Attach user to cache to prevent showing servers they can't access.
This commit is contained in:
parent
911434d033
commit
f91e4c511e
|
@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
|
|||
|
||||
This project follows [Semantic Versioning](http://semver.org) guidelines.
|
||||
|
||||
## v0.6.0-pre.4 (Courageous Carniadactylus)
|
||||
### Fixed
|
||||
* `[pre.3]` — Fixes bug in cache handler that doesn't cache against the user making the request. Would have allowed for users to access servers not belonging to themselves in production.
|
||||
|
||||
## v0.6.0-pre.3 (Courageous Carniadactylus)
|
||||
### Fixed
|
||||
* `[pre.2]` — Fixes bug where servers could not be manually deployed to nodes due to a broken SQL call.
|
||||
|
|
|
@ -96,7 +96,7 @@ class Server extends Model
|
|||
public static function byUuid($uuid)
|
||||
{
|
||||
// Results are cached because we call this functions a few times on page load.
|
||||
$result = Cache::remember('Server.byUuid.' . $uuid, 60, function () use ($uuid) {
|
||||
$result = Cache::remember('Server.byUuid.' . $uuid . Auth::user()->uuid, 60, function () use ($uuid) {
|
||||
$query = self::with('service', 'node')->where(function ($q) use ($uuid) {
|
||||
$q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
|
||||
});
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
|
||||
namespace Pterodactyl\Observers;
|
||||
|
||||
use Auth;
|
||||
use Cache;
|
||||
use Carbon;
|
||||
use Pterodactyl\Events;
|
||||
|
@ -141,8 +142,8 @@ class ServerObserver
|
|||
public function updated(Server $server)
|
||||
{
|
||||
// Clear Caches
|
||||
Cache::forget('Server.byUuid.' . $server->uuid);
|
||||
Cache::forget('Server.byUuid.' . $server->uuidShort);
|
||||
Cache::forget('Server.byUuid.' . $server->uuid . Auth::user()->uuid);
|
||||
Cache::forget('Server.byUuid.' . $server->uuidShort . Auth::user()->uuid);
|
||||
|
||||
event(new Events\Server\Updated($server));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue