Fix display and subuser settings for databases

DaneEveritt · DaneEveritt · commit f1a3008a50f0 · 2016-08-17T17:36:06.000-04:00
diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php
@@ -450,6 +450,22 @@ public function viewDatabases(User $user, Server $server)
         return $user->permissions()->server($server)->permission('view-databases')->exists();
     }
 
+    /**
+     * Check if user has permission to reset database passwords.
+     *
+     * @param  Pterodactyl\Models\User   $user
+     * @param  Pterodactyl\Models\Server $server
+     * @return boolean
+     */
+    public function resetDbPassword(User $user, Server $server)
+    {
+        if ($this->isOwner($user, $server)) {
+            return true;
+        }
+
+        return $user->permissions()->server($server)->permission('reset-db-password')->exists();
+    }
+
     /**
      * Check if user has permission to view all tasks for a server.
      *
@@ -546,13 +562,4 @@ public function createTask(User $user, Server $server)
         return $user->permissions()->server($server)->permission('create-task')->exists();
     }
 
-    public function resetDbPassword(User $user, Server $server)
-    {
-        if ($this->isOwner($user, $server)) {
-            return true;
-        }
-
-        return $user->permissions()->server($server)->permission('create-task')->exists();
-    }
-
 }
diff --git a/app/Repositories/SubuserRepository.php b/app/Repositories/SubuserRepository.php
@@ -92,7 +92,11 @@ class SubuserRepository
         'view-startup' => null,
         'edit-startup' => null,
         'view-sftp' => null,
-        'reset-sftp' => 's:set-password'
+        'reset-sftp' => 's:set-password',
+
+        // Databases
+        'view-databases' => null,
+        'reset-db-password' => null
     ];
 
     public function __construct()
diff --git a/resources/views/layouts/master.blade.php b/resources/views/layouts/master.blade.php
@@ -194,13 +194,9 @@
                                 @can('list-files', $server)<li class="server-files"><a href="/server/{{ $server->uuidShort }}/files">{{ trans('pagination.sidebar.files') }}</a></li>@endcan
                                 @can('list-subusers', $server)<li class="server-users"><a href="/server/{{ $server->uuidShort }}/users">{{ trans('pagination.sidebar.subusers') }}</a></li>@endcan
                                 @can('list-tasks', $server)<li class="server-tasks"><a href="/server/{{ $server->uuidShort }}/tasks">Scheduled Tasks</a></li>@endcan
-                                @can('view-sftp', $server)
+                                @if(Gate::allows('view-startup', $server) || Gate::allows('view-sftp', $server) || Gate::allows('view-databases', $server))
                                     <li class="server-settings"><a href="/server/{{ $server->uuidShort }}/settings">{{ trans('pagination.sidebar.manage') }}</a></li>
-                                @else
-                                    @can('view-startup', $server)
-                                        <li class="server-settings"><a href="/server/{{ $server->uuidShort }}/settings">{{ trans('pagination.sidebar.manage') }}</a></li>
-                                    @endcan
-                                @endcan
+                                @endif
                             </ul>
                         </li>
                         @endif
@@ -251,13 +247,9 @@
                                 @can('list-files', $server)<a href="/server/{{ $server->uuidShort }}/files" class="list-group-item server-files">{{ trans('pagination.sidebar.files') }}</a>@endcan
                                 @can('list-subusers', $server)<a href="/server/{{ $server->uuidShort }}/users" class="list-group-item server-users">{{ trans('pagination.sidebar.subusers') }}</a>@endcan
                                 @can('list-tasks', $server)<a href="/server/{{ $server->uuidShort }}/tasks" class="list-group-item server-tasks">Scheduled Tasks</a>@endcan
-                                @can('view-sftp', $server)
+                                @if(Gate::allows('view-startup', $server) || Gate::allows('view-sftp', $server) || Gate::allows('view-databases', $server))
                                     <a href="/server/{{ $server->uuidShort }}/settings" class="list-group-item server-settings">{{ trans('pagination.sidebar.manage') }}</a>
-                                @else
-                                    @can('view-startup', $server)
-                                        <a href="/server/{{ $server->uuidShort }}/settings" class="list-group-item server-settings">{{ trans('pagination.sidebar.manage') }}</a>
-                                    @endcan
-                                @endcan
+                                @endif
                             </div>
                         @endif
                     @show
diff --git a/resources/views/server/index.blade.php b/resources/views/server/index.blade.php
@@ -48,7 +48,7 @@
                         </div>
                         <div class="col-md-6">
                             <hr />
-                            @can('command', $server)
+                            @can('send-command', $server)
                                 <form action="#" method="post" id="console_command" style="display:none;">
                                     <fieldset>
                                         <div class="input-group">
@@ -408,7 +408,7 @@ function updatePlayerListVisibility(data) {
         });
     @endcan
 
-    @can('command', $server)
+    @can('send-command', $server)
         // Send Command to Server
         $('#console_command').submit(function (event) {
 
diff --git a/resources/views/server/settings.blade.php b/resources/views/server/settings.blade.php
@@ -152,7 +152,7 @@ class="form-control" value="{{ old($item->env_variable, $item->a_serverValue) }}
                                         <tr>
                                             <td>{{ $database->database }}</td>
                                             <td>{{ $database->username }}</td>
-                                            <td><code>{{ Crypt::decrypt($database->password) }}</code> <a href="#" data-action="reset-database-password" data-id="{{ $database->id }}"><i class="fa fa-refresh pull-right"></i></a></td>
+                                            <td><code>{{ Crypt::decrypt($database->password) }}</code> @can('reset-db-password', $server)<a href="#" data-action="reset-database-password" data-id="{{ $database->id }}"><i class="fa fa-refresh pull-right"></i></a>@endcan</td>
                                             <td><code>{{ $database->a_host }}:{{ $database->a_port }}</code></td>
                                         </tr>
                                     @endforeach
diff --git a/resources/views/server/users/index.blade.php b/resources/views/server/users/index.blade.php
@@ -31,7 +31,6 @@
             <tr>
                 <th>Email</th>
                 <th>Created</th>
-                <th>Modified</th>
                 @can('view-subuser', $server)<th></th>@endcan
                 @can('delete-subuser', $server)<th></th>@endcan
             </tr>
@@ -41,7 +40,6 @@
                 <tr>
                     <td><code>{{ $user->a_userEmail }}</code></td>
                     <td>{{ $user->created_at }}</td>
-                    <td>{{ $user->updated_at }}</td>
                     @can('view-subuser', $server)
                         <td class="text-center"><a href="{{ route('server.subusers.view', ['server' => $server->uuidShort, 'id' => md5($user->id)]) }}" class="text-success"><i class="fa fa-wrench"></i></a></td>
                     @endcan
diff --git a/resources/views/server/users/new.blade.php b/resources/views/server/users/new.blade.php
@@ -32,10 +32,12 @@
         <?php $oldInput = array_flip(is_array(old('permissions')) ? old('permissions') : []) ?>
         <div class="row">
             <div class="form-group col-md-12">
-                <label class="control-label">User Email:</label>
-                <div>
-                    <input type="text" name="email" autocomplete="off" value="{{ old('email') }}" class="form-control" />
-                </div>
+                <div class="well" style="padding: 0 19px 19px;margin-bottom:0;">
+                    <label class="control-label">User Email:</label>
+                    <div>
+                        <input type="text" name="email" autocomplete="off" value="{{ old('email') }}" class="form-control" />
+                    </div>
+            </div>
             </div>
         </div>
         <div class="row">
@@ -113,7 +115,7 @@
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
                         <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($oldInput['download-files']))checked="checked"@endif value="download-files"> <strong>Download Files</strong>
-                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to download files. If a user is given this permission they can download and view file contents.</small><p>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to download files. If a user is given this permission they can download and view file contents even if that permission is not assigned on the panel.</small><p>
                     </label>
                 </div>
             </div>
@@ -172,6 +174,25 @@
                         <p class="text-muted"><small>Allows a user to modify startup variables for a server.</small><p>
                     </label>
                 </div>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6 fuelux">
+                <h4>Database Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($oldInput['view-databases']))checked="checked"@endif value="view-databases"> <strong>View Database Details</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to view all databases associated with this server (including usernames and password for the databases).</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($oldInput['reset-db-password']))checked="checked"@endif value="reset-db-password"> <strong>Reset Database Password</strong>
+                        <p class="text-muted"><small>Allows a user to reset passwords for databases.</small><p>
+                    </label>
+                </div>
+            </div>
+            <div class="col-md-6 fuelux">
                 <h4>SFTP Management</h4><hr />
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
diff --git a/resources/views/server/users/view.blade.php b/resources/views/server/users/view.blade.php
@@ -104,7 +104,7 @@
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
                         <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['download-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="download-files"> <strong>Download Files</strong>
-                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to download files. If a user is given this permission they can download and view file contents.</small><p>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to download files. If a user is given this permission they can download and view file contents even if that permission is not assigned on the panel.</small><p>
                     </label>
                 </div>
             </div>
@@ -163,6 +163,25 @@
                         <p class="text-muted"><small>Allows a user to modify startup variables for a server.</small><p>
                     </label>
                 </div>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6 fuelux">
+                <h4>Database Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['view-databases']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-databases"> <strong>View Database Details</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to view all databases associated with this server (including usernames and password for the databases).</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['reset-db-password']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="reset-db-password"> <strong>Reset Database Password</strong>
+                        <p class="text-muted"><small>Allows a user to reset passwords for databases.</small><p>
+                    </label>
+                </div>
+            </div>
+            <div class="col-md-6 fuelux">
                 <h4>SFTP Management</h4><hr />
                 <div class="checkbox highlight">
                     <label class="checkbox-custom highlight" data-initialize="checkbox">
