forked from Alex/Pterodactyl-Panel
Remove api permissions table
This commit is contained in:
parent
b566630311
commit
7aa540b895
@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Base;
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
use Prologue\Alerts\AlertsMessageBag;
|
||||
use Pterodactyl\Models\APIPermission;
|
||||
use Pterodactyl\Http\Controllers\Controller;
|
||||
use Pterodactyl\Services\Api\KeyCreationService;
|
||||
use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
|
||||
@ -65,12 +64,6 @@ class APIController extends Controller
|
||||
*/
|
||||
public function create(Request $request)
|
||||
{
|
||||
return view('base.api.new', [
|
||||
'permissions' => [
|
||||
'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
|
||||
'admin' => ! $request->user()->root_admin ? null : collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,126 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Models;
|
||||
|
||||
use Sofa\Eloquence\Eloquence;
|
||||
use Sofa\Eloquence\Validable;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Sofa\Eloquence\Contracts\CleansAttributes;
|
||||
use Sofa\Eloquence\Contracts\Validable as ValidableContract;
|
||||
|
||||
class APIPermission extends Model implements CleansAttributes, ValidableContract
|
||||
{
|
||||
use Eloquence, Validable;
|
||||
|
||||
/**
|
||||
* List of permissions available for the API.
|
||||
*/
|
||||
const CONST_PERMISSIONS = [
|
||||
// Items within this block are available to non-adminitrative users.
|
||||
'_user' => [
|
||||
'server' => [
|
||||
'list',
|
||||
'view',
|
||||
'power',
|
||||
'command',
|
||||
],
|
||||
],
|
||||
|
||||
// All other pemissions below are administrative actions.
|
||||
'server' => [
|
||||
'list',
|
||||
'create',
|
||||
'view',
|
||||
'edit-details',
|
||||
'edit-container',
|
||||
'edit-build',
|
||||
'edit-startup',
|
||||
'suspend',
|
||||
'install',
|
||||
'rebuild',
|
||||
'delete',
|
||||
],
|
||||
'location' => [
|
||||
'list',
|
||||
],
|
||||
'node' => [
|
||||
'list',
|
||||
'view',
|
||||
'view-config',
|
||||
'create',
|
||||
'delete',
|
||||
],
|
||||
'user' => [
|
||||
'list',
|
||||
'view',
|
||||
'create',
|
||||
'edit',
|
||||
'delete',
|
||||
],
|
||||
'service' => [
|
||||
'list',
|
||||
'view',
|
||||
],
|
||||
'option' => [
|
||||
'list',
|
||||
'view',
|
||||
],
|
||||
'pack' => [
|
||||
'list',
|
||||
'view',
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* The table associated with the model.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $table = 'api_permissions';
|
||||
|
||||
/**
|
||||
* Fields that are not mass assignable.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected $guarded = ['id'];
|
||||
|
||||
/**
|
||||
* Cast values to correct type.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected $casts = [
|
||||
'key_id' => 'integer',
|
||||
];
|
||||
|
||||
protected static $dataIntegrityRules = [
|
||||
'key_id' => 'required|numeric',
|
||||
'permission' => 'required|string|max:200',
|
||||
];
|
||||
|
||||
/**
|
||||
* Disable timestamps for this table.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
public $timestamps = false;
|
||||
|
||||
/**
|
||||
* Return permissions for API.
|
||||
*
|
||||
* @return array
|
||||
* @deprecated
|
||||
*/
|
||||
public static function permissions()
|
||||
{
|
||||
return [];
|
||||
}
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Policies;
|
||||
|
||||
use Cache;
|
||||
use Carbon;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\APIKey as Key;
|
||||
|
||||
class APIKeyPolicy
|
||||
{
|
||||
/**
|
||||
* Checks if the API key has permission to perform an action.
|
||||
*
|
||||
* @param \Pterodactyl\Models\User $user
|
||||
* @param \Pterodactyl\Models\APIKey $key
|
||||
* @param string $permission
|
||||
* @return bool
|
||||
*/
|
||||
protected function checkPermission(User $user, Key $key, $permission)
|
||||
{
|
||||
// Non-administrative users cannot use administrative routes.
|
||||
if (! starts_with($key, 'user.') && ! $user->root_admin) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We don't tag this cache key with the user uuid because the key is already unique,
|
||||
// and multiple users are not defiend for a single key.
|
||||
$permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
|
||||
return $key->permissions()->get()->transform(function ($item) {
|
||||
return $item->permission;
|
||||
})->values();
|
||||
});
|
||||
|
||||
return $permissions->setSearchTerm($permission, true) !== false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a user has permission to perform this action against the system.
|
||||
*
|
||||
* @param \Pterodactyl\Models\User $user
|
||||
* @param string $permission
|
||||
* @param \Pterodactyl\Models\APIKey $key
|
||||
* @return bool
|
||||
*/
|
||||
public function before(User $user, $permission, Key $key)
|
||||
{
|
||||
return $this->checkPermission($user, $key, $permission);
|
||||
}
|
||||
}
|
@ -13,7 +13,6 @@ class AuthServiceProvider extends ServiceProvider
|
||||
*/
|
||||
protected $policies = [
|
||||
'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy',
|
||||
'Pterodactyl\Models\APIKey' => 'Pterodactyl\Policies\APIKeyPolicy',
|
||||
];
|
||||
|
||||
/**
|
||||
|
@ -1,11 +1,4 @@
|
||||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Providers;
|
||||
|
||||
@ -39,7 +32,6 @@ use Pterodactyl\Contracts\Repository\PackRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\TaskRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
||||
use Pterodactyl\Repositories\Eloquent\DatabaseHostRepository;
|
||||
use Pterodactyl\Repositories\Eloquent\ApiPermissionRepository;
|
||||
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Pterodactyl\Repositories\Eloquent\ServerVariableRepository;
|
||||
@ -56,7 +48,6 @@ use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\Daemon\PowerRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\Daemon\CommandRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\ServerVariableRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface;
|
||||
@ -73,7 +64,6 @@ class RepositoryServiceProvider extends ServiceProvider
|
||||
// Eloquent Repositories
|
||||
$this->app->bind(AllocationRepositoryInterface::class, AllocationRepository::class);
|
||||
$this->app->bind(ApiKeyRepositoryInterface::class, ApiKeyRepository::class);
|
||||
$this->app->bind(ApiPermissionRepositoryInterface::class, ApiPermissionRepository::class);
|
||||
$this->app->bind(DaemonKeyRepositoryInterface::class, DaemonKeyRepository::class);
|
||||
$this->app->bind(DatabaseRepositoryInterface::class, DatabaseRepository::class);
|
||||
$this->app->bind(DatabaseHostRepositoryInterface::class, DatabaseHostRepository::class);
|
||||
@ -93,21 +83,11 @@ class RepositoryServiceProvider extends ServiceProvider
|
||||
$this->app->bind(TaskRepositoryInterface::class, TaskRepository::class);
|
||||
$this->app->bind(UserRepositoryInterface::class, UserRepository::class);
|
||||
|
||||
$this->app->alias(SettingsRepositoryInterface::class, 'settings');
|
||||
|
||||
// Daemon Repositories
|
||||
if ($this->app->make('config')->get('pterodactyl.daemon.use_new_daemon')) {
|
||||
$this->app->bind(ConfigurationRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ConfigurationRepository::class);
|
||||
$this->app->bind(CommandRepositoryInterface::class, \Pterodactyl\Repositories\Wings\CommandRepository::class);
|
||||
$this->app->bind(DaemonServerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ServerRepository::class);
|
||||
$this->app->bind(FileRepositoryInterface::class, \Pterodactyl\Repositories\Wings\FileRepository::class);
|
||||
$this->app->bind(PowerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\PowerRepository::class);
|
||||
} else {
|
||||
$this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
|
||||
$this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
|
||||
$this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
|
||||
$this->app->bind(FileRepositoryInterface::class, FileRepository::class);
|
||||
$this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
|
||||
}
|
||||
$this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
|
||||
$this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
|
||||
$this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
|
||||
$this->app->bind(FileRepositoryInterface::class, FileRepository::class);
|
||||
$this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
|
||||
}
|
||||
}
|
||||
|
@ -1,19 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Pterodactyl\Repositories\Eloquent;
|
||||
|
||||
use Pterodactyl\Models\APIPermission;
|
||||
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
|
||||
|
||||
class ApiPermissionRepository extends EloquentRepository implements ApiPermissionRepositoryInterface
|
||||
{
|
||||
/**
|
||||
* Return the model backing this repository.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function model()
|
||||
{
|
||||
return APIPermission::class;
|
||||
}
|
||||
}
|
@ -1,58 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* This software is licensed under the terms of the MIT license.
|
||||
* https://opensource.org/licenses/MIT
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Services\Api;
|
||||
|
||||
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
|
||||
|
||||
class PermissionService
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface
|
||||
*/
|
||||
protected $repository;
|
||||
|
||||
/**
|
||||
* ApiPermissionService constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(ApiPermissionRepositoryInterface $repository)
|
||||
{
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a permission key in the database.
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $permission
|
||||
* @return bool
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
*/
|
||||
public function create($key, $permission)
|
||||
{
|
||||
// @todo handle an array of permissions to do a mass assignment?
|
||||
return $this->repository->withoutFreshModel()->create([
|
||||
'key_id' => $key,
|
||||
'permission' => $permission,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return all of the permissions available for an API Key.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getPermissions()
|
||||
{
|
||||
return $this->repository->getModel()::CONST_PERMISSIONS;
|
||||
}
|
||||
}
|
@ -13,6 +13,8 @@ class AddApiKeyPermissionColumns extends Migration
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::dropIfExists('api_permissions');
|
||||
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->unsignedTinyInteger('r_servers')->default(0);
|
||||
$table->unsignedTinyInteger('r_nodes')->default(0);
|
||||
@ -33,6 +35,14 @@ class AddApiKeyPermissionColumns extends Migration
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::create('api_permissions', function (Blueprint $table) {
|
||||
$table->increments('id');
|
||||
$table->unsignedInteger('key_id');
|
||||
$table->string('permission');
|
||||
|
||||
$table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade');
|
||||
});
|
||||
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->dropColumn([
|
||||
'r_servers',
|
||||
|
@ -25,15 +25,6 @@ class SetupTableForKeyEncryption extends Migration
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->text('token')->change();
|
||||
});
|
||||
|
||||
DB::transaction(function () {
|
||||
foreach (DB::table('api_keys')->cursor() as $key) {
|
||||
DB::table('api_keys')->where('id', $key->id)->update([
|
||||
'identifier' => str_random(16),
|
||||
'token' => Crypt::encrypt($key->token),
|
||||
]);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
@ -45,15 +36,6 @@ class SetupTableForKeyEncryption extends Migration
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
/* @var \Pterodactyl\Models\APIKey $key */
|
||||
DB::transaction(function () {
|
||||
foreach (DB::table('api_keys')->cursor() as $key) {
|
||||
DB::table('api_keys')->where('id', $key->id)->update([
|
||||
'token' => Crypt::decrypt($key->token),
|
||||
]);
|
||||
}
|
||||
});
|
||||
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->dropColumn('identifier');
|
||||
$table->string('token', 32)->unique()->change();
|
||||
|
@ -14,6 +14,7 @@ class AddLastUsedAtColumn extends Migration
|
||||
public function up()
|
||||
{
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->unsignedTinyInteger('key_type')->after('user_id')->default(0);
|
||||
$table->timestamp('last_used_at')->after('memo')->nullable();
|
||||
$table->dropColumn('expires_at');
|
||||
});
|
||||
@ -28,7 +29,7 @@ class AddLastUsedAtColumn extends Migration
|
||||
{
|
||||
Schema::table('api_keys', function (Blueprint $table) {
|
||||
$table->timestamp('expires_at')->after('memo')->nullable();
|
||||
$table->dropColumn('last_used_at');
|
||||
$table->dropColumn('last_used_at', 'key_type');
|
||||
});
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +1,3 @@
|
||||
{{-- Pterodactyl - Panel --}}
|
||||
{{-- Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com> --}}
|
||||
|
||||
{{-- This software is licensed under the terms of the MIT license. --}}
|
||||
{{-- https://opensource.org/licenses/MIT --}}
|
||||
@extends('layouts.master')
|
||||
|
||||
@section('title')
|
||||
@ -69,64 +64,5 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
@foreach($permissions['user'] as $block => $perms)
|
||||
<div class="col-sm-12">
|
||||
<div class="box box-primary">
|
||||
<div class="box-header with-border">
|
||||
<h3 class="box-title">@lang('base.api.permissions.user.' . $block . '_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
@foreach($perms as $permission)
|
||||
<div class="form-group">
|
||||
<div class="checkbox checkbox-primary no-margin-bottom">
|
||||
<input id="{{ 'user.' . $block . '-' . $permission }}" name="permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
|
||||
<label for="{{ 'user.' . $block . '-' . $permission }}" class="strong">
|
||||
@lang('base.api.permissions.user.' . $block . '.' . $permission . '.title')
|
||||
</label>
|
||||
</div>
|
||||
<p class="text-muted small">@lang('base.api.permissions.user.' . $block . '.' . $permission . '.desc')</p>
|
||||
</div>
|
||||
@endforeach
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@if ($loop->iteration % 2 === 0)
|
||||
<div class="clearfix visible-lg-block visible-md-block visible-sm-block"></div>
|
||||
@endif
|
||||
@endforeach
|
||||
</div>
|
||||
@if(Auth::user()->root_admin)
|
||||
<div class="row">
|
||||
@foreach($permissions['admin'] as $block => $perms)
|
||||
<div class="col-lg-4 col-sm-6">
|
||||
<div class="box box-danger">
|
||||
<div class="box-header with-border">
|
||||
<h3 class="box-title">@lang('base.api.permissions.admin.' . $block . '_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
@foreach($perms as $permission)
|
||||
<div class="form-group">
|
||||
<div class="checkbox {{ $permission === 'delete' ? 'checkbox-danger' : 'checkbox-primary' }} no-margin-bottom">
|
||||
<input id="{{ $block . '-' . $permission }}" name="admin_permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
|
||||
<label for="{{ $block . '-' . $permission }}" class="strong">
|
||||
@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.title')
|
||||
</label>
|
||||
</div>
|
||||
<p class="text-muted small">@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.desc')</p>
|
||||
</div>
|
||||
@endforeach
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@if ($loop->iteration % 3 === 0)
|
||||
<div class="clearfix visible-lg-block"></div>
|
||||
@endif
|
||||
@if ($loop->iteration % 2 === 0)
|
||||
<div class="clearfix visible-md-block visible-sm-block"></div>
|
||||
@endif
|
||||
@endforeach
|
||||
</div>
|
||||
@endif
|
||||
</form>
|
||||
@endsection
|
||||
|
@ -1,73 +0,0 @@
|
||||
swagger: "2.0"
|
||||
info:
|
||||
version: 1.0.0
|
||||
title: Pterodactyl Admin API Reference
|
||||
description: Pterodactyl Panel API Documentation
|
||||
contact:
|
||||
name: Dane Everitt
|
||||
url: https://pterodactyl.io
|
||||
email: support@pterodactyl.io
|
||||
license:
|
||||
name: MIT
|
||||
host: example.com
|
||||
basePath: /api/admin
|
||||
schemes:
|
||||
- http
|
||||
- https
|
||||
consumes:
|
||||
- application/vnd.pterodactyl.v1+json
|
||||
produces:
|
||||
- application/json
|
||||
paths:
|
||||
/users:
|
||||
get:
|
||||
description: |
|
||||
Returns all users that exist on the Panel.
|
||||
operationId: findUsers
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
type: object
|
||||
required: ["data"]
|
||||
properties:
|
||||
data:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/definitions/User'
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
attributes:
|
||||
type: object
|
||||
definitions:
|
||||
User:
|
||||
allOf:
|
||||
- required:
|
||||
- email
|
||||
- username
|
||||
- uuid
|
||||
properties:
|
||||
external_id:
|
||||
type: string
|
||||
uuid:
|
||||
type: string
|
||||
email:
|
||||
type: string
|
||||
username:
|
||||
type: string
|
||||
name_first:
|
||||
type: string
|
||||
name_last:
|
||||
type: string
|
||||
language:
|
||||
type: string
|
||||
root_admin:
|
||||
type: boolean
|
||||
use_totp:
|
||||
type: boolean
|
||||
updated_at:
|
||||
type: string
|
||||
created_at:
|
||||
type: string
|
||||
|
Loading…
Reference in New Issue
Block a user