From b7666bdb05855c53b1e437dfda65b0c4d5bb826f Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Mon, 18 Jan 2016 01:24:33 -0500
Subject: [PATCH] Basic initial subuser management

---
 .../Controllers/Server/SubuserController.php  |  77 ++++++++
 app/Http/Routes/ServerRoutes.php              |  15 ++
 app/Repositories/SubuserRepository.php        |  78 ++++++++
 resources/views/layouts/master.blade.php      |   2 +
 resources/views/server/index.blade.php        |   6 +-
 resources/views/server/users/index.blade.php  |  38 ++++
 resources/views/server/users/view.blade.php   | 166 ++++++++++++++++++
 7 files changed, 381 insertions(+), 1 deletion(-)
 create mode 100644 app/Http/Controllers/Server/SubuserController.php
 create mode 100644 app/Repositories/SubuserRepository.php
 create mode 100644 resources/views/server/users/index.blade.php
 create mode 100644 resources/views/server/users/view.blade.php

diff --git a/app/Http/Controllers/Server/SubuserController.php b/app/Http/Controllers/Server/SubuserController.php
new file mode 100644
index 000000000..c3757658a
--- /dev/null
+++ b/app/Http/Controllers/Server/SubuserController.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Server;
+
+use DB;
+use Alert;
+use Pterodactyl\Models;
+
+use Illuminate\Http\Request;
+use Pterodactyl\Http\Controllers\Controller;
+
+class SubuserController extends Controller
+{
+
+    /**
+     * Controller Constructor
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    public function getIndex(Request $request, $uuid)
+    {
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('list-subusers', $server);
+
+        return view('server.users.index', [
+            'server' => $server,
+            'node' => Models\Node::find($server->node),
+            'subusers' => Models\Subuser::select('subusers.*', 'users.email as a_userEmail')
+                ->join('users', 'users.id', '=', 'subusers.user_id')
+                ->where('server_id', $server->id)
+                ->get()
+        ]);
+
+    }
+
+    public function getView(Request $request, $uuid, $id)
+    {
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('view-subuser', $server);
+
+        $subuser = Models\Subuser::select('subusers.*', 'users.email as a_userEmail')
+            ->join('users', 'users.id', '=', 'subusers.user_id')
+            ->where(DB::raw('md5(subusers.id)'), $id)->where('subusers.server_id', $server->id)
+            ->first();
+
+        if (!$subuser) {
+            abort(404);
+        }
+
+        $permissions = [];
+        $modelPermissions = Models\Permission::select('permission')
+            ->where('user_id', $subuser->user_id)->where('server_id', $server->id)
+            ->get();
+
+        foreach($modelPermissions as &$perm) {
+            $permissions[$perm->permission] = true;
+        }
+
+        return view('server.users.view', [
+            'server' => $server,
+            'node' => Models\Node::find($server->node),
+            'subuser' => $subuser,
+            'permissions' => $permissions,
+        ]);
+    }
+
+    public function postView(Request $request, $uuid, $id)
+    {
+        //
+    }
+
+}
diff --git a/app/Http/Routes/ServerRoutes.php b/app/Http/Routes/ServerRoutes.php
index a00ec390b..f29264afa 100644
--- a/app/Http/Routes/ServerRoutes.php
+++ b/app/Http/Routes/ServerRoutes.php
@@ -52,6 +52,21 @@ class ServerRoutes {
                 'uses' => 'Server\AjaxController@postSaveFile'
             ]);
 
+            // Sub-User Routes
+            $router->get('users', [
+                'as' => 'server.subusers',
+                'uses' => 'Server\SubuserController@getIndex'
+            ]);
+
+            $router->get('users/view/{id}', [
+                'as' => 'server.subusers.view',
+                'uses' => 'Server\SubuserController@getView'
+            ]);
+
+            $router->post('users/view/{id}', [
+                'uses' => 'Server\SubuserController@postView'
+            ]);
+
             // Assorted AJAX Routes
             $router->group(['prefix' => 'ajax'], function ($server) use ($router) {
                 // Returns Server Status
diff --git a/app/Repositories/SubuserRepository.php b/app/Repositories/SubuserRepository.php
new file mode 100644
index 000000000..e5a0162aa
--- /dev/null
+++ b/app/Repositories/SubuserRepository.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Pterodactyl\Repositories;
+
+use DB;
+use Validator;
+
+use Pterodactyl\Models;
+use Pterodactyl\Services\UuidService;
+
+use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
+
+class UserRepository
+{
+
+    /**
+     * Allowed permissions and their related daemon permission.
+     * @var array
+     */
+    protected $permissions = [
+        // Power Permissions
+        'power-start' => 's:power:start',
+        'power-stop' => 's:power:stop',
+        'power-restart' => 's:power:restart',
+        'power-kill' => 's:power:kill',
+
+        // Commands
+        'send-command' => 's:command',
+
+        // File Manager
+        'list-files' => 's:files:get',
+        'edit-file' => 's:files:read',
+        'save-file' => 's:files:post',
+        'create-file' => 's:files:post',
+        'download-file' => null,
+        'upload-file' => 's:files:upload',
+        'delete-file' => 's:files:delete',
+
+        // Subusers
+        'list-subusers' => null,
+        'view-subuser' => null,
+        'edit-subuser' => null,
+        'create-subuser' => null,
+        'delete-subuser' => null,
+
+        // Management
+        'set-connection' => null,
+        'view-sftp' => null,
+        'reset-sftp' => 's:set-password'
+    ];
+
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Updates permissions for a given subuser.
+     * @param  integer $id  The ID of the subuser row in MySQL. (Not the user ID)
+     * @param  array  $data
+     * @throws DisplayValidationException
+     * @throws DisplayException
+     * @return void
+     */
+    public function update($id, array $data)
+    {
+        $validator = Validator::make($data, [
+            'permissions' => 'required|array'
+        ]);
+
+        if ($validator->fails()) {
+            throw new DisplayValidationException(json_encode($validator->all()));
+        }
+
+        // @TODO the thing.
+
+    }
diff --git a/resources/views/layouts/master.blade.php b/resources/views/layouts/master.blade.php
index 470f0de82..7ed559721 100644
--- a/resources/views/layouts/master.blade.php
+++ b/resources/views/layouts/master.blade.php
@@ -10,10 +10,12 @@
         <link rel="stylesheet" href="{{ asset('css/animate.css') }}">
         <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css">
         <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.css">
+        <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/fuelux/3.13.0/css/fuelux.min.css" />
         <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
         <script src="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.2/js/bootstrap.min.js"></script>
         <script src="//cdnjs.cloudflare.com/ajax/libs/socket.io/1.3.7/socket.io.min.js"></script>
         <script src="//cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
+        <script src="//cdnjs.cloudflare.com/ajax/libs/fuelux/3.13.0/js/fuelux.min.js"></script>
         <script src="{{ asset('js/admin.min.js') }}"></script>
         <script src="{{ asset('js/bootstrap-notify.min.js') }}"></script>
         <script>
diff --git a/resources/views/server/index.blade.php b/resources/views/server/index.blade.php
index e8e6ddcef..be1971d81 100644
--- a/resources/views/server/index.blade.php
+++ b/resources/views/server/index.blade.php
@@ -448,10 +448,14 @@ $(window).load(function () {
                 data: JSON.stringify({ command: ccmd })
             }).fail(function (jqXHR) {
                 console.error(jqXHR);
+                var error = 'An error occured while trying to process this request.';
+                if (typeof jqXHR.responseJSON !== 'undefined' && typeof jqXHR.responseJSON.error !== 'undefined') {
+                    error = jqXHR.responseJSON.error;
+                }
                 swal({
                     type: 'error',
                     title: 'Whoops!',
-                    text: 'There was an error while attempting to process your request. Please try again.'
+                    text: error
                 });
             }).done(function () {
                 $('#ccmd').val('');
diff --git a/resources/views/server/users/index.blade.php b/resources/views/server/users/index.blade.php
new file mode 100644
index 000000000..f17dfc124
--- /dev/null
+++ b/resources/views/server/users/index.blade.php
@@ -0,0 +1,38 @@
+@extends('layouts.master')
+
+@section('title')
+    Viewing Subusers
+@endsection
+
+@section('content')
+<div class="col-md-12">
+    <h3 class="nopad">Manage Sub-Users</h3><hr />
+    <table class="table table-bordered table-hover">
+        <thead>
+            <tr>
+                <th>Email</th>
+                <th>Created</th>
+                <th>Modified</th>
+                @can('view-subuser', $server)<th></th>@endcan
+                @can('delete-subuser', $server)<th></th>@endcan
+            </tr>
+        </thead>
+        <tbody>
+            @foreach($subusers as $user)
+                <tr>
+                    <td><code>{{ $user->a_userEmail }}</code></td>
+                    <td>{{ $user->created_at }}</td>
+                    <td>{{ $user->updated_at }}</td>
+                    @can('view-subuser', $server)<td class="text-center"><a href="{{ route('server.subusers.view', ['server' => $server->uuidShort, 'id' => md5($user->id)]) }}" class="text-success"><i class="fa fa-wrench"></i></a></td>@endcan
+                    @can('delete-subuser', $server)<td class="text-center"><a href="#/delete/{{ md5($user->id) }}" class="text-danger"><i class="fa fa-trash-o"></i></a></td>@endcan
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
+</div>
+<script>
+$(document).ready(function () {
+    $('.server-users').addClass('active');
+});
+</script>
+@endsection
diff --git a/resources/views/server/users/view.blade.php b/resources/views/server/users/view.blade.php
new file mode 100644
index 000000000..b36479c70
--- /dev/null
+++ b/resources/views/server/users/view.blade.php
@@ -0,0 +1,166 @@
+@extends('layouts.master')
+
+@section('title')
+    Manage Subuser: {{ $subuser->a_userEmail }}
+@endsection
+
+@section('content')
+<div class="col-md-12">
+    <h3 class="nopad">Manage Subuser <span class="label label-primary">{{ $subuser->a_userEmail }}</span></h3><hr />
+    @can('edit-subuser', $server)
+        <form action="{{ route('server.subusers.view', ['uuid' => $server->uuidShort, 'id' => md5($subuser->id) ])}}" method="POST">
+    @endcan
+        <div class="row">
+            <div class="col-md-6 fuelux">
+                <h4>Power Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['power-start']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-start"> <strong>Start Server</strong>
+                        <p class="text-muted"><small>Allows user to start server.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['power-stop']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-stop"> <strong>Stop Server</strong>
+                        <p class="text-muted"><small>Allows user to stop server.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['power-restart']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-restart"> <strong>Restart Server</strong>
+                        <p class="text-muted"><small>Allows user to restart server. A user with this permission can stop or start a server even without the above permissions.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['power-kill']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="power-kill"> <strong>Kill Server</strong>
+                        <p class="text-muted"><small>Allows user to kill server process.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['send-command']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="send-command"> <strong>Send Console Command</strong>
+                        <p class="text-muted"><small>Allows sending a command from the console. If the user does not have stop or restart permissions they cannot send the application's stop command.</small><p>
+                    </label>
+                </div>
+            </div>
+            <div class="col-md-6 fuelux">
+                <h4>File Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['list-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="list-files"> <strong>List Files</strong>
+                        <p class="text-muted"><small>Allows user to list all files and folders on the server but not view file contents.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['edit-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="edit-files"> <strong>Edit Files</strong>
+                        <p class="text-muted"><small>Allows user to open a file for <em>viewing only</em>.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['save-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="save-files"> <strong>Save Files</strong>
+                        <p class="text-muted"><small>Allows user to save modified file contents.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['add-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="add-files"> <strong>Create Files</strong>
+                        <p class="text-muted"><small>Allows user to create a new file within the panel.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['upload-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="upload-files"> <strong>Upload Files</strong>
+                        <p class="text-muted"><small>Allows user to upload files.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['delete-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="delete-files"> <strong>Delete Files</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to delete files from the system.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['download-files']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="download-files"> <strong>Download Files</strong>
+                        <p class="text-muted"><small><span class="label label-danger">Danger</span> Allows user to download files. If a user is given this permission they can download and view file contents.</small><p>
+                    </label>
+                </div>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6 fuelux">
+                <h4>Subuser Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['list-subusers']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="list-subusers"> <strong>List Subusers</strong>
+                        <p class="text-muted"><small>Allows user to view all subusers assigned to the server.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['view-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-subuser"> <strong>View Subuser</strong>
+                        <p class="text-muted"><small>Allows user to view specific subuser permissions.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['edit-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="edit-subuser"> <strong>Edit Subuser</strong>
+                        <p class="text-muted"><small>Allows user to modify permissions for a subuser. <em>They will not have permission to modify themselves.</em></small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['create-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="create-subuser"> <strong>Create Subuser</strong>
+                        <p class="text-muted"><small>Allows a user to create a new subuser.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['delete-subuser']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="delete-subuser"> <strong>Delete Subuser</strong>
+                        <p class="text-muted"><small>Allows a user to delete a subuser.</small><p>
+                    </label>
+                </div>
+            </div>
+            <div class="col-md-6 fuelux">
+                <h4>Server Management</h4><hr />
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['set-connection']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="set-connection"> <strong>Set Default Connection</strong>
+                        <p class="text-muted"><small>Allows user to set the default connection used for a server as well as view avaliable ports.</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['view-sftp']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="view-sftp"> <strong>View SFTP Details</strong>
+                        <p class="text-muted"><small>Allows user to view the server's SFTP information (not the password).</small><p>
+                    </label>
+                </div>
+                <div class="checkbox highlight">
+                    <label class="checkbox-custom highlight" data-initialize="checkbox">
+                        <input class="sr-only" name="permissions[]" type="checkbox" @if(isset($permissions['reset-sftp']))checked="checked"@endif @cannot('edit-subuser', $server)disabled="disabled"@endcannot value="reset-sftp"> <strong>Reset SFTP Password</strong>
+                        <p class="text-muted"><small>Allows user to change the SFTP password for the server.</small><p>
+                    </label>
+                </div>
+            </div>
+        </div>
+    @can('edit-subuser', $server)
+        <div class="well">
+            <div class="row">
+                <div class="col-md-12">
+                    {!! csrf_field() !!}
+                    <input type="submit" class="btn btn-sm btn-primary" value="Modify Subuser" />
+                </div>
+            </div>
+        </div>
+    </form>
+    @endcan
+</div>
+<script>
+$(document).ready(function () {
+    $('.server-users').addClass('active');
+});
+</script>
+@endsection