misc_pterodactyl-panel/app/Http/Controllers/Api/Client
Dane Everitt f0ac0725b6
[Security] Don't return all servers on the system when not a root admin and admin level servers are requested
Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug.

If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely.
2020-07-26 10:43:46 -07:00
..
Servers Always return the status code from the daemon if possible 2020-07-18 10:23:28 -07:00
AccountController.php Add integration test covering account endpoint 2020-06-25 22:12:09 -07:00
ApiKeyController.php Add test coverage for API key generation and deletion 2020-06-25 22:36:58 -07:00
ClientApiController.php [Breaking] Return server allocations automatically as a relation object 2020-07-09 19:17:24 -07:00
ClientController.php [Security] Don't return all servers on the system when not a root admin and admin level servers are requested 2020-07-26 10:43:46 -07:00
TwoFactorController.php Generate recovery tokens when enabling 2FA on an account 2020-07-02 21:55:25 -07:00