banquise/pelican-panel-mirror
3
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-05-19 22:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
pelican-panel-mirror/app/Services/Servers/GetUserPermissionsService.php
Boy132 03eaddb126
Fix server access for admins without subuser (#919) 
* fix server access for admins without subuser

* add permission checks to power buttons

* add permission check for console command sending

* fix tests

* fix websocket token permissions

* fix sftp access

* fix server api + small cleanup

* it's "update", not "edit"...

* fix tests

* fix permission const for "activity read"

* fix activity subuser permission
2025-01-17 23:04:22 +01:00

37 lines
1.1 KiB
PHP
Raw Blame History

<?php
namespace App\Services\Servers;
use App\Models\User;
use App\Models\Server;
class GetUserPermissionsService
{
/**
* Returns the server specific permissions that a user has. This checks
* if they are an admin, the owner or a subuser for the server. If no
* permissions are found, an empty array is returned.
*/
public function handle(Server $server, User $user): array
{
if ($user->isAdmin() && ($user->can('view server', $server) || $user->can('update server', $server))) {
$permissions = $user->can('update server', $server) ? ['*'] : ['websocket.connect', 'backup.read'];
$permissions[] = 'admin.websocket.errors';
$permissions[] = 'admin.websocket.install';
$permissions[] = 'admin.websocket.transfer';
return $permissions;
}
if ($user->id === $server->owner_id) {
return ['*'];
}
/** @var \App\Models\Subuser|null $subuserPermissions */
$subuserPermissions = $server->subusers()->where('user_id', $user->id)->first();
return $subuserPermissions ? $subuserPermissions->permissions : [];
}
}
Reference in New Issue View Git Blame Copy Permalink