Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix display of navbar links to admins, closes #1920

Browse source
This commit is contained in:
Dane Everitt 2020-04-17 10:21:15 -07:00
parent 4193c5f664
commit e969344f3b
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
8 changed files with 67 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app/Http/Controllers/Api/Client/Servers/ServerController.php
View file

@ -5,7 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Repositories\Eloquent\SubuserRepository; use Pterodactyl\Repositories\Eloquent\SubuserRepository;
use Pterodactyl\Transformers\Api\Client\ServerTransformer; use Pterodactyl\Transformers\Api\Client\ServerTransformer;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException; use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest;
@ -16,16 +16,23 @@ class ServerController extends ClientApiController
*/ */
private $repository; private $repository;
/**
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
*/
private $permissionsService;
/** /**
* ServerController constructor. * ServerController constructor.
* *
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
* @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository * @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
*/ */
public function __construct(SubuserRepository $repository) public function __construct(GetUserPermissionsService $permissionsService, SubuserRepository $repository)
{ {
parent::__construct(); parent::__construct();
$this->repository = $repository; $this->repository = $repository;
$this->permissionsService = $permissionsService;
} }
/** /**
@ -38,20 +45,11 @@ class ServerController extends ClientApiController
*/ */
public function index(GetServerRequest $request, Server $server): array public function index(GetServerRequest $request, Server $server): array
{ {
try {
$permissions = $this->repository->findFirstWhere([
'server_id' => $server->id,
'user_id' => $request->user()->id,
])->permissions;
} catch (RecordNotFoundException $exception) {
$permissions = [];
}
return $this->fractal->item($server) return $this->fractal->item($server)
->transformWith($this->getTransformer(ServerTransformer::class)) ->transformWith($this->getTransformer(ServerTransformer::class))
->addMeta([ ->addMeta([
'is_server_owner' => $request->user()->id === $server->owner_id, 'is_server_owner' => $request->user()->id === $server->owner_id,
'user_permissions' => $permissions, 'user_permissions' => $this->permissionsService->handle($server, $request->user()),
]) ])
->toArray(); ->toArray();
} }

2
app/Http/Controllers/Api/Client/Servers/SubuserController.php
View file

@ -123,6 +123,6 @@ class SubuserController extends ClientApiController
*/ */
protected function getDefaultPermissions(Request $request): array protected function getDefaultPermissions(Request $request): array
{ {
return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.*'])); return array_unique(array_merge($request->input('permissions') ?? [], ['websocket.connect']));
} }
} }

36
app/Http/Controllers/Api/Client/Servers/WebsocketController.php
View file

@ -5,13 +5,13 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
use Illuminate\Contracts\Cache\Repository; use Illuminate\Contracts\Cache\Repository;
use Pterodactyl\Services\Nodes\NodeJWTService; use Pterodactyl\Services\Nodes\NodeJWTService;
use Symfony\Component\HttpKernel\Exception\HttpException; use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
class WebsocketController extends ClientApiController class WebsocketController extends ClientApiController
@ -26,18 +26,28 @@ class WebsocketController extends ClientApiController
*/ */
private $jwtService; private $jwtService;
/**
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
*/
private $permissionsService;
/** /**
* WebsocketController constructor. * WebsocketController constructor.
* *
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService * @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
* @param \Illuminate\Contracts\Cache\Repository $cache * @param \Illuminate\Contracts\Cache\Repository $cache
*/ */
public function __construct(NodeJWTService $jwtService, Repository $cache) public function __construct(
{ NodeJWTService $jwtService,
GetUserPermissionsService $permissionsService,
Repository $cache
) {
parent::__construct(); parent::__construct();
$this->cache = $cache; $this->cache = $cache;
$this->jwtService = $jwtService; $this->jwtService = $jwtService;
$this->permissionsService = $permissionsService;
} }
/** /**
@ -53,32 +63,16 @@ class WebsocketController extends ClientApiController
public function __invoke(ClientApiRequest $request, Server $server) public function __invoke(ClientApiRequest $request, Server $server)
{ {
$user = $request->user(); $user = $request->user();
if ($user->cannot(Permission::ACTION_WEBSOCKET, $server)) { if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.'); throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.');
} }
if ($user->root_admin || $user->id === $server->owner_id) {
$permissions = ['*'];
if ($user->root_admin) {
$permissions[] = 'admin.errors';
$permissions[] = 'admin.install';
}
} else {
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
$subuserPermissions = $server->subusers->first(function (Subuser $subuser) use ($user) {
return $subuser->user_id === $user->id;
});
$permissions = $subuserPermissions ? $subuserPermissions->permissions : [];
}
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([ ->setClaims([
'user_id' => $request->user()->id, 'user_id' => $request->user()->id,
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,
'permissions' => $permissions ?? [], 'permissions' => $this->permissionsService->handle($server, $user),
]) ])
->handle($server->node, $user->id . $server->uuid); ->handle($server->node, $user->id . $server->uuid);

4
app/Models/Permission.php
View file

@ -15,7 +15,7 @@ class Permission extends Model
/** /**
* Constants defining different permissions available. * Constants defining different permissions available.
*/ */
const ACTION_WEBSOCKET = 'websocket.*'; const ACTION_WEBSOCKET_CONNECT = 'websocket.connect';
const ACTION_CONTROL_CONSOLE = 'control.console'; const ACTION_CONTROL_CONSOLE = 'control.console';
const ACTION_CONTROL_START = 'control.start'; const ACTION_CONTROL_START = 'control.start';
const ACTION_CONTROL_STOP = 'control.stop'; const ACTION_CONTROL_STOP = 'control.stop';
@ -105,7 +105,7 @@ class Permission extends Model
'websocket' => [ 'websocket' => [
'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.', 'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',
'keys' => [ 'keys' => [
'*' => 'Gives user full read access to the websocket.', 'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',
], ],
], ],

37
app/Services/Servers/GetUserPermissionsService.php Normal file
View file

@ -0,0 +1,37 @@
<?php
namespace Pterodactyl\Services\Servers;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
class GetUserPermissionsService
{
/**
* Returns the server specific permissions that a user has. This checks
* if they are an admin or a subuser for the server. If no permissions are
* found, an empty array is returned.
*
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\User $user
* @return string[]
*/
public function handle(Server $server, User $user)
{
if ($user->root_admin || $user->id === $server->owner_id) {
$permissions = ['*'];
if ($user->root_admin) {
$permissions[] = 'admin.websocket.errors';
$permissions[] = 'admin.websocket.install';
}
return $permissions;
}
/** @var \Pterodactyl\Models\Subuser|null $subuserPermissions */
$subuserPermissions = $server->subusers->where('user_id', $user->id)->first();
return $subuserPermissions ? $subuserPermissions->permissions : [];
}
}

2
resources/scripts/components/server/users/UserRow.tsx
View file

@ -47,7 +47,7 @@ export default ({ subuser }: Props) => {
</div> </div>
<div className={'ml-4'}> <div className={'ml-4'}>
<p className={'font-medium text-center'}> <p className={'font-medium text-center'}>
{subuser.permissions.filter(permission => permission !== 'websocket.*').length} {subuser.permissions.filter(permission => permission !== 'websocket.connect').length}
</p> </p>
<p className={'text-2xs text-neutral-500 uppercase'}>Permissions</p> <p className={'text-2xs text-neutral-500 uppercase'}>Permissions</p>
</div> </div>

1
resources/scripts/plugins/usePermissions.ts
View file

@ -15,7 +15,6 @@ export const usePermissions = (action: string | string[]): boolean[] => {
// will return if the user has any permission under the file.XYZ namespace. // will return if the user has any permission under the file.XYZ namespace.
( (
permission.endsWith('.*') && permission.endsWith('.*') &&
permission !== 'websocket.*' &&
userPermissions.filter(p => p.startsWith(permission.split('.')[0])).length > 0 userPermissions.filter(p => p.startsWith(permission.split('.')[0])).length > 0
) || ) ||
// Otherwise just check if the entire permission exists in the array or not. // Otherwise just check if the entire permission exists in the array or not.

2
resources/scripts/state/server/subusers.ts
View file

@ -1,7 +1,7 @@
import { action, Action } from 'easy-peasy'; import { action, Action } from 'easy-peasy';
export type SubuserPermission = export type SubuserPermission =
'websocket.*' | 'websocket.connect' |
'control.console' | 'control.start' | 'control.stop' | 'control.restart' | 'control.console' | 'control.start' | 'control.stop' | 'control.restart' |
'user.create' | 'user.read' | 'user.update' | 'user.delete' | 'user.create' | 'user.read' | 'user.update' | 'user.delete' |
'file.create' | 'file.read' | 'file.update' | 'file.delete' | 'file.archive' | 'file.sftp' | 'file.create' | 'file.read' | 'file.update' | 'file.delete' | 'file.archive' | 'file.sftp' |