user(); $transformer = new ServerTransformer(); // Start the query builder and ensure we eager load any requested relationships from the request. $builder = QueryBuilder::for( Server::query()->with($this->getIncludesForTransformer($transformer, ['node'])) )->allowedFilters([ 'uuid', 'name', 'description', 'external_id', AllowedFilter::custom('*', new MultiFieldServerFilter()), ]); $loweredBindings = collect($builder->getBindings()) ->map(fn ($f, $key) => is_string($f) ? strtolower($f) : $f) ->all(); $builder->setBindings($loweredBindings); $type = $request->input('type'); // Either return all the servers the user has access to because they are an admin `?type=admin` or // just return all the servers the user has access to because they are the owner or a subuser of the // server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather // than only servers they can see because they are an admin. if (in_array($type, ['admin', 'admin-all'])) { // If they aren't an admin but want all the admin servers don't fail the request, just // make it a query that will never return any results back. if (!$user->root_admin) { $builder->whereRaw('1 = 2'); } else { $builder = $type === 'admin-all' ? $builder : $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all()); } } elseif ($type === 'owner') { $builder = $builder->where('servers.owner_id', $user->id); } else { $builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all()); } $servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query()); return $this->fractal->transformWith($transformer)->collection($servers)->toArray(); } /** * Returns all the subuser permissions available on the system. */ public function permissions(): array { return [ 'object' => 'system_permissions', 'attributes' => [ 'permissions' => Permission::permissions(), ], ]; } }