misc_pterodactyl-panel/app/Policies/APIKeyPolicy.php

<?php
/**
 * Pterodactyl - Panel
 * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
 *
 * This software is licensed under the terms of the MIT license.
 * https://opensource.org/licenses/MIT
 */

namespace Pterodactyl\Policies;

use Cache;
use Carbon;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey as Key;
use Pterodactyl\Models\APIPermission as Permission;

class APIKeyPolicy
{
    /**
     * Checks if the API key has permission to perform an action.
     *
     * @param \Pterodactyl\Models\User   $user
     * @param \Pterodactyl\Models\APIKey $key
     * @param string                     $permission
     * @return bool
     */
    protected function checkPermission(User $user, Key $key, $permission)
    {
        // Non-administrative users cannot use administrative routes.
        if (! starts_with($key, 'user.') && ! $user->root_admin) {
            return false;
        }

        // We don't tag this cache key with the user uuid because the key is already unique,
        // and multiple users are not defiend for a single key.
        $permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
            return $key->permissions()->get()->transform(function ($item) {
                return $item->permission;
            })->values();
        });

        return $permissions->search($permission, true) !== false;
    }

    /**
     * Determine if a user has permission to perform this action against the system.
     *
     * @param \Pterodactyl\Models\User   $user
     * @param string                     $permission
     * @param \Pterodactyl\Models\APIKey $key
     * @return bool
     */
    public function before(User $user, $permission, Key $key)
    {
        return $this->checkPermission($user, $key, $permission);
    }
}
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`<?php`
			`/**`
			`* Pterodactyl - Panel`
			`* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.`
			`*`
Update license headers on files. 2017-09-26 02:43:01 +00:00			`* This software is licensed under the terms of the MIT license.`
			`* https://opensource.org/licenses/MIT`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`*/`

			`namespace Pterodactyl\Policies;`

			`use Cache;`
			`use Carbon;`
			`use Pterodactyl\Models\User;`
			`use Pterodactyl\Models\APIKey as Key;`
			`use Pterodactyl\Models\APIPermission as Permission;`

			`class APIKeyPolicy`
			`{`
			`/**`
			`* Checks if the API key has permission to perform an action.`
			`*`
			`* @param \Pterodactyl\Models\User $user`
			`* @param \Pterodactyl\Models\APIKey $key`
			`* @param string $permission`
			`* @return bool`
			`*/`
Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`protected function checkPermission(User $user, Key $key, $permission)`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`{`
Add new dynamic view for creating API keys 2017-04-09 22:59:54 +00:00			`// Non-administrative users cannot use administrative routes.`
Fix some forgotten logic checks temporarily 2017-09-11 04:57:18 +00:00			`if (! starts_with($key, 'user.') && ! $user->root_admin) {`
Add new dynamic view for creating API keys 2017-04-09 22:59:54 +00:00			`return false;`
			`}`

Improved logic for handling permissions on API routes. Still only partially implemented, however this method will allow the inclusion of data that is granted with servers (such as viewing more about the node, node location, allocations, etc) while still limiting someone from doing `?include=node.servers` and listing all servers when they don’t have list-servers as a permission. 2017-04-08 16:05:29 +00:00			`// We don't tag this cache key with the user uuid because the key is already unique,`
			`// and multiple users are not defiend for a single key.`
			`$permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`return $key->permissions()->get()->transform(function ($item) {`
			`return $item->permission;`
			`})->values();`
			`});`

			`return $permissions->search($permission, true) !== false;`
			`}`

			`/**`
Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`* Determine if a user has permission to perform this action against the system.`
			`*`
Massive PHPCS linting 2017-08-22 03:10:48 +00:00			`* @param \Pterodactyl\Models\User $user`
			`* @param string $permission`
			`* @param \Pterodactyl\Models\APIKey $key`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`* @return bool`
			`*/`
Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`public function before(User $user, $permission, Key $key)`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`{`
Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`return $this->checkPermission($user, $key, $permission);`
Push basis of new API key policy Will need to revisit this another day when I’m fresh to figure out the best method to do this. 2017-04-08 01:25:17 +00:00			`}`
			`}`