From baeffef24be620c0d1fe5096407a4a93b84e722f Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 24 Feb 2018 12:15:21 -0600 Subject: [PATCH] Fix bad permissions check on server API route --- CHANGELOG.md | 1 + .../Application/Servers/ServerController.php | 5 +++-- .../Application/Servers/GetServerRequest.php | 19 +++++++++++++++++++ .../Application/Servers/GetServersRequest.php | 15 +-------------- 4 files changed, 24 insertions(+), 16 deletions(-) create mode 100644 app/Http/Requests/Api/Application/Servers/GetServerRequest.php diff --git a/CHANGELOG.md b/CHANGELOG.md index 68a3a6f9d..44d320e82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * Fixes an exception thrown when trying to access the `/nests/:id/eggs/:id` API endpoint. * Fixes search on server listing page. * Schedules with no names are now clickable to allow editing. +* Fixes broken permissions check that would deny access to API keys that did in fact have permission. ### Added * Adds ability to include egg variables on an API request. diff --git a/app/Http/Controllers/Api/Application/Servers/ServerController.php b/app/Http/Controllers/Api/Application/Servers/ServerController.php index f869393af..1ef1e0b62 100644 --- a/app/Http/Controllers/Api/Application/Servers/ServerController.php +++ b/app/Http/Controllers/Api/Application/Servers/ServerController.php @@ -9,6 +9,7 @@ use Pterodactyl\Services\Servers\ServerCreationService; use Pterodactyl\Services\Servers\ServerDeletionService; use Pterodactyl\Contracts\Repository\ServerRepositoryInterface; use Pterodactyl\Transformers\Api\Application\ServerTransformer; +use Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest; use Pterodactyl\Http\Requests\Api\Application\Servers\GetServersRequest; use Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest; use Pterodactyl\Http\Requests\Api\Application\Servers\StoreServerRequest; @@ -91,10 +92,10 @@ class ServerController extends ApplicationApiController /** * Show a single server transformed for the application API. * - * @param \Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest $request + * @param \Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest $request * @return array */ - public function view(ServerWriteRequest $request): array + public function view(GetServerRequest $request): array { return $this->fractal->item($request->getModel(Server::class)) ->transformWith($this->getTransformer(ServerTransformer::class)) diff --git a/app/Http/Requests/Api/Application/Servers/GetServerRequest.php b/app/Http/Requests/Api/Application/Servers/GetServerRequest.php new file mode 100644 index 000000000..82d12687c --- /dev/null +++ b/app/Http/Requests/Api/Application/Servers/GetServerRequest.php @@ -0,0 +1,19 @@ +