From 65957e7ea51f5ed9826e960d8469bf3b270ac056 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 3 Jun 2017 18:41:35 -0500 Subject: [PATCH] Begin implementation of new request validation, closes #470 --- .gitignore | 1 + .styleci.yml | 1 + .../Controllers/Admin/OptionController.php | 16 ++-- .../Admin/Service/StoreOptionVariable.php | 75 +++++++++++++++++++ resources/lang/en/base.php | 6 +- 5 files changed, 86 insertions(+), 13 deletions(-) create mode 100644 app/Http/Requests/Admin/Service/StoreOptionVariable.php diff --git a/.gitignore b/.gitignore index 3a02506e3..9d8eca6a5 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ Dockerfile docker-compose.yml # for image related files misc +.phpstorm.meta.php diff --git a/.styleci.yml b/.styleci.yml index 7595f5546..87848d020 100644 --- a/.styleci.yml +++ b/.styleci.yml @@ -4,3 +4,4 @@ disabled: - concat_without_spaces enabled: - concat_with_spaces + - no_unused_imports diff --git a/app/Http/Controllers/Admin/OptionController.php b/app/Http/Controllers/Admin/OptionController.php index f4a70363a..cdcf2f3bb 100644 --- a/app/Http/Controllers/Admin/OptionController.php +++ b/app/Http/Controllers/Admin/OptionController.php @@ -35,6 +35,7 @@ use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Repositories\OptionRepository; use Pterodactyl\Repositories\VariableRepository; use Pterodactyl\Exceptions\DisplayValidationException; +use Pterodactyl\Http\Requests\Admin\Service\StoreOptionVariable; class OptionController extends Controller { @@ -198,28 +199,23 @@ class OptionController extends Controller /** * Handles POST when editing a configration for a service option. * - * @param \Illuminate\Http\Request $request - * @param int $option - * @param int $variable + * @param \Pterodactyl\Http\Requests\Admin\Service\StoreOptionVariable $request + * @param int $option + * @param int $variable * @return \Illuminate\Http\RedirectResponse */ - public function editVariable(Request $request, $option, $variable) + public function editVariable(StoreOptionVariable $request, $option, $variable) { $repo = new VariableRepository; try { if ($request->input('action') !== 'delete') { - $variable = $repo->update($variable, $request->intersect([ - 'name', 'description', 'env_variable', - 'default_value', 'options', 'rules', - ])); + $variable = $repo->update($variable, $request->normalize()); Alert::success("The service variable '{$variable->name}' has been updated.")->flash(); } else { $repo->delete($variable); Alert::success('That service variable has been deleted.')->flash(); } - } catch (DisplayValidationException $ex) { - return redirect()->route('admin.services.option.variables', $option)->withErrors(json_decode($ex->getMessage())); } catch (DisplayException $ex) { Alert::danger($ex->getMessage())->flash(); } catch (\Exception $ex) { diff --git a/app/Http/Requests/Admin/Service/StoreOptionVariable.php b/app/Http/Requests/Admin/Service/StoreOptionVariable.php new file mode 100644 index 000000000..cb37e6a17 --- /dev/null +++ b/app/Http/Requests/Admin/Service/StoreOptionVariable.php @@ -0,0 +1,75 @@ +. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +namespace Pterodactyl\Http\Requests\Admin\Service; + +use Pterodactyl\Models\User; +use Illuminate\Foundation\Http\FormRequest; + +class StoreOptionVariable extends FormRequest +{ + /** + * Determine if user is allowed to access this request. + * + * @return bool + */ + public function authorize() + { + if (! $this->user() instanceof User) { + return false; + } + + return $this->user()->isRootAdmin(); + } + + /** + * Set the rules to be used for data passed to the request. + * + * @return array + */ + public function rules() + { + return [ + 'name' => 'required|string|min:1|max:255', + 'description' => 'nullable|string', + 'env_variable' => 'required|regex:/^[\w]{1,255}$/', + 'rules' => 'bail|required|string', + 'default_value' => explode('|', $this->input('rules')), + 'options' => 'sometimes|required|array', + ]; + } + + /** + * Return only the fields that we are interested in from the request. + * This will include empty fields as a null value. + * + * @return array + */ + public function normalize() + { + return $this->only( + array_keys($this->rules()) + ); + } +} diff --git a/resources/lang/en/base.php b/resources/lang/en/base.php index fdd7157c6..a32ab253f 100644 --- a/resources/lang/en/base.php +++ b/resources/lang/en/base.php @@ -57,15 +57,15 @@ return [ ], 'view' => [ 'title' => 'View Server', - 'desc'=> 'Allows viewing of specific server user can access.', + 'desc' => 'Allows viewing of specific server user can access.', ], 'power' => [ 'title' => 'Toggle Power', - 'desc'=> 'Allow toggling of power status for a server.', + 'desc' => 'Allow toggling of power status for a server.', ], 'command' => [ 'title' => 'Send Command', - 'desc'=> 'Allow sending of a command to a running server.', + 'desc' => 'Allow sending of a command to a running server.', ], ], ],