86 lines
3.2 KiB
PHP
86 lines
3.2 KiB
PHP
<?php
|
|
|
|
namespace Pterodactyl\Http\Controllers\Api\Client;
|
|
|
|
use Pterodactyl\Models\Server;
|
|
use Pterodactyl\Models\Permission;
|
|
use Spatie\QueryBuilder\QueryBuilder;
|
|
use Spatie\QueryBuilder\AllowedFilter;
|
|
use Pterodactyl\Models\Filters\MultiFieldServerFilter;
|
|
use Pterodactyl\Repositories\Eloquent\ServerRepository;
|
|
use Pterodactyl\Transformers\Api\Client\ServerTransformer;
|
|
use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;
|
|
|
|
class ClientController extends ClientApiController
|
|
{
|
|
private ServerRepository $repository;
|
|
|
|
/**
|
|
* ClientController constructor.
|
|
*/
|
|
public function __construct(ServerRepository $repository)
|
|
{
|
|
parent::__construct();
|
|
|
|
$this->repository = $repository;
|
|
}
|
|
|
|
/**
|
|
* Return all of the servers available to the client making the API
|
|
* request, including servers the user has access to as a subuser.
|
|
*
|
|
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
|
*/
|
|
public function index(GetServersRequest $request): array
|
|
{
|
|
$user = $request->user();
|
|
|
|
// Start the query builder and ensure we eager load any requested relationships from the request.
|
|
$builder = QueryBuilder::for(
|
|
Server::query()->with($this->getIncludesForTransformer(new ServerTransformer(), ['node']))
|
|
)->allowedFilters([
|
|
'uuid',
|
|
'name',
|
|
'external_id',
|
|
AllowedFilter::custom('*', new MultiFieldServerFilter()),
|
|
]);
|
|
|
|
$type = $request->input('type');
|
|
// Either return all of the servers the user has access to because they are an admin `?type=admin` or
|
|
// just return all of the servers the user has access to because they are the owner or a subuser of the
|
|
// server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather
|
|
// than only servers they can see because they are an admin.
|
|
if (in_array($type, ['admin', 'admin-all'])) {
|
|
// If they aren't an admin but want all the admin servers don't fail the request, just
|
|
// make it a query that will never return any results back.
|
|
if (!$user->root_admin) {
|
|
$builder->whereRaw('1 = 2');
|
|
} else {
|
|
$builder = $type === 'admin-all'
|
|
? $builder
|
|
: $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all());
|
|
}
|
|
} elseif ($type === 'owner') {
|
|
$builder = $builder->where('servers.owner_id', $user->id);
|
|
} else {
|
|
$builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all());
|
|
}
|
|
|
|
$servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());
|
|
|
|
return $this->fractal->transformWith(new ServerTransformer())->collection($servers)->toArray();
|
|
}
|
|
|
|
/**
|
|
* Returns all of the subuser permissions available on the system.
|
|
*/
|
|
public function permissions(): array
|
|
{
|
|
return [
|
|
'object' => 'system_permissions',
|
|
'attributes' => [
|
|
'permissions' => Permission::permissions(),
|
|
],
|
|
];
|
|
}
|
|
}
|