Add proper permissions for role application routes, allow admins to access application api

2020-12-28 12:47:08 -07:00 · 2020-12-28 12:47:08 -07:00 · 9c7b49e2b9
commit 9c7b49e2b9
parent b6abeb0994
16 changed files with 287 additions and 112 deletions
--- a/app/Http/Controllers/Api/Application/RoleController.php
+++ b/app/Http/Controllers/Api/Application/RoleController.php
@ -1,76 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Controllers\Api\Application;
-
-use Illuminate\Http\JsonResponse;
-use Pterodactyl\Http\Requests\Admin\RoleFormRequest;
-use Pterodactyl\Repositories\Eloquent\AdminRolesRepository;
-
-class RoleController extends ApplicationApiController
-{
-    /**
-     * @var \Pterodactyl\Repositories\Eloquent\AdminRolesRepository
-     */
-    private $repository;
-
-    /**
-     * RolesController constructor.
-     *
-     * @param \Pterodactyl\Repositories\Eloquent\AdminRolesRepository $repository
-     */
-    public function __construct(AdminRolesRepository $repository)
-    {
-        parent::__construct();
-
-        $this->repository = $repository;
-    }
-
-    /**
-     * Returns an array of all roles.
-     *
-     * @return \Illuminate\Http\JsonResponse
-     */
-    public function index()
-    {
-        return new JsonResponse($this->repository->all());
-    }
-
-    /**
-     * Creates a new role.
-     *
-     * @param \Pterodactyl\Http\Requests\Admin\RoleFormRequest $request
-     *
-     * @return \Illuminate\Http\JsonResponse
-     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
-     */
-    public function create(RoleFormRequest $request)
-    {
-        $role = $this->repository->create($request->normalize());
-
-        return new JsonResponse($role);
-    }
-
-    /**
-     * Updates a role.
-     *
-     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
-     */
-    public function update()
-    {
-        return response('', 204);
-    }
-
-    /**
-     * Deletes a role.
-     *
-     * @param int $role_id
-     *
-     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
-     */
-    public function delete(int $role_id)
-    {
-        $this->repository->delete($role_id);
-
-        return response('', 204);
-    }
-}
--- a/app/Http/Controllers/Api/Application/Roles/RoleController.php
+++ b/app/Http/Controllers/Api/Application/Roles/RoleController.php
@ -0,0 +1,110 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Application\Roles;
+
+use Illuminate\Http\JsonResponse;
+use Pterodactyl\Models\AdminRole;
+use Pterodactyl\Repositories\Eloquent\AdminRolesRepository;
+use Pterodactyl\Transformers\Api\Application\AdminRoleTransformer;
+use Pterodactyl\Http\Requests\Api\Application\Roles\GetRolesRequest;
+use Pterodactyl\Http\Requests\Api\Application\Roles\StoreRoleRequest;
+use Pterodactyl\Http\Requests\Api\Application\Roles\DeleteRoleRequest;
+use Pterodactyl\Http\Requests\Api\Application\Roles\UpdateRoleRequest;
+use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
+
+class RoleController extends ApplicationApiController
+{
+    /**
+     * @var \Pterodactyl\Repositories\Eloquent\AdminRolesRepository
+     */
+    private $repository;
+
+    /**
+     * RolesController constructor.
+     *
+     * @param \Pterodactyl\Repositories\Eloquent\AdminRolesRepository $repository
+     */
+    public function __construct(AdminRolesRepository $repository)
+    {
+        parent::__construct();
+
+        $this->repository = $repository;
+    }
+
+    /**
+     * Returns an array of all roles.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Application\Roles\GetRolesRequest $request
+     *
+     * @return array
+     */
+    public function index(GetRolesRequest $request)
+    {
+        return $this->fractal->collection(AdminRole::all())
+            ->transformWith($this->getTransformer(AdminRoleTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Returns a single role.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Application\Roles\GetRolesRequest $request
+     * @param \Pterodactyl\Models\AdminRole $role
+     *
+     * @return array
+     */
+    public function view(GetRolesRequest $request, AdminRole $role): array
+    {
+        return $this->fractal->item($role)
+            ->transformWith($this->getTransformer(AdminRoleTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Creates a new role.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Application\Roles\StoreRoleRequest $request
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function store(StoreRoleRequest $request)
+    {
+        $role = AdminRole::query()->create($request->validated());
+
+        return $this->fractal->item($role)
+            ->transformWith($this->getTransformer(AdminRoleTransformer::class))
+            ->respond(JsonResponse::HTTP_CREATED);
+    }
+
+    /**
+     * Updates a role.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Application\Roles\UpdateRoleRequest $request
+     * @param \Pterodactyl\Models\AdminRole $role
+     *
+     * @return array
+     */
+    public function update(UpdateRoleRequest $request, AdminRole $role)
+    {
+        $role->update($request->validated());
+
+        return $this->fractal->item($role)
+            ->transformWith($this->getTransformer(AdminRoleTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Deletes a role.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Application\Roles\DeleteRoleRequest $request
+     * @param \Pterodactyl\Models\AdminRole $role
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function delete(DeleteRoleRequest $request, AdminRole $role)
+    {
+        $this->repository->delete($role->id);
+
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+    }
+}
--- a/app/Http/Requests/Admin/RoleFormRequest.php
+++ b/app/Http/Requests/Admin/RoleFormRequest.php
@ -1,29 +0,0 @@
-<?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-
-namespace Pterodactyl\Http\Requests\Admin;
-
-use Pterodactyl\Models\AdminRole;
-
-class RoleFormRequest extends AdminFormRequest
-{
-    /**
-     * Setup the validation rules to use for these requests.
-     *
-     * @return array
-     */
-    public function rules()
-    {
-        if ($this->method() === 'PATCH') {
-            return AdminRole::getRulesForUpdate($this->route()->parameter('mount')->id);
-        }
-
-        return AdminRole::getRules();
-    }
-}
--- a/app/Http/Requests/Api/Application/ApplicationApiRequest.php
+++ b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
@ -50,6 +50,10 @@ abstract class ApplicationApiRequest extends FormRequest
            throw new PterodactylException('An ACL resource must be defined on API requests.');
        }

+        if (! is_null($this->user())) {
+            return $this->user()->root_admin;
+        }
+
        return AdminAcl::check($this->key(), $this->resource, $this->permission);
    }

--- a/app/Http/Requests/Api/Application/Roles/DeleteRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/DeleteRoleRequest.php
@ -0,0 +1,32 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class DeleteRoleRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * Determine if the requested role exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $role = $this->route()->parameter('role');
+
+        return $role instanceof AdminRole && $role->exists;
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/GetRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/GetRoleRequest.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+
+class GetRoleRequest extends GetRolesRequest
+{
+    /**
+     * Determine if the requested role exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $role = $this->route()->parameter('role');
+
+        return $role instanceof AdminRole && $role->exists;
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/GetRolesRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/GetRolesRequest.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl as Acl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class GetRolesRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = Acl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = Acl::READ;
+}
--- a/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php
@ -0,0 +1,32 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+class StoreRoleRequest extends ApplicationApiRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ROLES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * ?
+     *
+     * @param array|null $rules
+     *
+     * @return array
+     */
+    public function rules(array $rules = null): array
+    {
+        return $rules ?? AdminRole::getRules();
+    }
+}
--- a/app/Http/Requests/Api/Application/Roles/UpdateRoleRequest.php
+++ b/app/Http/Requests/Api/Application/Roles/UpdateRoleRequest.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Application\Roles;
+
+use Pterodactyl\Models\AdminRole;
+
+class UpdateRoleRequest extends StoreRoleRequest
+{
+    /**
+     * ?
+     *
+     * @param array|null $rules
+     *
+     * @return array
+     */
+    public function rules(array $rules = null): array
+    {
+        return $rules ?? AdminRole::getRulesForUpdate($this->route()->parameter('role')->id);
+    }
+}