Implement changes to administrative user revocation, closes #733

2017-12-03 14:00:47 -06:00 · 2017-12-03 14:00:47 -06:00 · 975597b4d0
commit 975597b4d0
parent 20beb2f280
19 changed files with 458 additions and 125 deletions
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -1,11 +1,4 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */

 namespace Pterodactyl\Http\Controllers\Admin;

@ -160,10 +153,30 @@ class UserController extends Controller
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
     */
    public function update(UserFormRequest $request, User $user)
    {
-        $this->updateService->handle($user->id, $request->normalize());
+        $this->updateService->setUserLevel(User::USER_LEVEL_ADMIN);
+        $data = $this->updateService->handle($user, $request->normalize());
+
+        if (! empty($data->get('exceptions'))) {
+            foreach ($data->get('exceptions') as $node => $exception) {
+                /** @var \GuzzleHttp\Exception\RequestException $exception */
+                /** @var \GuzzleHttp\Psr7\Response|null $response */
+                $response = method_exists($exception, 'getResponse') ? $exception->getResponse() : null;
+                $message = trans('admin/server.exceptions.daemon_exception', [
+                    'code' => is_null($response) ? 'E_CONN_REFUSED' : $response->getStatusCode(),
+                ]);
+
+                $this->alert->danger(trans('exceptions.users.node_revocation_failed', [
+                    'node' => $node,
+                    'error' => $message,
+                    'link' => route('admin.nodes.view', $node),
+                ]))->flash();
+            }
+        }
+
        $this->alert->success($this->translator->trans('admin/user.notices.account_updated'))->flash();

        return redirect()->route('admin.users.view', $user->id);
--- a/app/Http/Controllers/Base/AccountController.php
+++ b/app/Http/Controllers/Base/AccountController.php
@ -1,30 +1,8 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>
- * Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */

 namespace Pterodactyl\Http\Controllers\Base;

+use Pterodactyl\Models\User;
 use Prologue\Alerts\AlertsMessageBag;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Services\Users\UserUpdateService;
@ -48,10 +26,8 @@ class AccountController extends Controller
     * @param \Prologue\Alerts\AlertsMessageBag             $alert
     * @param \Pterodactyl\Services\Users\UserUpdateService $updateService
     */
-    public function __construct(
-        AlertsMessageBag $alert,
-        UserUpdateService $updateService
-    ) {
+    public function __construct(AlertsMessageBag $alert, UserUpdateService $updateService)
+    {
        $this->alert = $alert;
        $this->updateService = $updateService;
    }
@ -74,6 +50,7 @@ class AccountController extends Controller
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
     */
    public function update(AccountDataFormRequest $request)
    {
@ -86,7 +63,8 @@ class AccountController extends Controller
            $data = $request->only(['name_first', 'name_last', 'username']);
        }

-        $this->updateService->handle($request->user()->id, $data);
+        $this->updateService->setUserLevel(User::USER_LEVEL_USER);
+        $this->updateService->handle($request->user(), $data);
        $this->alert->success(trans('base.account.details_updated'))->flash();

        return redirect()->route('account');
--- a/app/Http/Middleware/AdminAuthenticate.php
+++ b/app/Http/Middleware/AdminAuthenticate.php
@ -21,6 +21,8 @@ class AdminAuthenticate
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     * @return mixed
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
     */
    public function handle(Request $request, Closure $next)
    {
--- a/app/Http/Middleware/DaemonAuthenticate.php
+++ b/app/Http/Middleware/DaemonAuthenticate.php
@ -46,6 +46,8 @@ class DaemonAuthenticate
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     * @return mixed
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
     */
    public function handle(Request $request, Closure $next)
    {
--- a/app/Http/Middleware/Server/AuthenticateAsSubuser.php
+++ b/app/Http/Middleware/Server/AuthenticateAsSubuser.php
@ -47,9 +47,8 @@ class AuthenticateAsSubuser
     * @param \Closure                 $next
     * @return mixed
     *
-     * @throws \Illuminate\Auth\AuthenticationException
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
     */
    public function handle(Request $request, Closure $next)
    {
--- a/app/Http/Requests/Admin/UserFormRequest.php
+++ b/app/Http/Requests/Admin/UserFormRequest.php
@ -19,7 +19,11 @@ class UserFormRequest extends AdminFormRequest
    public function rules()
    {
        if ($this->method() === 'PATCH') {
-            return User::getUpdateRulesForId($this->route()->parameter('user')->id);
+            $rules = User::getUpdateRulesForId($this->route()->parameter('user')->id);
+
+            return array_merge($rules, [
+                'ignore_connection_error' => 'sometimes|nullable|boolean',
+            ]);
        }

        return User::getCreateRules();
@ -30,7 +34,7 @@ class UserFormRequest extends AdminFormRequest
        if ($this->method === 'PATCH') {
            return array_merge(
                $this->intersect('password'),
-                $this->only(['email', 'username', 'name_first', 'name_last', 'root_admin'])
+                $this->only(['email', 'username', 'name_first', 'name_last', 'root_admin', 'ignore_connection_error'])
            );
        }