2018-01-12 04:49:46 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Pterodactyl\Services\Acl\Api;
|
|
|
|
|
2018-01-19 03:36:15 +00:00
|
|
|
use ReflectionClass;
|
2018-01-14 18:06:15 +00:00
|
|
|
use Pterodactyl\Models\ApiKey;
|
2018-01-12 04:49:46 +00:00
|
|
|
|
|
|
|
class AdminAcl
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Resource permission columns in the api_keys table begin
|
|
|
|
* with this identifer.
|
|
|
|
*/
|
|
|
|
const COLUMN_IDENTIFER = 'r_';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The different types of permissions available for API keys. This
|
|
|
|
* implements a read/write/none permissions scheme for all endpoints.
|
|
|
|
*/
|
|
|
|
const NONE = 0;
|
|
|
|
const READ = 1;
|
|
|
|
const WRITE = 2;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Resources that are available on the API and can contain a permissions
|
2018-01-19 03:36:15 +00:00
|
|
|
* set for each key. These are stored in the database as r_{resource}.
|
2018-01-12 04:49:46 +00:00
|
|
|
*/
|
|
|
|
const RESOURCE_SERVERS = 'servers';
|
|
|
|
const RESOURCE_NODES = 'nodes';
|
|
|
|
const RESOURCE_ALLOCATIONS = 'allocations';
|
|
|
|
const RESOURCE_USERS = 'users';
|
|
|
|
const RESOURCE_LOCATIONS = 'locations';
|
|
|
|
const RESOURCE_NESTS = 'nests';
|
|
|
|
const RESOURCE_EGGS = 'eggs';
|
|
|
|
const RESOURCE_DATABASES = 'databases';
|
|
|
|
const RESOURCE_PACKS = 'packs';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if an API key has permission to perform a specific read/write operation.
|
|
|
|
*
|
|
|
|
* @param int $permission
|
|
|
|
* @param int $action
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public static function can(int $permission, int $action = self::READ)
|
|
|
|
{
|
|
|
|
if ($permission & $action) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if an API Key model has permission to access a given resource
|
|
|
|
* at a specific action level.
|
|
|
|
*
|
2018-01-14 18:06:15 +00:00
|
|
|
* @param \Pterodactyl\Models\ApiKey $key
|
2018-01-12 04:49:46 +00:00
|
|
|
* @param string $resource
|
|
|
|
* @param int $action
|
|
|
|
* @return bool
|
|
|
|
*/
|
2018-01-14 18:06:15 +00:00
|
|
|
public static function check(ApiKey $key, string $resource, int $action = self::READ)
|
2018-01-12 04:49:46 +00:00
|
|
|
{
|
|
|
|
return self::can(data_get($key, self::COLUMN_IDENTIFER . $resource, self::NONE), $action);
|
|
|
|
}
|
2018-01-19 03:36:15 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a list of all resource constants defined in this ACL.
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getResourceList(): array
|
|
|
|
{
|
|
|
|
$reflect = new ReflectionClass(__CLASS__);
|
|
|
|
|
|
|
|
return collect($reflect->getConstants())->filter(function ($value, $key) {
|
|
|
|
return substr($key, 0, 9) === 'RESOURCE_';
|
|
|
|
})->values()->toArray();
|
|
|
|
}
|
2018-01-12 04:49:46 +00:00
|
|
|
}
|