Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'develop' into feature/admin-retheme

Browse source
This commit is contained in:
Dane Everitt 2017-02-23 21:24:17 -05:00
commit 8f96b35db1
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
12 changed files with 31 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
CHANGELOG.md
View file

@ -3,6 +3,15 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.6.0-pre.4 (Courageous Carniadactylus)
### Fixed
* `[pre.3]` — Fixes bug in cache handler that doesn't cache against the user making the request. Would have allowed for users to access servers not belonging to themselves in production.
* `[pre.3]` — Fixes misnamed MySQL column that was causing the inability to delete certain port ranges from the database.
* `[pre.3]` — Fixes bug preventing rebuilding server containers through the Admin CP.
### Added
* New cache policy for ServerPolicy to avoid making 15+ queries per page load when confirming if a user has permission to perform an action.
## v0.6.0-pre.3 (Courageous Carniadactylus) ## v0.6.0-pre.3 (Courageous Carniadactylus)
### Fixed ### Fixed
* `[pre.2]` — Fixes bug where servers could not be manually deployed to nodes due to a broken SQL call. * `[pre.2]` — Fixes bug where servers could not be manually deployed to nodes due to a broken SQL call.

4
app/Http/Controllers/Admin/NodesController.php
View file

@ -163,7 +163,7 @@ class NodesController extends Controller
public function deallocateBlock(Request $request, $node) public function deallocateBlock(Request $request, $node)
{ {
$query = Models\Allocation::where('node', $node)->whereNull('server_id')->where('ip', $request->input('ip'))->delete(); $query = Models\Allocation::where('node_id', $node)->whereNull('server_id')->where('ip', $request->input('ip'))->delete();
if ((int) $query === 0) { if ((int) $query === 0) {
Alert::danger('There was an error while attempting to delete allocations on that IP.')->flash(); Alert::danger('There was an error while attempting to delete allocations on that IP.')->flash();
@ -199,7 +199,7 @@ class NodesController extends Controller
public function getAllocationsJson(Request $request, $id) public function getAllocationsJson(Request $request, $id)
{ {
$allocations = Models\Allocation::select('ip')->where('node', $id)->groupBy('ip')->get(); $allocations = Models\Allocation::select('ip')->where('node_id', $id)->groupBy('ip')->get();
return response()->json($allocations); return response()->json($allocations);
} }

2
app/Http/Controllers/Admin/ServersController.php
View file

@ -254,7 +254,7 @@ class ServersController extends Controller
try { try {
$res = $server->node->guzzleClient([ $res = $server->node->guzzleClient([
'X-Access-Server' => $server->uuid, 'X-Access-Server' => $server->uuid,
'X-Access-Token' => $node->daemonSecret, 'X-Access-Token' => $server->node->daemonSecret,
])->request('POST', '/server/rebuild'); ])->request('POST', '/server/rebuild');
Alert::success('A rebuild has been queued successfully. It will run the next time this server is booted.')->flash(); Alert::success('A rebuild has been queued successfully. It will run the next time this server is booted.')->flash();
} catch (\GuzzleHttp\Exception\TransferException $ex) { } catch (\GuzzleHttp\Exception\TransferException $ex) {

1
app/Http/Controllers/Base/APIController.php
View file

@ -80,6 +80,7 @@ class APIController extends Controller
return response('', 204); return response('', 204);
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
return response()->json([ return response()->json([
'error' => 'An error occured while attempting to remove this key.', 'error' => 'An error occured while attempting to remove this key.',
], 503); ], 503);

2
app/Models/Server.php
View file

@ -113,7 +113,7 @@ class Server extends Model
public static function byUuid($uuid) public static function byUuid($uuid)
{ {
// Results are cached because we call this functions a few times on page load. // Results are cached because we call this functions a few times on page load.
$result = Cache::remember('Server.byUuid.' . $uuid, 60, function () use ($uuid) { $result = Cache::remember('Server.byUuid.' . $uuid . Auth::user()->uuid, 60, function () use ($uuid) {
$query = self::with('service', 'node')->where(function ($q) use ($uuid) { $query = self::with('service', 'node')->where(function ($q) use ($uuid) {
$q->where('uuidShort', $uuid)->orWhere('uuid', $uuid); $q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
}); });

5
app/Observers/ServerObserver.php
View file

@ -24,6 +24,7 @@
namespace Pterodactyl\Observers; namespace Pterodactyl\Observers;
use Auth;
use Cache; use Cache;
use Carbon; use Carbon;
use Pterodactyl\Events; use Pterodactyl\Events;
@ -141,8 +142,8 @@ class ServerObserver
public function updated(Server $server) public function updated(Server $server)
{ {
// Clear Caches // Clear Caches
Cache::forget('Server.byUuid.' . $server->uuid); Cache::forget('Server.byUuid.' . $server->uuid . Auth::user()->uuid);
Cache::forget('Server.byUuid.' . $server->uuidShort); Cache::forget('Server.byUuid.' . $server->uuidShort . Auth::user()->uuid);
event(new Events\Server\Updated($server)); event(new Events\Server\Updated($server));
} }

10
app/Policies/ServerPolicy.php
View file

@ -24,6 +24,8 @@
namespace Pterodactyl\Policies; namespace Pterodactyl\Policies;
use Cache;
use Carbon;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
@ -53,7 +55,13 @@ class ServerPolicy
return true; return true;
} }
return $user->permissions()->server($server)->permission($permission)->exists(); $permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(10), function () use ($user, $server) {
return $user->permissions()->server($server)->get()->transform(function ($item) {
return $item->permission;
})->values();
});
return $permissions->search($permission, true) !== false;
} }
/** /**

2
app/Repositories/APIRepository.php
View file

@ -225,7 +225,7 @@ class APIRepository
try { try {
$model = Models\APIKey::with('permissions')->where('public', $key)->where('user_id', $this->user->id)->firstOrFail(); $model = Models\APIKey::with('permissions')->where('public', $key)->where('user_id', $this->user->id)->firstOrFail();
foreach($model->permissions as &$permission) { foreach ($model->permissions as &$permission) {
$permission->delete(); $permission->delete();
} }

1
app/Repositories/Daemon/CommandRepository.php
View file

@ -24,7 +24,6 @@
namespace Pterodactyl\Repositories\Daemon; namespace Pterodactyl\Repositories\Daemon;
use GuzzleHttp\Client;
use Pterodactyl\Models; use Pterodactyl\Models;
use GuzzleHttp\Exception\RequestException; use GuzzleHttp\Exception\RequestException;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;

1
app/Repositories/Daemon/PowerRepository.php
View file

@ -24,7 +24,6 @@
namespace Pterodactyl\Repositories\Daemon; namespace Pterodactyl\Repositories\Daemon;
use GuzzleHttp\Client;
use Pterodactyl\Models; use Pterodactyl\Models;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;

4
app/Repositories/ServerRepository.php
View file

@ -791,8 +791,8 @@ class ServerRepository
Models\ServerVariable::where('server_id', $server->id)->delete(); Models\ServerVariable::where('server_id', $server->id)->delete();
// Remove SubUsers // Remove SubUsers
foreach(Models\Subuser::with('permissions')->where('server_id', $server->id)->get() as &$subuser) { foreach (Models\Subuser::with('permissions')->where('server_id', $server->id)->get() as &$subuser) {
foreach($subuser->permissions as &$permission) { foreach ($subuser->permissions as &$permission) {
$permission->delete(); $permission->delete();
} }
$subuser->delete(); $subuser->delete();

5
app/Repositories/UserRepository.php
View file

@ -34,7 +34,6 @@ use Validator;
use Pterodactyl\Models; use Pterodactyl\Models;
use Pterodactyl\Services\UuidService; use Pterodactyl\Services\UuidService;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Notifications\AccountCreated;
use Pterodactyl\Exceptions\DisplayValidationException; use Pterodactyl\Exceptions\DisplayValidationException;
class UserRepository class UserRepository
@ -177,8 +176,8 @@ class UserRepository
DB::beginTransaction(); DB::beginTransaction();
try { try {
foreach(Models\Subuser::with('permissions')->where('user_id', $id)->get() as &$subuser) { foreach (Models\Subuser::with('permissions')->where('user_id', $id)->get() as &$subuser) {
foreach($subuser->permissions as &$permission) { foreach ($subuser->permissions as &$permission) {
$permission->delete(); $permission->delete();
} }