fix: ServerRoleController accepts 'me' userId, AutocompleteController null id UUID fallback

This commit is contained in:
2026-06-11 22:08:08 -05:00
parent 3bb4b323e7
commit 3830e54988
2 changed files with 18 additions and 3 deletions

View File

@@ -23,6 +23,11 @@ class AutocompleteController extends Controller
{ {
$this->requireAccess($request, $server); $this->requireAccess($request, $server);
// Pterodactyl's route model binding resolves by UUID; ensure we have the integer PK
if ($server->id === null) {
$server = Server::where('uuid', $server->uuid)->firstOrFail();
}
$query = (string) $request->get('q', ''); $query = (string) $request->get('q', '');
$suggestions = $this->engine->suggest( $suggestions = $this->engine->suggest(
$server->id, $server->id,

View File

@@ -85,12 +85,22 @@ class ServerRoleController extends Controller
} }
/** GET /api/client/servers/{server}/addons/permissions/effective/{userId} */ /** GET /api/client/servers/{server}/addons/permissions/effective/{userId} */
public function effectivePermissions(Request $request, Server $server, int $targetUserId): JsonResponse public function effectivePermissions(Request $request, Server $server, string $targetUserId): JsonResponse
{ {
$this->authorizeServerAdmin($request, $server); // Allow callers to pass "me" to resolve to their own user ID
if ($targetUserId === 'me') {
$targetUserId = (string) $request->user()?->id;
}
// Non-admins can only query their own permissions
$user = $request->user();
$isAdmin = $user && ($user->root_admin || $server->owner_id === $user->id);
if (!$isAdmin && (string) $user?->id !== $targetUserId) {
abort(403, 'You may only query your own permissions.');
}
$effective = $this->resolver->resolveAll( $effective = $this->resolver->resolveAll(
$targetUserId, (int) $targetUserId,
$server->id, $server->id,
RoleService::KNOWN_PERMISSIONS RoleService::KNOWN_PERMISSIONS
); );