sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update calls to abstract class

This commit is contained in:
Dane Everitt 2021-08-04 21:36:57 -07:00
parent e8474271b3
commit e1089e0b73
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
5 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Controllers/Api/Client/ApiKeyController.php
View File

@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Http\Requests\Api\Client\AccountApiRequest;
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest; use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
use Pterodactyl\Transformers\Api\Client\PersonalAccessTokenTransformer; use Pterodactyl\Transformers\Api\Client\PersonalAccessTokenTransformer;
@ -15,7 +16,7 @@ class ApiKeyController extends ClientApiController
* *
* @throws \Illuminate\Contracts\Container\BindingResolutionException * @throws \Illuminate\Contracts\Container\BindingResolutionException
*/ */
public function index(ClientApiRequest $request): array public function index(AccountApiRequest $request): array
{ {
return $this->fractal->collection($request->user()->tokens) return $this->fractal->collection($request->user()->tokens)
->transformWith($this->getTransformer(PersonalAccessTokenTransformer::class)) ->transformWith($this->getTransformer(PersonalAccessTokenTransformer::class))
@ -49,7 +50,7 @@ class ApiKeyController extends ClientApiController
/** /**
* Deletes a given API key. * Deletes a given API key.
*/ */
public function delete(ClientApiRequest $request, string $id): Response public function delete(AccountApiRequest $request, string $id): Response
{ {
$request->user()->tokens()->where('token_id', $id)->delete(); $request->user()->tokens()->where('token_id', $id)->delete();

11
app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php
View File

@ -15,6 +15,7 @@ use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Exceptions\Service\ServiceLimitExceededException; use Pterodactyl\Exceptions\Service\ServiceLimitExceededException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\UpdateScheduleRequest;
class ScheduleTaskController extends ClientApiController class ScheduleTaskController extends ClientApiController
{ {
@ -101,18 +102,18 @@ class ScheduleTaskController extends ClientApiController
* Delete a given task for a schedule. If there are subsequent tasks stored in the database * Delete a given task for a schedule. If there are subsequent tasks stored in the database
* for this schedule their sequence IDs are decremented properly. * for this schedule their sequence IDs are decremented properly.
* *
* This uses the UpdateScheduleRequest intentionally -- there is no permission specific
* to deleting a given task on a schedule, so we'll assume if you have permission to edit
* a schedule that you can then remove a task from said schedule.
*
* @throws \Exception * @throws \Exception
*/ */
public function delete(ClientApiRequest $request, Server $server, Schedule $schedule, Task $task): Response public function delete(UpdateScheduleRequest $request, Server $server, Schedule $schedule, Task $task): Response
{ {
if ($task->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) { if ($task->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) {
throw new NotFoundHttpException(); throw new NotFoundHttpException();
} }
if (!$request->user()->can(Permission::ACTION_SCHEDULE_UPDATE, $server)) {
throw new HttpForbiddenException('You do not have permission to perform this action.');
}
$schedule->tasks()->where('sequence_id', '>', $task->sequence_id)->update([ $schedule->tasks()->where('sequence_id', '>', $task->sequence_id)->update([
'sequence_id' => $schedule->tasks()->getConnection()->raw('(sequence_id - 1)'), 'sequence_id' => $schedule->tasks()->getConnection()->raw('(sequence_id - 1)'),
]); ]);

12
app/Http/Controllers/Api/Client/Servers/WebsocketController.php
View File

@ -10,6 +10,7 @@ use Pterodactyl\Services\Nodes\NodeJWTService;
use Pterodactyl\Exceptions\Http\HttpForbiddenException; use Pterodactyl\Exceptions\Http\HttpForbiddenException;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Services\Servers\GetUserPermissionsService; use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Pterodactyl\Http\Requests\Api\Client\WebsocketTokenRequest;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
class WebsocketController extends ClientApiController class WebsocketController extends ClientApiController
@ -36,14 +37,9 @@ class WebsocketController extends ClientApiController
* allows us to continually renew this token and avoid users maintaining sessions wrongly, * allows us to continually renew this token and avoid users maintaining sessions wrongly,
* as well as ensure that user's only perform actions they're allowed to. * as well as ensure that user's only perform actions they're allowed to.
*/ */
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse public function __invoke(WebsocketTokenRequest $request, Server $server): JsonResponse
{ {
$user = $request->user(); $permissions = $this->permissionsService->handle($server, $request->user());
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
}
$permissions = $this->permissionsService->handle($server, $user);
$node = $server->node; $node = $server->node;
if (!is_null($server->transfer)) { if (!is_null($server->transfer)) {
@ -65,7 +61,7 @@ class WebsocketController extends ClientApiController
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,
'permissions' => $permissions, 'permissions' => $permissions,
]) ])
->handle($node, $user->id . $server->uuid); ->handle($node, $request->user()->id . $server->uuid);
$socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress()); $socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress());

2
app/Http/Requests/Api/Client/AccountApiRequest.php
View File

@ -2,7 +2,7 @@
namespace Pterodactyl\Http\Requests\Api\Client; namespace Pterodactyl\Http\Requests\Api\Client;
abstract class AccountApiRequest extends ClientApiRequest class AccountApiRequest extends ClientApiRequest
{ {
public function permission(): string public function permission(): string
{ {

13
app/Http/Requests/Api/Client/WebsocketTokenRequest.php Normal file
View File

@ -0,0 +1,13 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client;
use Pterodactyl\Models\Permission;
class WebsocketTokenRequest extends ClientApiRequest
{
public function permission(): string
{
return Permission::ACTION_WEBSOCKET_CONNECT;
}
}