Path: blob/1.0-develop/app/Services/Acl/Api/AdminAcl.php
10297 views
<?php12namespace Pterodactyl\Services\Acl\Api;34use Pterodactyl\Models\ApiKey;56class AdminAcl7{8/**9* Resource permission columns in the api_keys table begin10* with this identifier.11*/12public const COLUMN_IDENTIFIER = 'r_';1314/**15* The different types of permissions available for API keys. This16* implements a read/write/none permissions scheme for all endpoints.17*/18public const NONE = 0;19public const READ = 1;20public const WRITE = 2;2122/**23* Resources that are available on the API and can contain a permissions24* set for each key. These are stored in the database as r_{resource}.25*/26public const RESOURCE_SERVERS = 'servers';27public const RESOURCE_NODES = 'nodes';28public const RESOURCE_ALLOCATIONS = 'allocations';29public const RESOURCE_USERS = 'users';30public const RESOURCE_LOCATIONS = 'locations';31public const RESOURCE_NESTS = 'nests';32public const RESOURCE_EGGS = 'eggs';33public const RESOURCE_DATABASE_HOSTS = 'database_hosts';34public const RESOURCE_SERVER_DATABASES = 'server_databases';3536/**37* Determine if an API key has permission to perform a specific read/write operation.38*/39public static function can(int $permission, int $action = self::READ): bool40{41if ($permission & $action) {42return true;43}4445return false;46}4748/**49* Determine if an API Key model has permission to access a given resource50* at a specific action level.51*/52public static function check(ApiKey $key, string $resource, int $action = self::READ): bool53{54return self::can(data_get($key, self::COLUMN_IDENTIFIER . $resource, self::NONE), $action);55}5657/**58* Return a list of all resource constants defined in this ACL.59*60* @throws \ReflectionException61*/62public static function getResourceList(): array63{64$reflect = new \ReflectionClass(__CLASS__);6566return collect($reflect->getConstants())->filter(function ($value, $key) {67return substr($key, 0, 9) === 'RESOURCE_';68})->values()->toArray();69}70}717273