forked from Alex/Pterodactyl-Panel
Fix up subuser controller to use better binding checks
This commit is contained in:
Dane Everitt
parent
74426a97f4
commit
bc1db626e7
@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
|
||||
@ -56,10 +57,8 @@ class SubuserController extends ClientApiController
|
||||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function view(GetSubuserRequest $request): array
|
||||
public function view(GetSubuserRequest $request, Server $server, Subuser $subuser): array
|
||||
{
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
return $this->fractal->item($subuser)
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->toArray();
|
||||
@ -93,11 +92,8 @@ class SubuserController extends ClientApiController
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function update(UpdateSubuserRequest $request, Server $server): array
|
||||
public function update(UpdateSubuserRequest $request, Server $server, Subuser $subuser): array
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Subuser $subuser */
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
$permissions = $this->getDefaultPermissions($request);
|
||||
$current = $subuser->permissions;
|
||||
|
||||
@ -128,11 +124,8 @@ class SubuserController extends ClientApiController
|
||||
/**
|
||||
* Removes a subusers from a server's assignment.
|
||||
*/
|
||||
public function delete(DeleteSubuserRequest $request, Server $server): Response
|
||||
public function delete(DeleteSubuserRequest $request, Server $server, Subuser $subuser): Response
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Subuser $subuser */
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
$this->repository->delete($subuser->id);
|
||||
|
||||
try {
|
||||
|
||||
@ -7,7 +7,6 @@ use Illuminate\Support\Str;
|
||||
use Illuminate\Routing\Route;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Container\Container;
|
||||
use Illuminate\Database\Query\JoinClause;
|
||||
use Illuminate\Contracts\Routing\Registrar;
|
||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
@ -52,13 +51,10 @@ class SubstituteClientApiBindings
|
||||
return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();
|
||||
});
|
||||
|
||||
$this->router->bind('user', function ($value, $route) {
|
||||
// TODO: is this actually a valid binding for users on the server?
|
||||
$this->router->bind('subuser', function ($value, $route) {
|
||||
return $this->server($route)->subusers()
|
||||
->join('users', function (JoinClause $join) {
|
||||
$join->on('subusers.user_id', 'users.id')
|
||||
->where('subusers.server_id', 'servers.id');
|
||||
})
|
||||
->select('subusers.*')
|
||||
->join('users', 'subusers.user_id', '=', 'users.id')
|
||||
->where('users.uuid', $value)
|
||||
->firstOrFail();
|
||||
});
|
||||
|
||||
@ -4,16 +4,6 @@ namespace Pterodactyl\Models;
|
||||
|
||||
use Illuminate\Notifications\Notifiable;
|
||||
|
||||
/**
|
||||
* @property int $id
|
||||
* @property int $user_id
|
||||
* @property int $server_id
|
||||
* @property array $permissions
|
||||
* @property \Carbon\Carbon $created_at
|
||||
* @property \Carbon\Carbon $updated_at
|
||||
* @property \Pterodactyl\Models\User $user
|
||||
* @property \Pterodactyl\Models\Server $server
|
||||
*/
|
||||
class Subuser extends Model
|
||||
{
|
||||
use Notifiable;
|
||||
|
||||
@ -106,9 +106,9 @@ Route::group([
|
||||
Route::group(['prefix' => '/users'], function () {
|
||||
Route::get('/', 'Servers\SubuserController@index');
|
||||
Route::post('/', 'Servers\SubuserController@store');
|
||||
Route::get('/{user}', 'Servers\SubuserController@view');
|
||||
Route::post('/{user}', 'Servers\SubuserController@update');
|
||||
Route::delete('/{user}', 'Servers\SubuserController@delete');
|
||||
Route::get('/{subuser}', [Client\Servers\SubuserController::class, 'view']);
|
||||
Route::post('/{subuser}', [Client\Servers\SubuserController::class, 'update']);
|
||||
Route::delete('/{subuser}', [Client\Servers\SubuserController::class, 'delete']);
|
||||
});
|
||||
|
||||
Route::group(['prefix' => '/backups'], function () {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user