Server API obey's the subuser permissions as well

DaneEveritt · DaneEveritt · commit dfeed013ba94 · 2016-10-20T17:04:58.000-04:00
diff --git a/app/Http/Controllers/API/User/ServerController.php b/app/Http/Controllers/API/User/ServerController.php
@@ -23,6 +23,7 @@
  */
 namespace Pterodactyl\Http\Controllers\API\User;
 
+use Auth;
 use Log;
 use Pterodactyl\Models;
 use Illuminate\Http\Request;
@@ -79,7 +80,7 @@ public function info(Request $request, $uuid)
             ],
             'allocations' => $allocations,
             'sftp' => [
-                'username' => $server->username
+                'username' => (Auth::user()->can('view-sftp', $server)) ? $server->username : null
             ],
             'daemon' => [
                 'token' => ($request->secure()) ? $server->daemonSecret : false,
@@ -94,6 +95,8 @@ public function power(Request $request, $uuid)
         $node = Models\Node::getByID($server->node);
         $client = Models\Node::guzzleRequest($server->node);
 
+        Auth::user()->can('power-' . $request->input('action'), $server);
+
         $res = $client->request('PUT', '/server/power', [
             'headers' => [
                 'X-Access-Server' => $server->uuid,
diff --git a/app/Models/Server.php b/app/Models/Server.php
@@ -27,7 +27,7 @@
 use Pterodactyl\Models\Subuser;
 use Illuminate\Database\Eloquent\Model;
 
-use Pterodactyl\Exception\DisplayException;
+use Pterodactyl\Exceptions\DisplayException;
 
 class Server extends Model
 {

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`use Pterodactyl\Models\Subuser;`
`28`	`28`	`use Illuminate\Database\Eloquent\Model;`
`29`	`29`
`30`		`-use Pterodactyl\Exception\DisplayException;`
	`30`	`+use Pterodactyl\Exceptions\DisplayException;`
`31`	`31`
`32`	`32`	`class Server extends Model`
`33`	`33`	`{`