MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-18 06:13:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix permissions handling; do not allow a subuser to assign permissions they do not have

Browse Source
This commit is contained in:
Dane Everitt
2020-03-27 16:57:49 -07:00
parent 39f79a8f3c
commit cb945b1f13
8 changed files with 137 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Api/Client/Servers/SubuserController.php
View File

@@ -91,7 +91,7 @@ class SubuserController extends ClientApiController
*/
public function update(UpdateSubuserRequest $request, Server $server): array
{
$subuser = $request->subuser();
$subuser = $request->endpointSubuser();
$this->repository->update($subuser->id, [
'permissions' => $this->getDefaultPermissions($request),
]);
@@ -110,7 +110,7 @@ class SubuserController extends ClientApiController
*/
public function delete(DeleteSubuserRequest $request, Server $server)
{
$this->repository->delete($request->subuser()->id);
$this->repository->delete($request->endpointSubuser()->id);
return JsonResponse::create([], JsonResponse::HTTP_NO_CONTENT);
}