mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 17:56:55 +02:00 
			
		
		
		
	Update middleware to handle wildcards correctly.
This commit is contained in:
		
							parent
							
								
									0f4648b13a
								
							
						
					
					
						commit
						b1a9a59707
					
				| @ -93,13 +93,18 @@ class APISecretToken extends Authorization | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             $permission = APIPermission::where('key_id', $key->id) | ||||
|                             ->where('permission', $request->route()->getName()) | ||||
|                             ->orWhere('permission', '*') | ||||
|                             ->first(); | ||||
|             if (!$permission) { | ||||
|                 APILogService::log($request, 'You do not have permission to access this resource.'); | ||||
|                 throw new AccessDeniedHttpException('You do not have permission to access this resource.'); | ||||
|             $permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName()); | ||||
| 
 | ||||
|             // Suport Wildcards
 | ||||
|             if (starts_with($request->route()->getName(), 'api.user')) { | ||||
|                 $permission->orWhere('permission', 'api.user.*'); | ||||
|             } else if(starts_with($request->route()->getName(), 'api.admin')) { | ||||
|                 $permission->orWhere('permission', 'api.admin.*'); | ||||
|             } | ||||
| 
 | ||||
|             if (!$permission->first()) { | ||||
|                 APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.'); | ||||
|                 throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.'); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Dane Everitt
						Dane Everitt