Server API obey's the subuser permissions as well

This commit is contained in:
Dane Everitt 2016-10-20 17:04:58 -04:00
parent 9fd8a087b8
commit dfeed013ba
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 5 additions and 2 deletions

View file

@ -23,6 +23,7 @@
*/
namespace Pterodactyl\Http\Controllers\API\User;
use Auth;
use Log;
use Pterodactyl\Models;
use Illuminate\Http\Request;
@ -79,7 +80,7 @@ class ServerController extends BaseController
],
'allocations' => $allocations,
'sftp' => [
'username' => $server->username
'username' => (Auth::user()->can('view-sftp', $server)) ? $server->username : null
],
'daemon' => [
'token' => ($request->secure()) ? $server->daemonSecret : false,
@ -94,6 +95,8 @@ class ServerController extends BaseController
$node = Models\Node::getByID($server->node);
$client = Models\Node::guzzleRequest($server->node);
Auth::user()->can('power-' . $request->input('action'), $server);
$res = $client->request('PUT', '/server/power', [
'headers' => [
'X-Access-Server' => $server->uuid,

View file

@ -27,7 +27,7 @@ use Auth;
use Pterodactyl\Models\Subuser;
use Illuminate\Database\Eloquent\Model;
use Pterodactyl\Exception\DisplayException;
use Pterodactyl\Exceptions\DisplayException;
class Server extends Model
{