mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-23 01:22:30 +01:00
Fix display of navbar links to admins, closes #1920
This commit is contained in:
parent
4193c5f664
commit
e969344f3b
@ -5,7 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
|
||||
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest;
|
||||
|
||||
@ -16,16 +16,23 @@ class ServerController extends ClientApiController
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
|
||||
*/
|
||||
private $permissionsService;
|
||||
|
||||
/**
|
||||
* ServerController constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
||||
* @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
|
||||
*/
|
||||
public function __construct(SubuserRepository $repository)
|
||||
public function __construct(GetUserPermissionsService $permissionsService, SubuserRepository $repository)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->repository = $repository;
|
||||
$this->permissionsService = $permissionsService;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -38,20 +45,11 @@ class ServerController extends ClientApiController
|
||||
*/
|
||||
public function index(GetServerRequest $request, Server $server): array
|
||||
{
|
||||
try {
|
||||
$permissions = $this->repository->findFirstWhere([
|
||||
'server_id' => $server->id,
|
||||
'user_id' => $request->user()->id,
|
||||
])->permissions;
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
$permissions = [];
|
||||
}
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->addMeta([
|
||||
'is_server_owner' => $request->user()->id === $server->owner_id,
|
||||
'user_permissions' => $permissions,
|
||||
'user_permissions' => $this->permissionsService->handle($server, $request->user()),
|
||||
])
|
||||
->toArray();
|
||||
}
|
||||
|
@ -123,6 +123,6 @@ class SubuserController extends ClientApiController
|
||||
*/
|
||||
protected function getDefaultPermissions(Request $request): array
|
||||
{
|
||||
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.*']));
|
||||
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.connect']));
|
||||
}
|
||||
}
|
||||
|
@ -5,13 +5,13 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
||||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Illuminate\Contracts\Cache\Repository;
|
||||
use Pterodactyl\Services\Nodes\NodeJWTService;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
|
||||
class WebsocketController extends ClientApiController
|
||||
@ -26,18 +26,28 @@ class WebsocketController extends ClientApiController
|
||||
*/
|
||||
private $jwtService;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
|
||||
*/
|
||||
private $permissionsService;
|
||||
|
||||
/**
|
||||
* WebsocketController constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
|
||||
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
||||
* @param \Illuminate\Contracts\Cache\Repository $cache
|
||||
*/
|
||||
public function __construct(NodeJWTService $jwtService, Repository $cache)
|
||||
{
|
||||
public function __construct(
|
||||
NodeJWTService $jwtService,
|
||||
GetUserPermissionsService $permissionsService,
|
||||
Repository $cache
|
||||
) {
|
||||
parent::__construct();
|
||||
|
||||
$this->cache = $cache;
|
||||
$this->jwtService = $jwtService;
|
||||
$this->permissionsService = $permissionsService;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -53,32 +63,16 @@ class WebsocketController extends ClientApiController
|
||||
public function __invoke(ClientApiRequest $request, Server $server)
|
||||
{
|
||||
$user = $request->user();
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET, $server)) {
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
||||
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.');
|
||||
}
|
||||
|
||||
if ($user->root_admin || $user->id === $server->owner_id) {
|
||||
$permissions = ['*'];
|
||||
|
||||
if ($user->root_admin) {
|
||||
$permissions[] = 'admin.errors';
|
||||
$permissions[] = 'admin.install';
|
||||
}
|
||||
} else {
|
||||
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
|
||||
$subuserPermissions = $server->subusers->first(function (Subuser $subuser) use ($user) {
|
||||
return $subuser->user_id === $user->id;
|
||||
});
|
||||
|
||||
$permissions = $subuserPermissions ? $subuserPermissions->permissions : [];
|
||||
}
|
||||
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||
->setClaims([
|
||||
'user_id' => $request->user()->id,
|
||||
'server_uuid' => $server->uuid,
|
||||
'permissions' => $permissions ?? [],
|
||||
'permissions' => $this->permissionsService->handle($server, $user),
|
||||
])
|
||||
->handle($server->node, $user->id . $server->uuid);
|
||||
|
||||
|
@ -15,7 +15,7 @@ class Permission extends Model
|
||||
/**
|
||||
* Constants defining different permissions available.
|
||||
*/
|
||||
const ACTION_WEBSOCKET = 'websocket.*';
|
||||
const ACTION_WEBSOCKET_CONNECT = 'websocket.connect';
|
||||
const ACTION_CONTROL_CONSOLE = 'control.console';
|
||||
const ACTION_CONTROL_START = 'control.start';
|
||||
const ACTION_CONTROL_STOP = 'control.stop';
|
||||
@ -105,7 +105,7 @@ class Permission extends Model
|
||||
'websocket' => [
|
||||
'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',
|
||||
'keys' => [
|
||||
'*' => 'Gives user full read access to the websocket.',
|
||||
'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',
|
||||
],
|
||||
],
|
||||
|
||||
|
37
app/Services/Servers/GetUserPermissionsService.php
Normal file
37
app/Services/Servers/GetUserPermissionsService.php
Normal file
@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
namespace Pterodactyl\Services\Servers;
|
||||
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\Server;
|
||||
|
||||
class GetUserPermissionsService
|
||||
{
|
||||
/**
|
||||
* Returns the server specific permissions that a user has. This checks
|
||||
* if they are an admin or a subuser for the server. If no permissions are
|
||||
* found, an empty array is returned.
|
||||
*
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param \Pterodactyl\Models\User $user
|
||||
* @return string[]
|
||||
*/
|
||||
public function handle(Server $server, User $user)
|
||||
{
|
||||
if ($user->root_admin || $user->id === $server->owner_id) {
|
||||
$permissions = ['*'];
|
||||
|
||||
if ($user->root_admin) {
|
||||
$permissions[] = 'admin.websocket.errors';
|
||||
$permissions[] = 'admin.websocket.install';
|
||||
}
|
||||
|
||||
return $permissions;
|
||||
}
|
||||
|
||||
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
|
||||
$subuserPermissions = $server->subusers->where('user_id', $user->id)->first();
|
||||
|
||||
return $subuserPermissions ? $subuserPermissions->permissions : [];
|
||||
}
|
||||
}
|
@ -47,7 +47,7 @@ export default ({ subuser }: Props) => {
|
||||
</div>
|
||||
<div className={'ml-4'}>
|
||||
<p className={'font-medium text-center'}>
|
||||
{subuser.permissions.filter(permission => permission !== 'websocket.*').length}
|
||||
{subuser.permissions.filter(permission => permission !== 'websocket.connect').length}
|
||||
</p>
|
||||
<p className={'text-2xs text-neutral-500 uppercase'}>Permissions</p>
|
||||
</div>
|
||||
|
@ -15,7 +15,6 @@ export const usePermissions = (action: string | string[]): boolean[] => {
|
||||
// will return if the user has any permission under the file.XYZ namespace.
|
||||
(
|
||||
permission.endsWith('.*') &&
|
||||
permission !== 'websocket.*' &&
|
||||
userPermissions.filter(p => p.startsWith(permission.split('.')[0])).length > 0
|
||||
) ||
|
||||
// Otherwise just check if the entire permission exists in the array or not.
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { action, Action } from 'easy-peasy';
|
||||
|
||||
export type SubuserPermission =
|
||||
'websocket.*' |
|
||||
'websocket.connect' |
|
||||
'control.console' | 'control.start' | 'control.stop' | 'control.restart' |
|
||||
'user.create' | 'user.read' | 'user.update' | 'user.delete' |
|
||||
'file.create' | 'file.read' | 'file.update' | 'file.delete' | 'file.archive' | 'file.sftp' |
|
||||
|
Loading…
Reference in New Issue
Block a user