StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[Security] Don't return all servers on the system when not a root admin and admin level servers are requested

Browse source 
Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug.

If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely.
This commit is contained in:
Dane Everitt 2020-07-26 10:43:46 -07:00
parent 24db6d9128
commit f0ac0725b6
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
6 changed files with 84 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/Models/User.php
View file

@ -57,11 +57,6 @@ class User extends Model implements
const USER_LEVEL_USER = 0;
const USER_LEVEL_ADMIN = 1;
const FILTER_LEVEL_ALL = 0;
const FILTER_LEVEL_OWNER = 1;
const FILTER_LEVEL_ADMIN = 2;
const FILTER_LEVEL_SUBUSER = 3;
/**
* The resource name for this model when it is transformed into an
* API representation using fractal.