forked from Alex/Pterodactyl-Panel
Update calls to abstract class
This commit is contained in:
Dane Everitt
parent
e8474271b3
commit
e1089e0b73
@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\AccountApiRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
|
||||
use Pterodactyl\Transformers\Api\Client\PersonalAccessTokenTransformer;
|
||||
|
||||
@ -15,7 +16,7 @@ class ApiKeyController extends ClientApiController
|
||||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function index(ClientApiRequest $request): array
|
||||
public function index(AccountApiRequest $request): array
|
||||
{
|
||||
return $this->fractal->collection($request->user()->tokens)
|
||||
->transformWith($this->getTransformer(PersonalAccessTokenTransformer::class))
|
||||
@ -49,7 +50,7 @@ class ApiKeyController extends ClientApiController
|
||||
/**
|
||||
* Deletes a given API key.
|
||||
*/
|
||||
public function delete(ClientApiRequest $request, string $id): Response
|
||||
public function delete(AccountApiRequest $request, string $id): Response
|
||||
{
|
||||
$request->user()->tokens()->where('token_id', $id)->delete();
|
||||
|
||||
|
||||
@ -15,6 +15,7 @@ use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Pterodactyl\Exceptions\Service\ServiceLimitExceededException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\UpdateScheduleRequest;
|
||||
|
||||
class ScheduleTaskController extends ClientApiController
|
||||
{
|
||||
@ -101,18 +102,18 @@ class ScheduleTaskController extends ClientApiController
|
||||
* Delete a given task for a schedule. If there are subsequent tasks stored in the database
|
||||
* for this schedule their sequence IDs are decremented properly.
|
||||
*
|
||||
* This uses the UpdateScheduleRequest intentionally -- there is no permission specific
|
||||
* to deleting a given task on a schedule, so we'll assume if you have permission to edit
|
||||
* a schedule that you can then remove a task from said schedule.
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function delete(ClientApiRequest $request, Server $server, Schedule $schedule, Task $task): Response
|
||||
public function delete(UpdateScheduleRequest $request, Server $server, Schedule $schedule, Task $task): Response
|
||||
{
|
||||
if ($task->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
if (!$request->user()->can(Permission::ACTION_SCHEDULE_UPDATE, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to perform this action.');
|
||||
}
|
||||
|
||||
$schedule->tasks()->where('sequence_id', '>', $task->sequence_id)->update([
|
||||
'sequence_id' => $schedule->tasks()->getConnection()->raw('(sequence_id - 1)'),
|
||||
]);
|
||||
|
||||
@ -10,6 +10,7 @@ use Pterodactyl\Services\Nodes\NodeJWTService;
|
||||
use Pterodactyl\Exceptions\Http\HttpForbiddenException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Requests\Api\Client\WebsocketTokenRequest;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
|
||||
class WebsocketController extends ClientApiController
|
||||
@ -36,14 +37,9 @@ class WebsocketController extends ClientApiController
|
||||
* allows us to continually renew this token and avoid users maintaining sessions wrongly,
|
||||
* as well as ensure that user's only perform actions they're allowed to.
|
||||
*/
|
||||
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse
|
||||
public function __invoke(WebsocketTokenRequest $request, Server $server): JsonResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
|
||||
}
|
||||
|
||||
$permissions = $this->permissionsService->handle($server, $user);
|
||||
$permissions = $this->permissionsService->handle($server, $request->user());
|
||||
|
||||
$node = $server->node;
|
||||
if (!is_null($server->transfer)) {
|
||||
@ -65,7 +61,7 @@ class WebsocketController extends ClientApiController
|
||||
'server_uuid' => $server->uuid,
|
||||
'permissions' => $permissions,
|
||||
])
|
||||
->handle($node, $user->id . $server->uuid);
|
||||
->handle($node, $request->user()->id . $server->uuid);
|
||||
|
||||
$socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress());
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client;
|
||||
|
||||
abstract class AccountApiRequest extends ClientApiRequest
|
||||
class AccountApiRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
{
|
||||
|
||||
13
app/Http/Requests/Api/Client/WebsocketTokenRequest.php
Normal file
13
app/Http/Requests/Api/Client/WebsocketTokenRequest.php
Normal file
@ -0,0 +1,13 @@
|
||||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
|
||||
class WebsocketTokenRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
{
|
||||
return Permission::ACTION_WEBSOCKET_CONNECT;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user