Add proper permissions for role application routes, allow admins to access application api

2020-12-28 12:47:08 -07:00 · 2020-12-28 12:47:08 -07:00 · 9c7b49e2b9
commit 9c7b49e2b9
parent b6abeb0994
16 changed files with 287 additions and 112 deletions
--- a/app/Http/Requests/Admin/RoleFormRequest.php
+++ b/app/Http/Requests/Admin/RoleFormRequest.php
@ -1,29 +0,0 @@
-<?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-
-namespace Pterodactyl\Http\Requests\Admin;
-
-use Pterodactyl\Models\AdminRole;
-
-class RoleFormRequest extends AdminFormRequest
-{
-    /**
-     * Setup the validation rules to use for these requests.
-     *
-     * @return array
-     */
-    public function rules()
-    {
-        if ($this->method() === 'PATCH') {
-            return AdminRole::getRulesForUpdate($this->route()->parameter('mount')->id);
-        }
-
-        return AdminRole::getRules();
-    }
-}
--- a/app/Http/Requests/Api/Application/ApplicationApiRequest.php
+++ b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
@ -50,6 +50,10 @@ abstract class ApplicationApiRequest extends FormRequest
            throw new PterodactylException('An ACL resource must be defined on API requests.');
        }

+        if (! is_null($this->user())) {
+            return $this->user()->root_admin;
+        }
+
        return AdminAcl::check($this->key(), $this->resource, $this->permission);
    }

--- a/app/Http/Requests/Api/Application/Roles/DeleteRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/DeleteRoleRequest.php
@ -0,0 +1,32 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class DeleteRoleRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * Determine if the requested role exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $role = $this->route()->parameter('role');
+
+        return $role instanceof AdminRole && $role->exists;
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/GetRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/GetRoleRequest.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+
+class GetRoleRequest extends GetRolesRequest
+{
+    /**
+     * Determine if the requested role exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $role = $this->route()->parameter('role');
+
+        return $role instanceof AdminRole && $role->exists;
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/GetRolesRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/GetRolesRequest.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl as Acl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class GetRolesRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = Acl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = Acl::READ;
+}
--- a/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php
@ -0,0 +1,32 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class StoreRoleRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * ?
+     *
+     * @param array|null $rules
+     *
+     * @return array
+     */
+    public function rules(array $rules = null): array
+    {
+        return $rules ?? AdminRole::getRules();
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/UpdateRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/UpdateRoleRequest.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+
+class UpdateRoleRequest extends StoreRoleRequest
+{
+    /**
+     * ?
+     *
+     * @param array|null $rules
+     *
+     * @return array
+     */
+    public function rules(array $rules = null): array
+    {
+        return $rules ?? AdminRole::getRulesForUpdate($this->route()->parameter('role')->id);
+    }
+}