From 906cfce81cce62f1693a8de77b7a6b396faf5a8b Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 30 Aug 2020 09:54:59 -0700 Subject: [PATCH] Don't return a 403 when returning resources for a suspended server; closes #2279 --- .../Api/Client/Server/AuthenticateServerAccess.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php index 8c10b22d2..505f1a305 100644 --- a/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php +++ b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php @@ -8,6 +8,7 @@ use Pterodactyl\Models\Server; use Pterodactyl\Contracts\Repository\ServerRepositoryInterface; use Symfony\Component\HttpKernel\Exception\ConflictHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; class AuthenticateServerAccess @@ -64,8 +65,10 @@ class AuthenticateServerAccess } } - if ($server->suspended) { - throw new AccessDeniedHttpException('This server is currently suspended and the functionality requested is unavailable.'); + if ($server->suspended && !$request->routeIs('api:client:server.resources')) { + throw new BadRequestHttpException( + 'This server is currently suspended and the functionality requested is unavailable.' + ); } if (! $server->isInstalled()) {