Commit graph

1341 commits

Author SHA1 Message Date
Dane Everitt
463f465dea
Block viewing node allocations and location unless user has permission
Blocks viewing the allocation list and location for a node unless a
user has permission to view the node in the first place.
2017-04-08 12:07:17 -04:00
Dane Everitt
4479d3bf19
Improved logic for handling permissions on API routes.
Still only partially implemented, however this method will allow the
inclusion of data that is granted with servers (such as viewing more
about the node, node location, allocations, etc) while still limiting
someone from doing `?include=node.servers` and listing all servers when
they don’t have list-servers as a permission.
2017-04-08 12:05:29 -04:00
Dane Everitt
db4df2bfa1
Push basis of new API key policy
Will need to revisit this another day when I’m fresh to figure out the
best method to do this.
2017-04-07 21:25:17 -04:00
Dane Everitt
51204b8d9d
Add all of the potential transformers that might be needed for now. 2017-04-07 20:28:58 -04:00
Dane Everitt
faa437b77b Use the current_password not password field when verifying passwords. 2017-04-04 12:14:24 -04:00
Dane Everitt
65630bdcce
Move API to use JSON:API standards and fractal serializer
Makes the data slightly more complex, but forces a standard and can
always be changed down the road simply by changing the default
serializer.
2017-04-02 16:51:56 -04:00
Dane Everitt
c071efd008
Finish API routes for users. 2017-04-02 15:52:53 -04:00
Dane Everitt
97773300ed
Better middleware for routes, cleaned up API, removed old API calls
New API routes for Server allow specifying which fractal objects to
load into the request, thus making it possible to fine-tune what data
is returned.
2017-04-02 13:19:39 -04:00
Dane Everitt
93dc52bbc4
Fix broken status route spamming logs. 2017-04-02 11:06:44 -04:00
Dane Everitt
ddb82ac3ca
Add initial user server transformer for API. 2017-04-02 00:49:53 -04:00
Dane Everitt
87530cdc01
Initial moves to new API scheme.
Implements a better middleware for handling API authentication, as well
as cleaner route handling.
2017-04-02 00:11:52 -04:00
Dane Everitt
55bf26e518
Fix broken status route spamming logs. 2017-04-01 22:52:27 -04:00
Dane Everitt
e5f3678c62
Fix login routes 2017-04-01 21:18:56 -04:00
Dane Everitt
5927e0e12a
Merge remote-tracking branch 'origin/develop' into develop
# Conflicts:
#	app/Http/Controllers/Base/LanguageController.php
#	app/Http/Kernel.php
#	app/Http/Middleware/TrimStrings.php
#	app/Providers/RouteServiceProvider.php
2017-04-01 21:03:10 -04:00
Dane Everitt
d80c59aad3
Cleanup routing mechanisms 2017-04-01 21:01:10 -04:00
Dane Everitt
9c303456fb Update codebase to L5.4 (#367) 2017-04-01 17:59:43 -04:00
Dane Everitt
0a95d97d7f
Better support for redis as a backend 2017-04-01 16:31:18 -04:00
Dane Everitt
cbeecfe5e4
Implement front-end server searching 🍬 2017-04-01 13:14:49 -04:00
Dane Everitt
27d472195f
Misc. bug fixes 2017-04-01 12:29:56 -04:00
Dane Everitt
844ebfaf64
Add support for starting server on creation. 2017-04-01 12:29:49 -04:00
Dane Everitt
482bf4804d
Catch potential undefined result. 2017-03-31 23:37:46 -04:00
Dane Everitt
edaa270a33
Add server descriptions, closes #338 🐖
🐷 https://s3.kelp.in/D0n2Z.png
2017-03-31 23:07:19 -04:00
Dane Everitt
660cdca940
Hide random whitespace if there is only a single page 2017-03-31 22:14:56 -04:00
Dane Everitt
536865b22a
Remove deletion queue for servers. Just immediately delete. 2017-03-31 22:12:31 -04:00
Dane Everitt
2dec659dd1
Fix syntax error. 2017-03-31 21:47:53 -04:00
Dane Everitt
75119611b9
Update API settings page to display checkboxes correctly. 2017-03-31 21:46:40 -04:00
Dane Everitt
c7d4c3aa76
Send default response 2017-03-31 21:16:00 -04:00
Dane Everitt
ff57e2ff85
Cleanup recaptcha middleware 2017-03-31 21:12:49 -04:00
Dane Everitt
451dd7ebc8 Apply fixes from StyleCI (#364) 2017-03-31 20:48:35 -04:00
Jakob Schrettenbrunner
fe6a19096f update CHANGELOG 2017-04-01 02:04:51 +02:00
Jakob Schrettenbrunner
e613e44749 fix #363 2017-04-01 01:58:05 +02:00
Jakob Schrettenbrunner
0ee80b1fec fix captcha middleware using wrong function when disabled 2017-04-01 01:54:42 +02:00
Dane Everitt
fa04bb1aea Delete .githold 2017-03-31 16:43:49 -04:00
Dane Everitt
14946eea31 closes #336 2017-03-31 16:42:12 -04:00
Jakob Schrettenbrunner
ac2e29e4a1 show users server where he is a subuser
fixes #209
2017-03-31 13:54:20 +02:00
Jakob Schrettenbrunner
ec0b55bcfe fix missing path for Permission model in SubuserRepository 2017-03-31 12:50:58 +02:00
Jakob Schrettenbrunner
a51cf1ff47 remove ReCaptcha from views if it is disabled 2017-03-31 12:26:57 +02:00
Jakob Schrettenbrunner
207e0131fc Merge branch 'develop' of github.com:Pterodactyl/Panel into improve-password-reset 2017-03-31 12:20:41 +02:00
Jakob Schrettenbrunner
142cbb0641 Add invisible ReCAPTCHA to login and password reset 2017-03-31 12:19:44 +02:00
Dane Everitt
1f0e95790a
🔒 Don't disclose if account exists when resetting passwords, closes #358 2017-03-30 17:44:20 -04:00
Dane Everitt
9106971565
closes #362 2017-03-30 16:30:22 -04:00
Dane Everitt
da003efb03
Fixes issue with DOCTYPE being discarded on JS injected views 2017-03-30 16:23:25 -04:00
Dane Everitt
b165f04b78
Fix up file display in sidebar as well as socket.io warnings, closes #357 2017-03-30 16:20:51 -04:00
Dane Everitt
95c739a3f3
Update subusers view 2017-03-30 15:31:02 -04:00
Jakob Schrettenbrunner
f2f834af49 update gitignore to ignore docker files 2017-03-28 00:13:24 +02:00
Dane Everitt
769b723913 Merge pull request #354 from Pterodactyl/analysis-zeLNpe
Apply fixes from StyleCI
2017-03-19 19:52:20 -04:00
Dane Everitt
f0057353ad Apply fixes from StyleCI 2017-03-19 23:52:11 +00:00
Dane Everitt
c98d1dda26
Store sami configuration for others to use. 2017-03-19 19:51:26 -04:00
Dane Everitt
0312c974f5
Update doc blocks for all app/ 2017-03-19 19:36:50 -04:00
Dane Everitt
5e27772fef
Very rough go at getting API back into operational state.
Not spending a lot of time on this as its a pre-release and I have
plans to overhaul the API to actually work and be easy to maintain.
2017-03-19 13:20:33 -04:00