Merge branches 'subusers-allow-admins-n-selfdels' and 'docker-improve…

…ments' into 1.0-develop
dannyhpy · Jul 26, 2024 · 6e6065f · 6e6065f
3 parents cc956f5 + 123ce52 + 2c10846
commit 6e6065f
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 27 deletions.
diff --git a/.github/docker/entrypoint.sh b/.github/docker/entrypoint.sh
@@ -1,8 +1,8 @@
 #!/bin/ash -e
 cd /app
 
-mkdir -p /var/log/panel/logs/ /var/log/supervisord/ /var/log/nginx/ /var/log/php7/ \
-  && chmod 777 /var/log/panel/logs/ \
+mkdir -p /var/log/panel/ /var/log/supervisord/ /var/log/nginx/ /var/log/php7/ \
+  && chown -R nginx:nginx /app/storage/logs \
   && ln -s /app/storage/logs/ /var/log/panel/
 
 ## check for .env file and generate app keys if missing

diff --git a/Dockerfile b/Dockerfile
@@ -2,39 +2,48 @@
 # Build the assets that are needed for the frontend. This build stage is then discarded
 # since we won't need NodeJS anymore in the future. This Docker image ships a final production
 # level distribution of Pterodactyl.
-FROM --platform=$TARGETOS/$TARGETARCH mhart/alpine-node:14
+FROM mhart/alpine-node:14
+
 WORKDIR /app
-COPY . ./
-RUN yarn install --frozen-lockfile \
-    && yarn run build:production
+
+# Install dependencies
+COPY package.json yarn.lock .
+RUN yarn install --frozen-lockfile
+
+# Build assets
+COPY . .
+RUN yarn run build:production
 
 # Stage 1:
-# Build the actual container with all of the needed PHP dependencies that will run the application.
-FROM --platform=$TARGETOS/$TARGETARCH php:8.1-fpm-alpine
+# Build the actual container with all of the needed dependencies that will run the application.
+FROM php:8.1-fpm-alpine
+
 WORKDIR /app
-COPY . ./
+
+# System dependencies
+RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot certbot-nginx
+
+# PHP dependencies
+RUN docker-php-ext-install bcmath gd pdo_mysql zip
+
+# Install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+COPY . .
 COPY --from=0 /app/public/assets ./public/assets
-RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot certbot-nginx \
-    && docker-php-ext-configure zip \
-    && docker-php-ext-install bcmath gd pdo_mysql zip \
-    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
-    && cp .env.example .env \
-    && mkdir -p bootstrap/cache/ storage/logs storage/framework/sessions storage/framework/views storage/framework/cache \
-    && chmod 777 -R bootstrap storage \
+RUN mkdir -p bootstrap/cache/ storage/logs storage/framework/sessions storage/framework/views storage/framework/cache \
     && composer install --no-dev --optimize-autoloader \
-    && rm -rf .env bootstrap/cache/*.php \
-    && mkdir -p /app/storage/logs/ \
+    && rm -rf bootstrap/cache/*.php \
     && chown -R nginx:nginx .
 
-RUN rm /usr/local/etc/php-fpm.conf \
-    && echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1" >> /var/spool/cron/crontabs/root \
+RUN echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1" >> /var/spool/cron/crontabs/root \
     && echo "0 23 * * * certbot renew --nginx --quiet" >> /var/spool/cron/crontabs/root \
     && sed -i s/ssl_session_cache/#ssl_session_cache/g /etc/nginx/nginx.conf \
     && mkdir -p /var/run/php /var/run/nginx
 
-COPY .github/docker/default.conf /etc/nginx/http.d/default.conf
-COPY .github/docker/www.conf /usr/local/etc/php-fpm.conf
-COPY .github/docker/supervisord.conf /etc/supervisord.conf
+COPY --link .github/docker/default.conf /etc/nginx/http.d/default.conf
+COPY --link .github/docker/www.conf /usr/local/etc/php-fpm.conf
+COPY --link .github/docker/supervisord.conf /etc/supervisord.conf
 
 EXPOSE 80 443
 ENTRYPOINT [ "/bin/ash", ".github/docker/entrypoint.sh" ]

diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php
@@ -24,10 +24,20 @@ public function authorize(): bool
             return false;
         }
 
+        // Always authorize requests from a root admin.
+        if ($this->user()->root_admin) {
+            return true;
+        }
+
         $user = $this->route()->parameter('user');
         // Don't allow a user to edit themselves on the server.
         if ($user instanceof User) {
             if ($user->uuid === $this->user()->uuid) {
+                // Except if they want to delete themselves from the server.
+                if ($this->method() === Request::METHOD_DELETE) {
+                    return true;
+                }
+
                 return false;
             }
         }

diff --git a/resources/scripts/components/server/users/UserRow.tsx b/resources/scripts/components/server/users/UserRow.tsx
@@ -15,6 +15,7 @@ interface Props {
 
 export default ({ subuser }: Props) => {
     const uuid = useStoreState((state) => state.user!.data!.uuid);
+    const rootAdmin = useStoreState((state) => state.user!.data!.rootAdmin);
     const [visible, setVisible] = useState(false);
 
     return (
@@ -44,7 +45,7 @@ export default ({ subuser }: Props) => {
                 </p>
                 <p css={tw`text-2xs text-neutral-500 uppercase`}>Permissions</p>
             </div>
-            {subuser.uuid !== uuid && (
+            {(subuser.uuid !== uuid || rootAdmin) && (
                 <>
                     <Can action={'user.update'}>
                         <button
@@ -56,11 +57,17 @@ export default ({ subuser }: Props) => {
                             <FontAwesomeIcon icon={faPencilAlt} />
                         </button>
                     </Can>
+                </>
+            )}
+            <>
+                {subuser.uuid === uuid ? (
+                    <RemoveSubuserButton subuser={subuser} />
+                ) : (
                     <Can action={'user.delete'}>
                         <RemoveSubuserButton subuser={subuser} />
                     </Can>
-                </>
-            )}
+                )}
+            </>
         </GreyRowBox>
     );
 };
diff --git a/resources/views/admin/eggs/view.blade.php b/resources/views/admin/eggs/view.blade.php
@@ -118,7 +118,7 @@
                                 <label for="pConfigFeatures" class="control-label">Features</label>
                                 <div>
                                     <select class="form-control" name="features[]" id="pConfigFeatures" multiple>
-                                        @foreach($egg->features as $feature)
+                                        @foreach(($egg->features ?? []) as $feature)
                                             <option value="{{ $feature }}" selected>{{ $feature }}</option>
                                         @endforeach
                                     </select>