mirror of
https://github.com/pelican-dev/panel.git
synced 2026-05-04 18:00:48 +03:00
Refactor subuser permissions (#1961)
Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com>
This commit is contained in:
Boy132
@@ -4,13 +4,12 @@ namespace App\Http\Controllers\Api\Client;
|
||||
|
||||
use App\Http\Requests\Api\Client\GetServersRequest;
|
||||
use App\Models\Filters\MultiFieldServerFilter;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Models\Subuser;
|
||||
use App\Transformers\Api\Client\ServerTransformer;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Support\Collection;
|
||||
use Spatie\QueryBuilder\AllowedFilter;
|
||||
use Spatie\QueryBuilder\QueryBuilder;
|
||||
|
||||
@@ -81,14 +80,14 @@ class ClientController extends ClientApiController
|
||||
*
|
||||
* Returns all the subuser permissions available on the system.
|
||||
*
|
||||
* @return array{object: string, attributes: array{permissions: Collection}}
|
||||
* @return array{object: string, attributes: array{permissions: string[]}}
|
||||
*/
|
||||
public function permissions(): array
|
||||
{
|
||||
return [
|
||||
'object' => 'system_permissions',
|
||||
'attributes' => [
|
||||
'permissions' => Permission::permissions(),
|
||||
'permissions' => Subuser::allPermissionKeys(),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Controllers\Api\Client\ClientApiController;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\ActivityLog;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Role;
|
||||
use App\Models\Server;
|
||||
use App\Models\User;
|
||||
@@ -29,7 +29,7 @@ class ActivityLogController extends ClientApiController
|
||||
*/
|
||||
public function __invoke(ClientApiRequest $request, Server $server): array
|
||||
{
|
||||
Gate::authorize(Permission::ACTION_ACTIVITY_READ, $server);
|
||||
Gate::authorize(SubuserPermission::ActivityRead, $server);
|
||||
|
||||
$activity = QueryBuilder::for($server->activity())
|
||||
->allowedSorts(['timestamp'])
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
namespace App\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use App\Enums\ServerState;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Facades\Activity;
|
||||
use App\Http\Controllers\Api\Client\ClientApiController;
|
||||
use App\Http\Requests\Api\Client\Servers\Backups\RenameBackupRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Backups\RestoreBackupRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
|
||||
use App\Models\Backup;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Repositories\Daemon\DaemonBackupRepository;
|
||||
use App\Services\Backups\DeleteBackupService;
|
||||
@@ -48,7 +48,7 @@ class BackupController extends ClientApiController
|
||||
*/
|
||||
public function index(Request $request, Server $server): array
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::BackupRead, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
@@ -82,7 +82,7 @@ class BackupController extends ClientApiController
|
||||
// otherwise ignore this status. This gets a little funky since it isn't clear
|
||||
// how best to allow a user to create a backup that is locked without also preventing
|
||||
// them from just filling up a server with backups that can never be deleted?
|
||||
if ($request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
|
||||
if ($request->user()->can(SubuserPermission::BackupDelete, $server)) {
|
||||
$action->setIsLocked((bool) $request->input('is_locked'));
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ class BackupController extends ClientApiController
|
||||
*/
|
||||
public function toggleLock(Request $request, Server $server, Backup $backup): array
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::BackupDelete, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
@@ -136,7 +136,7 @@ class BackupController extends ClientApiController
|
||||
*/
|
||||
public function view(Request $request, Server $server, Backup $backup): array
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::BackupRead, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
@@ -155,7 +155,7 @@ class BackupController extends ClientApiController
|
||||
*/
|
||||
public function delete(Request $request, Server $server, Backup $backup): JsonResponse
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::BackupDelete, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
@@ -181,7 +181,7 @@ class BackupController extends ClientApiController
|
||||
*/
|
||||
public function download(Request $request, Server $server, Backup $backup): JsonResponse
|
||||
{
|
||||
if (!$request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::BackupDownload, $server)) {
|
||||
throw new AuthorizationException();
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Exceptions\Http\HttpForbiddenException;
|
||||
use App\Exceptions\Model\DataValidationException;
|
||||
use App\Exceptions\Service\ServiceLimitExceededException;
|
||||
@@ -9,7 +10,6 @@ use App\Facades\Activity;
|
||||
use App\Http\Controllers\Api\Client\ClientApiController;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Server;
|
||||
use App\Models\Task;
|
||||
@@ -170,7 +170,7 @@ class ScheduleTaskController extends ClientApiController
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
if (!$request->user()->can(Permission::ACTION_SCHEDULE_DELETE, $server)) {
|
||||
if (!$request->user()->can(SubuserPermission::ScheduleDelete, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to perform this action.');
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Exceptions\Model\DataValidationException;
|
||||
use App\Exceptions\Service\Subuser\ServerSubuserExistsException;
|
||||
use App\Exceptions\Service\Subuser\UserIsServerOwnerException;
|
||||
@@ -11,7 +12,6 @@ use App\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest;
|
||||
use App\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Models\Subuser;
|
||||
use App\Models\User;
|
||||
@@ -82,18 +82,17 @@ class SubuserController extends ClientApiController
|
||||
*/
|
||||
public function store(StoreSubuserRequest $request, Server $server): array
|
||||
{
|
||||
$response = $this->creationService->handle(
|
||||
$server,
|
||||
$request->input('email'),
|
||||
$this->getDefaultPermissions($request)
|
||||
);
|
||||
$email = $request->input('email');
|
||||
$permissions = $this->getCleanedPermissions($request);
|
||||
|
||||
$subuser = $this->creationService->handle($server, $email, $permissions);
|
||||
|
||||
Activity::event('server:subuser.create')
|
||||
->subject($response->user)
|
||||
->property(['email' => $request->input('email'), 'permissions' => $this->getDefaultPermissions($request)])
|
||||
->subject($subuser->user)
|
||||
->property(['email' => $email, 'permissions' => $subuser->permissions])
|
||||
->log();
|
||||
|
||||
return $this->fractal->item($response)
|
||||
return $this->fractal->item($subuser)
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->toArray();
|
||||
}
|
||||
@@ -112,7 +111,7 @@ class SubuserController extends ClientApiController
|
||||
/** @var Subuser $subuser */
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
$this->updateService->handle($subuser, $server, $this->getDefaultPermissions($request));
|
||||
$this->updateService->handle($subuser, $server, $this->getCleanedPermissions($request));
|
||||
|
||||
return $this->fractal->item($subuser->refresh())
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
@@ -135,17 +134,19 @@ class SubuserController extends ClientApiController
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default permissions for subusers and parses out any permissions
|
||||
* Returns the "cleaned" permissions for subusers and parses out any permissions
|
||||
* that were passed that do not also exist in the internally tracked list of
|
||||
* permissions.
|
||||
*
|
||||
* @return array<array-key, mixed>
|
||||
* @return string[]
|
||||
*/
|
||||
protected function getDefaultPermissions(Request $request): array
|
||||
protected function getCleanedPermissions(Request $request): array
|
||||
{
|
||||
$allowed = Permission::permissionKeys()->all();
|
||||
$cleaned = array_intersect($request->input('permissions') ?? [], $allowed);
|
||||
|
||||
return array_unique(array_merge($cleaned, [Permission::ACTION_WEBSOCKET_CONNECT]));
|
||||
return collect($request->input('permissions') ?? [])
|
||||
->intersect(Subuser::allPermissionKeys())
|
||||
->push(SubuserPermission::WebsocketConnect->value)
|
||||
->unique()
|
||||
->values()
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Exceptions\Http\HttpForbiddenException;
|
||||
use App\Http\Controllers\Api\Client\ClientApiController;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Services\Nodes\NodeJWTService;
|
||||
use App\Services\Servers\GetUserPermissionsService;
|
||||
@@ -37,7 +37,7 @@ class WebsocketController extends ClientApiController
|
||||
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
||||
if ($user->cannot(SubuserPermission::WebsocketConnect, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
|
||||
}
|
||||
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Remote;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Exceptions\Http\HttpForbiddenException;
|
||||
use App\Facades\Activity;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Models\User;
|
||||
use App\Services\Servers\GetUserPermissionsService;
|
||||
@@ -141,7 +141,7 @@ class SftpAuthenticationController extends Controller
|
||||
if ($user->cannot('update server', $server) && $server->owner_id !== $user->id) {
|
||||
$permissions = $this->permissions->handle($server, $user);
|
||||
|
||||
if (!in_array(Permission::ACTION_FILE_SFTP, $permissions)) {
|
||||
if (!in_array(SubuserPermission::FileSftp->value, $permissions)) {
|
||||
Activity::event('server:sftp.denied')->actor($user)->subject($server)->log();
|
||||
|
||||
throw new HttpForbiddenException('You do not have permission to access SFTP for this server.');
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Backups;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class RenameBackupRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_BACKUP_DELETE;
|
||||
return SubuserPermission::BackupDelete;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Backups;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class RestoreBackupRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_BACKUP_RESTORE;
|
||||
return SubuserPermission::BackupRestore;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Backups;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class StoreBackupRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_BACKUP_CREATE;
|
||||
return SubuserPermission::BackupCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_DATABASE_DELETE;
|
||||
return SubuserPermission::DatabaseDelete;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class GetDatabasesRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_DATABASE_READ;
|
||||
return SubuserPermission::DatabaseRead;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,16 +2,16 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class RotatePasswordRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* Check that the user has permission to rotate the password.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_DATABASE_UPDATE;
|
||||
return SubuserPermission::DatabaseUpdate;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Databases;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Database;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Services\Databases\DatabaseManagementService;
|
||||
use Illuminate\Database\Query\Builder;
|
||||
@@ -14,9 +14,9 @@ use Webmozart\Assert\Assert;
|
||||
|
||||
class StoreDatabaseRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_DATABASE_CREATE;
|
||||
return SubuserPermission::DatabaseCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class ChmodFilesRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_UPDATE;
|
||||
return SubuserPermission::FileUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,17 +2,17 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class CompressFilesRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* Checks that the authenticated user is allowed to create archives for this server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_ARCHIVE;
|
||||
return SubuserPermission::FileArchive;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class CopyFileRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,17 +2,17 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class CreateFolderRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* Checks that the authenticated user is allowed to create files on the server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class DecompressFilesRequest extends ClientApiRequest
|
||||
{
|
||||
@@ -12,9 +12,9 @@ class DecompressFilesRequest extends ClientApiRequest
|
||||
* rely on the archive permission here as it makes more sense to make sure the user can create
|
||||
* additional files rather than make an archive.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_DELETE;
|
||||
return SubuserPermission::FileDelete;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class GetFileContentsRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
@@ -13,9 +13,9 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
|
||||
* validate that the authenticated user has permission to perform this action aganist
|
||||
* the given resource (server).
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_READ_CONTENT;
|
||||
return SubuserPermission::FileReadContent;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class ListFilesRequest extends ClientApiRequest
|
||||
{
|
||||
@@ -11,9 +11,9 @@ class ListFilesRequest extends ClientApiRequest
|
||||
* Check that the user making this request to the API is authorized to list all
|
||||
* the files that exist for a given server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_READ;
|
||||
return SubuserPermission::FileRead;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class PullFileRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class RenameFileRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
@@ -12,9 +12,9 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
|
||||
* The permission the user is required to have in order to perform this
|
||||
* request action.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_UPDATE;
|
||||
return SubuserPermission::FileUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class UploadFileRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Files;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class WriteFileContentRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
@@ -13,9 +13,9 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
|
||||
* validate that the authenticated user has permission to perform this action aganist
|
||||
* the given resource (server).
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_FILE_CREATE;
|
||||
return SubuserPermission::FileCreate;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class DeleteAllocationRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_DELETE;
|
||||
return SubuserPermission::AllocationDelete;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class GetNetworkRequest extends ClientApiRequest
|
||||
{
|
||||
@@ -11,8 +11,8 @@ class GetNetworkRequest extends ClientApiRequest
|
||||
* Check that the user has permission to view the allocations for
|
||||
* this server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_READ;
|
||||
return SubuserPermission::AllocationRead;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class NewAllocationRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_CREATE;
|
||||
return SubuserPermission::AllocationCreate;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,15 +2,15 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Permission;
|
||||
|
||||
class UpdateAllocationRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_UPDATE;
|
||||
return SubuserPermission::AllocationUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class DeleteScheduleRequest extends ViewScheduleRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_DELETE;
|
||||
return SubuserPermission::ScheduleDelete;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
|
||||
class StoreScheduleRequest extends ViewScheduleRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_CREATE;
|
||||
return SubuserPermission::ScheduleCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class StoreTaskRequest extends ViewScheduleRequest
|
||||
{
|
||||
@@ -11,9 +11,9 @@ class StoreTaskRequest extends ViewScheduleRequest
|
||||
* check if they can modify a schedule to determine if they're able to do this. There
|
||||
* are no task specific permissions.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_UPDATE;
|
||||
return SubuserPermission::ScheduleUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class TriggerScheduleRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_UPDATE;
|
||||
return SubuserPermission::ScheduleUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class UpdateScheduleRequest extends StoreScheduleRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_UPDATE;
|
||||
return SubuserPermission::ScheduleUpdate;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Schedules;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Server;
|
||||
use App\Models\Task;
|
||||
@@ -36,8 +36,8 @@ class ViewScheduleRequest extends ClientApiRequest
|
||||
return true;
|
||||
}
|
||||
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SCHEDULE_READ;
|
||||
return SubuserPermission::ScheduleRead;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,17 +2,17 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class SendCommandRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the API user has permission to perform this action.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_CONTROL_CONSOLE;
|
||||
return SubuserPermission::ControlConsole;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,28 +2,28 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class SendPowerRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user has permission to send a power command to a server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
switch ($this->input('signal')) {
|
||||
case 'start':
|
||||
return Permission::ACTION_CONTROL_START;
|
||||
return SubuserPermission::ControlStart;
|
||||
case 'stop':
|
||||
case 'kill':
|
||||
return Permission::ACTION_CONTROL_STOP;
|
||||
return SubuserPermission::ControlStop;
|
||||
case 'restart':
|
||||
return Permission::ACTION_CONTROL_RESTART;
|
||||
return SubuserPermission::ControlRestart;
|
||||
}
|
||||
|
||||
// Fallback for invalid signals
|
||||
return Permission::ACTION_WEBSOCKET_CONNECT;
|
||||
return SubuserPermission::WebsocketConnect;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Settings;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class DescriptionServerRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
@@ -13,9 +13,9 @@ class DescriptionServerRequest extends ClientApiRequest implements ClientPermiss
|
||||
* validate that the authenticated user has permission to perform this action against
|
||||
* the given resource (server).
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SETTINGS_DESCRIPTION;
|
||||
return SubuserPermission::SettingsDescription;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Settings;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class ReinstallServerRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SETTINGS_REINSTALL;
|
||||
return SubuserPermission::SettingsReinstall;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Settings;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
|
||||
class RenameServerRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
@@ -14,9 +14,9 @@ class RenameServerRequest extends ClientApiRequest implements ClientPermissionsR
|
||||
* validate that the authenticated user has permission to perform this action against
|
||||
* the given resource (server).
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_SETTINGS_RENAME;
|
||||
return SubuserPermission::SettingsRename;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -3,17 +3,17 @@
|
||||
namespace App\Http\Requests\Api\Client\Servers\Settings;
|
||||
|
||||
use App\Contracts\Http\ClientPermissionsRequest;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use Illuminate\Validation\Rule;
|
||||
use Webmozart\Assert\Assert;
|
||||
|
||||
class SetDockerImageRequest extends ClientApiRequest implements ClientPermissionsRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_STARTUP_DOCKER_IMAGE;
|
||||
return SubuserPermission::StartupDockerImage;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Startup;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class GetStartupRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_STARTUP_READ;
|
||||
return SubuserPermission::StartupRead;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Startup;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use App\Models\Permission;
|
||||
|
||||
class UpdateStartupVariableRequest extends ClientApiRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_STARTUP_UPDATE;
|
||||
return SubuserPermission::StartupUpdate;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Subusers;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class DeleteSubuserRequest extends SubuserRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_USER_DELETE;
|
||||
return SubuserPermission::UserDelete;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,15 +2,15 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Subusers;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class GetSubuserRequest extends SubuserRequest
|
||||
{
|
||||
/**
|
||||
* Confirm that a user is able to view subusers for the specified server.
|
||||
*/
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_USER_READ;
|
||||
return SubuserPermission::UserRead;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Subusers;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class StoreSubuserRequest extends SubuserRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_USER_CREATE;
|
||||
return SubuserPermission::UserCreate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
namespace App\Http\Requests\Api\Client\Servers\Subusers;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
|
||||
class UpdateSubuserRequest extends SubuserRequest
|
||||
{
|
||||
public function permission(): string
|
||||
public function permission(): SubuserPermission
|
||||
{
|
||||
return Permission::ACTION_USER_UPDATE;
|
||||
return SubuserPermission::UserUpdate;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
|
||||
Reference in New Issue
Block a user