More logic for deleting databases
This commit is contained in:
Dane Everitt
parent
9be2aa4ca9
commit
0999ec93c3
5 changed files with 68 additions and 35 deletions
|
|
@ -1,27 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AuthenticateClientAccess
|
||||
{
|
||||
/**
|
||||
* Authenticate that the currently authenticated user has permission
|
||||
* to access the specified server.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if (is_null($request->user())) {
|
||||
throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AuthenticateServerAccess
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* AuthenticateServerAccess constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(ServerRepositoryInterface $repository)
|
||||
{
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate that this server exists and is not suspended or marked as installing.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$server = $request->route()->parameter('server');
|
||||
|
||||
if (! $server instanceof Server) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if ($server->suspended) {
|
||||
throw new AccessDeniedHttpException('Cannot access a server that is marked as being suspended.');
|
||||
}
|
||||
|
||||
if (! $server->isInstalled()) {
|
||||
throw new ConflictHttpException('Server has not completed the installation process.');
|
||||
}
|
||||
|
||||
$request->attributes->set('server', $server);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -18,15 +18,10 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
|
|||
}
|
||||
|
||||
/**
|
||||
* Determine if the provided database even belongs to this server instance.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$server = $this->getModel(Server::class);
|
||||
$database = $this->getModel(Database::class);
|
||||
|
||||
return $database->server_id === $server->id;
|
||||
return $this->getModel(Server::class)->id === $this->getModel(Database::class)->server_id;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,6 +143,14 @@ class Server extends Model implements CleansAttributes, ValidableContract
|
|||
return Schema::getColumnListing($this->getTable());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function isInstalled(): bool
|
||||
{
|
||||
return $this->installed === 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the user who owns the server.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
|
||||
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
@ -27,7 +27,7 @@ Route::group(['prefix' => '/account'], function () {
|
|||
| Endpoint: /api/client/servers/{server}
|
||||
|
|
||||
*/
|
||||
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
|
||||
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class]], function () {
|
||||
Route::get('/', 'Servers\ServerController@index')->name('api.client.servers.view');
|
||||
Route::get('/utilization', 'Servers\ResourceUtilizationController@index')
|
||||
->name('api.client.servers.resources');
|
||||
|
|
|
|||
Loading…
Reference in a new issue