From dfeed013ba940b945d655f70dbefea65139b8b06 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Thu, 20 Oct 2016 17:04:58 -0400 Subject: [PATCH] Server API obey's the subuser permissions as well --- app/Http/Controllers/API/User/ServerController.php | 5 ++++- app/Models/Server.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/API/User/ServerController.php b/app/Http/Controllers/API/User/ServerController.php index b29b4c9f8..613f90582 100644 --- a/app/Http/Controllers/API/User/ServerController.php +++ b/app/Http/Controllers/API/User/ServerController.php @@ -23,6 +23,7 @@ */ namespace Pterodactyl\Http\Controllers\API\User; +use Auth; use Log; use Pterodactyl\Models; use Illuminate\Http\Request; @@ -79,7 +80,7 @@ class ServerController extends BaseController ], 'allocations' => $allocations, 'sftp' => [ - 'username' => $server->username + 'username' => (Auth::user()->can('view-sftp', $server)) ? $server->username : null ], 'daemon' => [ 'token' => ($request->secure()) ? $server->daemonSecret : false, @@ -94,6 +95,8 @@ class ServerController extends BaseController $node = Models\Node::getByID($server->node); $client = Models\Node::guzzleRequest($server->node); + Auth::user()->can('power-' . $request->input('action'), $server); + $res = $client->request('PUT', '/server/power', [ 'headers' => [ 'X-Access-Server' => $server->uuid, diff --git a/app/Models/Server.php b/app/Models/Server.php index bf18ddd7a..d9c2f958a 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -27,7 +27,7 @@ use Auth; use Pterodactyl\Models\Subuser; use Illuminate\Database\Eloquent\Model; -use Pterodactyl\Exception\DisplayException; +use Pterodactyl\Exceptions\DisplayException; class Server extends Model {