misc_pterodactyl-panel/app/Http/Middleware/Server/SubuserAccess.php

<?php
/**
 * Pterodactyl - Panel
 * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
 *
 * This software is licensed under the terms of the MIT license.
 * https://opensource.org/licenses/MIT
 */

namespace Pterodactyl\Http\Middleware\Server;

use Closure;
use Illuminate\Contracts\Session\Session;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class SubuserAccess
{
    /**
     * @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
     */
    protected $repository;

    /**
     * @var \Illuminate\Contracts\Session\Session
     */
    protected $session;

    /**
     * SubuserAccess constructor.
     *
     * @param \Illuminate\Contracts\Session\Session                        $session
     * @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
     */
    public function __construct(Session $session, SubuserRepositoryInterface $repository)
    {
        $this->repository = $repository;
        $this->session = $session;
    }

    /**
     * Determine if a user has permission to access a subuser.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     * @return mixed
     *
     * @throws \Pterodactyl\Exceptions\DisplayException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
     */
    public function handle($request, Closure $next)
    {
        $server = $this->session->get('server_data.model');

        $subuser = $this->repository->find($request->route()->parameter('subuser', 0));
        if ($subuser->server_id !== $server->id) {
            throw new NotFoundHttpException;
        }

        if ($request->method() === 'PATCH') {
            if ($subuser->user_id === $request->user()->id) {
                throw new DisplayException(trans('exceptions.subusers.editing_self'));
            }
        }

        return $next($request);
    }
}
Finish subuser controller 2017-09-04 23:12:13 +00:00			`<?php`
Update license headers on files. 2017-09-26 02:43:01 +00:00			`/**`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`* Pterodactyl - Panel`
			`* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.`
			`*`
Update license headers on files. 2017-09-26 02:43:01 +00:00			`* This software is licensed under the terms of the MIT license.`
			`* https://opensource.org/licenses/MIT`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*/`

			`namespace Pterodactyl\Http\Middleware\Server;`

			`use Closure;`
			`use Illuminate\Contracts\Session\Session;`
			`use Pterodactyl\Exceptions\DisplayException;`
Fix PHPCS to order by length not alphabetical 2017-09-05 00:07:00 +00:00			`use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;`

			`class SubuserAccess`
			`{`
			`/**`
			`* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface`
			`*/`
			`protected $repository;`

			`/**`
			`* @var \Illuminate\Contracts\Session\Session`
			`*/`
			`protected $session;`

			`/**`
			`* SubuserAccess constructor.`
			`*`
			`* @param \Illuminate\Contracts\Session\Session $session`
			`* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository`
			`*/`
			`public function __construct(Session $session, SubuserRepositoryInterface $repository)`
			`{`
			`$this->repository = $repository;`
			`$this->session = $session;`
			`}`

			`/**`
			`* Determine if a user has permission to access a subuser.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*`
			`* @throws \Pterodactyl\Exceptions\DisplayException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Begin implementation of new daemon authentication scheme 2017-09-24 01:45:25 +00:00			`* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`$server = $this->session->get('server_data.model');`

			`$subuser = $this->repository->find($request->route()->parameter('subuser', 0));`
			`if ($subuser->server_id !== $server->id) {`
			`throw new NotFoundHttpException;`
			`}`

			`if ($request->method() === 'PATCH') {`
			`if ($subuser->user_id === $request->user()->id) {`
			`throw new DisplayException(trans('exceptions.subusers.editing_self'));`
			`}`
			`}`

			`return $next($request);`
			`}`
			`}`