misc_pterodactyl-panel/app/Http/Controllers/Api/Client/ClientController.php

87 lines
3.2 KiB
PHP
Raw Normal View History

<?php
namespace Pterodactyl\Http\Controllers\Api\Client;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Permission;
use Spatie\QueryBuilder\QueryBuilder;
use Spatie\QueryBuilder\AllowedFilter;
use Pterodactyl\Models\Filters\MultiFieldServerFilter;
use Pterodactyl\Repositories\Eloquent\ServerRepository;
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;
class ClientController extends ClientApiController
{
2021-03-05 17:03:12 +00:00
private ServerRepository $repository;
/**
* ClientController constructor.
*/
public function __construct(ServerRepository $repository)
{
parent::__construct();
$this->repository = $repository;
}
/**
* Return all of the servers available to the client making the API
* request, including servers the user has access to as a subuser.
2021-03-05 17:03:12 +00:00
*
* @throws \Illuminate\Contracts\Container\BindingResolutionException
*/
public function index(GetServersRequest $request): array
{
$user = $request->user();
// Start the query builder and ensure we eager load any requested relationships from the request.
$builder = QueryBuilder::for(
2021-08-07 21:54:22 +00:00
Server::query()->with($this->getIncludesForTransformer(new ServerTransformer(), ['node']))
)->allowedFilters([
'uuid',
'name',
'external_id',
2021-01-23 20:33:34 +00:00
AllowedFilter::custom('*', new MultiFieldServerFilter()),
]);
$type = $request->input('type');
// Either return all of the servers the user has access to because they are an admin `?type=admin` or
// just return all of the servers the user has access to because they are the owner or a subuser of the
// server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather
// than only servers they can see because they are an admin.
if (in_array($type, ['admin', 'admin-all'])) {
// If they aren't an admin but want all the admin servers don't fail the request, just
// make it a query that will never return any results back.
2021-01-23 20:33:34 +00:00
if (!$user->root_admin) {
$builder->whereRaw('1 = 2');
} else {
$builder = $type === 'admin-all'
? $builder
: $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all());
}
} elseif ($type === 'owner') {
$builder = $builder->where('servers.owner_id', $user->id);
} else {
$builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all());
}
$servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());
2021-08-07 21:54:22 +00:00
return $this->fractal->transformWith(new ServerTransformer())->collection($servers)->toArray();
}
/**
* Returns all of the subuser permissions available on the system.
*/
2021-03-05 17:03:12 +00:00
public function permissions(): array
{
return [
'object' => 'system_permissions',
'attributes' => [
'permissions' => Permission::permissions(),
],
];
}
}