More logic for deleting databases
This commit is contained in:
parent
9be2aa4ca9
commit
0999ec93c3
5 changed files with 68 additions and 35 deletions
|
@ -1,27 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Middleware\Api\Client;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use Illuminate\Http\Request;
|
|
||||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
||||||
|
|
||||||
class AuthenticateClientAccess
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Authenticate that the currently authenticated user has permission
|
|
||||||
* to access the specified server.
|
|
||||||
*
|
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
* @param \Closure $next
|
|
||||||
* @return mixed
|
|
||||||
*/
|
|
||||||
public function handle(Request $request, Closure $next)
|
|
||||||
{
|
|
||||||
if (is_null($request->user())) {
|
|
||||||
throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
|
|
||||||
}
|
|
||||||
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,57 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Pterodactyl\Models\Server;
|
||||||
|
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||||
|
|
||||||
|
class AuthenticateServerAccess
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
|
||||||
|
*/
|
||||||
|
private $repository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* AuthenticateServerAccess constructor.
|
||||||
|
*
|
||||||
|
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
|
||||||
|
*/
|
||||||
|
public function __construct(ServerRepositoryInterface $repository)
|
||||||
|
{
|
||||||
|
$this->repository = $repository;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Authenticate that this server exists and is not suspended or marked as installing.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @param \Closure $next
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function handle(Request $request, Closure $next)
|
||||||
|
{
|
||||||
|
$server = $request->route()->parameter('server');
|
||||||
|
|
||||||
|
if (! $server instanceof Server) {
|
||||||
|
throw new NotFoundHttpException;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($server->suspended) {
|
||||||
|
throw new AccessDeniedHttpException('Cannot access a server that is marked as being suspended.');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! $server->isInstalled()) {
|
||||||
|
throw new ConflictHttpException('Server has not completed the installation process.');
|
||||||
|
}
|
||||||
|
|
||||||
|
$request->attributes->set('server', $server);
|
||||||
|
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
}
|
|
@ -18,15 +18,10 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determine if the provided database even belongs to this server instance.
|
|
||||||
*
|
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function resourceExists(): bool
|
public function resourceExists(): bool
|
||||||
{
|
{
|
||||||
$server = $this->getModel(Server::class);
|
return $this->getModel(Server::class)->id === $this->getModel(Database::class)->server_id;
|
||||||
$database = $this->getModel(Database::class);
|
|
||||||
|
|
||||||
return $database->server_id === $server->id;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -143,6 +143,14 @@ class Server extends Model implements CleansAttributes, ValidableContract
|
||||||
return Schema::getColumnListing($this->getTable());
|
return Schema::getColumnListing($this->getTable());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function isInstalled(): bool
|
||||||
|
{
|
||||||
|
return $this->installed === 1;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the user who owns the server.
|
* Gets the user who owns the server.
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
|
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
@ -27,7 +27,7 @@ Route::group(['prefix' => '/account'], function () {
|
||||||
| Endpoint: /api/client/servers/{server}
|
| Endpoint: /api/client/servers/{server}
|
||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
|
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class]], function () {
|
||||||
Route::get('/', 'Servers\ServerController@index')->name('api.client.servers.view');
|
Route::get('/', 'Servers\ServerController@index')->name('api.client.servers.view');
|
||||||
Route::get('/utilization', 'Servers\ResourceUtilizationController@index')
|
Route::get('/utilization', 'Servers\ResourceUtilizationController@index')
|
||||||
->name('api.client.servers.resources');
|
->name('api.client.servers.resources');
|
||||||
|
|
Loading…
Reference in a new issue