resource)) { throw new PterodactylException('An ACL resource must be defined on API requests.'); } return Acl::check($this->key(), $this->resource, $this->permission); } /** * Determine if the requested resource exists on the server. * * @return bool */ public function resourceExists(): bool { return true; } /** * Default set of rules to apply to API requests. * * @return array */ public function rules(): array { return []; } /** * Return the API key being used for the request. * * @return \Pterodactyl\Models\APIKey */ public function key(): APIKey { return $this->attributes->get('api_key'); } /** * Determine if the request passes the authorization check as well * as the exists check. * * @return bool * * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException */ protected function passesAuthorization() { $passes = parent::passesAuthorization(); // Only let the user know that a resource does not exist if they are // authenticated to access the endpoint. This avoids exposing that // an item exists (or does not exist) to the user until they can prove // that they have permission to know about it. if ($passes && ! $this->resourceExists()) { throw new NotFoundHttpException('The requested resource does not exist on this server.'); } return $passes; } }