Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix subuser permissions not migrating correctly from 0.7; closes #2309

Browse source
This commit is contained in:
Dane Everitt 2020-10-11 15:13:17 -07:00
parent 1e08f7d2d2
commit 18fce37565
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 71 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
app/Models/Permission.php
View file

@ -219,80 +219,4 @@ class Permission extends Model
{
return Collection::make(self::$permissions);
}
/**
* A list of all permissions available for a user.
*
* @var array
* @deprecated
*/
protected static $deprecatedPermissions = [
'power' => [
'power-start' => 's:power:start',
'power-stop' => 's:power:stop',
'power-restart' => 's:power:restart',
'power-kill' => 's:power:kill',
'send-command' => 's:command',
],
'subuser' => [
'list-subusers' => null,
'view-subuser' => null,
'edit-subuser' => null,
'create-subuser' => null,
'delete-subuser' => null,
],
'server' => [
'view-allocations' => null,
'edit-allocation' => null,
'view-startup' => null,
'edit-startup' => null,
],
'database' => [
'view-databases' => null,
'reset-db-password' => null,
'delete-database' => null,
'create-database' => null,
],
'file' => [
'access-sftp' => null,
'list-files' => 's:files:get',
'edit-files' => 's:files:read',
'save-files' => 's:files:post',
'move-files' => 's:files:move',
'copy-files' => 's:files:copy',
'compress-files' => 's:files:compress',
'decompress-files' => 's:files:decompress',
'create-files' => 's:files:create',
'upload-files' => 's:files:upload',
'delete-files' => 's:files:delete',
'download-files' => 's:files:download',
],
'task' => [
'list-schedules' => null,
'view-schedule' => null,
'toggle-schedule' => null,
'queue-schedule' => null,
'edit-schedule' => null,
'create-schedule' => null,
'delete-schedule' => null,
],
];
/**
* Return a collection of permissions available.
*
* @param bool $array
* @return array|\Illuminate\Database\Eloquent\Collection
* @deprecated
*/
public static function getPermissions($array = false)
{
if ($array) {
return collect(self::$deprecatedPermissions)->mapWithKeys(function ($item) {
return $item;
})->all();
}
return collect(self::$deprecatedPermissions);
}
}

77
database/migrations/2020_03_22_163911_merge_permissions_table_into_subusers.php
View file

@ -1,12 +1,64 @@
<?php
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Collection;
use Pterodactyl\Models\Permission;
use Illuminate\Support\Facades\Schema;
use Pterodactyl\Models\Permission as P;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class MergePermissionsTableIntoSubusers extends Migration
{
/**
* A list of all pre-1.0 permissions available to a user and their associated
* casting for the new permissions system.
*
* @var array
*/
protected static $permissionsMap = [
'power-start' => P::ACTION_CONTROL_START,
'power-stop' => P::ACTION_CONTROL_STOP,
'power-restart' => P::ACTION_CONTROL_RESTART,
'power-kill' => P::ACTION_CONTROL_STOP,
'send-command' => P::ACTION_CONTROL_CONSOLE,
'list-subusers' => P::ACTION_USER_READ,
'view-subuser' => P::ACTION_USER_READ,
'edit-subuser' => P::ACTION_USER_UPDATE,
'create-subuser' => P::ACTION_USER_CREATE,
'delete-subuser' => P::ACTION_USER_DELETE,
'view-allocations' => P::ACTION_ALLOCATION_READ,
'edit-allocation' => P::ACTION_ALLOCATION_UPDATE,
'view-startup' => P::ACTION_STARTUP_READ,
'edit-startup' => P::ACTION_STARTUP_UPDATE,
'view-databases' => P::ACTION_DATABASE_READ,
// Better to just break this flow a bit than accidentally grant a dangerous permission.
'reset-db-password' => P::ACTION_DATABASE_UPDATE,
'delete-database' => P::ACTION_DATABASE_DELETE,
'create-database' => P::ACTION_DATABASE_CREATE,
'access-sftp' => P::ACTION_FILE_SFTP,
'list-files' => P::ACTION_FILE_READ,
'edit-files' => P::ACTION_FILE_READ_CONTENT,
'save-files' => P::ACTION_FILE_UPDATE,
'create-files' => P::ACTION_FILE_CREATE,
'delete-files' => P::ACTION_FILE_DELETE,
'compress-files' => P::ACTION_FILE_ARCHIVE,
'list-schedules' => P::ACTION_SCHEDULE_READ,
'view-schedule' => P::ACTION_SCHEDULE_READ,
'edit-schedule' => P::ACTION_SCHEDULE_UPDATE,
'create-schedule' => P::ACTION_SCHEDULE_CREATE,
'delete-schedule' => P::ACTION_SCHEDULE_DELETE,
// Skipping these permissions as they are granted if you have more specific read/write permissions.
'move-files' => null,
'copy-files' => null,
'decompress-files' => null,
'upload-files' => null,
'download-files' => null,
// These permissions do not exist in 1.0
'toggle-schedule' => null,
'queue-schedule' => null,
];
/**
* Run the migrations.
*
@ -27,10 +79,19 @@ class MergePermissionsTableIntoSubusers extends Migration
DB::transaction(function () use (&$cursor) {
$cursor->each(function ($datum) {
DB::update('UPDATE subusers SET permissions = ? WHERE id = ?', [
json_encode(explode(',', $datum->permissions)),
$datum->subuser_id,
]);
$updated = Collection::make(explode(',', $datum->permissions))
->map(function ($value) {
return self::$permissionsMap[$value] ?? null;
})->filter(function ($value) {
return !is_null($value) && $value !== Permission::ACTION_WEBSOCKET_CONNECT;
})
// All subusers get this permission, so make sure it gets pushed into the array.
->merge([ Permission::ACTION_WEBSOCKET_CONNECT ])
->unique()
->values()
->toJson();
DB::update('UPDATE subusers SET permissions = ? WHERE id = ?', [$updated, $datum->subuser_id]);
});
});
}
@ -42,11 +103,15 @@ class MergePermissionsTableIntoSubusers extends Migration
*/
public function down()
{
$flipped = array_flip(self::$permissionsMap);
foreach (DB::select('SELECT id, permissions FROM subusers') as $datum) {
$values = [];
foreach (json_decode($datum->permissions, true) as $permission) {
$values[] = $datum->id;
$values[] = $permission;
if (!empty($v = $flipped[$permission])) {
$values[] = $datum->id;
$values[] = $v;
}
}
if (! empty($values)) {