Fix subuser permissions in file manager
This commit is contained in:
parent
a5902bf39c
commit
7e45f917c7
4 changed files with 43 additions and 113 deletions
|
@ -112,7 +112,7 @@ class ServerController extends Controller
|
|||
public function getAddFile(Request $request, $uuid)
|
||||
{
|
||||
$server = Models\Server::byUuid($uuid);
|
||||
$this->authorize('add-files', $server);
|
||||
$this->authorize('create-files', $server);
|
||||
|
||||
$server->js();
|
||||
|
||||
|
|
|
@ -253,14 +253,14 @@ class ServerPolicy
|
|||
* @param \Pterodactyl\Models\Server $server
|
||||
* @return bool
|
||||
*/
|
||||
public function addFiles(User $user, Server $server)
|
||||
public function createFiles(User $user, Server $server)
|
||||
{
|
||||
return $this->checkPermission($user, $server, 'add-files');
|
||||
return $this->checkPermission($user, $server, 'create-files');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user has permission to upload files to a server.
|
||||
* This permission relies on the user having the 'add-files' permission as well due to page authorization.
|
||||
* This permission relies on the user having the 'create-files' permission as well due to page authorization.
|
||||
*
|
||||
* @param \Pterodactyl\Models\User $user
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
|
|
|
@ -62,7 +62,7 @@ class SubuserRepository
|
|||
'list-files' => 's:files:get',
|
||||
'edit-files' => 's:files:read',
|
||||
'save-files' => 's:files:post',
|
||||
'create-files' => 's:files:post',
|
||||
'create-files' => 's:files:create',
|
||||
'download-files' => null,
|
||||
'upload-files' => 's:files:upload',
|
||||
'delete-files' => 's:files:delete',
|
||||
|
|
|
@ -71,40 +71,30 @@
|
|||
<h3 class="box-title">@lang('server.users.new.power_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['power-start']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-start" />
|
||||
<strong>@lang('server.users.new.start.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.start.description')</p>
|
||||
</label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['power-start']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-start" />
|
||||
<label class="form-label">@lang('server.users.new.start.title')</label>
|
||||
<p class="text-muted small">@lang('server.users.new.start.description')</p>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['power-stop']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-stop" />
|
||||
<strong>@lang('server.users.new.stop.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.stop.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['power-restart']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-restart" />
|
||||
<strong>@lang('server.users.new.restart.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.restart.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['power-kill']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-kill" />
|
||||
<strong>@lang('server.users.new.kill.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.kill.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['send-command']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="send-command" />
|
||||
<strong>@lang('server.users.new.command.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.command.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -117,40 +107,30 @@
|
|||
<h3 class="box-title">@lang('server.users.new.subuser_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['list-subusers']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="list-subusers" />
|
||||
<strong>@lang('server.users.new.list_subusers.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.list_subusers.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-subuser" />
|
||||
<strong>@lang('server.users.new.view_subuser.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_subuser.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['edit-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="edit-subuser" />
|
||||
<strong>@lang('server.users.new.edit_subuser.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.edit_subuser.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['create-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="create-subuser" />
|
||||
<strong>@lang('server.users.new.create_subuser.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.create_subuser.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['delete-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="delete-subuser" />
|
||||
<strong>@lang('server.users.new.delete_subuser.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.delete_subuser.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -163,26 +143,20 @@
|
|||
<h3 class="box-title">@lang('server.users.new.server_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['set-connection']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="set-connection" />
|
||||
<strong>@lang('server.users.new.set_connection.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.set_connection.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-startup']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-startup" />
|
||||
<strong>@lang('server.users.new.view_startup.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_startup.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['edit-startup']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="edit-startup" />
|
||||
<strong>@lang('server.users.new.edit_startup.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.edit_startup.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -195,27 +169,21 @@
|
|||
<h3 class="box-title">@lang('server.users.new.sftp_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-sftp']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-sftp" />
|
||||
<strong>@lang('server.users.new.view_sftp.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_sftp.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-sftp-password']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-sftp-password" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.view_sftp_password.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_sftp_password.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['reset-sftp']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="reset-sftp" />
|
||||
<strong>@lang('server.users.new.reset_sftp.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.reset_sftp.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -231,84 +199,62 @@
|
|||
<h3 class="box-title">@lang('server.users.new.file_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['list-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="list-files" />
|
||||
<strong>@lang('server.users.new.list_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.list_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['edit-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="edit-files" />
|
||||
<strong>@lang('server.users.new.edit_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.edit_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['save-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="save-files" />
|
||||
<strong>@lang('server.users.new.save_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.save_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['move-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="move-files" />
|
||||
<strong>@lang('server.users.new.move_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.move_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['copy-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="copy-files" />
|
||||
<strong>@lang('server.users.new.copy_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.copy_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['compress-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="compress-files" />
|
||||
<strong>@lang('server.users.new.compress_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.compress_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['decompress-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="decompress-files" />
|
||||
<strong>@lang('server.users.new.decompress_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.decompress_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['create-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="create-files" />
|
||||
<strong>@lang('server.users.new.create_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.create_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['upload-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="upload-files" />
|
||||
<strong>@lang('server.users.new.upload_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.upload_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['delete-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="delete-files" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.delete_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.delete_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['download-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="download-files" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.download_files.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.download_files.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -321,48 +267,36 @@
|
|||
<h3 class="box-title">@lang('server.users.new.task_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['list-tasks']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="list-tasks" />
|
||||
<strong>@lang('server.users.new.list_tasks.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.list_tasks.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-task']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-task" />
|
||||
<strong>@lang('server.users.new.view_task.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_task.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['toggle-task']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="toggle-task" />
|
||||
<strong>@lang('server.users.new.toggle_task.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.toggle_task.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['queue-task']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="queue-task" />
|
||||
<strong>@lang('server.users.new.queue_task.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.queue_task.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['create-task']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="create-task" />
|
||||
<strong>@lang('server.users.new.create_task.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.create_task.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['delete-task']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="delete-task" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.delete_task.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.delete_task.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -375,21 +309,17 @@
|
|||
<h3 class="box-title">@lang('server.users.new.db_header')</h3>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['view-databases']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-databases" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.view_databases.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.view_databases.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<div>
|
||||
<input name="permissions[]" type="checkbox" @if(isset($permissions['reset-db-password']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="reset-db-password" />
|
||||
<span class="label label-danger">@lang('strings.danger')</span>
|
||||
<strong>@lang('server.users.new.reset_db_password.title')</strong>
|
||||
<p class="text-muted small">@lang('server.users.new.reset_db_password.description')</p>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue