misc_pterodactyl-panel/app/Http/Middleware/Server/SubuserBelongsToServer.php

<?php

namespace Pterodactyl\Http\Middleware\Server;

use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class SubuserBelongsToServer
{
    /**
     * @var \Pterodactyl\Contracts\Extensions\HashidsInterface
     */
    private $hashids;

    /**
     * @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
     */
    private $repository;

    /**
     * SubuserAccess constructor.
     *
     * @param \Pterodactyl\Contracts\Extensions\HashidsInterface           $hashids
     * @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
     */
    public function __construct(HashidsInterface $hashids, SubuserRepositoryInterface $repository)
    {
        $this->hashids = $hashids;
        $this->repository = $repository;
    }

    /**
     * Determine if a user has permission to access and modify subuser.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     * @return mixed
     *
     * @throws \Pterodactyl\Exceptions\DisplayException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
     */
    public function handle(Request $request, Closure $next)
    {
        $server = $request->attributes->get('server');

        $hash = $request->route()->parameter('subuser', 0);
        $subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));
        if (is_null($subuser) || $subuser->server_id !== $server->id) {
            throw new NotFoundHttpException;
        }

        if ($request->method() === 'PATCH') {
            if ($subuser->user_id === $request->user()->id) {
                throw new DisplayException(trans('exceptions.subusers.editing_self'));
            }
        }

        $request->attributes->set('subuser', $subuser);

        return $next($request);
    }
}
Finish subuser controller 2017-09-04 23:12:13 +00:00			`<?php`

			`namespace Pterodactyl\Http\Middleware\Server;`

			`use Closure;`
Update all the middlewares 2017-10-29 17:37:25 +00:00			`use Illuminate\Http\Request;`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`use Pterodactyl\Exceptions\DisplayException;`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`use Pterodactyl\Contracts\Extensions\HashidsInterface;`
Fix PHPCS to order by length not alphabetical 2017-09-05 00:07:00 +00:00			`use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;`

Add database management back to front-end and begin some refactoring Here we go again boys... 2017-10-19 03:32:19 +00:00			`class SubuserBelongsToServer`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`{`
			`/**`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`* @var \Pterodactyl\Contracts\Extensions\HashidsInterface`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*/`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`private $hashids;`
Finish subuser controller 2017-09-04 23:12:13 +00:00
			`/**`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*/`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`private $repository;`
Finish subuser controller 2017-09-04 23:12:13 +00:00
			`/**`
			`* SubuserAccess constructor.`
			`*`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`* @param \Pterodactyl\Contracts\Extensions\HashidsInterface $hashids`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository`
			`*/`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`public function __construct(HashidsInterface $hashids, SubuserRepositoryInterface $repository)`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`{`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`$this->hashids = $hashids;`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`$this->repository = $repository;`
			`}`

			`/**`
Minor bug fixes 2017-09-30 16:45:24 +00:00			`* Determine if a user has permission to access and modify subuser.`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*`
			`* @throws \Pterodactyl\Exceptions\DisplayException`
			`* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException`
Begin implementation of new daemon authentication scheme 2017-09-24 01:45:25 +00:00			`* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`*/`
Update all the middlewares 2017-10-29 17:37:25 +00:00			`public function handle(Request $request, Closure $next)`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`{`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`$server = $request->attributes->get('server');`
Finish subuser controller 2017-09-04 23:12:13 +00:00
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`$hash = $request->route()->parameter('subuser', 0);`
			`$subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));`
More middleware tests 2017-11-02 01:45:43 +00:00			`if (is_null($subuser) \|\| $subuser->server_id !== $server->id) {`
Finish subuser controller 2017-09-04 23:12:13 +00:00			`throw new NotFoundHttpException;`
			`}`

			`if ($request->method() === 'PATCH') {`
			`if ($subuser->user_id === $request->user()->id) {`
			`throw new DisplayException(trans('exceptions.subusers.editing_self'));`
			`}`
			`}`

Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`$request->attributes->set('subuser', $subuser);`

Finish subuser controller 2017-09-04 23:12:13 +00:00			`return $next($request);`
			`}`
			`}`