StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't allow allocations to be deleted by users if no limit is defined; closes #3703

Browse source
This commit is contained in:
DaneEveritt 2022-05-07 15:05:28 -04:00
parent c751ce7f44
commit e88d24e0db
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
7 changed files with 68 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php
View file

@ -19,6 +19,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\Server $server */
[$user, $server] = $this->generateTestAccount($permission);
$server->update(['allocation_limit' => 2]);
/** @var \Pterodactyl\Models\Allocation $allocation */
$allocation = Allocation::factory()->create([
@ -60,6 +61,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\Server $server */
[$user, $server] = $this->generateTestAccount();
$server->update(['allocation_limit' => 2]);
$this->actingAs($user)->deleteJson($this->link($server->allocation))
->assertStatus(Response::HTTP_BAD_REQUEST)
@ -67,6 +69,22 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
->assertJsonPath('errors.0.detail', 'You cannot delete the primary allocation for this server.');
}
public function testAllocationCannotBeDeletedIfServerLimitIsNotDefined()
{
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Allocation $allocation */
$allocation = Allocation::factory()->forServer($server)->create(['notes' => 'Test notes']);
$this->actingAs($user)->deleteJson($this->link($allocation))
->assertStatus(400)
->assertJsonPath('errors.0.detail', 'You cannot delete allocations for this server: no allocation limit is set.');
$allocation->refresh();
$this->assertNotNull($allocation->notes);
$this->assertEquals($server->id, $allocation->server_id);
}
/**
* Test that an allocation cannot be deleted if it does not belong to the server instance.
*/

5
tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php
View file

@ -137,9 +137,4 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
{
return [[[]], [[Permission::ACTION_ALLOCATION_UPDATE]]];
}
public function deletePermissionsDataProvider()
{
return [[[]], [[Permission::ACTION_ALLOCATION_DELETE]]];
}
}