Remove api permissions table

2018-01-14 12:05:18 -06:00 · 2018-01-14 12:05:18 -06:00 · 7aa540b895
commit 7aa540b895
parent b566630311
12 changed files with 17 additions and 449 deletions
--- a/app/Http/Controllers/Base/APIController.php
+++ b/app/Http/Controllers/Base/APIController.php
@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Base;

 use Illuminate\Http\Request;
 use Prologue\Alerts\AlertsMessageBag;
-use Pterodactyl\Models\APIPermission;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Services\Api\KeyCreationService;
 use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
@ -65,12 +64,6 @@ class APIController extends Controller
     */
    public function create(Request $request)
    {
-        return view('base.api.new', [
-            'permissions' => [
-                'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
-                'admin' => ! $request->user()->root_admin ? null : collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
-            ],
-        ]);
    }

    /**
--- a/app/Models/APIPermission.php
+++ b/app/Models/APIPermission.php
@ -1,126 +0,0 @@
-<?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-
-namespace Pterodactyl\Models;
-
-use Sofa\Eloquence\Eloquence;
-use Sofa\Eloquence\Validable;
-use Illuminate\Database\Eloquent\Model;
-use Sofa\Eloquence\Contracts\CleansAttributes;
-use Sofa\Eloquence\Contracts\Validable as ValidableContract;
-
-class APIPermission extends Model implements CleansAttributes, ValidableContract
-{
-    use Eloquence, Validable;
-
-    /**
-     * List of permissions available for the API.
-     */
-    const CONST_PERMISSIONS = [
-        // Items within this block are available to non-adminitrative users.
-        '_user' => [
-            'server' => [
-                'list',
-                'view',
-                'power',
-                'command',
-            ],
-        ],
-
-        // All other pemissions below are administrative actions.
-        'server' => [
-            'list',
-            'create',
-            'view',
-            'edit-details',
-            'edit-container',
-            'edit-build',
-            'edit-startup',
-            'suspend',
-            'install',
-            'rebuild',
-            'delete',
-        ],
-        'location' => [
-            'list',
-        ],
-        'node' => [
-            'list',
-            'view',
-            'view-config',
-            'create',
-            'delete',
-        ],
-        'user' => [
-            'list',
-            'view',
-            'create',
-            'edit',
-            'delete',
-        ],
-        'service' => [
-            'list',
-            'view',
-        ],
-        'option' => [
-            'list',
-            'view',
-        ],
-        'pack' => [
-            'list',
-            'view',
-        ],
-    ];
-
-    /**
-     * The table associated with the model.
-     *
-     * @var string
-     */
-    protected $table = 'api_permissions';
-
-    /**
-     * Fields that are not mass assignable.
-     *
-     * @var array
-     */
-    protected $guarded = ['id'];
-
-    /**
-     * Cast values to correct type.
-     *
-     * @var array
-     */
-    protected $casts = [
-        'key_id' => 'integer',
-    ];
-
-    protected static $dataIntegrityRules = [
-        'key_id' => 'required|numeric',
-        'permission' => 'required|string|max:200',
-    ];
-
-    /**
-     * Disable timestamps for this table.
-     *
-     * @var bool
-     */
-    public $timestamps = false;
-
-    /**
-     * Return permissions for API.
-     *
-     * @return array
-     * @deprecated
-     */
-    public static function permissions()
-    {
-        return [];
-    }
-}
--- a/app/Policies/APIKeyPolicy.php
+++ b/app/Policies/APIKeyPolicy.php
@ -1,57 +0,0 @@
-<?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-
-namespace Pterodactyl\Policies;
-
-use Cache;
-use Carbon;
-use Pterodactyl\Models\User;
-use Pterodactyl\Models\APIKey as Key;
-
-class APIKeyPolicy
-{
-    /**
-     * Checks if the API key has permission to perform an action.
-     *
-     * @param \Pterodactyl\Models\User   $user
-     * @param \Pterodactyl\Models\APIKey $key
-     * @param string                     $permission
-     * @return bool
-     */
-    protected function checkPermission(User $user, Key $key, $permission)
-    {
-        // Non-administrative users cannot use administrative routes.
-        if (! starts_with($key, 'user.') && ! $user->root_admin) {
-            return false;
-        }
-
-        // We don't tag this cache key with the user uuid because the key is already unique,
-        // and multiple users are not defiend for a single key.
-        $permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
-            return $key->permissions()->get()->transform(function ($item) {
-                return $item->permission;
-            })->values();
-        });
-
-        return $permissions->setSearchTerm($permission, true) !== false;
-    }
-
-    /**
-     * Determine if a user has permission to perform this action against the system.
-     *
-     * @param \Pterodactyl\Models\User   $user
-     * @param string                     $permission
-     * @param \Pterodactyl\Models\APIKey $key
-     * @return bool
-     */
-    public function before(User $user, $permission, Key $key)
-    {
-        return $this->checkPermission($user, $key, $permission);
-    }
-}
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -13,7 +13,6 @@ class AuthServiceProvider extends ServiceProvider
     */
    protected $policies = [
        'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy',
-        'Pterodactyl\Models\APIKey' => 'Pterodactyl\Policies\APIKeyPolicy',
    ];

    /**
--- a/app/Providers/RepositoryServiceProvider.php
+++ b/app/Providers/RepositoryServiceProvider.php
@ -1,11 +1,4 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */

 namespace Pterodactyl\Providers;

@ -39,7 +32,6 @@ use Pterodactyl\Contracts\Repository\PackRepositoryInterface;
 use Pterodactyl\Contracts\Repository\TaskRepositoryInterface;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 use Pterodactyl\Repositories\Eloquent\DatabaseHostRepository;
-use Pterodactyl\Repositories\Eloquent\ApiPermissionRepository;
 use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 use Pterodactyl\Repositories\Eloquent\ServerVariableRepository;
@ -56,7 +48,6 @@ use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
 use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
 use Pterodactyl\Contracts\Repository\Daemon\PowerRepositoryInterface;
 use Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface;
-use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
 use Pterodactyl\Contracts\Repository\Daemon\CommandRepositoryInterface;
 use Pterodactyl\Contracts\Repository\ServerVariableRepositoryInterface;
 use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface;
@ -73,7 +64,6 @@ class RepositoryServiceProvider extends ServiceProvider
        // Eloquent Repositories
        $this->app->bind(AllocationRepositoryInterface::class, AllocationRepository::class);
        $this->app->bind(ApiKeyRepositoryInterface::class, ApiKeyRepository::class);
-        $this->app->bind(ApiPermissionRepositoryInterface::class, ApiPermissionRepository::class);
        $this->app->bind(DaemonKeyRepositoryInterface::class, DaemonKeyRepository::class);
        $this->app->bind(DatabaseRepositoryInterface::class, DatabaseRepository::class);
        $this->app->bind(DatabaseHostRepositoryInterface::class, DatabaseHostRepository::class);
@ -93,21 +83,11 @@ class RepositoryServiceProvider extends ServiceProvider
        $this->app->bind(TaskRepositoryInterface::class, TaskRepository::class);
        $this->app->bind(UserRepositoryInterface::class, UserRepository::class);

-        $this->app->alias(SettingsRepositoryInterface::class, 'settings');
-
        // Daemon Repositories
-        if ($this->app->make('config')->get('pterodactyl.daemon.use_new_daemon')) {
-            $this->app->bind(ConfigurationRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ConfigurationRepository::class);
-            $this->app->bind(CommandRepositoryInterface::class, \Pterodactyl\Repositories\Wings\CommandRepository::class);
-            $this->app->bind(DaemonServerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ServerRepository::class);
-            $this->app->bind(FileRepositoryInterface::class, \Pterodactyl\Repositories\Wings\FileRepository::class);
-            $this->app->bind(PowerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\PowerRepository::class);
-        } else {
-            $this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
-            $this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
-            $this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
-            $this->app->bind(FileRepositoryInterface::class, FileRepository::class);
-            $this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
-        }
+        $this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class);
+        $this->app->bind(CommandRepositoryInterface::class, CommandRepository::class);
+        $this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class);
+        $this->app->bind(FileRepositoryInterface::class, FileRepository::class);
+        $this->app->bind(PowerRepositoryInterface::class, PowerRepository::class);
    }
 }
--- a/app/Repositories/Eloquent/ApiPermissionRepository.php
+++ b/app/Repositories/Eloquent/ApiPermissionRepository.php
@ -1,19 +0,0 @@
-<?php
-
-namespace Pterodactyl\Repositories\Eloquent;
-
-use Pterodactyl\Models\APIPermission;
-use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
-
-class ApiPermissionRepository extends EloquentRepository implements ApiPermissionRepositoryInterface
-{
-    /**
-     * Return the model backing this repository.
-     *
-     * @return string
-     */
-    public function model()
-    {
-        return APIPermission::class;
-    }
-}
--- a/app/Services/Api/PermissionService.php
+++ b/app/Services/Api/PermissionService.php
@ -1,58 +0,0 @@
-<?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-
-namespace Pterodactyl\Services\Api;
-
-use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface;
-
-class PermissionService
-{
-    /**
-     * @var \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface
-     */
-    protected $repository;
-
-    /**
-     * ApiPermissionService constructor.
-     *
-     * @param \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface $repository
-     */
-    public function __construct(ApiPermissionRepositoryInterface $repository)
-    {
-        $this->repository = $repository;
-    }
-
-    /**
-     * Store a permission key in the database.
-     *
-     * @param string $key
-     * @param string $permission
-     * @return bool
-     *
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     */
-    public function create($key, $permission)
-    {
-        // @todo handle an array of permissions to do a mass assignment?
-        return $this->repository->withoutFreshModel()->create([
-            'key_id' => $key,
-            'permission' => $permission,
-        ]);
-    }
-
-    /**
-     * Return all of the permissions available for an API Key.
-     *
-     * @return array
-     */
-    public function getPermissions()
-    {
-        return $this->repository->getModel()::CONST_PERMISSIONS;
-    }
-}
--- a/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php
+++ b/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php
@ -13,6 +13,8 @@ class AddApiKeyPermissionColumns extends Migration
     */
    public function up()
    {
+        Schema::dropIfExists('api_permissions');
+
        Schema::table('api_keys', function (Blueprint $table) {
            $table->unsignedTinyInteger('r_servers')->default(0);
            $table->unsignedTinyInteger('r_nodes')->default(0);
@ -33,6 +35,14 @@ class AddApiKeyPermissionColumns extends Migration
     */
    public function down()
    {
+        Schema::create('api_permissions', function (Blueprint $table) {
+            $table->increments('id');
+            $table->unsignedInteger('key_id');
+            $table->string('permission');
+
+            $table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade');
+        });
+
        Schema::table('api_keys', function (Blueprint $table) {
            $table->dropColumn([
                'r_servers',
--- a/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php
+++ b/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php
@ -25,15 +25,6 @@ class SetupTableForKeyEncryption extends Migration
        Schema::table('api_keys', function (Blueprint $table) {
            $table->text('token')->change();
        });
-
-        DB::transaction(function () {
-            foreach (DB::table('api_keys')->cursor() as $key) {
-                DB::table('api_keys')->where('id', $key->id)->update([
-                    'identifier' => str_random(16),
-                    'token' => Crypt::encrypt($key->token),
-                ]);
-            }
-        });
    }

    /**
@ -45,15 +36,6 @@ class SetupTableForKeyEncryption extends Migration
     */
    public function down()
    {
-        /* @var \Pterodactyl\Models\APIKey $key */
-        DB::transaction(function () {
-            foreach (DB::table('api_keys')->cursor() as $key) {
-                DB::table('api_keys')->where('id', $key->id)->update([
-                    'token' => Crypt::decrypt($key->token),
-                ]);
-            }
-        });
-
        Schema::table('api_keys', function (Blueprint $table) {
            $table->dropColumn('identifier');
            $table->string('token', 32)->unique()->change();
--- a/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php
+++ b/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php
@ -14,6 +14,7 @@ class AddLastUsedAtColumn extends Migration
    public function up()
    {
        Schema::table('api_keys', function (Blueprint $table) {
+            $table->unsignedTinyInteger('key_type')->after('user_id')->default(0);
            $table->timestamp('last_used_at')->after('memo')->nullable();
            $table->dropColumn('expires_at');
        });
@ -28,7 +29,7 @@ class AddLastUsedAtColumn extends Migration
    {
        Schema::table('api_keys', function (Blueprint $table) {
            $table->timestamp('expires_at')->after('memo')->nullable();
-            $table->dropColumn('last_used_at');
+            $table->dropColumn('last_used_at', 'key_type');
        });
    }
 }
--- a/resources/themes/pterodactyl/base/api/new.blade.php
+++ b/resources/themes/pterodactyl/base/api/new.blade.php
@ -1,8 +1,3 @@
-{{-- Pterodactyl - Panel --}}
-{{-- Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com> --}}
-
-{{-- This software is licensed under the terms of the MIT license. --}}
-{{-- https://opensource.org/licenses/MIT --}}
@extends('layouts.master')

@section('title')
@ -69,64 +64,5 @@
            </div>
        </div>
    </div>
-    <div class="row">
-        @foreach($permissions['user'] as $block => $perms)
-            <div class="col-sm-12">
-                <div class="box box-primary">
-                    <div class="box-header with-border">
-                        <h3 class="box-title">@lang('base.api.permissions.user.' . $block . '_header')</h3>
-                    </div>
-                    <div class="box-body">
-                        @foreach($perms as $permission)
-                            <div class="form-group">
-                                <div class="checkbox checkbox-primary no-margin-bottom">
-                                    <input id="{{ 'user.' . $block . '-' . $permission }}" name="permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
-                                    <label for="{{ 'user.' . $block . '-' . $permission }}" class="strong">
-                                        @lang('base.api.permissions.user.' . $block . '.' . $permission . '.title')
-                                    </label>
-                                </div>
-                                <p class="text-muted small">@lang('base.api.permissions.user.' . $block . '.' . $permission . '.desc')</p>
-                            </div>
-                        @endforeach
-                    </div>
-                </div>
-            </div>
-            @if ($loop->iteration % 2 === 0)
-                <div class="clearfix visible-lg-block visible-md-block visible-sm-block"></div>
-            @endif
-        @endforeach
-    </div>
-    @if(Auth::user()->root_admin)
-        <div class="row">
-            @foreach($permissions['admin'] as $block => $perms)
-                <div class="col-lg-4 col-sm-6">
-                    <div class="box box-danger">
-                        <div class="box-header with-border">
-                            <h3 class="box-title">@lang('base.api.permissions.admin.' . $block . '_header')</h3>
-                        </div>
-                        <div class="box-body">
-                            @foreach($perms as $permission)
-                                <div class="form-group">
-                                    <div class="checkbox {{ $permission === 'delete' ? 'checkbox-danger' : 'checkbox-primary' }} no-margin-bottom">
-                                        <input id="{{ $block . '-' . $permission }}" name="admin_permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
-                                        <label for="{{ $block . '-' . $permission }}" class="strong">
-                                            @lang('base.api.permissions.admin.' . $block . '.' . $permission . '.title')
-                                        </label>
-                                    </div>
-                                    <p class="text-muted small">@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.desc')</p>
-                                </div>
-                            @endforeach
-                        </div>
-                    </div>
-                </div>
-                @if ($loop->iteration % 3 === 0)
-                    <div class="clearfix visible-lg-block"></div>
-                @endif
-                @if ($loop->iteration % 2 === 0)
-                    <div class="clearfix visible-md-block visible-sm-block"></div>
-                @endif
-            @endforeach
-        </div>
-    @endif
 </form>
@endsection
--- a/spec/admin/swagger.yaml
+++ b/spec/admin/swagger.yaml
@ -1,73 +0,0 @@
-swagger: "2.0"
-info:
-  version: 1.0.0
-  title: Pterodactyl Admin API Reference
-  description: Pterodactyl Panel API Documentation
-  contact:
-    name: Dane Everitt
-    url: https://pterodactyl.io
-    email: support@pterodactyl.io
-  license:
-    name: MIT
-host: example.com
-basePath: /api/admin
-schemes:
-  - http
-  - https
-consumes:
-  - application/vnd.pterodactyl.v1+json
-produces:
-  - application/json
-paths:
-  /users:
-    get:
-      description: |
-       Returns all users that exist on the Panel.
-      operationId: findUsers
-      responses:
-        "200":
-          description: OK
-          schema:
-            type: object
-            required: ["data"]
-            properties:
-              data:
-                type: array
-                items:
-                  $ref: '#/definitions/User'
-                  properties:
-                    id:
-                      type: integer
-                    attributes:
-                      type: object
-definitions:
-  User:
-    allOf:
-      - required:
-        - email
-        - username
-        - uuid
-        properties:
-          external_id:
-            type: string
-          uuid:
-            type: string
-          email:
-            type: string
-          username:
-            type: string
-          name_first:
-            type: string
-          name_last:
-            type: string
-          language:
-            type: string
-          root_admin:
-            type: boolean
-          use_totp:
-            type: boolean
-          updated_at:
-            type: string
-          created_at:
-            type: string
-