Add another sanity check for websocket permissions

Author: DaneEveritt

tests/Integration/Api/Client/Server/WebsocketControllerTest.php

@@ -3,6 +3,7 @@
 namespace Pterodactyl\Tests\Integration\Api\Client\Server;
 
 use Carbon\CarbonImmutable;
+use Pterodactyl\Models\User;
 use Illuminate\Http\Response;
 use Lcobucci\JWT\Configuration;
 use Pterodactyl\Models\Permission;
@@ -27,6 +28,18 @@ public function testSubuserWithoutWebsocketPermissionReceivesError()
             ->assertJsonPath('errors.0.detail', 'You do not have permission to connect to this server\'s websocket.');
     }
 
+    /**
+     * Confirm users cannot access the websocket for another user's server.
+     */
+    public function testUserWithoutPermissionForServerReceivesError()
+    {
+        [,$server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+        [$user,] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+
+        $this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/websocket")
+            ->assertStatus(Response::HTTP_NOT_FOUND);
+    }
+
     /**
      * Test that the expected permissions are returned for the server owner and that the JWT is
      * configured correctly.