panel/app/Services/Acl/Api/AdminAcl.php at 2bd691efad22419c094cc71bbdcc9902c997b75f · ghzhost/panel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php

namespace Pterodactyl\Services\Acl\Api;

use ReflectionClass;
use Pterodactyl\Models\ApiKey;

class AdminAcl
{
    /**
     * Resource permission columns in the api_keys table begin
     * with this identifer.
     */
    const COLUMN_IDENTIFER = 'r_';

    /**
     * The different types of permissions available for API keys. This
     * implements a read/write/none permissions scheme for all endpoints.
     */
    const NONE = 0;
    const READ = 1;
    const WRITE = 2;

    /**
     * Resources that are available on the API and can contain a permissions
     * set for each key. These are stored in the database as r_{resource}.
     */
    const RESOURCE_SERVERS = 'servers';
    const RESOURCE_NODES = 'nodes';
    const RESOURCE_ALLOCATIONS = 'allocations';
    const RESOURCE_USERS = 'users';
    const RESOURCE_LOCATIONS = 'locations';
    const RESOURCE_NESTS = 'nests';
    const RESOURCE_EGGS = 'eggs';
    const RESOURCE_DATABASE_HOSTS = 'database_hosts';
    const RESOURCE_SERVER_DATABASES = 'server_databases';
    const RESOURCE_PACKS = 'packs';

    /**
     * Determine if an API key has permission to perform a specific read/write operation.
     *
     * @param int $permission
     * @param int $action
     * @return bool
     */
    public static function can(int $permission, int $action = self::READ)
    {
        if ($permission & $action) {
            return true;
        }

        return false;
    }

    /**
     * Determine if an API Key model has permission to access a given resource
     * at a specific action level.
     *
     * @param \Pterodactyl\Models\ApiKey $key
     * @param string                     $resource
     * @param int                        $action
     * @return bool
     */
    public static function check(ApiKey $key, string $resource, int $action = self::READ)
    {
        return self::can(data_get($key, self::COLUMN_IDENTIFER . $resource, self::NONE), $action);
    }

    /**
     * Return a list of all resource constants defined in this ACL.
     *
     * @return array
     */
    public static function getResourceList(): array
    {
        $reflect = new ReflectionClass(__CLASS__);

        return collect($reflect->getConstants())->filter(function ($value, $key) {
            return substr($key, 0, 9) === 'RESOURCE_';
        })->values()->toArray();
    }
}