Fix bad permissions check on server API route

DaneEveritt · DaneEveritt · commit baeffef24be6 · 2018-02-24T12:15:21.000-06:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Fixes an exception thrown when trying to access the `/nests/:id/eggs/:id` API endpoint.
 * Fixes search on server listing page.
 * Schedules with no names are now clickable to allow editing.
+* Fixes broken permissions check that would deny access to API keys that did in fact have permission.
 
 ### Added
 * Adds ability to include egg variables on an API request.
diff --git a/app/Http/Controllers/Api/Application/Servers/ServerController.php b/app/Http/Controllers/Api/Application/Servers/ServerController.php
@@ -9,6 +9,7 @@
 use Pterodactyl\Services\Servers\ServerDeletionService;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 use Pterodactyl\Transformers\Api\Application\ServerTransformer;
+use Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest;
 use Pterodactyl\Http\Requests\Api\Application\Servers\GetServersRequest;
 use Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest;
 use Pterodactyl\Http\Requests\Api\Application\Servers\StoreServerRequest;
@@ -91,10 +92,10 @@ public function store(StoreServerRequest $request): JsonResponse
     /**
      * Show a single server transformed for the application API.
      *
-     * @param \Pterodactyl\Http\Requests\Api\Application\Servers\ServerWriteRequest $request
+     * @param \Pterodactyl\Http\Requests\Api\Application\Servers\GetServerRequest $request
      * @return array
      */
-    public function view(ServerWriteRequest $request): array
+    public function view(GetServerRequest $request): array
     {
         return $this->fractal->item($request->getModel(Server::class))
             ->transformWith($this->getTransformer(ServerTransformer::class))
diff --git a/app/Http/Requests/Api/Application/Servers/GetServerRequest.php b/app/Http/Requests/Api/Application/Servers/GetServerRequest.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Servers;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class GetServerRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_SERVERS;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::READ;
+}
diff --git a/app/Http/Requests/Api/Application/Servers/GetServersRequest.php b/app/Http/Requests/Api/Application/Servers/GetServersRequest.php
@@ -2,21 +2,8 @@
 
 namespace Pterodactyl\Http\Requests\Api\Application\Servers;
 
-use Pterodactyl\Services\Acl\Api\AdminAcl;
-use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
-
-class GetServersRequest extends ApplicationApiRequest
+class GetServersRequest extends GetServerRequest
 {
-    /**
-     * @var string
-     */
-    protected $resource = AdminAcl::RESOURCE_SERVERS;
-
-    /**
-     * @var int
-     */
-    protected $permission = AdminAcl::READ;
-
     /**
      * @return array
      */
