mirror of
https://github.com/pelican-dev/panel.git
synced 2025-05-19 22:14:45 +02:00
fea1c51337
* Add new panel * Add some basic resource pages * Wip * Wip terminal * Wip * Add new panel * Add some basic resource pages * Wip * [Sub-Users] Add Invite TODO: The logic with permissions * [Sub-Users] Fix Creation * [Cron] Add basics * Add basic auth and messages * Add basic buttons * WIP on issue/353 * WIP on issue/353 * Add Database page * Update Database Page * Start of Backup Page * Composer Update * Changes * Send input * Remove this includes * Better offline handling * Consolidate top nav config * Update Backups Page * Update Backups * Change name * Add Assign All, Layout Fixes. * conflict * update schedule pages * fix phpstan * update pint.json * add cron presets to schedule * fix tests * fix task creation * schedules: disable task creation if limit is reached & disable backup action if backup limit is 0 * update activity pages * update resources * Update Edit User TODO: actually save permissions when they're changed. TODO: Figure out why Control does not update it's state... but the rest do... * .... Sure it works. TODO: Update permissions when you save editing a sub user. * user: update canAccessPanel & canAccessTenant * add helper to convert bytes into readable format * very basic file explorer * files: fix some stuff & remove dummy data * files: better error handling * files: basic file editor * files: add some actions * File manager updates * files: fix paths * Revery Composer Upgrade, Fixes SQLite * fix: Pint (#517) feat: MenuItems to and from admin * Update File Editing Updated File Editing to its own page, Added Permission checks for file manager. Co-authored-by: Boy132 <Boy132@users.noreply.github.com> * add enum for editor langs * files: add upload & pull actions * fix build * files: handle images * Update to Filament v3.2.98 * files: add remaining actions * use `authorize` instead of `hidden` * fix canAccessTenant * update date columns * files: testing & fixes * Fix File Names Co-authored-by: lancepioch <git@lance.sh> * Combine Pull/Upload * Fix BulkDelete * Uncontained tabs * Hide Lang Selection, Move Actions * Update Monaco, more custom * Add livewire config livewire limits uploads to 12MB... who knows why... Fixed uploading a single files failing * files: fix record url * basic setup for settings & startup page * make abstract class for simple app pages * Basic Startup Page * Update nav sort * small cleanup * startup: fix shouldHideComponent & getSelectOptionsFromRules * startup: fix non editable fields & set default value * startup: add todo for save button * Save Variables after update & off click Variables update when the user clicks off the input. * Notifications are cool * Add rule validation * Sort variables by sortid * pint * Settings Page + Startup Changes * settings: cleanup * refactor: use server model for ServerFormPage (formerly known as SimplePage) * Use Repeater for variables * Add Network, Remove breadcrumbs * Add paginated to file explorer * Fix updating variables * Add link to go to new client area * fix after merge * Add graphs to console page Graphs still need to get the data from the web socket. * fix pint & phpstan * fix authorizeAccess for EditFiles and Startup page * Fix rules on startup page * Update console size * Fix node name * add "global search" to files list requires https://github.com/pelican-dev/wings/pull/44 * remove debug dummy data * update view action on ListServers * enable SPA mode for app panel * remove colors from app panel they are defined globally in AppServiceProvider * update global search ui a bit (to be replaced with a custom page that is similar to the list files table) * add own page for global search untested - and route needs cleanup (if possible) * fix File getRows * remove "path" from SearchFiles (for now) * fix caching for searched files * add title and breadcrumbs to global search page * make cpu & memory charts on console page working * fix phpstan * add missing import * cleanup console views & widgets * add overview stats to console * don't be so lazy, console! * make history working * decode data to get array * add missing On * fix json_decode * change polling to 1 sec * hide "0" cpu/ memory * add data to network chart * Remove data labels * fix data on network chart * fix data on network chart (2nd try) * WIP Network Stats * Remove test * Change MaxWidth * run pint * fix phpstan * Fix storeStats cast * make $data a string this time for real * update visible check for "admin" menu item * remove account widget * rebrand "Dashboard" to "Server List" WIP - doesn't look good but is somewhat working * fix canAccessPanel * separate server list into own panel * change path to avoid conflicts with old client area (and remove sidebar width) * display correct icon and color on server list entries * show total memory if server is offline * replace custom server list page with ListRecords page * fix tests * fix namespace * remove "open" button and make whole column clickable * Update EditProfile * run pint * fix access to server list * add new login page to panels * fix next_run_at for new schedules * use new DateTimeColumn * add own column for file bytes * return to server list when clicking title * fix console loading * handle server with "conflict state" * add banner if server is in "conflict state" * fix phpstan * update docker image select * fix permission checks on Settings & Startup pages * fix query for activity log page * fix activity log not being logged * adjust ListActivities * fix phpstan * fix pint * fix profile menu item link on server panel * add ip tooltip to activity logs (and role permission) * change backup icon * update navigation sort * general code cleanup * more cleanup * Disable Restart/Stop if server is offline * Change rename notification * Remove negation on abort_unless * Add notification on save * Single disabled closure & comment unused import * Add required to Server Name & Nullable to description * mutateFormDataBeforeSave doesn't work since we use forceFill * Fix web socket connection not existing. * Fix some subuser permissions * add permission checks to resources * do not allow self-deletion * Update editing file permissions * Fix of the previous fix * add service for subuser updating * Only allow save if they have file_update * Remove unused import * Update backup delete button * Add Delete, remove bulks * Update Database page * Use Allocation Permissions * add canAccess check to startup * Add Permission checks to Settings page * add service for subuser deletion * Remove Kill permission * Updates * fix move files * add redirects * fix phpstan * activity: remove properties from tans for now * If alias, use that, else ip --------- Co-authored-by: notCharles <charles@pelican.dev> Co-authored-by: Boy132 <mail@boy132.de> Co-authored-by: Senna <62171904+Poseidon281@users.noreply.github.com> Co-authored-by: Boy132 <Boy132@users.noreply.github.com> Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com>
250 lines
10 KiB
PHP
250 lines
10 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Support\Collection;
|
|
|
|
class Permission extends Model
|
|
{
|
|
/**
|
|
* The resource name for this model when it is transformed into an
|
|
* API representation using fractal.
|
|
*/
|
|
public const RESOURCE_NAME = 'subuser_permission';
|
|
|
|
/**
|
|
* Constants defining different permissions available.
|
|
*/
|
|
public const ACTION_WEBSOCKET_CONNECT = 'websocket.connect';
|
|
|
|
public const ACTION_CONTROL_CONSOLE = 'control.console';
|
|
|
|
public const ACTION_CONTROL_START = 'control.start';
|
|
|
|
public const ACTION_CONTROL_STOP = 'control.stop';
|
|
|
|
public const ACTION_CONTROL_RESTART = 'control.restart';
|
|
|
|
public const ACTION_DATABASE_READ = 'database.read';
|
|
|
|
public const ACTION_DATABASE_CREATE = 'database.create';
|
|
|
|
public const ACTION_DATABASE_UPDATE = 'database.update';
|
|
|
|
public const ACTION_DATABASE_DELETE = 'database.delete';
|
|
|
|
public const ACTION_DATABASE_VIEW_PASSWORD = 'database.view_password';
|
|
|
|
public const ACTION_SCHEDULE_READ = 'schedule.read';
|
|
|
|
public const ACTION_SCHEDULE_CREATE = 'schedule.create';
|
|
|
|
public const ACTION_SCHEDULE_UPDATE = 'schedule.update';
|
|
|
|
public const ACTION_SCHEDULE_DELETE = 'schedule.delete';
|
|
|
|
public const ACTION_USER_READ = 'user.read';
|
|
|
|
public const ACTION_USER_CREATE = 'user.create';
|
|
|
|
public const ACTION_USER_UPDATE = 'user.update';
|
|
|
|
public const ACTION_USER_DELETE = 'user.delete';
|
|
|
|
public const ACTION_BACKUP_READ = 'backup.read';
|
|
|
|
public const ACTION_BACKUP_CREATE = 'backup.create';
|
|
|
|
public const ACTION_BACKUP_DELETE = 'backup.delete';
|
|
|
|
public const ACTION_BACKUP_DOWNLOAD = 'backup.download';
|
|
|
|
public const ACTION_BACKUP_RESTORE = 'backup.restore';
|
|
|
|
public const ACTION_ALLOCATION_READ = 'allocation.read';
|
|
|
|
public const ACTION_ALLOCATION_CREATE = 'allocation.create';
|
|
|
|
public const ACTION_ALLOCATION_UPDATE = 'allocation.update';
|
|
|
|
public const ACTION_ALLOCATION_DELETE = 'allocation.delete';
|
|
|
|
public const ACTION_FILE_READ = 'file.read';
|
|
|
|
public const ACTION_FILE_READ_CONTENT = 'file.read-content';
|
|
|
|
public const ACTION_FILE_CREATE = 'file.create';
|
|
|
|
public const ACTION_FILE_UPDATE = 'file.update';
|
|
|
|
public const ACTION_FILE_DELETE = 'file.delete';
|
|
|
|
public const ACTION_FILE_ARCHIVE = 'file.archive';
|
|
|
|
public const ACTION_FILE_SFTP = 'file.sftp';
|
|
|
|
public const ACTION_STARTUP_READ = 'startup.read';
|
|
|
|
public const ACTION_STARTUP_UPDATE = 'startup.update';
|
|
|
|
public const ACTION_STARTUP_DOCKER_IMAGE = 'startup.docker-image';
|
|
|
|
public const ACTION_SETTINGS_RENAME = 'settings.rename';
|
|
|
|
public const ACTION_SETTINGS_REINSTALL = 'settings.reinstall';
|
|
|
|
public const ACTION_ACTIVITY_READ = 'settings.activity';
|
|
|
|
/**
|
|
* Should timestamps be used on this model.
|
|
*/
|
|
public $timestamps = false;
|
|
|
|
/**
|
|
* The table associated with the model.
|
|
*/
|
|
protected $table = 'permissions';
|
|
|
|
/**
|
|
* Fields that are not mass assignable.
|
|
*/
|
|
protected $guarded = ['id', 'created_at', 'updated_at'];
|
|
|
|
public static array $validationRules = [
|
|
'subuser_id' => 'required|numeric|min:1',
|
|
'permission' => 'required|string',
|
|
];
|
|
|
|
/**
|
|
* All the permissions available on the system. You should use self::permissions()
|
|
* to retrieve them, and not directly access this array as it is subject to change.
|
|
*
|
|
* @see \App\Models\Permission::permissions()
|
|
*/
|
|
protected static array $permissions = [
|
|
'websocket' => [
|
|
'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',
|
|
'keys' => [
|
|
'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',
|
|
],
|
|
],
|
|
|
|
'control' => [
|
|
'description' => 'Permissions that control a user\'s ability to control the power state of a server, or send commands.',
|
|
'keys' => [
|
|
'console' => 'Allows a user to send commands to the server instance via the console.',
|
|
'start' => 'Allows a user to start the server if it is stopped.',
|
|
'stop' => 'Allows a user to stop a server if it is running.',
|
|
'restart' => 'Allows a user to perform a server restart. This allows them to start the server if it is offline, but not put the server in a completely stopped state.',
|
|
],
|
|
],
|
|
|
|
'user' => [
|
|
'description' => 'Permissions that allow a user to manage other subusers on a server. They will never be able to edit their own account, or assign permissions they do not have themselves.',
|
|
'keys' => [
|
|
'create' => 'Allows a user to create new subusers for the server.',
|
|
'read' => 'Allows the user to view subusers and their permissions for the server.',
|
|
'update' => 'Allows a user to modify other subusers.',
|
|
'delete' => 'Allows a user to delete a subuser from the server.',
|
|
],
|
|
],
|
|
|
|
'file' => [
|
|
'description' => 'Permissions that control a user\'s ability to modify the filesystem for this server.',
|
|
'keys' => [
|
|
'create' => 'Allows a user to create additional files and folders via the Panel or direct upload.',
|
|
'read' => 'Allows a user to view the contents of a directory, but not view the contents of or download files.',
|
|
'read-content' => 'Allows a user to view the contents of a given file. This will also allow the user to download files.',
|
|
'update' => 'Allows a user to update the contents of an existing file or directory.',
|
|
'delete' => 'Allows a user to delete files or directories.',
|
|
'archive' => 'Allows a user to archive the contents of a directory as well as decompress existing archives on the system.',
|
|
'sftp' => 'Allows a user to connect to SFTP and manage server files using the other assigned file permissions.',
|
|
],
|
|
],
|
|
|
|
'backup' => [
|
|
'description' => 'Permissions that control a user\'s ability to generate and manage server backups.',
|
|
'keys' => [
|
|
'create' => 'Allows a user to create new backups for this server.',
|
|
'read' => 'Allows a user to view all backups that exist for this server.',
|
|
'delete' => 'Allows a user to remove backups from the system.',
|
|
'download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.',
|
|
'restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.',
|
|
],
|
|
],
|
|
|
|
// Controls permissions for editing or viewing a server's allocations.
|
|
'allocation' => [
|
|
'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.',
|
|
'keys' => [
|
|
'read' => 'Allows a user to view all allocations currently assigned to this server. Users with any level of access to this server can always view the primary allocation.',
|
|
'create' => 'Allows a user to assign additional allocations to the server.',
|
|
'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.',
|
|
'delete' => 'Allows a user to delete an allocation from the server.',
|
|
],
|
|
],
|
|
|
|
// Controls permissions for editing or viewing a server's startup parameters.
|
|
'startup' => [
|
|
'description' => 'Permissions that control a user\'s ability to view this server\'s startup parameters.',
|
|
'keys' => [
|
|
'read' => 'Allows a user to view the startup variables for a server.',
|
|
'update' => 'Allows a user to modify the startup variables for the server.',
|
|
'docker-image' => 'Allows a user to modify the Docker image used when running the server.',
|
|
],
|
|
],
|
|
|
|
'database' => [
|
|
'description' => 'Permissions that control a user\'s access to the database management for this server.',
|
|
'keys' => [
|
|
'create' => 'Allows a user to create a new database for this server.',
|
|
'read' => 'Allows a user to view the database associated with this server.',
|
|
'update' => 'Allows a user to rotate the password on a database instance. If the user does not have the view_password permission they will not see the updated password.',
|
|
'delete' => 'Allows a user to remove a database instance from this server.',
|
|
'view_password' => 'Allows a user to view the password associated with a database instance for this server.',
|
|
],
|
|
],
|
|
|
|
'schedule' => [
|
|
'description' => 'Permissions that control a user\'s access to the schedule management for this server.',
|
|
'keys' => [
|
|
'create' => 'Allows a user to create new schedules for this server.', // task.create-schedule
|
|
'read' => 'Allows a user to view schedules and the tasks associated with them for this server.', // task.view-schedule, task.list-schedules
|
|
'update' => 'Allows a user to update schedules and schedule tasks for this server.', // task.edit-schedule, task.queue-schedule, task.toggle-schedule
|
|
'delete' => 'Allows a user to delete schedules for this server.', // task.delete-schedule
|
|
],
|
|
],
|
|
|
|
'settings' => [
|
|
'description' => 'Permissions that control a user\'s access to the settings for this server.',
|
|
'keys' => [
|
|
'rename' => 'Allows a user to rename this server and change the description of it.',
|
|
'reinstall' => 'Allows a user to trigger a reinstall of this server.',
|
|
],
|
|
],
|
|
|
|
'activity' => [
|
|
'description' => 'Permissions that control a user\'s access to the server activity logs.',
|
|
'keys' => [
|
|
'read' => 'Allows a user to view the activity logs for the server.',
|
|
],
|
|
],
|
|
];
|
|
|
|
protected function casts(): array
|
|
{
|
|
return [
|
|
'subuser_id' => 'integer',
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Returns all the permissions available on the system for a user to
|
|
* have when controlling a server.
|
|
*/
|
|
public static function permissions(): Collection
|
|
{
|
|
return Collection::make(self::$permissions);
|
|
}
|
|
}
|