diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c625fd4a..61f9023b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * Mobile views are now more... viewable. Fixes `col-xs-6` usage thoughout the Admin CP where it was intended to be `col-md-6`. * Node Configuration tokens and Download tokens are stored using the cache helpers rather than a database to speed up functions and make use of auto-expiration/deletion functions. * Old daemon routes using `/remote` have been changed to use `/daemon`, panel changes now reflect this. +* Only display servers that a user is owner of or subuser of in the Admin CP rather than all servers if the user is marked as an admin. ## v0.6.0-beta.2.1 (Courageous Carniadactylus) ### Fixed diff --git a/app/Models/User.php b/app/Models/User.php index 95e39184a..12504b6b0 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -56,6 +56,13 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac */ const USERNAME_RULES = 'regex:/^([\w\d\.\-]{1,255})$/'; + /** + * Level of servers to display when using access() on a user. + * + * @var string + */ + protected $accessLevel = 'all'; + /** * The table associated with the model. * @@ -194,6 +201,22 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac )->pluck('id')->all(); } + /** + * Change the access level for a given call to `access()` on the user. + * + * @param string $level can be all, admin, subuser, owner + * @return void + */ + public function setAccessLevel($level = 'all') + { + if (! in_array($level, ['all', 'admin', 'subuser', 'owner'])) { + $level = 'all'; + } + $this->accessLevel = $level; + + return $this; + } + /** * Returns an array of all servers a user is able to access. * Note: does not account for user admin status. @@ -209,10 +232,27 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac $query = Server::with(! empty($load) ? $load : ['service', 'node', 'allocation']); } - if (! $this->isRootAdmin()) { + // If access level is set to owner, only display servers + // that the user owns. + if ($this->accessLevel === 'owner') { + $query->where('owner_id', $this->id); + } + + // If set to all, display all servers they can access, including + // those they access as an admin. + // + // If set to subuser, only return the servers they can access because + // they are owner, or marked as a subuser of the server. + if (($this->accessLevel === 'all' && ! $this->isRootAdmin()) || $this->accessLevel === 'subuser') { $query->whereIn('id', $this->serverAccessArray()); } + // If set to admin, only display the servers a user can access + // as an administrator (leaves out owned and subuser of). + if ($this->accessLevel === 'admin' && $this->isRootAdmin()) { + $query->whereNotIn('id', $this->serverAccessArray()); + } + return $query; } diff --git a/resources/themes/pterodactyl/admin/users/view.blade.php b/resources/themes/pterodactyl/admin/users/view.blade.php index 3e6409c72..29be1682f 100644 --- a/resources/themes/pterodactyl/admin/users/view.blade.php +++ b/resources/themes/pterodactyl/admin/users/view.blade.php @@ -126,7 +126,7 @@ - @foreach($user->access()->get() as $server) + @foreach($user->setAccessLevel('subuser')->access()->get() as $server) {{ $server->uuidShort }}