Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update middleware to handle wildcards correctly.

Browse source
This commit is contained in:
Dane Everitt 2016-10-20 18:35:55 -04:00
parent 0f4648b13a
commit b1a9a59707
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app/Http/Middleware/APISecretToken.php
View file

@ -93,13 +93,18 @@ class APISecretToken extends Authorization
}
}
$permission = APIPermission::where('key_id', $key->id)
->where('permission', $request->route()->getName())
->orWhere('permission', '*')
->first();
if (!$permission) {
APILogService::log($request, 'You do not have permission to access this resource.');
throw new AccessDeniedHttpException('You do not have permission to access this resource.');
$permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
// Suport Wildcards
if (starts_with($request->route()->getName(), 'api.user')) {
$permission->orWhere('permission', 'api.user.*');
} else if(starts_with($request->route()->getName(), 'api.admin')) {
$permission->orWhere('permission', 'api.admin.*');
}
if (!$permission->first()) {
APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
}
}