From 5717a705a8a42f62b2d1b2a3febb0f08d17a9a25 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 28 Mar 2020 16:18:56 -0700 Subject: [PATCH] Fix authorization checking for subusers --- app/Models/User.php | 22 -------------------- app/Policies/ServerPolicy.php | 39 ++++++++++++++++++++++------------- 2 files changed, 25 insertions(+), 36 deletions(-) diff --git a/app/Models/User.php b/app/Models/User.php index 0a37311d3..e3fccad43 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -37,9 +37,7 @@ use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification; * * @property string $name * @property \Pterodactyl\Models\ApiKey[]|\Illuminate\Database\Eloquent\Collection $apiKeys - * @property \Pterodactyl\Models\Permission[]|\Illuminate\Database\Eloquent\Collection $permissions * @property \Pterodactyl\Models\Server[]|\Illuminate\Database\Eloquent\Collection $servers - * @property \Pterodactyl\Models\Subuser[]|\Illuminate\Database\Eloquent\Collection $subuserOf * @property \Pterodactyl\Models\DaemonKey[]|\Illuminate\Database\Eloquent\Collection $keys */ class User extends Validable implements @@ -220,16 +218,6 @@ class User extends Validable implements return trim($this->name_first . ' ' . $this->name_last); } - /** - * Returns all permissions that a user has. - * - * @return \Illuminate\Database\Eloquent\Relations\HasManyThrough - */ - public function permissions() - { - return $this->hasManyThrough(Permission::class, Subuser::class); - } - /** * Returns all servers that a user owns. * @@ -240,16 +228,6 @@ class User extends Validable implements return $this->hasMany(Server::class, 'owner_id'); } - /** - * Return all servers that user is listed as a subuser of directly. - * - * @return \Illuminate\Database\Eloquent\Relations\HasMany - */ - public function subuserOf() - { - return $this->hasMany(Subuser::class); - } - /** * Return all of the daemon keys that a user belongs to. * diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php index ac89be673..bc3fa7aca 100644 --- a/app/Policies/ServerPolicy.php +++ b/app/Policies/ServerPolicy.php @@ -1,21 +1,29 @@ . - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ namespace Pterodactyl\Policies; -use Cache; -use Carbon; +use Carbon\Carbon; use Pterodactyl\Models\User; use Pterodactyl\Models\Server; +use Illuminate\Contracts\Cache\Repository as CacheRepository; class ServerPolicy { + /** + * @var \Illuminate\Contracts\Cache\Repository + */ + private $cache; + + /** + * ServerPolicy constructor. + * + * @param \Illuminate\Contracts\Cache\Repository $cache + */ + public function __construct(CacheRepository $cache) + { + $this->cache = $cache; + } + /** * Checks if the user has the given permission on/for the server. * @@ -26,13 +34,16 @@ class ServerPolicy */ protected function checkPermission(User $user, Server $server, $permission) { - $permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(5), function () use ($user, $server) { - return $user->permissions()->server($server)->get()->transform(function ($item) { - return $item->permission; - })->values(); + $key = sprintf('ServerPolicy.%s.%s', $user->uuid, $server->uuid); + + $permissions = $this->cache->remember($key, Carbon::now()->addSeconds(5), function () use ($user, $server) { + /** @var \Pterodactyl\Models\Subuser|null $subuser */ + $subuser = $server->subusers()->where('user_id', $user->id)->first(); + + return $subuser ? $subuser->permissions : []; }); - return $permissions->search($permission, true) !== false; + return in_array($permission, $permissions); } /**