mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-23 09:32:29 +01:00
Compare commits
14 Commits
a301962275
...
b92b97557b
| Author | SHA1 | Date | |
|---|---|---|---|
|
b92b97557b | ||
|
90ae588721 | ||
|
|
955dd2796d | ||
|
0e17f6d324 | ||
|
|
2ef03baab8 | ||
|
|
5a22513f4c | ||
|
|
f0430fa7e8 | ||
|
|
db99ac5bd1 | ||
|
|
9f2b676005 | ||
|
|
bf15622d9c | ||
|
|
d8b48702ec | ||
|
|
95dd9e7f2d | ||
|
|
31871be7d3 | ||
|
|
0dd3f3b0a3 |
10
CHANGELOG.md
10
CHANGELOG.md
@ -3,6 +3,16 @@ This file is a running track of new features and fixes to each version of the pa
|
||||
|
||||
This project follows [Semantic Versioning](http://semver.org) guidelines.
|
||||
|
||||
## v1.11.10
|
||||
|
||||
### BREAKING
|
||||
|
||||
* Minimum PHP verion is now 8.2 due to Laravel upgrade!
|
||||
|
||||
### Fixed
|
||||
|
||||
* Update Laravel to address [CVE-2024-52301](https://github.com/advisories/GHSA-gv7v-rgg6-548h)
|
||||
|
||||
## v1.11.9
|
||||
|
||||
### Fixed
|
||||
|
||||
@ -67,7 +67,21 @@ abstract class SubuserRequest extends ClientApiRequest
|
||||
/** @var GetUserPermissionsService $service */
|
||||
$service = $this->container->make(GetUserPermissionsService::class);
|
||||
|
||||
if (count(array_diff($permissions, $service->handle($server, $user))) > 0) {
|
||||
$subuser = $this->route()->parameter('user');
|
||||
|
||||
$modifiedPermissions = $permissions;
|
||||
|
||||
if (!is_null($subuser)) {
|
||||
$currentPermissions = $service->handle($server, $subuser);
|
||||
|
||||
$addedPermissions = array_diff($permissions, $currentPermissions);
|
||||
$removedPermissions = array_diff($currentPermissions, $permissions);
|
||||
|
||||
$modifiedPermissions = array_merge($addedPermissions, $removedPermissions);
|
||||
}
|
||||
|
||||
// Checks if user has all the permissions they are modifying on the Subuser
|
||||
if (count(array_intersect($service->handle($server, $user), $modifiedPermissions)) !== count($modifiedPermissions)) {
|
||||
throw new HttpForbiddenException('Cannot assign permissions to a subuser that your account does not actively possess.');
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
"guzzlehttp/guzzle": "~7.9.2",
|
||||
"hashids/hashids": "~5.0.2",
|
||||
"laracasts/utilities": "~3.2.3",
|
||||
"laravel/framework": "~11.28.1",
|
||||
"laravel/framework": "~11.31.0",
|
||||
"laravel/helpers": "~1.7.0",
|
||||
"laravel/sanctum": "~4.0.3",
|
||||
"laravel/tinker": "~2.10.0",
|
||||
|
||||
541
composer.lock
generated
541
composer.lock
generated
File diff suppressed because it is too large
Load Diff
@ -34,6 +34,10 @@ const checkboxStyle = css<Props>`
|
||||
${tw`outline-none border-primary-300`};
|
||||
box-shadow: 0 0 0 1px rgba(9, 103, 210, 0.25);
|
||||
}
|
||||
|
||||
&:disabled {
|
||||
${tw`opacity-50 cursor-default border-transparent`};
|
||||
}
|
||||
`;
|
||||
|
||||
const inputStyle = css<Props>`
|
||||
|
||||
@ -144,6 +144,7 @@ const EditSubuserModal = ({ subuser }: Props) => {
|
||||
title={key}
|
||||
isEditable={canEditUser}
|
||||
permissions={Object.keys(permissions[key].keys).map((pkey) => `${key}.${pkey}`)}
|
||||
editablePermissions={editablePermissions.filter((p) => p.startsWith(key))}
|
||||
css={index > 0 ? tw`mt-4` : undefined}
|
||||
>
|
||||
<p css={tw`text-sm text-neutral-400 mb-4`}>{permissions[key].description}</p>
|
||||
|
||||
@ -9,18 +9,19 @@ interface Props {
|
||||
isEditable: boolean;
|
||||
title: string;
|
||||
permissions: string[];
|
||||
editablePermissions: string[];
|
||||
className?: string;
|
||||
}
|
||||
|
||||
const PermissionTitleBox: React.FC<Props> = memo(({ isEditable, title, permissions, className, children }) => {
|
||||
const PermissionTitleBox: React.FC<Props> = memo(({ isEditable, title, permissions, editablePermissions, className, children }) => {
|
||||
const [{ value }, , { setValue }] = useField<string[]>('permissions');
|
||||
|
||||
const onCheckboxClicked = useCallback(
|
||||
(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
if (e.currentTarget.checked) {
|
||||
setValue([...value, ...permissions.filter((p) => !value.includes(p))]);
|
||||
setValue([...value, ...permissions.filter((p) => !value.includes(p) && editablePermissions.includes(p))]);
|
||||
} else {
|
||||
setValue(value.filter((p) => !permissions.includes(p)));
|
||||
setValue(value.filter((p) => !editablePermissions.includes(p)));
|
||||
}
|
||||
},
|
||||
[permissions, value]
|
||||
@ -34,8 +35,9 @@ const PermissionTitleBox: React.FC<Props> = memo(({ isEditable, title, permissio
|
||||
{isEditable && (
|
||||
<Input
|
||||
type={'checkbox'}
|
||||
checked={permissions.every((p) => value.includes(p))}
|
||||
checked={editablePermissions.every((p) => value.includes(p)) && value.find((p) => p.startsWith(title)) != null}
|
||||
onChange={onCheckboxClicked}
|
||||
disabled={editablePermissions.filter((p) => p.startsWith(title)).length === 0}
|
||||
/>
|
||||
)}
|
||||
</div>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user