Simplify server and api key policy.

This commit is contained in:
Dane Everitt 2017-04-09 13:34:47 -04:00
parent c492446513
commit 75b8753533
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 13 additions and 630 deletions

View file

@ -40,7 +40,7 @@ class APIKeyPolicy
* @param string $permission
* @return bool
*/
private function checkPermission(User $user, Key $key, $permission)
protected function checkPermission(User $user, Key $key, $permission)
{
// We don't tag this cache key with the user uuid because the key is already unique,
// and multiple users are not defiend for a single key.
@ -54,162 +54,15 @@ class APIKeyPolicy
}
/**
* Determine if a user has permission to perform this action against the system.
*
* @param \Pterodactyl\Models\User $user
* @param string $permission
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function locationList(User $user, Key $key)
public function before(User $user, $permission, Key $key)
{
return $this->checkPermission($user, $key, 'location-list');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverList(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-list');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverView(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-view');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverCreate(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-create');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverDelete(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-delete');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverEditDetails(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-edit-details');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverEditContainer(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-edit-container');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverEditBuild(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-edit-build');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverEditStartup(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-edit-startup');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverSuspend(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-suspend');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function servrerInstall(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-install');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function serverRebuild(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'server-rebuild');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function userServerList(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'user-server-list');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function userServerView(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'user-server-view');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function userServerPower(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'user-server-power');
}
/**
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function userServerCommand(User $user, Key $key)
{
return $this->checkPermission($user, $key, 'user-server-command');
return $this->checkPermission($user, $key, $permission);
}
}

View file

@ -39,12 +39,8 @@ class ServerPolicy
* @param string $permission
* @return bool
*/
private function checkPermission(User $user, Server $server, $permission)
protected function checkPermission(User $user, Server $server, $permission)
{
if ($this->isOwner($user, $server)) {
return true;
}
$permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(5), function () use ($user, $server) {
return $user->permissions()->server($server)->get()->transform(function ($item) {
return $item->permission;
@ -54,486 +50,20 @@ class ServerPolicy
return $permissions->search($permission, true) !== false;
}
/**
* Determine if current user is the owner of a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
protected function isOwner(User $user, Server $server)
{
return $server->owner_id === $user->id;
}
/**
* Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions.
*
* @param \Pterodactyl\Models\User $user
* @param string $ability
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function before(User $user, $ability)
public function before(User $user, $ability, Server $server)
{
if ($user->root_admin === 1) {
if ($user->isRootAdmin() || $server->owner_id === $user->id) {
return true;
}
}
/**
* Check if user has permission to control power for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function power(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power');
}
/**
* Check if user has permission to start a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerStart(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-start');
}
/**
* Check if user has permission to stop a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerStop(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-stop');
}
/**
* Check if user has permission to restart a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerRestart(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-restart');
}
/**
* Check if user has permission to kill a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerKill(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-kill');
}
/**
* Check if user has permission to run a command on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function sendCommand(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'send-command');
}
/**
* Check if user has permission to list files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-files');
}
/**
* Check if user has permission to edit files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-files');
}
/**
* Check if user has permission to save files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function saveFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'save-files');
}
/**
* Check if user has permission to move and rename files and folders on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function moveFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'move-files');
}
/**
* Check if user has permission to copy folders and files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function copyFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'copy-files');
}
/**
* Check if user has permission to compress files and folders on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function compressFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'compress-files');
}
/**
* Check if user has permission to decompress files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function decompressFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'decompress-files');
}
/**
* Check if user has permission to add files to a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-files');
}
/**
* Check if user has permission to upload files to a server.
* This permission relies on the user having the 'create-files' permission as well due to page authorization.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function uploadFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'upload-files');
}
/**
* Check if user has permission to download files from a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function downloadFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'download-files');
}
/**
* Check if user has permission to delete files from a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-files');
}
/**
* Check if user has permission to view subusers for the server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listSubusers(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-subusers');
}
/**
* Check if user has permission to view specific subuser permissions.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-subuser');
}
/**
* Check if user has permission to edit a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-subuser');
}
/**
* Check if user has permission to delete a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-subuser');
}
/**
* Check if user has permission to edit a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-subuser');
}
/**
* Check if user has permission to set the default connection for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function setConnection(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'set-connection');
}
/**
* Check if user has permission to view the startup command used for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewStartup(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-startup');
}
/**
* Check if user has permission to edit the startup command used for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editStartup(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-startup');
}
/**
* Check if user has permission to view the SFTP information for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSftp(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-sftp');
}
/**
* Check if user has permission to reset the SFTP password for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function resetSftp(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'reset-sftp');
}
/**
* Check if user has permission to view the SFTP password for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSftpPassword(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-sftp-password');
}
/**
* Check if user has permission to view databases for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewDatabases(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-databases');
}
/**
* Check if user has permission to reset database passwords.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function resetDbPassword(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'reset-db-password');
}
/**
* Check if user has permission to view all tasks for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listTasks(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-tasks');
}
/**
* Check if user has permission to view a specific task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-task');
}
/**
* Check if user has permission to view a toggle a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function toggleTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'toggle-task');
}
/**
* Check if user has permission to queue a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function queueTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'queue-task');
}
/**
* Check if user has permission to delete a specific task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-task');
}
/**
* Check if user has permission to create a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-task');
}
/**
* Check if user has permission to view server allocations.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewAllocation(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-allocation');
}
/**
* Check if user has permission to set the default allocation.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function setAllocation(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'set-allocation');
return $this->checkPermission($user, $server, $ability);
}
}