From 0dd3f3b0a3ec6ece30f746cd76e006c1b8adceed Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy <48184419+MackenzieMolloy@users.noreply.github.com> Date: Sat, 11 May 2024 01:44:50 +0100 Subject: [PATCH 01/10] Sorted Users by Administrators first --- app/Http/Controllers/Admin/UserController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index 1d6db65691..e87092974c 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -54,6 +54,7 @@ public function index(Request $request): View ->groupBy('users.id') ) ->allowedFilters(['username', 'email', 'uuid']) + ->defaultSort('-root_admin') ->allowedSorts(['id', 'uuid']) ->paginate(50); From 95dd9e7f2d536b12759beaeaa7315ad95a9e303b Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Tue, 6 Aug 2024 21:52:59 +0100 Subject: [PATCH 02/10] Support for subuser editing other subuser permissions when they don't have all permissions --- .../Requests/Api/Client/Servers/Subusers/SubuserRequest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php index 7c4fab9d22..3c0d1ed80e 100644 --- a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php +++ b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php @@ -67,7 +67,10 @@ protected function validatePermissionsCanBeAssigned(array $permissions) /** @var \Pterodactyl\Services\Servers\GetUserPermissionsService $service */ $service = $this->container->make(GetUserPermissionsService::class); - if (count(array_diff($permissions, $service->handle($server, $user))) > 0) { + $subuser = $this->route()->parameter('user'); + $permissionDifference = array_diff($service->handle($server, $subuser), $permissions); + + if (count(array_diff($permissionDifference, $service->handle($server, $user))) > 0) { throw new HttpForbiddenException('Cannot assign permissions to a subuser that your account does not actively possess.'); } } From d8b48702ec4e99aa59250b7df1e49a8b56850ffa Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Tue, 6 Aug 2024 21:54:05 +0100 Subject: [PATCH 03/10] Fixed Select All of a Permission Group ignoring disabled/dis-allowed permissions --- resources/scripts/components/server/users/EditSubuserModal.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/scripts/components/server/users/EditSubuserModal.tsx b/resources/scripts/components/server/users/EditSubuserModal.tsx index c28d56f6c2..659baa0984 100644 --- a/resources/scripts/components/server/users/EditSubuserModal.tsx +++ b/resources/scripts/components/server/users/EditSubuserModal.tsx @@ -143,7 +143,7 @@ const EditSubuserModal = ({ subuser }: Props) => { key={`permission_${key}`} title={key} isEditable={canEditUser} - permissions={Object.keys(permissions[key].keys).map((pkey) => `${key}.${pkey}`)} + permissions={editablePermissions.filter((p) => p.startsWith(key))} css={index > 0 ? tw`mt-4` : undefined} >

{permissions[key].description}

From bf15622d9c2e4ee967e56e25188e7b802fe2ff2f Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Tue, 6 Aug 2024 23:10:08 +0100 Subject: [PATCH 04/10] Corrected permission add/remove logic --- .../Api/Client/Servers/Subusers/SubuserRequest.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php index 3c0d1ed80e..b61605f2bd 100644 --- a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php +++ b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php @@ -68,10 +68,17 @@ protected function validatePermissionsCanBeAssigned(array $permissions) $service = $this->container->make(GetUserPermissionsService::class); $subuser = $this->route()->parameter('user'); - $permissionDifference = array_diff($service->handle($server, $subuser), $permissions); + $currentPermissions = $service->handle($server, $subuser); - if (count(array_diff($permissionDifference, $service->handle($server, $user))) > 0) { + $addedPermissions = array_diff($permissions, $currentPermissions); + $removedPermissions = array_diff($currentPermissions, $permissions); + + $modifiedPermissions = array_merge($addedPermissions, $removedPermissions); + + // Checks if user has all the permissions they are modifying on the Subuser + if (count(array_intersect($service->handle($server, $user), $modifiedPermissions)) !== count($modifiedPermissions)) { throw new HttpForbiddenException('Cannot assign permissions to a subuser that your account does not actively possess.'); } } + } } From 9f2b67600595e456222890f6934accbf7e7fc1c0 Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Tue, 6 Aug 2024 23:49:54 +0100 Subject: [PATCH 05/10] Fixed logic on Select All of PermissionTitleBox --- .../components/server/users/EditSubuserModal.tsx | 3 ++- .../components/server/users/PermissionTitleBox.tsx | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/resources/scripts/components/server/users/EditSubuserModal.tsx b/resources/scripts/components/server/users/EditSubuserModal.tsx index 659baa0984..08995a23d5 100644 --- a/resources/scripts/components/server/users/EditSubuserModal.tsx +++ b/resources/scripts/components/server/users/EditSubuserModal.tsx @@ -143,7 +143,8 @@ const EditSubuserModal = ({ subuser }: Props) => { key={`permission_${key}`} title={key} isEditable={canEditUser} - permissions={editablePermissions.filter((p) => p.startsWith(key))} + permissions={Object.keys(permissions[key].keys).map((pkey) => `${key}.${pkey}`)} + editablePermissions={editablePermissions.filter((p) => p.startsWith(key))} css={index > 0 ? tw`mt-4` : undefined} >

{permissions[key].description}

diff --git a/resources/scripts/components/server/users/PermissionTitleBox.tsx b/resources/scripts/components/server/users/PermissionTitleBox.tsx index 1d678f2215..d5d9e871db 100644 --- a/resources/scripts/components/server/users/PermissionTitleBox.tsx +++ b/resources/scripts/components/server/users/PermissionTitleBox.tsx @@ -9,18 +9,19 @@ interface Props { isEditable: boolean; title: string; permissions: string[]; + editablePermissions: string[]; className?: string; } -const PermissionTitleBox: React.FC = memo(({ isEditable, title, permissions, className, children }) => { +const PermissionTitleBox: React.FC = memo(({ isEditable, title, permissions, editablePermissions, className, children }) => { const [{ value }, , { setValue }] = useField('permissions'); const onCheckboxClicked = useCallback( (e: React.ChangeEvent) => { if (e.currentTarget.checked) { - setValue([...value, ...permissions.filter((p) => !value.includes(p))]); + setValue([...value, ...permissions.filter((p) => !value.includes(p) && editablePermissions.includes(p))]); } else { - setValue(value.filter((p) => !permissions.includes(p))); + setValue(value.filter((p) => !editablePermissions.includes(p))); } }, [permissions, value] @@ -34,8 +35,9 @@ const PermissionTitleBox: React.FC = memo(({ isEditable, title, permissio {isEditable && ( value.includes(p))} + checked={editablePermissions.every((p) => value.includes(p))} onChange={onCheckboxClicked} + disabled={editablePermissions.filter((p) => p.startsWith(title)).length === 0} /> )} From db99ac5bd15d8619b1d896038f95a4618c374179 Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Wed, 7 Aug 2024 00:21:49 +0100 Subject: [PATCH 06/10] Removed duplicate closing bracket --- app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php index b61605f2bd..ad306ae131 100644 --- a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php +++ b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php @@ -80,5 +80,4 @@ protected function validatePermissionsCanBeAssigned(array $permissions) throw new HttpForbiddenException('Cannot assign permissions to a subuser that your account does not actively possess.'); } } - } } From f0430fa7e87f29628233264028c6c09f608cef02 Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Wed, 7 Aug 2024 00:31:34 +0100 Subject: [PATCH 07/10] Finally fixed checked for all permissions disabled in group --- .../scripts/components/server/users/PermissionTitleBox.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/scripts/components/server/users/PermissionTitleBox.tsx b/resources/scripts/components/server/users/PermissionTitleBox.tsx index d5d9e871db..61a40b1924 100644 --- a/resources/scripts/components/server/users/PermissionTitleBox.tsx +++ b/resources/scripts/components/server/users/PermissionTitleBox.tsx @@ -35,7 +35,7 @@ const PermissionTitleBox: React.FC = memo(({ isEditable, title, permissio {isEditable && ( value.includes(p))} + checked={editablePermissions.every((p) => value.includes(p)) && value.find((p) => p.startsWith(title)) != null} onChange={onCheckboxClicked} disabled={editablePermissions.filter((p) => p.startsWith(title)).length === 0} /> From 5a22513f4cf11d2ca31befc5f492e64d4e1beee1 Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Wed, 7 Aug 2024 00:35:57 +0100 Subject: [PATCH 08/10] Added disabled styling to Checkbox Input --- resources/scripts/components/elements/Input.tsx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/scripts/components/elements/Input.tsx b/resources/scripts/components/elements/Input.tsx index 677a5014d8..1164cbf76d 100644 --- a/resources/scripts/components/elements/Input.tsx +++ b/resources/scripts/components/elements/Input.tsx @@ -34,6 +34,10 @@ const checkboxStyle = css` ${tw`outline-none border-primary-300`}; box-shadow: 0 0 0 1px rgba(9, 103, 210, 0.25); } + + &:disabled { + ${tw`opacity-50 cursor-default border-transparent`}; + } `; const inputStyle = css` From 2ef03baab89c9203937cd89f044f04017b0602e3 Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Wed, 7 Aug 2024 00:43:20 +0100 Subject: [PATCH 09/10] Removed spill over from another branch --- app/Http/Controllers/Admin/UserController.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index e87092974c..1d6db65691 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -54,7 +54,6 @@ public function index(Request $request): View ->groupBy('users.id') ) ->allowedFilters(['username', 'email', 'uuid']) - ->defaultSort('-root_admin') ->allowedSorts(['id', 'uuid']) ->paginate(50); From 0e17f6d324ca8eaec47f0e3fe8f062a5fdce169a Mon Sep 17 00:00:00 2001 From: Mackenzie Molloy Date: Wed, 7 Aug 2024 19:58:32 +0100 Subject: [PATCH 10/10] Fixed error when adding new subusers (and test failures) --- .../Api/Client/Servers/Subusers/SubuserRequest.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php index ad306ae131..67ffa20fcd 100644 --- a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php +++ b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php @@ -68,12 +68,17 @@ protected function validatePermissionsCanBeAssigned(array $permissions) $service = $this->container->make(GetUserPermissionsService::class); $subuser = $this->route()->parameter('user'); - $currentPermissions = $service->handle($server, $subuser); - $addedPermissions = array_diff($permissions, $currentPermissions); - $removedPermissions = array_diff($currentPermissions, $permissions); + $modifiedPermissions = $permissions; - $modifiedPermissions = array_merge($addedPermissions, $removedPermissions); + if (!is_null($subuser)) { + $currentPermissions = $service->handle($server, $subuser); + + $addedPermissions = array_diff($permissions, $currentPermissions); + $removedPermissions = array_diff($currentPermissions, $permissions); + + $modifiedPermissions = array_merge($addedPermissions, $removedPermissions); + } // Checks if user has all the permissions they are modifying on the Subuser if (count(array_intersect($service->handle($server, $user), $modifiedPermissions)) !== count($modifiedPermissions)) {