diff --git a/app/Policies/APIKeyPolicy.php b/app/Policies/APIKeyPolicy.php index 2e8520a46..e946433e5 100644 --- a/app/Policies/APIKeyPolicy.php +++ b/app/Policies/APIKeyPolicy.php @@ -40,7 +40,7 @@ class APIKeyPolicy * @param string $permission * @return bool */ - private function checkPermission(User $user, Key $key, $permission) + protected function checkPermission(User $user, Key $key, $permission) { // We don't tag this cache key with the user uuid because the key is already unique, // and multiple users are not defiend for a single key. @@ -54,162 +54,15 @@ class APIKeyPolicy } /** + * Determine if a user has permission to perform this action against the system. + * * @param \Pterodactyl\Models\User $user + * @param string $permission * @param \Pterodactyl\Models\APIKey $key * @return bool */ - public function locationList(User $user, Key $key) + public function before(User $user, $permission, Key $key) { - return $this->checkPermission($user, $key, 'location-list'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverList(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-list'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverView(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-view'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverCreate(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-create'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverDelete(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-delete'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverEditDetails(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-edit-details'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverEditContainer(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-edit-container'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverEditBuild(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-edit-build'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverEditStartup(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-edit-startup'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverSuspend(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-suspend'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function servrerInstall(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-install'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function serverRebuild(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'server-rebuild'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function userServerList(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'user-server-list'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function userServerView(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'user-server-view'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function userServerPower(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'user-server-power'); - } - - /** - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function userServerCommand(User $user, Key $key) - { - return $this->checkPermission($user, $key, 'user-server-command'); + return $this->checkPermission($user, $key, $permission); } } diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php index 6b73258fa..56cd359e1 100644 --- a/app/Policies/ServerPolicy.php +++ b/app/Policies/ServerPolicy.php @@ -39,12 +39,8 @@ class ServerPolicy * @param string $permission * @return bool */ - private function checkPermission(User $user, Server $server, $permission) + protected function checkPermission(User $user, Server $server, $permission) { - if ($this->isOwner($user, $server)) { - return true; - } - $permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(5), function () use ($user, $server) { return $user->permissions()->server($server)->get()->transform(function ($item) { return $item->permission; @@ -54,486 +50,20 @@ class ServerPolicy return $permissions->search($permission, true) !== false; } - /** - * Determine if current user is the owner of a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - protected function isOwner(User $user, Server $server) - { - return $server->owner_id === $user->id; - } - /** * Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions. * - * @param \Pterodactyl\Models\User $user - * @param string $ability + * @param \Pterodactyl\Models\User $user + * @param string $ability + * @param \Pterodactyl\Models\Server $server * @return bool */ - public function before(User $user, $ability) + public function before(User $user, $ability, Server $server) { - if ($user->root_admin === 1) { + if ($user->isRootAdmin() || $server->owner_id === $user->id) { return true; } - } - /** - * Check if user has permission to control power for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function power(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'power'); - } - - /** - * Check if user has permission to start a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function powerStart(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'power-start'); - } - - /** - * Check if user has permission to stop a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function powerStop(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'power-stop'); - } - - /** - * Check if user has permission to restart a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function powerRestart(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'power-restart'); - } - - /** - * Check if user has permission to kill a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function powerKill(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'power-kill'); - } - - /** - * Check if user has permission to run a command on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function sendCommand(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'send-command'); - } - - /** - * Check if user has permission to list files on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function listFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'list-files'); - } - - /** - * Check if user has permission to edit files on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function editFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'edit-files'); - } - - /** - * Check if user has permission to save files on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function saveFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'save-files'); - } - - /** - * Check if user has permission to move and rename files and folders on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function moveFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'move-files'); - } - - /** - * Check if user has permission to copy folders and files on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function copyFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'copy-files'); - } - - /** - * Check if user has permission to compress files and folders on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function compressFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'compress-files'); - } - - /** - * Check if user has permission to decompress files on a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function decompressFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'decompress-files'); - } - - /** - * Check if user has permission to add files to a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function createFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'create-files'); - } - - /** - * Check if user has permission to upload files to a server. - * This permission relies on the user having the 'create-files' permission as well due to page authorization. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function uploadFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'upload-files'); - } - - /** - * Check if user has permission to download files from a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function downloadFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'download-files'); - } - - /** - * Check if user has permission to delete files from a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function deleteFiles(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'delete-files'); - } - - /** - * Check if user has permission to view subusers for the server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function listSubusers(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'list-subusers'); - } - - /** - * Check if user has permission to view specific subuser permissions. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewSubuser(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-subuser'); - } - - /** - * Check if user has permission to edit a subuser. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function editSubuser(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'edit-subuser'); - } - - /** - * Check if user has permission to delete a subuser. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function deleteSubuser(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'delete-subuser'); - } - - /** - * Check if user has permission to edit a subuser. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function createSubuser(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'create-subuser'); - } - - /** - * Check if user has permission to set the default connection for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function setConnection(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'set-connection'); - } - - /** - * Check if user has permission to view the startup command used for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewStartup(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-startup'); - } - - /** - * Check if user has permission to edit the startup command used for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function editStartup(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'edit-startup'); - } - - /** - * Check if user has permission to view the SFTP information for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewSftp(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-sftp'); - } - - /** - * Check if user has permission to reset the SFTP password for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function resetSftp(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'reset-sftp'); - } - - /** - * Check if user has permission to view the SFTP password for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewSftpPassword(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-sftp-password'); - } - - /** - * Check if user has permission to view databases for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewDatabases(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-databases'); - } - - /** - * Check if user has permission to reset database passwords. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function resetDbPassword(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'reset-db-password'); - } - - /** - * Check if user has permission to view all tasks for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function listTasks(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'list-tasks'); - } - - /** - * Check if user has permission to view a specific task for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewTask(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-task'); - } - - /** - * Check if user has permission to view a toggle a task for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function toggleTask(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'toggle-task'); - } - - /** - * Check if user has permission to queue a task for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function queueTask(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'queue-task'); - } - - /** - * Check if user has permission to delete a specific task for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function deleteTask(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'delete-task'); - } - - /** - * Check if user has permission to create a task for a server. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function createTask(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'create-task'); - } - - /** - * Check if user has permission to view server allocations. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function viewAllocation(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'view-allocation'); - } - - /** - * Check if user has permission to set the default allocation. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\Server $server - * @return bool - */ - public function setAllocation(User $user, Server $server) - { - return $this->checkPermission($user, $server, 'set-allocation'); + return $this->checkPermission($user, $server, $ability); } }