1
1
mirror of https://github.com/pterodactyl/panel.git synced 2024-11-23 01:22:30 +01:00

Fix display of navbar links to admins, closes #1920

This commit is contained in:
Dane Everitt 2020-04-17 10:21:15 -07:00
parent 4193c5f664
commit e969344f3b
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
8 changed files with 67 additions and 39 deletions

View File

@ -5,7 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Pterodactyl\Models\Server;
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest;
@ -16,16 +16,23 @@ class ServerController extends ClientApiController
*/
private $repository;
/**
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
*/
private $permissionsService;
/**
* ServerController constructor.
*
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
* @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
*/
public function __construct(SubuserRepository $repository)
public function __construct(GetUserPermissionsService $permissionsService, SubuserRepository $repository)
{
parent::__construct();
$this->repository = $repository;
$this->permissionsService = $permissionsService;
}
/**
@ -38,20 +45,11 @@ class ServerController extends ClientApiController
*/
public function index(GetServerRequest $request, Server $server): array
{
try {
$permissions = $this->repository->findFirstWhere([
'server_id' => $server->id,
'user_id' => $request->user()->id,
])->permissions;
} catch (RecordNotFoundException $exception) {
$permissions = [];
}
return $this->fractal->item($server)
->transformWith($this->getTransformer(ServerTransformer::class))
->addMeta([
'is_server_owner' => $request->user()->id === $server->owner_id,
'user_permissions' => $permissions,
'user_permissions' => $this->permissionsService->handle($server, $request->user()),
])
->toArray();
}

View File

@ -123,6 +123,6 @@ class SubuserController extends ClientApiController
*/
protected function getDefaultPermissions(Request $request): array
{
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.*']));
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.connect']));
}
}

View File

@ -5,13 +5,13 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\CarbonImmutable;
use Illuminate\Http\Response;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission;
use Illuminate\Contracts\Cache\Repository;
use Pterodactyl\Services\Nodes\NodeJWTService;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
class WebsocketController extends ClientApiController
@ -26,18 +26,28 @@ class WebsocketController extends ClientApiController
*/
private $jwtService;
/**
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
*/
private $permissionsService;
/**
* WebsocketController constructor.
*
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
* @param \Illuminate\Contracts\Cache\Repository $cache
*/
public function __construct(NodeJWTService $jwtService, Repository $cache)
{
public function __construct(
NodeJWTService $jwtService,
GetUserPermissionsService $permissionsService,
Repository $cache
) {
parent::__construct();
$this->cache = $cache;
$this->jwtService = $jwtService;
$this->permissionsService = $permissionsService;
}
/**
@ -53,32 +63,16 @@ class WebsocketController extends ClientApiController
public function __invoke(ClientApiRequest $request, Server $server)
{
$user = $request->user();
if ($user->cannot(Permission::ACTION_WEBSOCKET, $server)) {
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.');
}
if ($user->root_admin || $user->id === $server->owner_id) {
$permissions = ['*'];
if ($user->root_admin) {
$permissions[] = 'admin.errors';
$permissions[] = 'admin.install';
}
} else {
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
$subuserPermissions = $server->subusers->first(function (Subuser $subuser) use ($user) {
return $subuser->user_id === $user->id;
});
$permissions = $subuserPermissions ? $subuserPermissions->permissions : [];
}
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([
'user_id' => $request->user()->id,
'server_uuid' => $server->uuid,
'permissions' => $permissions ?? [],
'permissions' => $this->permissionsService->handle($server, $user),
])
->handle($server->node, $user->id . $server->uuid);

View File

@ -15,7 +15,7 @@ class Permission extends Model
/**
* Constants defining different permissions available.
*/
const ACTION_WEBSOCKET = 'websocket.*';
const ACTION_WEBSOCKET_CONNECT = 'websocket.connect';
const ACTION_CONTROL_CONSOLE = 'control.console';
const ACTION_CONTROL_START = 'control.start';
const ACTION_CONTROL_STOP = 'control.stop';
@ -105,7 +105,7 @@ class Permission extends Model
'websocket' => [
'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',
'keys' => [
'*' => 'Gives user full read access to the websocket.',
'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',
],
],

View File

@ -0,0 +1,37 @@
<?php
namespace Pterodactyl\Services\Servers;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
class GetUserPermissionsService
{
/**
* Returns the server specific permissions that a user has. This checks
* if they are an admin or a subuser for the server. If no permissions are
* found, an empty array is returned.
*
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\User $user
* @return string[]
*/
public function handle(Server $server, User $user)
{
if ($user->root_admin || $user->id === $server->owner_id) {
$permissions = ['*'];
if ($user->root_admin) {
$permissions[] = 'admin.websocket.errors';
$permissions[] = 'admin.websocket.install';
}
return $permissions;
}
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
$subuserPermissions = $server->subusers->where('user_id', $user->id)->first();
return $subuserPermissions ? $subuserPermissions->permissions : [];
}
}

View File

@ -47,7 +47,7 @@ export default ({ subuser }: Props) => {
</div>
<div className={'ml-4'}>
<p className={'font-medium text-center'}>
{subuser.permissions.filter(permission => permission !== 'websocket.*').length}
{subuser.permissions.filter(permission => permission !== 'websocket.connect').length}
</p>
<p className={'text-2xs text-neutral-500 uppercase'}>Permissions</p>
</div>

View File

@ -15,7 +15,6 @@ export const usePermissions = (action: string | string[]): boolean[] => {
// will return if the user has any permission under the file.XYZ namespace.
(
permission.endsWith('.*') &&
permission !== 'websocket.*' &&
userPermissions.filter(p => p.startsWith(permission.split('.')[0])).length > 0
) ||
// Otherwise just check if the entire permission exists in the array or not.

View File

@ -1,7 +1,7 @@
import { action, Action } from 'easy-peasy';
export type SubuserPermission =
'websocket.*' |
'websocket.connect' |
'control.console' | 'control.start' | 'control.stop' | 'control.restart' |
'user.create' | 'user.read' | 'user.update' | 'user.delete' |
'file.create' | 'file.read' | 'file.update' | 'file.delete' | 'file.archive' | 'file.sftp' |