Fix up subuser controller to use better binding checks

This commit is contained in:
Dane Everitt 2021-08-07 11:15:44 -07:00
parent 74426a97f4
commit bc1db626e7
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 10 additions and 31 deletions

View file

@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission;
use Illuminate\Support\Facades\Log;
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
@ -56,10 +57,8 @@ class SubuserController extends ClientApiController
*
* @throws \Illuminate\Contracts\Container\BindingResolutionException
*/
public function view(GetSubuserRequest $request): array
public function view(GetSubuserRequest $request, Server $server, Subuser $subuser): array
{
$subuser = $request->attributes->get('subuser');
return $this->fractal->item($subuser)
->transformWith($this->getTransformer(SubuserTransformer::class))
->toArray();
@ -93,11 +92,8 @@ class SubuserController extends ClientApiController
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Illuminate\Contracts\Container\BindingResolutionException
*/
public function update(UpdateSubuserRequest $request, Server $server): array
public function update(UpdateSubuserRequest $request, Server $server, Subuser $subuser): array
{
/** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser');
$permissions = $this->getDefaultPermissions($request);
$current = $subuser->permissions;
@ -128,11 +124,8 @@ class SubuserController extends ClientApiController
/**
* Removes a subusers from a server's assignment.
*/
public function delete(DeleteSubuserRequest $request, Server $server): Response
public function delete(DeleteSubuserRequest $request, Server $server, Subuser $subuser): Response
{
/** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser');
$this->repository->delete($subuser->id);
try {

View file

@ -7,7 +7,6 @@ use Illuminate\Support\Str;
use Illuminate\Routing\Route;
use Pterodactyl\Models\Server;
use Illuminate\Container\Container;
use Illuminate\Database\Query\JoinClause;
use Illuminate\Contracts\Routing\Registrar;
use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Illuminate\Database\Eloquent\ModelNotFoundException;
@ -52,13 +51,10 @@ class SubstituteClientApiBindings
return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();
});
$this->router->bind('user', function ($value, $route) {
// TODO: is this actually a valid binding for users on the server?
$this->router->bind('subuser', function ($value, $route) {
return $this->server($route)->subusers()
->join('users', function (JoinClause $join) {
$join->on('subusers.user_id', 'users.id')
->where('subusers.server_id', 'servers.id');
})
->select('subusers.*')
->join('users', 'subusers.user_id', '=', 'users.id')
->where('users.uuid', $value)
->firstOrFail();
});

View file

@ -4,16 +4,6 @@ namespace Pterodactyl\Models;
use Illuminate\Notifications\Notifiable;
/**
* @property int $id
* @property int $user_id
* @property int $server_id
* @property array $permissions
* @property \Carbon\Carbon $created_at
* @property \Carbon\Carbon $updated_at
* @property \Pterodactyl\Models\User $user
* @property \Pterodactyl\Models\Server $server
*/
class Subuser extends Model
{
use Notifiable;

View file

@ -106,9 +106,9 @@ Route::group([
Route::group(['prefix' => '/users'], function () {
Route::get('/', 'Servers\SubuserController@index');
Route::post('/', 'Servers\SubuserController@store');
Route::get('/{user}', 'Servers\SubuserController@view');
Route::post('/{user}', 'Servers\SubuserController@update');
Route::delete('/{user}', 'Servers\SubuserController@delete');
Route::get('/{subuser}', [Client\Servers\SubuserController::class, 'view']);
Route::post('/{subuser}', [Client\Servers\SubuserController::class, 'update']);
Route::delete('/{subuser}', [Client\Servers\SubuserController::class, 'delete']);
});
Route::group(['prefix' => '/backups'], function () {