Add server database management support to API.

2018-01-25 22:34:53 -06:00 · 2018-01-25 22:34:53 -06:00 · de07b3cc7f
commit de07b3cc7f
parent 2bd691efad
10 changed files with 257 additions and 54 deletions
--- a/app/Http/Requests/Api/Application/ApplicationApiRequest.php
+++ b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
@ -73,7 +73,7 @@ abstract class ApplicationApiRequest extends FormRequest
        return $this->attributes->get('api_key');
    }

-    /**
+    /*
     * Determine if the request passes the authorization check as well
     * as the exists check.
     *
@ -81,18 +81,24 @@ abstract class ApplicationApiRequest extends FormRequest
     *
     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
     */
+
+    /**
+     * @return bool
+     */
    protected function passesAuthorization()
    {
-        $passes = parent::passesAuthorization();
+        if (! parent::passesAuthorization()) {
+            return false;
+        }

        // Only let the user know that a resource does not exist if they are
        // authenticated to access the endpoint. This avoids exposing that
        // an item exists (or does not exist) to the user until they can prove
        // that they have permission to know about it.
-        if ($passes && ! $this->resourceExists()) {
+        if ($this->attributes->get('is_missing_model', false) || ! $this->resourceExists()) {
            throw new NotFoundHttpException('The requested resource does not exist on this server.');
        }

-        return $passes;
+        return true;
    }
 }
--- a/app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabaseRequest.php
+++ b/app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabaseRequest.php
@ -0,0 +1,32 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class GetServerDatabaseRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::READ;
+
+    /**
+     * Determine if the requested server database exists.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $server = $this->route()->parameter('server');
+        $database = $this->route()->parameter('database');
+
+        return $database->server_id === $server->id;
+    }
+}
--- a/app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabasesRequest.php
+++ b/app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabasesRequest.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class GetServerDatabasesRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::READ;
+}
--- a/app/Http/Requests/Api/Application/Servers/Databases/ServerDatabaseWriteRequest.php
+++ b/app/Http/Requests/Api/Application/Servers/Databases/ServerDatabaseWriteRequest.php
@ -0,0 +1,13 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+
+class ServerDatabaseWriteRequest extends GetServerDatabasesRequest
+{
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+}
--- a/app/Http/Requests/Api/Application/Servers/Databases/StoreServerDatabaseRequest.php
+++ b/app/Http/Requests/Api/Application/Servers/Databases/StoreServerDatabaseRequest.php
@ -0,0 +1,61 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class StoreServerDatabaseRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * Validation rules for database creation.
+     *
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'database' => 'required|string|min:1|max:24',
+            'remote' => 'required|string|min:1',
+            'host' => 'required|integer|exists:database_hosts,id',
+        ];
+    }
+
+    /**
+     * Return data formatted in the correct format for the service to consume.
+     *
+     * @return array
+     */
+    public function validated()
+    {
+        return [
+            'database' => $this->input('database'),
+            'remote' => $this->input('remote'),
+            'database_host_id' => $this->input('host'),
+        ];
+    }
+
+    /**
+     * Format error messages in a more understandable format for API output.
+     *
+     * @return array
+     */
+    public function attributes()
+    {
+        return [
+            'host' => 'Database Host Server ID',
+            'remote' => 'Remote Connection String',
+            'database' => 'Database Name',
+        ];
+    }
+}