misc_pterodactyl-panel/app/Http/Controllers/Api/Client/ClientController.php

<?php

namespace Pterodactyl\Http\Controllers\Api\Client;

use Pterodactyl\Models\Server;
use Pterodactyl\Models\Permission;
use Spatie\QueryBuilder\QueryBuilder;
use Spatie\QueryBuilder\AllowedFilter;
use Pterodactyl\Models\Filters\MultiFieldServerFilter;
use Pterodactyl\Repositories\Eloquent\ServerRepository;
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;

class ClientController extends ClientApiController
{
    /**
     * @var \Pterodactyl\Repositories\Eloquent\ServerRepository
     */
    private $repository;

    /**
     * ClientController constructor.
     */
    public function __construct(ServerRepository $repository)
    {
        parent::__construct();

        $this->repository = $repository;
    }

    /**
     * Return all of the servers available to the client making the API
     * request, including servers the user has access to as a subuser.
     */
    public function index(GetServersRequest $request): array
    {
        $user = $request->user();
        $transformer = $this->getTransformer(ServerTransformer::class);

        // Start the query builder and ensure we eager load any requested relationships from the request.
        $builder = QueryBuilder::for(
            Server::query()->with($this->getIncludesForTransformer($transformer, ['node']))
        )->allowedFilters([
            'uuid',
            'name',
            'external_id',
            AllowedFilter::custom('*', new MultiFieldServerFilter()),
        ]);

        $type = $request->input('type');
        // Either return all of the servers the user has access to because they are an admin `?type=admin` or
        // just return all of the servers the user has access to because they are the owner or a subuser of the
        // server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather
        // than only servers they can see because they are an admin.
        if (in_array($type, ['admin', 'admin-all'])) {
            // If they aren't an admin but want all the admin servers don't fail the request, just
            // make it a query that will never return any results back.
            if (!$user->root_admin) {
                $builder->whereRaw('1 = 2');
            } else {
                $builder = $type === 'admin-all'
                    ? $builder
                    : $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all());
            }
        } elseif ($type === 'owner') {
            $builder = $builder->where('servers.owner_id', $user->id);
        } else {
            $builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all());
        }

        $servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());

        return $this->fractal->transformWith($transformer)->collection($servers)->toArray();
    }

    /**
     * Returns all of the subuser permissions available on the system.
     *
     * @return array
     */
    public function permissions()
    {
        return [
            'object' => 'system_permissions',
            'attributes' => [
                'permissions' => Permission::permissions(),
            ],
        ];
    }
}
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`<?php`

			`namespace Pterodactyl\Http\Controllers\Api\Client;`

Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00			`use Pterodactyl\Models\Server;`
Add handler to fetch all of the system permissions and load them into the state 2019-11-04 01:37:06 +00:00			`use Pterodactyl\Models\Permission;`
Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00			`use Spatie\QueryBuilder\QueryBuilder;`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`use Spatie\QueryBuilder\AllowedFilter;`
			`use Pterodactyl\Models\Filters\MultiFieldServerFilter;`
Update client API endpoints to not use deprecated function 2019-09-06 04:41:20 +00:00			`use Pterodactyl\Repositories\Eloquent\ServerRepository;`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`use Pterodactyl\Transformers\Api\Client\ServerTransformer;`
			`use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00
			`class ClientController extends ClientApiController`
			`{`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`/**`
Update client API endpoints to not use deprecated function 2019-09-06 04:41:20 +00:00			`* @var \Pterodactyl\Repositories\Eloquent\ServerRepository`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`*/`
			`private $repository;`

			`/**`
			`* ClientController constructor.`
			`*/`
Update client API endpoints to not use deprecated function 2019-09-06 04:41:20 +00:00			`public function __construct(ServerRepository $repository)`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`{`
			`parent::__construct();`

			`$this->repository = $repository;`
			`}`

			`/**`
			`* Return all of the servers available to the client making the API`
			`* request, including servers the user has access to as a subuser.`
			`*/`
			`public function index(GetServersRequest $request): array`
			`{`
Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00			`$user = $request->user();`
			`$transformer = $this->getTransformer(ServerTransformer::class);`

			`// Start the query builder and ensure we eager load any requested relationships from the request.`
[Security] Don't return all servers on the system when not a root admin and admin level servers are requested Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug. If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely. 2020-07-26 17:43:46 +00:00			`$builder = QueryBuilder::for(`
			`Server::query()->with($this->getIncludesForTransformer($transformer, ['node']))`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`)->allowedFilters([`
			`'uuid',`
			`'name',`
			`'external_id',`
Use more standardized phpcs 2021-01-23 20:33:34 +00:00			`AllowedFilter::custom('*', new MultiFieldServerFilter()),`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`]);`
Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`$type = $request->input('type');`
[Security] Don't return all servers on the system when not a root admin and admin level servers are requested Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug. If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely. 2020-07-26 17:43:46 +00:00			// Either return all of the servers the user has access to because they are an admin `?type=admin` or
			`// just return all of the servers the user has access to because they are the owner or a subuser of the`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`// server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather`
			`// than only servers they can see because they are an admin.`
			`if (in_array($type, ['admin', 'admin-all'])) {`
			`// If they aren't an admin but want all the admin servers don't fail the request, just`
			`// make it a query that will never return any results back.`
Use more standardized phpcs 2021-01-23 20:33:34 +00:00			`if (!$user->root_admin) {`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`$builder->whereRaw('1 = 2');`
			`} else {`
			`$builder = $type === 'admin-all'`
			`? $builder`
			`: $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all());`
			`}`
Update to Laravel 8 Co-authored-by: Matthew Penner <me@matthewp.io> 2021-01-23 20:09:16 +00:00			`} elseif ($type === 'owner') {`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`$builder = $builder->where('servers.owner_id', $user->id);`
[Security] Don't return all servers on the system when not a root admin and admin level servers are requested Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug. If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely. 2020-07-26 17:43:46 +00:00			`} else {`
Support much better server querying from frontend Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered 2020-10-16 04:21:38 +00:00			`$builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all());`
Add support for filtering servers in client list-all endpoint closes #1608 2019-08-03 19:44:15 +00:00			`}`

Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00			`$servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00
Code cleanup & fix frontend searching servers; closes #2100 2020-07-07 04:25:00 +00:00			`return $this->fractal->transformWith($transformer)->collection($servers)->toArray();`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`}`
Add handler to fetch all of the system permissions and load them into the state 2019-11-04 01:37:06 +00:00
			`/**`
			`* Returns all of the subuser permissions available on the system.`
			`*`
			`* @return array`
			`*/`
			`public function permissions()`
			`{`
			`return [`
			`'object' => 'system_permissions',`
			`'attributes' => [`
Get basic modal view for editing/creating a new subuser working 2020-03-26 04:58:37 +00:00			`'permissions' => Permission::permissions(),`
Add handler to fetch all of the system permissions and load them into the state 2019-11-04 01:37:06 +00:00			`],`
			`];`
			`}`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`}`