misc_pterodactyl-panel/app/Policies/ServerPolicy.php

<?php

namespace Pterodactyl\Policies;

use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;

class ServerPolicy
{
    /**
     * Checks if the user has the given permission on/for the server.
     */
    protected function checkPermission(User $user, Server $server, string $permission): bool
    {
        $subuser = $server->subusers->where('user_id', $user->id)->first();
        if (!$subuser || empty($permission)) {
            return false;
        }

        return in_array($permission, $subuser->permissions);
    }

    /**
     * Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions.
     */
    public function before(User $user, string $ability, Server $server): bool
    {
        if ($user->root_admin || $server->owner_id === $user->id) {
            return true;
        }

        return $this->checkPermission($user, $server, $ability);
    }

    /**
     * This is a horrendous hack to avoid Laravel's "smart" behavior that does
     * not call the before() function if there isn't a function matching the
     * policy permission.
     */
    public function __call(string $name, mixed $arguments)
    {
        // do nothing
    }
}
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`<?php`
Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`namespace Pterodactyl\Policies;`

			`use Pterodactyl\Models\User;`
			`use Pterodactyl\Models\Server;`

			`class ServerPolicy`
			`{`
Modify subusers model setup 2017-02-09 23:44:07 +00:00			`/**`
			`* Checks if the user has the given permission on/for the server.`
			`*/`
fix: exclude any permissions not defined internally when updating or creating subusers (#4416) 2022-10-09 22:14:16 +00:00			`protected function checkPermission(User $user, Server $server, string $permission): bool`
Modify subusers model setup 2017-02-09 23:44:07 +00:00			`{`
fix: exclude any permissions not defined internally when updating or creating subusers (#4416) 2022-10-09 22:14:16 +00:00			`$subuser = $server->subusers->where('user_id', $user->id)->first();`
			`if (!$subuser \|\| empty($permission)) {`
			`return false;`
			`}`
Add cache policy for ServerPolicy 10 second cache, just long enough to handle the page load without making more than one MySQL call. 2017-02-19 03:26:07 +00:00
fix: exclude any permissions not defined internally when updating or creating subusers (#4416) 2022-10-09 22:14:16 +00:00			`return in_array($permission, $subuser->permissions);`
Modify subusers model setup 2017-02-09 23:44:07 +00:00			`}`

Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`/**`
Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`* Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions.`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`*/`
Upgrade to Laravel 9 (#4413) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2022-10-14 16:59:20 +00:00			`public function before(User $user, string $ability, Server $server): bool`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`{`
Fix some forgotten logic checks temporarily 2017-09-11 04:57:18 +00:00			`if ($user->root_admin \|\| $server->owner_id === $user->id) {`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`return true;`
			`}`

Simplify server and api key policy. 2017-04-09 17:34:47 +00:00			`return $this->checkPermission($user, $server, $ability);`
Add allocations tab Strips some core allocation features for now, will be added back with more features once the theme is done. 2017-01-19 01:45:10 +00:00			`}`
Update to Laravel 5.5 (#814) 2017-12-17 19:07:38 +00:00
			`/**`
			`* This is a horrendous hack to avoid Laravel's "smart" behavior that does`
			`* not call the before() function if there isn't a function matching the`
			`* policy permission.`
			`*/`
Upgrade to Laravel 9 (#4413) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2022-10-14 16:59:20 +00:00			`public function __call(string $name, mixed $arguments)`
Update to Laravel 5.5 (#814) 2017-12-17 19:07:38 +00:00			`{`
			`// do nothing`
			`}`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`}`