fix(api/client): add validation for backup request body (#4704)
This commit is contained in:
parent
aea5c474db
commit
b746c3ead1
2 changed files with 21 additions and 5 deletions
|
@ -18,6 +18,7 @@ use Pterodactyl\Transformers\Api\Client\BackupTransformer;
|
|||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\RestoreBackupRequest;
|
||||
|
||||
class BackupController extends ClientApiController
|
||||
{
|
||||
|
@ -188,12 +189,8 @@ class BackupController extends ClientApiController
|
|||
*
|
||||
* @throws \Throwable
|
||||
*/
|
||||
public function restore(Request $request, Server $server, Backup $backup): JsonResponse
|
||||
public function restore(RestoreBackupRequest $request, Server $server, Backup $backup): JsonResponse
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_RESTORE, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
// Cannot restore a backup unless a server is fully installed and not currently
|
||||
// processing a different backup restoration request.
|
||||
if (!is_null($server->status)) {
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class RestoreBackupRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
{
|
||||
return Permission::ACTION_BACKUP_RESTORE;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return ['truncate' => 'required|boolean'];
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue