Remove api permissions table

This commit is contained in:
Dane Everitt 2018-01-14 12:05:18 -06:00
parent b566630311
commit 7aa540b895
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
12 changed files with 17 additions and 449 deletions

View File

@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Base;
use Illuminate\Http\Request;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Api\KeyCreationService;
use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
@ -65,12 +64,6 @@ class APIController extends Controller
*/
public function create(Request $request)
{
return view('base.api.new', [
'permissions' => [
'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
'admin' => ! $request->user()->root_admin ? null : collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
],
]);
}
/**

View File

@ -1,126 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Models;
use Sofa\Eloquence\Eloquence;
use Sofa\Eloquence\Validable;
use Illuminate\Database\Eloquent\Model;
use Sofa\Eloquence\Contracts\CleansAttributes;
use Sofa\Eloquence\Contracts\Validable as ValidableContract;
class APIPermission extends Model implements CleansAttributes, ValidableContract
{
use Eloquence, Validable;
/**
* List of permissions available for the API.
*/
const CONST_PERMISSIONS = [
// Items within this block are available to non-adminitrative users.
'_user' => [
'server' => [
'list',
'view',
'power',
'command',
],
],
// All other pemissions below are administrative actions.
'server' => [
'list',
'create',
'view',
'edit-details',
'edit-container',
'edit-build',
'edit-startup',
'suspend',
'install',
'rebuild',
'delete',
],
'location' => [
'list',
],
'node' => [
'list',
'view',
'view-config',
'create',
'delete',
],
'user' => [
'list',
'view',
'create',
'edit',
'delete',
],
'service' => [
'list',
'view',
],
'option' => [
'list',
'view',
],
'pack' => [
'list',
'view',
],
];
/**
* The table associated with the model.
*
* @var string
*/
protected $table = 'api_permissions';
/**
* Fields that are not mass assignable.
*
* @var array
*/
protected $guarded = ['id'];
/**
* Cast values to correct type.
*
* @var array
*/
protected $casts = [
'key_id' => 'integer',
];
protected static $dataIntegrityRules = [
'key_id' => 'required|numeric',
'permission' => 'required|string|max:200',
];
/**
* Disable timestamps for this table.
*
* @var bool
*/
public $timestamps = false;
/**
* Return permissions for API.
*
* @return array
* @deprecated
*/
public static function permissions()
{
return [];
}
}

View File

@ -1,57 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Policies;
use Cache;
use Carbon;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey as Key;
class APIKeyPolicy
{
/**
* Checks if the API key has permission to perform an action.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @param string $permission
* @return bool
*/
protected function checkPermission(User $user, Key $key, $permission)
{
// Non-administrative users cannot use administrative routes.
if (! starts_with($key, 'user.') && ! $user->root_admin) {
return false;
}
// We don't tag this cache key with the user uuid because the key is already unique,
// and multiple users are not defiend for a single key.
$permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
return $key->permissions()->get()->transform(function ($item) {
return $item->permission;
})->values();
});
return $permissions->setSearchTerm($permission, true) !== false;
}
/**
* Determine if a user has permission to perform this action against the system.
*
* @param \Pterodactyl\Models\User $user
* @param string $permission
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function before(User $user, $permission, Key $key)
{
return $this->checkPermission($user, $key, $permission);
}
}

View File

@ -13,7 +13,6 @@ class AuthServiceProvider extends ServiceProvider
*/
protected $policies = [
'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy',
'Pterodactyl\Models\APIKey' => 'Pterodactyl\Policies\APIKeyPolicy',
];
/**

View File

@ -1,11 +1,4 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Providers;
@ -39,7 +32,6 @@ use Pterodactyl\Contracts\Repository\PackRepositoryInterface;
use Pterodactyl\Contracts\Repository\TaskRepositoryInterface;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
use Pterodactyl\Repositories\Eloquent\DatabaseHostRepository;
use Pterodactyl\Repositories\Eloquent\ApiPermissionRepository;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Pterodactyl\Repositories\Eloquent\ServerVariableRepository;
@ -56,7 +48,6 @@ use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
use Pterodactyl\Contracts\Repository\Daemon\PowerRepositoryInterface;
use Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface;
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
use Pterodactyl\Contracts\Repository\Daemon\CommandRepositoryInterface;
use Pterodactyl\Contracts\Repository\ServerVariableRepositoryInterface;
use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface;
@ -73,7 +64,6 @@ class RepositoryServiceProvider extends ServiceProvider
// Eloquent Repositories
$this->app->bind(AllocationRepositoryInterface::class, AllocationRepository::class);
$this->app->bind(ApiKeyRepositoryInterface::class, ApiKeyRepository::class);
$this->app->bind(ApiPermissionRepositoryInterface::class, ApiPermissionRepository::class);
$this->app->bind(DaemonKeyRepositoryInterface::class, DaemonKeyRepository::class);
$this->app->bind(DatabaseRepositoryInterface::class, DatabaseRepository::class);
$this->app->bind(DatabaseHostRepositoryInterface::class, DatabaseHostRepository::class);
@ -93,21 +83,11 @@ class RepositoryServiceProvider extends ServiceProvider
$this->app->bind(TaskRepositoryInterface::class, TaskRepository::class);
$this->app->bind(UserRepositoryInterface::class, UserRepository::class);
$this->app->alias(SettingsRepositoryInterface::class, 'settings');
// Daemon Repositories
if ($this->app->make('config')->get('pterodactyl.daemon.use_new_daemon')) {
$this->app->bind(ConfigurationRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ConfigurationRepository::class);
$this->app->bind(CommandRepositoryInterface::class, \Pterodactyl\Repositories\Wings\CommandRepository::class);
$this->app->bind(DaemonServerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ServerRepository::class);
$this->app->bind(FileRepositoryInterface::class, \Pterodactyl\Repositories\Wings\FileRepository::class);
$this->app->bind(PowerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\PowerRepository::class);
} else {
$this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
$this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
$this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
$this->app->bind(FileRepositoryInterface::class, FileRepository::class);
$this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
}
$this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
$this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
$this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
$this->app->bind(FileRepositoryInterface::class, FileRepository::class);
$this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
}
}

View File

@ -1,19 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Eloquent;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
class ApiPermissionRepository extends EloquentRepository implements ApiPermissionRepositoryInterface
{
/**
* Return the model backing this repository.
*
* @return string
*/
public function model()
{
return APIPermission::class;
}
}

View File

@ -1,58 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Api;
use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
class PermissionService
{
/**
* @var \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface
*/
protected $repository;
/**
* ApiPermissionService constructor.
*
* @param \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface $repository
*/
public function __construct(ApiPermissionRepositoryInterface $repository)
{
$this->repository = $repository;
}
/**
* Store a permission key in the database.
*
* @param string $key
* @param string $permission
* @return bool
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
*/
public function create($key, $permission)
{
// @todo handle an array of permissions to do a mass assignment?
return $this->repository->withoutFreshModel()->create([
'key_id' => $key,
'permission' => $permission,
]);
}
/**
* Return all of the permissions available for an API Key.
*
* @return array
*/
public function getPermissions()
{
return $this->repository->getModel()::CONST_PERMISSIONS;
}
}

View File

@ -13,6 +13,8 @@ class AddApiKeyPermissionColumns extends Migration
*/
public function up()
{
Schema::dropIfExists('api_permissions');
Schema::table('api_keys', function (Blueprint $table) {
$table->unsignedTinyInteger('r_servers')->default(0);
$table->unsignedTinyInteger('r_nodes')->default(0);
@ -33,6 +35,14 @@ class AddApiKeyPermissionColumns extends Migration
*/
public function down()
{
Schema::create('api_permissions', function (Blueprint $table) {
$table->increments('id');
$table->unsignedInteger('key_id');
$table->string('permission');
$table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade');
});
Schema::table('api_keys', function (Blueprint $table) {
$table->dropColumn([
'r_servers',

View File

@ -25,15 +25,6 @@ class SetupTableForKeyEncryption extends Migration
Schema::table('api_keys', function (Blueprint $table) {
$table->text('token')->change();
});
DB::transaction(function () {
foreach (DB::table('api_keys')->cursor() as $key) {
DB::table('api_keys')->where('id', $key->id)->update([
'identifier' => str_random(16),
'token' => Crypt::encrypt($key->token),
]);
}
});
}
/**
@ -45,15 +36,6 @@ class SetupTableForKeyEncryption extends Migration
*/
public function down()
{
/* @var \Pterodactyl\Models\APIKey $key */
DB::transaction(function () {
foreach (DB::table('api_keys')->cursor() as $key) {
DB::table('api_keys')->where('id', $key->id)->update([
'token' => Crypt::decrypt($key->token),
]);
}
});
Schema::table('api_keys', function (Blueprint $table) {
$table->dropColumn('identifier');
$table->string('token', 32)->unique()->change();

View File

@ -14,6 +14,7 @@ class AddLastUsedAtColumn extends Migration
public function up()
{
Schema::table('api_keys', function (Blueprint $table) {
$table->unsignedTinyInteger('key_type')->after('user_id')->default(0);
$table->timestamp('last_used_at')->after('memo')->nullable();
$table->dropColumn('expires_at');
});
@ -28,7 +29,7 @@ class AddLastUsedAtColumn extends Migration
{
Schema::table('api_keys', function (Blueprint $table) {
$table->timestamp('expires_at')->after('memo')->nullable();
$table->dropColumn('last_used_at');
$table->dropColumn('last_used_at', 'key_type');
});
}
}

View File

@ -1,8 +1,3 @@
{{-- Pterodactyl - Panel --}}
{{-- Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com> --}}
{{-- This software is licensed under the terms of the MIT license. --}}
{{-- https://opensource.org/licenses/MIT --}}
@extends('layouts.master')
@section('title')
@ -69,64 +64,5 @@
</div>
</div>
</div>
<div class="row">
@foreach($permissions['user'] as $block => $perms)
<div class="col-sm-12">
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">@lang('base.api.permissions.user.' . $block . '_header')</h3>
</div>
<div class="box-body">
@foreach($perms as $permission)
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="{{ 'user.' . $block . '-' . $permission }}" name="permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
<label for="{{ 'user.' . $block . '-' . $permission }}" class="strong">
@lang('base.api.permissions.user.' . $block . '.' . $permission . '.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.permissions.user.' . $block . '.' . $permission . '.desc')</p>
</div>
@endforeach
</div>
</div>
</div>
@if ($loop->iteration % 2 === 0)
<div class="clearfix visible-lg-block visible-md-block visible-sm-block"></div>
@endif
@endforeach
</div>
@if(Auth::user()->root_admin)
<div class="row">
@foreach($permissions['admin'] as $block => $perms)
<div class="col-lg-4 col-sm-6">
<div class="box box-danger">
<div class="box-header with-border">
<h3 class="box-title">@lang('base.api.permissions.admin.' . $block . '_header')</h3>
</div>
<div class="box-body">
@foreach($perms as $permission)
<div class="form-group">
<div class="checkbox {{ $permission === 'delete' ? 'checkbox-danger' : 'checkbox-primary' }} no-margin-bottom">
<input id="{{ $block . '-' . $permission }}" name="admin_permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
<label for="{{ $block . '-' . $permission }}" class="strong">
@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.desc')</p>
</div>
@endforeach
</div>
</div>
</div>
@if ($loop->iteration % 3 === 0)
<div class="clearfix visible-lg-block"></div>
@endif
@if ($loop->iteration % 2 === 0)
<div class="clearfix visible-md-block visible-sm-block"></div>
@endif
@endforeach
</div>
@endif
</form>
@endsection

View File

@ -1,73 +0,0 @@
swagger: "2.0"
info:
version: 1.0.0
title: Pterodactyl Admin API Reference
description: Pterodactyl Panel API Documentation
contact:
name: Dane Everitt
url: https://pterodactyl.io
email: support@pterodactyl.io
license:
name: MIT
host: example.com
basePath: /api/admin
schemes:
- http
- https
consumes:
- application/vnd.pterodactyl.v1+json
produces:
- application/json
paths:
/users:
get:
description: |
Returns all users that exist on the Panel.
operationId: findUsers
responses:
"200":
description: OK
schema:
type: object
required: ["data"]
properties:
data:
type: array
items:
$ref: '#/definitions/User'
properties:
id:
type: integer
attributes:
type: object
definitions:
User:
allOf:
- required:
- email
- username
- uuid
properties:
external_id:
type: string
uuid:
type: string
email:
type: string
username:
type: string
name_first:
type: string
name_last:
type: string
language:
type: string
root_admin:
type: boolean
use_totp:
type: boolean
updated_at:
type: string
created_at:
type: string