Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bad permissions check on server API route

Browse source
This commit is contained in:
Dane Everitt 2018-02-24 12:15:21 -06:00
parent 807521b97c
commit baeffef24b
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 24 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -8,6 +8,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Fixes an exception thrown when trying to access the `/nests/:id/eggs/:id` API endpoint.
* Fixes search on server listing page.
* Schedules with no names are now clickable to allow editing.
* Fixes broken permissions check that would deny access to API keys that did in fact have permission.
### Added
* Adds ability to include egg variables on an API request.

5
app/Http/Controllers/Api/Application/Servers/ServerController.php
View file

@ -9,6 +9,7 @@ use Pterodactyl\Services\Servers\ServerCreationService;
use Pterodactyl\Services\Servers\ServerDeletionService;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
use Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest;
use Pterodactyl\Http\Requests\Api\Application\Servers\GetServersRequest;
use Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest;
use Pterodactyl\Http\Requests\Api\Application\Servers\StoreServerRequest;
@ -91,10 +92,10 @@ class ServerController extends ApplicationApiController
/**
* Show a single server transformed for the application API.
*
* @param \Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest $request
* @param \Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest $request
* @return array
*/
public function view(ServerWriteRequest $request): array
public function view(GetServerRequest $request): array
{
return $this->fractal->item($request->getModel(Server::class))
->transformWith($this->getTransformer(ServerTransformer::class))

19
app/Http/Requests/Api/Application/Servers/GetServerRequest.php Normal file
View file

@ -0,0 +1,19 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
class GetServerRequest extends ApplicationApiRequest
{
/**
* @var string
*/
protected $resource = AdminAcl::RESOURCE_SERVERS;
/**
* @var int
*/
protected $permission = AdminAcl::READ;
}

15
app/Http/Requests/Api/Application/Servers/GetServersRequest.php
View file

@ -2,21 +2,8 @@
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
class GetServersRequest extends ApplicationApiRequest
class GetServersRequest extends GetServerRequest
{
/**
* @var string
*/
protected $resource = AdminAcl::RESOURCE_SERVERS;
/**
* @var int
*/
protected $permission = AdminAcl::READ;
/**
* @return array
*/