Address two bugs in subuser system.

1.) Prevents adding the owner of a server as a subuser which could
potentially break things.
2.) Prevents adding duplicate subusers for a server.
This commit is contained in:
Dane Everitt 2016-12-30 16:28:43 -05:00
parent ef8e0b5a74
commit 0afa568095
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 8 additions and 0 deletions

View File

@ -8,6 +8,8 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Fixes bug where assigning a variable a default value (or valid value) of `0` would cause the panel to reject the value thinking it did not exist.
* Addresses potential for crash by limiting total ports that can be assigned per-range to 2000.
* Fixes server names requiring at minimum 4 characters. Name can now be 1 to 200 characters long. :pencil2:
* Fixes bug that would allow adding the owner of a server as a subuser for that same server.
* Fixes bug that would allow creating multiple subusers with the same email address.
## v0.5.5 (Bodacious Boreopterus)
### Added

View File

@ -117,6 +117,7 @@ class SubuserRepository
public function create($sid, array $data)
{
$server = Models\Server::findOrFail($sid);
$validator = Validator::make($data, [
'permissions' => 'required|array',
'email' => 'required|email',
@ -140,6 +141,10 @@ class SubuserRepository
} catch (\Exception $ex) {
throw $ex;
}
} else if ($server->owner === $user->id) {
throw new DisplayException('You cannot add the owner of a server as a subuser.');
} else if (Models\Subuser::select('id')->where('user_id', $user->id)->where('server_id', $server->id)->first()) {
throw new DisplayException('A subuser with that email already exists for this server.');
}
$uuid = new UuidService;
@ -159,6 +164,7 @@ class SubuserRepository
if (! is_null($this->permissions[$permission])) {
array_push($daemonPermissions, $this->permissions[$permission]);
}
$model = new Models\Permission;
$model->fill([
'user_id' => $user->id,