Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/app/Models/Permission.php
7432 views
1
<?php

2


3
namespace Pterodactyl\Models;

4


5
use Illuminate\Support\Collection;

6


7
class Permission extends Model

8
{

9
    /**

10
     * The resource name for this model when it is transformed into an

11
     * API representation using fractal.

12
     */

13
    public const RESOURCE_NAME = 'subuser_permission';

14


15
    /**

16
     * Constants defining different permissions available.

17
     */

18
    public const ACTION_WEBSOCKET_CONNECT = 'websocket.connect';

19
    public const ACTION_CONTROL_CONSOLE = 'control.console';

20
    public const ACTION_CONTROL_START = 'control.start';

21
    public const ACTION_CONTROL_STOP = 'control.stop';

22
    public const ACTION_CONTROL_RESTART = 'control.restart';

23


24
    public const ACTION_DATABASE_READ = 'database.read';

25
    public const ACTION_DATABASE_CREATE = 'database.create';

26
    public const ACTION_DATABASE_UPDATE = 'database.update';

27
    public const ACTION_DATABASE_DELETE = 'database.delete';

28
    public const ACTION_DATABASE_VIEW_PASSWORD = 'database.view_password';

29


30
    public const ACTION_SCHEDULE_READ = 'schedule.read';

31
    public const ACTION_SCHEDULE_CREATE = 'schedule.create';

32
    public const ACTION_SCHEDULE_UPDATE = 'schedule.update';

33
    public const ACTION_SCHEDULE_DELETE = 'schedule.delete';

34


35
    public const ACTION_USER_READ = 'user.read';

36
    public const ACTION_USER_CREATE = 'user.create';

37
    public const ACTION_USER_UPDATE = 'user.update';

38
    public const ACTION_USER_DELETE = 'user.delete';

39


40
    public const ACTION_BACKUP_READ = 'backup.read';

41
    public const ACTION_BACKUP_CREATE = 'backup.create';

42
    public const ACTION_BACKUP_DELETE = 'backup.delete';

43
    public const ACTION_BACKUP_DOWNLOAD = 'backup.download';

44
    public const ACTION_BACKUP_RESTORE = 'backup.restore';

45


46
    public const ACTION_ALLOCATION_READ = 'allocation.read';

47
    public const ACTION_ALLOCATION_CREATE = 'allocation.create';

48
    public const ACTION_ALLOCATION_UPDATE = 'allocation.update';

49
    public const ACTION_ALLOCATION_DELETE = 'allocation.delete';

50


51
    public const ACTION_FILE_READ = 'file.read';

52
    public const ACTION_FILE_READ_CONTENT = 'file.read-content';

53
    public const ACTION_FILE_CREATE = 'file.create';

54
    public const ACTION_FILE_UPDATE = 'file.update';

55
    public const ACTION_FILE_DELETE = 'file.delete';

56
    public const ACTION_FILE_ARCHIVE = 'file.archive';

57
    public const ACTION_FILE_SFTP = 'file.sftp';

58


59
    public const ACTION_STARTUP_READ = 'startup.read';

60
    public const ACTION_STARTUP_UPDATE = 'startup.update';

61
    public const ACTION_STARTUP_DOCKER_IMAGE = 'startup.docker-image';

62


63
    public const ACTION_SETTINGS_RENAME = 'settings.rename';

64
    public const ACTION_SETTINGS_REINSTALL = 'settings.reinstall';

65


66
    public const ACTION_ACTIVITY_READ = 'activity.read';

67


68
    /**

69
     * Should timestamps be used on this model.

70
     */

71
    public $timestamps = false;

72


73
    /**

74
     * The table associated with the model.

75
     */

76
    protected $table = 'permissions';

77


78
    /**

79
     * Fields that are not mass assignable.

80
     */

81
    protected $guarded = ['id', 'created_at', 'updated_at'];

82


83
    /**

84
     * Cast values to correct type.

85
     */

86
    protected $casts = [

87
        'subuser_id' => 'integer',

88
    ];

89


90
    public static array $validationRules = [

91
        'subuser_id' => 'required|numeric|min:1',

92
        'permission' => 'required|string',

93
    ];

94


95
    /**

96
     * All the permissions available on the system. You should use self::permissions()

97
     * to retrieve them, and not directly access this array as it is subject to change.

98
     *

99
     * @see \Pterodactyl\Models\Permission::permissions()

100
     */

101
    protected static array $permissions = [

102
        'websocket' => [

103
            'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',

104
            'keys' => [

105
                'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',

106
            ],

107
        ],

108


109
        'control' => [

110
            'description' => 'Permissions that control a user\'s ability to control the power state of a server, or send commands.',

111
            'keys' => [

112
                'console' => 'Allows a user to send commands to the server instance via the console.',

113
                'start' => 'Allows a user to start the server if it is stopped.',

114
                'stop' => 'Allows a user to stop a server if it is running.',

115
                'restart' => 'Allows a user to perform a server restart. This allows them to start the server if it is offline, but not put the server in a completely stopped state.',

116
            ],

117
        ],

118


119
        'user' => [

120
            'description' => 'Permissions that allow a user to manage other subusers on a server. They will never be able to edit their own account, or assign permissions they do not have themselves.',

121
            'keys' => [

122
                'create' => 'Allows a user to create new subusers for the server.',

123
                'read' => 'Allows the user to view subusers and their permissions for the server.',

124
                'update' => 'Allows a user to modify other subusers.',

125
                'delete' => 'Allows a user to delete a subuser from the server.',

126
            ],

127
        ],

128


129
        'file' => [

130
            'description' => 'Permissions that control a user\'s ability to modify the filesystem for this server.',

131
            'keys' => [

132
                'create' => 'Allows a user to create additional files and folders via the Panel or direct upload.',

133
                'read' => 'Allows a user to view the contents of a directory, but not view the contents of or download files.',

134
                'read-content' => 'Allows a user to view the contents of a given file. This will also allow the user to download files.',

135
                'update' => 'Allows a user to update the contents of an existing file or directory.',

136
                'delete' => 'Allows a user to delete files or directories.',

137
                'archive' => 'Allows a user to archive the contents of a directory as well as decompress existing archives on the system.',

138
                'sftp' => 'Allows a user to connect to SFTP and manage server files using the other assigned file permissions.',

139
            ],

140
        ],

141


142
        'backup' => [

143
            'description' => 'Permissions that control a user\'s ability to generate and manage server backups.',

144
            'keys' => [

145
                'create' => 'Allows a user to create new backups for this server.',

146
                'read' => 'Allows a user to view all backups that exist for this server.',

147
                'delete' => 'Allows a user to remove backups from the system.',

148
                'download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.',

149
                'restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.',

150
            ],

151
        ],

152


153
        // Controls permissions for editing or viewing a server's allocations.

154
        'allocation' => [

155
            'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.',

156
            'keys' => [

157
                'read' => 'Allows a user to view all allocations currently assigned to this server. Users with any level of access to this server can always view the primary allocation.',

158
                'create' => 'Allows a user to assign additional allocations to the server.',

159
                'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.',

160
                'delete' => 'Allows a user to delete an allocation from the server.',

161
            ],

162
        ],

163


164
        // Controls permissions for editing or viewing a server's startup parameters.

165
        'startup' => [

166
            'description' => 'Permissions that control a user\'s ability to view this server\'s startup parameters.',

167
            'keys' => [

168
                'read' => 'Allows a user to view the startup variables for a server.',

169
                'update' => 'Allows a user to modify the startup variables for the server.',

170
                'docker-image' => 'Allows a user to modify the Docker image used when running the server.',

171
            ],

172
        ],

173


174
        'database' => [

175
            'description' => 'Permissions that control a user\'s access to the database management for this server.',

176
            'keys' => [

177
                'create' => 'Allows a user to create a new database for this server.',

178
                'read' => 'Allows a user to view the database associated with this server.',

179
                'update' => 'Allows a user to rotate the password on a database instance. If the user does not have the view_password permission they will not see the updated password.',

180
                'delete' => 'Allows a user to remove a database instance from this server.',

181
                'view_password' => 'Allows a user to view the password associated with a database instance for this server.',

182
            ],

183
        ],

184


185
        'schedule' => [

186
            'description' => 'Permissions that control a user\'s access to the schedule management for this server.',

187
            'keys' => [

188
                'create' => 'Allows a user to create new schedules for this server.', // task.create-schedule

189
                'read' => 'Allows a user to view schedules and the tasks associated with them for this server.', // task.view-schedule, task.list-schedules

190
                'update' => 'Allows a user to update schedules and schedule tasks for this server.', // task.edit-schedule, task.queue-schedule, task.toggle-schedule

191
                'delete' => 'Allows a user to delete schedules for this server.', // task.delete-schedule

192
            ],

193
        ],

194


195
        'settings' => [

196
            'description' => 'Permissions that control a user\'s access to the settings for this server.',

197
            'keys' => [

198
                'rename' => 'Allows a user to rename this server and change the description of it.',

199
                'reinstall' => 'Allows a user to trigger a reinstall of this server.',

200
            ],

201
        ],

202


203
        'activity' => [

204
            'description' => 'Permissions that control a user\'s access to the server activity logs.',

205
            'keys' => [

206
                'read' => 'Allows a user to view the activity logs for the server.',

207
            ],

208
        ],

209
    ];

210


211
    /**

212
     * Returns all the permissions available on the system for a user to

213
     * have when controlling a server.

214
     */

215
    public static function permissions(): Collection

216
    {

217
        return Collection::make(self::$permissions);

218
    }

219
}

220


221