StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'develop' into feature/customized-theme

Browse source
This commit is contained in:
Jakob Schrettenbrunner 2017-09-05 01:47:43 +02:00
commit 2ac1e08f47
16 changed files with 524 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/Contracts/Repository/RepositoryInterface.php
View file

@ -112,8 +112,6 @@ interface RepositoryInterface
*
* @param array $fields
* @return mixed
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function findWhere(array $fields);

10
app/Contracts/Repository/SubuserRepositoryInterface.php
View file

@ -36,6 +36,16 @@ interface SubuserRepositoryInterface extends RepositoryInterface
*/
public function getWithServer($id);
/**
* Return a subuser with the associated permissions relationship.
*
* @param int $id
* @return \Illuminate\Database\Eloquent\Collection
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function getWithPermissions($id);
/**
* Find a subuser and return with server and permissions relationships.
*

236
app/Http/Controllers/Server/SubuserController.php
View file

@ -24,62 +24,118 @@
namespace Pterodactyl\Http\Controllers\Server;
use Log;
use Auth;
use Alert;
use Pterodactyl\Models;
use Illuminate\Contracts\Session\Session;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
use Illuminate\Http\Request;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\SubuserRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Pterodactyl\Models\Permission;
use Pterodactyl\Services\Subusers\SubuserCreationService;
use Pterodactyl\Services\Subusers\SubuserDeletionService;
use Pterodactyl\Services\Subusers\SubuserUpdateService;
use Pterodactyl\Traits\Controllers\JavascriptInjection;
class SubuserController extends Controller
{
use JavascriptInjection;
/**
* @var \Prologue\Alerts\AlertsMessageBag
*/
protected $alert;
/**
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
*/
protected $repository;
/**
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
/**
* @var \Pterodactyl\Services\Subusers\SubuserCreationService
*/
protected $subuserCreationService;
/**
* @var \Pterodactyl\Services\Subusers\SubuserDeletionService
*/
protected $subuserDeletionService;
/**
* @var \Pterodactyl\Services\Subusers\SubuserUpdateService
*/
protected $subuserUpdateService;
/**
* SubuserController constructor.
*
* @param \Prologue\Alerts\AlertsMessageBag $alert
* @param \Illuminate\Contracts\Session\Session $session
* @param \Pterodactyl\Services\Subusers\SubuserCreationService $subuserCreationService
* @param \Pterodactyl\Services\Subusers\SubuserDeletionService $subuserDeletionService
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
* @param \Pterodactyl\Services\Subusers\SubuserUpdateService $subuserUpdateService
*/
public function __construct(
AlertsMessageBag $alert,
Session $session,
SubuserCreationService $subuserCreationService,
SubuserDeletionService $subuserDeletionService,
SubuserRepositoryInterface $repository,
SubuserUpdateService $subuserUpdateService
) {
$this->alert = $alert;
$this->repository = $repository;
$this->session = $session;
$this->subuserCreationService = $subuserCreationService;
$this->subuserDeletionService = $subuserDeletionService;
$this->subuserUpdateService = $subuserUpdateService;
}
/**
* Displays the subuser overview index.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*
* @throws \Illuminate\Auth\Access\AuthorizationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function index(Request $request, $uuid)
public function index()
{
$server = Models\Server::byUuid($uuid)->load('subusers.user');
$server = $this->session->get('server_data.model');
$this->authorize('list-subusers', $server);
$server->js();
$this->injectJavascript();
return view('server.users.index', [
'server' => $server,
'node' => $server->node,
'subusers' => $server->subusers,
'subusers' => $this->repository->findWhere([['server_id', '=', $server->id]]),
]);
}
/**
* Displays the a single subuser overview.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @param string $uuid
* @param int $id
* @return \Illuminate\View\View
*
* @throws \Illuminate\Auth\Access\AuthorizationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function view(Request $request, $uuid, $id)
public function view($uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('node');
$server = $this->session->get('server_data.model');
$this->authorize('view-subuser', $server);
$subuser = Models\Subuser::with('permissions', 'user')
->where('server_id', $server->id)->findOrFail($id);
$server->js();
$subuser = $this->repository->getWithPermissions($id);
$this->injectJavascript();
return view('server.users.view', [
'server' => $server,
'node' => $server->node,
'subuser' => $subuser,
'permlist' => Models\Permission::listPermissions(),
'permlist' => Permission::getPermissions(),
'permissions' => $subuser->permissions->mapWithKeys(function ($item, $key) {
return [$item->permission => true];
}),
@ -93,63 +149,38 @@ class SubuserController extends Controller
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*
* @throws \Illuminate\Auth\Access\AuthorizationException
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function update(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$server = $this->session->get('server_data.model');
$this->authorize('edit-subuser', $server);
$subuser = Models\Subuser::where('server_id', $server->id)->findOrFail($id);
$this->subuserUpdateService->handle($id, $request->input('permissions', []));
$this->alert->success(trans('server.users.user_updated'))->flash();
try {
if ($subuser->user_id === Auth::user()->id) {
throw new DisplayException('You are not authorized to edit you own account.');
}
$repo = new SubuserRepository;
$repo->update($subuser->id, [
'permissions' => $request->input('permissions'),
'server' => $server->id,
'user' => $subuser->user_id,
]);
Alert::success('Subuser permissions have successfully been updated.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('server.subusers.view', [
'uuid' => $uuid,
'id' => $id,
])->withErrors(json_decode($ex->getMessage()));
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unknown error occured while attempting to update this subuser.')->flash();
}
return redirect()->route('server.subusers.view', [
'uuid' => $uuid,
'id' => $id,
]);
return redirect()->route('server.subusers.view', ['uuid' => $uuid, 'id' => $id]);
}
/**
* Display new subuser creation page.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function create(Request $request, $uuid)
public function create()
{
$server = Models\Server::byUuid($uuid);
$server = $this->session->get('server_data.model');
$this->authorize('create-subuser', $server);
$server->js();
return view('server.users.new', [
'server' => $server,
'permissions' => Models\Permission::listPermissions(),
'node' => $server->node,
]);
$this->injectJavascript();
return view('server.users.new', ['permissions' => Permission::getPermissions()]);
}
/**
@ -158,64 +189,47 @@ class SubuserController extends Controller
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*
* @throws \Exception
* @throws \Illuminate\Auth\Access\AuthorizationException
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Service\Subuser\ServerSubuserExistsException
* @throws \Pterodactyl\Exceptions\Service\Subuser\UserIsServerOwnerException
*/
public function store(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$server = $this->session->get('server_data.model');
$this->authorize('create-subuser', $server);
try {
$repo = new SubuserRepository;
$subuser = $repo->create($server->id, $request->only([
'permissions', 'email',
]));
Alert::success('Successfully created new subuser.')->flash();
$subuser = $this->subuserCreationService->handle($server, $request->input('email'), $request->input('permissions', []));
$this->alert->success(trans('server.users.user_assigned'))->flash();
return redirect()->route('server.subusers.view', [
'uuid' => $uuid,
'id' => $subuser->id,
]);
} catch (DisplayValidationException $ex) {
return redirect()->route('server.subusers.new', $uuid)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unknown error occured while attempting to add a new subuser.')->flash();
}
return redirect()->route('server.subusers.new', $uuid)->withInput();
return redirect()->route('server.subusers.view', [
'uuid' => $uuid,
'id' => $subuser->id,
]);
}
/**
* Handles deleting a subuser.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\Response
*
* @throws \Illuminate\Auth\Access\AuthorizationException
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function delete(Request $request, $uuid, $id)
public function delete($uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$server = $this->session->get('server_data.model');
$this->authorize('delete-subuser', $server);
try {
$subuser = Models\Subuser::where('server_id', $server->id)->findOrFail($id);
$this->subuserDeletionService->handle($id);
$repo = new SubuserRepository;
$repo->delete($subuser->id);
return response('', 204);
} catch (DisplayException $ex) {
response()->json([
'error' => $ex->getMessage(),
], 422);
} catch (\Exception $ex) {
Log::error($ex);
response()->json([
'error' => 'An unknown error occured while attempting to delete this subuser.',
], 503);
}
return response('', 204);
}
}

24
app/Http/Middleware/AdminAuthenticate.php
View file

@ -25,27 +25,9 @@
namespace Pterodactyl\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class AdminAuthenticate
{
/**
* The Guard implementation.
*
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param \Illuminate\Contracts\Auth\Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
@ -55,15 +37,15 @@ class AdminAuthenticate
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
if (! $request->user()) {
if ($request->expectsJson() || $request->json()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('auth/login');
}
}
if ($this->auth->user()->root_admin !== 1) {
if (! $request->user()->root_admin) {
return abort(403);
}

84
app/Http/Middleware/Server/SubuserAccess.php Normal file
View file

@ -0,0 +1,84 @@
<?php
/*
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware\Server;
use Closure;
use Illuminate\Contracts\Session\Session;
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
use Pterodactyl\Exceptions\DisplayException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class SubuserAccess
{
/**
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
*/
protected $repository;
/**
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
/**
* SubuserAccess constructor.
*
* @param \Illuminate\Contracts\Session\Session $session
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
*/
public function __construct(Session $session, SubuserRepositoryInterface $repository)
{
$this->repository = $repository;
$this->session = $session;
}
/**
* Determine if a user has permission to access a subuser.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function handle($request, Closure $next)
{
$server = $this->session->get('server_data.model');
$subuser = $this->repository->find($request->route()->parameter('subuser', 0));
if ($subuser->server_id !== $server->id) {
throw new NotFoundHttpException;
}
if ($request->method() === 'PATCH') {
if ($subuser->user_id === $request->user()->id) {
throw new DisplayException(trans('exceptions.subusers.editing_self'));
}
}
return $next($request);
}
}

19
app/Repositories/Eloquent/SubuserRepository.php
View file

@ -46,7 +46,22 @@ class SubuserRepository extends EloquentRepository implements SubuserRepositoryI
{
Assert::numeric($id, 'First argument passed to getWithServer must be numeric, received %s.');
$instance = $this->getBuilder()->with('server')->find($id, $this->getColumns());
$instance = $this->getBuilder()->with('server', 'user')->find($id, $this->getColumns());
if (! $instance) {
throw new RecordNotFoundException;
}
return $instance;
}
/**
* {@inheritdoc}
*/
public function getWithPermissions($id)
{
Assert::numeric($id, 'First argument passed to getWithPermissions must be numeric, received %s.');
$instance = $this->getBuilder()->with('permissions', 'user')->find($id, $this->getColumns());
if (! $instance) {
throw new RecordNotFoundException;
}
@ -61,7 +76,7 @@ class SubuserRepository extends EloquentRepository implements SubuserRepositoryI
{
Assert::numeric($id, 'First argument passed to getWithServerAndPermissions must be numeric, received %s.');
$instance = $this->getBuilder()->with(['server', 'permission'])->find($id, $this->getColumns());
$instance = $this->getBuilder()->with('server', 'permission', 'user')->find($id, $this->getColumns());
if (! $instance) {
throw new RecordNotFoundException;
}

36
app/Services/Subusers/SubuserCreationService.php
View file

@ -25,6 +25,7 @@
namespace Pterodactyl\Services\Subusers;
use Illuminate\Log\Writer;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Models\Server;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Database\ConnectionInterface;
@ -81,6 +82,18 @@ class SubuserCreationService
*/
protected $writer;
/**
* SubuserCreationService constructor.
*
* @param \Illuminate\Database\ConnectionInterface $connection
* @param \Pterodactyl\Services\Users\UserCreationService $userCreationService
* @param \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface $daemonRepository
* @param \Pterodactyl\Services\Subusers\PermissionCreationService $permissionService
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $serverRepository
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $subuserRepository
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $userRepository
* @param \Illuminate\Log\Writer $writer
*/
public function __construct(
ConnectionInterface $connection,
UserCreationService $userCreationService,
@ -120,16 +133,10 @@ class SubuserCreationService
$server = $this->serverRepository->find($server);
}
$user = $this->userRepository->findWhere([['email', '=', $email]]);
if (is_null($user)) {
$user = $this->userCreationService->handle([
'email' => $email,
'username' => substr(strtok($email, '@'), 0, 8),
'name_first' => 'Server',
'name_last' => 'Subuser',
'root_admin' => false,
]);
} else {
$this->connection->beginTransaction();
try {
$user = $this->userRepository->findFirstWhere([['email', '=', $email]]);
if ($server->owner_id === $user->id) {
throw new UserIsServerOwnerException(trans('exceptions.subusers.user_is_owner'));
}
@ -138,9 +145,16 @@ class SubuserCreationService
if ($subuserCount !== 0) {
throw new ServerSubuserExistsException(trans('exceptions.subusers.subuser_exists'));
}
} catch (RecordNotFoundException $exception) {
$user = $this->userCreationService->handle([
'email' => $email,
'username' => substr(strtok($email, '@'), 0, 8) . '_' . str_random(6),
'name_first' => 'Server',
'name_last' => 'Subuser',
'root_admin' => false,
]);
}
$this->connection->beginTransaction();
$subuser = $this->subuserRepository->create([
'user_id' => $user->id,
'server_id' => $server->id,