sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add check on SFTP page to make sure the permission is assigned before showing

This commit is contained in:
Dane Everitt 2018-03-10 14:26:00 -06:00
parent abd2a42471
commit e55d3c1a9a
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Debug bar is only checked when the app is set to debug mode in the API session handler, rather than when it is in local mode to match the plugin settings. * Debug bar is only checked when the app is set to debug mode in the API session handler, rather than when it is in local mode to match the plugin settings.
* Added validation to port allocations to prevent allocation of restricted or invalid ports. * Added validation to port allocations to prevent allocation of restricted or invalid ports.
* Fix data integrity exception thrown when attempting to store updated server egg variables. * Fix data integrity exception thrown when attempting to store updated server egg variables.
* Added missing permissions check on 'SFTP Configuration' page to ensure user has permission to access a server's SFTP server before showing a user credentials.
### Changed ### Changed
* Panel now throws proper 504: Gateway Timeout errors on server listing when daemon is offline. * Panel now throws proper 504: Gateway Timeout errors on server listing when daemon is offline.

3
app/Http/Controllers/Server/Settings/SftpController.php
View File

@ -16,9 +16,12 @@ class SftpController extends Controller
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*
* @throws \Illuminate\Auth\Access\AuthorizationException
*/ */
public function index(Request $request): View public function index(Request $request): View
{ {
$this->authorize('access-sftp', $request->attributes->get('server'));
$this->setRequest($request)->injectJavascript(); $this->setRequest($request)->injectJavascript();
return view('server.settings.sftp'); return view('server.settings.sftp');