Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix up subuser controller to use better binding checks

Browse source
This commit is contained in:
Dane Everitt 2021-08-07 11:15:44 -07:00
parent 74426a97f4
commit bc1db626e7
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 10 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
app/Http/Controllers/Api/Client/Servers/SubuserController.php
View file

@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Pterodactyl\Repositories\Eloquent\SubuserRepository; use Pterodactyl\Repositories\Eloquent\SubuserRepository;
@ -56,10 +57,8 @@ class SubuserController extends ClientApiController
* *
* @throws \Illuminate\Contracts\Container\BindingResolutionException * @throws \Illuminate\Contracts\Container\BindingResolutionException
*/ */
public function view(GetSubuserRequest $request): array public function view(GetSubuserRequest $request, Server $server, Subuser $subuser): array
{ {
$subuser = $request->attributes->get('subuser');
return $this->fractal->item($subuser) return $this->fractal->item($subuser)
->transformWith($this->getTransformer(SubuserTransformer::class)) ->transformWith($this->getTransformer(SubuserTransformer::class))
->toArray(); ->toArray();
@ -93,11 +92,8 @@ class SubuserController extends ClientApiController
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Illuminate\Contracts\Container\BindingResolutionException * @throws \Illuminate\Contracts\Container\BindingResolutionException
*/ */
public function update(UpdateSubuserRequest $request, Server $server): array public function update(UpdateSubuserRequest $request, Server $server, Subuser $subuser): array
{ {
/** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser');
$permissions = $this->getDefaultPermissions($request); $permissions = $this->getDefaultPermissions($request);
$current = $subuser->permissions; $current = $subuser->permissions;
@ -128,11 +124,8 @@ class SubuserController extends ClientApiController
/** /**
* Removes a subusers from a server's assignment. * Removes a subusers from a server's assignment.
*/ */
public function delete(DeleteSubuserRequest $request, Server $server): Response public function delete(DeleteSubuserRequest $request, Server $server, Subuser $subuser): Response
{ {
/** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser');
$this->repository->delete($subuser->id); $this->repository->delete($subuser->id);
try { try {

10
app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
View file

@ -7,7 +7,6 @@ use Illuminate\Support\Str;
use Illuminate\Routing\Route; use Illuminate\Routing\Route;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Illuminate\Container\Container; use Illuminate\Container\Container;
use Illuminate\Database\Query\JoinClause;
use Illuminate\Contracts\Routing\Registrar; use Illuminate\Contracts\Routing\Registrar;
use Pterodactyl\Contracts\Extensions\HashidsInterface; use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Illuminate\Database\Eloquent\ModelNotFoundException; use Illuminate\Database\Eloquent\ModelNotFoundException;
@ -52,13 +51,10 @@ class SubstituteClientApiBindings
return $this->server($route)->backups()->where('uuid', $value)->firstOrFail(); return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();
}); });
$this->router->bind('user', function ($value, $route) { $this->router->bind('subuser', function ($value, $route) {
// TODO: is this actually a valid binding for users on the server?
return $this->server($route)->subusers() return $this->server($route)->subusers()
->join('users', function (JoinClause $join) { ->select('subusers.*')
$join->on('subusers.user_id', 'users.id') ->join('users', 'subusers.user_id', '=', 'users.id')
->where('subusers.server_id', 'servers.id');
})
->where('users.uuid', $value) ->where('users.uuid', $value)
->firstOrFail(); ->firstOrFail();
}); });

10
app/Models/Subuser.php
View file

@ -4,16 +4,6 @@ namespace Pterodactyl\Models;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
/**
* @property int $id
* @property int $user_id
* @property int $server_id
* @property array $permissions
* @property \Carbon\Carbon $created_at
* @property \Carbon\Carbon $updated_at
* @property \Pterodactyl\Models\User $user
* @property \Pterodactyl\Models\Server $server
*/
class Subuser extends Model class Subuser extends Model
{ {
use Notifiable; use Notifiable;

6
routes/api-client.php
View file

@ -106,9 +106,9 @@ Route::group([
Route::group(['prefix' => '/users'], function () { Route::group(['prefix' => '/users'], function () {
Route::get('/', 'Servers\SubuserController@index'); Route::get('/', 'Servers\SubuserController@index');
Route::post('/', 'Servers\SubuserController@store'); Route::post('/', 'Servers\SubuserController@store');
Route::get('/{user}', 'Servers\SubuserController@view'); Route::get('/{subuser}', [Client\Servers\SubuserController::class, 'view']);
Route::post('/{user}', 'Servers\SubuserController@update'); Route::post('/{subuser}', [Client\Servers\SubuserController::class, 'update']);
Route::delete('/{user}', 'Servers\SubuserController@delete'); Route::delete('/{subuser}', [Client\Servers\SubuserController::class, 'delete']);
}); });
Route::group(['prefix' => '/backups'], function () { Route::group(['prefix' => '/backups'], function () {