mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-25 18:42:31 +01:00
Fix more permissions checking
This commit is contained in:
parent
b996316d92
commit
b41e7ecf09
@ -221,4 +221,13 @@ class ServerPolicy
|
|||||||
return $user->permissions()->server($server)->permission('view-manage')->exists();
|
return $user->permissions()->server($server)->permission('view-manage')->exists();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function viewAllocation(User $user, Server $server)
|
||||||
|
{
|
||||||
|
if ($this->isOwner($user, $server)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->permissions()->server($server)->permission('view-allocation')->exists();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -193,9 +193,9 @@
|
|||||||
<div class="list-group">
|
<div class="list-group">
|
||||||
<a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.server_controls') }}</strong></a>
|
<a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.server_controls') }}</strong></a>
|
||||||
<a href="/server/{{ $server->uuidShort }}/" class="list-group-item server-index">{{ trans('pagination.sidebar.overview') }}</a>
|
<a href="/server/{{ $server->uuidShort }}/" class="list-group-item server-index">{{ trans('pagination.sidebar.overview') }}</a>
|
||||||
@can('list-files', Auth::user())<a href="/server/{{ $server->uuidShort }}/files" class="list-group-item server-files">{{ trans('pagination.sidebar.files') }}</a>@endcan
|
@can('list-files', $server)<a href="/server/{{ $server->uuidShort }}/files" class="list-group-item server-files">{{ trans('pagination.sidebar.files') }}</a>@endcan
|
||||||
@can('view-subusers', Auth::user())<a href="/server/{{ $server->uuidShort }}/users" class="list-group-item server-users">{{ trans('pagination.sidebar.subusers') }}</a>@endcan
|
@can('view-subusers', $server)<a href="/server/{{ $server->uuidShort }}/users" class="list-group-item server-users">{{ trans('pagination.sidebar.subusers') }}</a>@endcan
|
||||||
@can('view-manage', Auth::user())<a href="/server/{{ $server->uuidShort }}/settings" class="list-group-item server-settings">{{ trans('pagination.sidebar.manage') }}</a>@endcan
|
@can('view-manage', $server)<a href="/server/{{ $server->uuidShort }}/settings" class="list-group-item server-settings">{{ trans('pagination.sidebar.manage') }}</a>@endcan
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
@show
|
@show
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
<ul class="nav nav-tabs tabs_with_panel" id="config_tabs">
|
<ul class="nav nav-tabs tabs_with_panel" id="config_tabs">
|
||||||
<li id="triggerConsoleView" class="active"><a href="#console" data-toggle="tab">{{ trans('server.index.control') }}</a></li>
|
<li id="triggerConsoleView" class="active"><a href="#console" data-toggle="tab">{{ trans('server.index.control') }}</a></li>
|
||||||
<li><a href="#stats" data-toggle="tab">{{ trans('server.index.usage') }}</a></li>
|
<li><a href="#stats" data-toggle="tab">{{ trans('server.index.usage') }}</a></li>
|
||||||
@can('allocation', $server)<li><a href="#allocation" data-toggle="tab">{{ trans('server.index.allocation') }}</a></li>@endcan
|
@can('view-allocation', $server)<li><a href="#allocation" data-toggle="tab">{{ trans('server.index.allocation') }}</a></li>@endcan
|
||||||
</ul>
|
</ul>
|
||||||
<div class="tab-content">
|
<div class="tab-content">
|
||||||
<div class="tab-pane active" id="console">
|
<div class="tab-pane active" id="console">
|
||||||
@ -78,7 +78,7 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@can('allocation', $server)
|
@can('view-allocation', $server)
|
||||||
<div class="tab-pane" id="allocation">
|
<div class="tab-pane" id="allocation">
|
||||||
<div class="panel panel-default">
|
<div class="panel panel-default">
|
||||||
<div class="panel-heading"></div>
|
<div class="panel-heading"></div>
|
||||||
@ -384,7 +384,7 @@ $(window).load(function () {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@can('set-connection', $server)
|
@can('view-allocation', $server)
|
||||||
// Send Request
|
// Send Request
|
||||||
$('[data-action="set-connection"]').click(function (event) {
|
$('[data-action="set-connection"]').click(function (event) {
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
|
Loading…
Reference in New Issue
Block a user