Skynet/misc_pterodactyl-panel
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update existing application API to use simplified user permission checking

Browse source
This commit is contained in:
Dane Everitt 2021-08-04 21:14:14 -07:00
parent 622d292f39
commit 47b895a98a
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
57 changed files with 109 additions and 532 deletions
Download patch file Download diff file Expand all files Collapse all files

23
app/Http/Requests/Api/Application/Allocations/DeleteAllocationRequest.php
View file

@ -2,31 +2,8 @@
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
class DeleteAllocationRequest extends ApplicationApiRequest
{
protected string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
protected int $permission = AdminAcl::WRITE;
/**
* Determine if the requested allocation exists and belongs to the node that
* is being passed in the URL.
*/
public function resourceExists(): bool
{
$node = $this->route()->parameter('node');
$allocation = $this->route()->parameter('allocation');
if ($node instanceof Node && $node->exists) {
if ($allocation instanceof Allocation && $allocation->exists && $allocation->node_id === $node->id) {
return true;
}
}
return false;
}
}