Fix display of navbar links to admins, closes #1920
This commit is contained in:
Dane Everitt
parent
4193c5f664
commit
e969344f3b
8 changed files with 67 additions and 39 deletions
|
|
@ -5,7 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
|||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
|
||||
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest;
|
||||
|
||||
|
|
@ -16,16 +16,23 @@ class ServerController extends ClientApiController
|
|||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
|
||||
*/
|
||||
private $permissionsService;
|
||||
|
||||
/**
|
||||
* ServerController constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
||||
* @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
|
||||
*/
|
||||
public function __construct(SubuserRepository $repository)
|
||||
public function __construct(GetUserPermissionsService $permissionsService, SubuserRepository $repository)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->repository = $repository;
|
||||
$this->permissionsService = $permissionsService;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -38,20 +45,11 @@ class ServerController extends ClientApiController
|
|||
*/
|
||||
public function index(GetServerRequest $request, Server $server): array
|
||||
{
|
||||
try {
|
||||
$permissions = $this->repository->findFirstWhere([
|
||||
'server_id' => $server->id,
|
||||
'user_id' => $request->user()->id,
|
||||
])->permissions;
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
$permissions = [];
|
||||
}
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->addMeta([
|
||||
'is_server_owner' => $request->user()->id === $server->owner_id,
|
||||
'user_permissions' => $permissions,
|
||||
'user_permissions' => $this->permissionsService->handle($server, $request->user()),
|
||||
])
|
||||
->toArray();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,6 +123,6 @@ class SubuserController extends ClientApiController
|
|||
*/
|
||||
protected function getDefaultPermissions(Request $request): array
|
||||
{
|
||||
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.*']));
|
||||
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.connect']));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
|||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Illuminate\Contracts\Cache\Repository;
|
||||
use Pterodactyl\Services\Nodes\NodeJWTService;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
|
||||
class WebsocketController extends ClientApiController
|
||||
|
|
@ -26,18 +26,28 @@ class WebsocketController extends ClientApiController
|
|||
*/
|
||||
private $jwtService;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
|
||||
*/
|
||||
private $permissionsService;
|
||||
|
||||
/**
|
||||
* WebsocketController constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
|
||||
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
||||
* @param \Illuminate\Contracts\Cache\Repository $cache
|
||||
*/
|
||||
public function __construct(NodeJWTService $jwtService, Repository $cache)
|
||||
{
|
||||
public function __construct(
|
||||
NodeJWTService $jwtService,
|
||||
GetUserPermissionsService $permissionsService,
|
||||
Repository $cache
|
||||
) {
|
||||
parent::__construct();
|
||||
|
||||
$this->cache = $cache;
|
||||
$this->jwtService = $jwtService;
|
||||
$this->permissionsService = $permissionsService;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -53,32 +63,16 @@ class WebsocketController extends ClientApiController
|
|||
public function __invoke(ClientApiRequest $request, Server $server)
|
||||
{
|
||||
$user = $request->user();
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET, $server)) {
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
||||
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.');
|
||||
}
|
||||
|
||||
if ($user->root_admin || $user->id === $server->owner_id) {
|
||||
$permissions = ['*'];
|
||||
|
||||
if ($user->root_admin) {
|
||||
$permissions[] = 'admin.errors';
|
||||
$permissions[] = 'admin.install';
|
||||
}
|
||||
} else {
|
||||
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
|
||||
$subuserPermissions = $server->subusers->first(function (Subuser $subuser) use ($user) {
|
||||
return $subuser->user_id === $user->id;
|
||||
});
|
||||
|
||||
$permissions = $subuserPermissions ? $subuserPermissions->permissions : [];
|
||||
}
|
||||
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||
->setClaims([
|
||||
'user_id' => $request->user()->id,
|
||||
'server_uuid' => $server->uuid,
|
||||
'permissions' => $permissions ?? [],
|
||||
'permissions' => $this->permissionsService->handle($server, $user),
|
||||
])
|
||||
->handle($server->node, $user->id . $server->uuid);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue