Server API obey's the subuser permissions as well
This commit is contained in:
parent
9fd8a087b8
commit
dfeed013ba
2 changed files with 5 additions and 2 deletions
|
@ -23,6 +23,7 @@
|
|||
*/
|
||||
namespace Pterodactyl\Http\Controllers\API\User;
|
||||
|
||||
use Auth;
|
||||
use Log;
|
||||
use Pterodactyl\Models;
|
||||
use Illuminate\Http\Request;
|
||||
|
@ -79,7 +80,7 @@ class ServerController extends BaseController
|
|||
],
|
||||
'allocations' => $allocations,
|
||||
'sftp' => [
|
||||
'username' => $server->username
|
||||
'username' => (Auth::user()->can('view-sftp', $server)) ? $server->username : null
|
||||
],
|
||||
'daemon' => [
|
||||
'token' => ($request->secure()) ? $server->daemonSecret : false,
|
||||
|
@ -94,6 +95,8 @@ class ServerController extends BaseController
|
|||
$node = Models\Node::getByID($server->node);
|
||||
$client = Models\Node::guzzleRequest($server->node);
|
||||
|
||||
Auth::user()->can('power-' . $request->input('action'), $server);
|
||||
|
||||
$res = $client->request('PUT', '/server/power', [
|
||||
'headers' => [
|
||||
'X-Access-Server' => $server->uuid,
|
||||
|
|
|
@ -27,7 +27,7 @@ use Auth;
|
|||
use Pterodactyl\Models\Subuser;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
use Pterodactyl\Exception\DisplayException;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
|
||||
class Server extends Model
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue