid($server);
|
||||
if ($server->node_id !== $node || (! $user->root_admin && $server->owner_id !== $user->id)) {
|
||||
if ($server->node_id !== $node) {
|
||||
throw new RecordNotFoundException;
|
||||
}
|
||||
|
||||
if (! $user->root_admin && $server->owner_id !== $user->id) {
|
||||
$subuser = $this->subuserRepository->getWithPermissionsUsingUserAndServer($user->id, $server->id);
|
||||
$permissions = $subuser->getRelation('permissions')->pluck('permission')->toArray();
|
||||
|
||||
if (! in_array('access-sftp', $permissions)) {
|
||||
throw new RecordNotFoundException;
|
||||
}
|
||||
}
|
||||
|
||||
if ($server->installed !== 1 || $server->suspended) {
|
||||
throw new BadRequestHttpException;
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue