Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/app/Http/Controllers/Api/Client/ClientController.php
10279 views
1
<?php

2


3
namespace Pterodactyl\Http\Controllers\Api\Client;

4


5
use Pterodactyl\Models\Server;

6
use Pterodactyl\Models\Permission;

7
use Spatie\QueryBuilder\QueryBuilder;

8
use Spatie\QueryBuilder\AllowedFilter;

9
use Pterodactyl\Models\Filters\MultiFieldServerFilter;

10
use Pterodactyl\Transformers\Api\Client\ServerTransformer;

11
use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;

12


13
class ClientController extends ClientApiController

14
{

15
    /**

16
     * ClientController constructor.

17
     */

18
    public function __construct()

19
    {

20
        parent::__construct();

21
    }

22


23
    /**

24
     * Return all the servers available to the client making the API

25
     * request, including servers the user has access to as a subuser.

26
     */

27
    public function index(GetServersRequest $request): array

28
    {

29
        $user = $request->user();

30
        $transformer = $this->getTransformer(ServerTransformer::class);

31


32
        // Start the query builder and ensure we eager load any requested relationships from the request.

33
        $builder = QueryBuilder::for(

34
            Server::query()->with($this->getIncludesForTransformer($transformer, ['node']))

35
        )->allowedFilters([

36
            'uuid',

37
            'name',

38
            'description',

39
            'external_id',

40
            AllowedFilter::custom('*', new MultiFieldServerFilter()),

41
        ]);

42


43
        $type = $request->input('type');

44
        // Either return all the servers the user has access to because they are an admin `?type=admin` or

45
        // just return all the servers the user has access to because they are the owner or a subuser of the

46
        // server. If ?type=admin-all is passed all servers on the system will be returned to the user, rather

47
        // than only servers they can see because they are an admin.

48
        if (in_array($type, ['admin', 'admin-all'])) {

49
            // If they aren't an admin but want all the admin servers don't fail the request, just

50
            // make it a query that will never return any results back.

51
            if (!$user->root_admin) {

52
                $builder->whereRaw('1 = 2');

53
            } else {

54
                $builder = $type === 'admin-all'

55
                    ? $builder

56
                    : $builder->whereNotIn('servers.id', $user->accessibleServers()->pluck('id')->all());

57
            }

58
        } elseif ($type === 'owner') {

59
            $builder = $builder->where('servers.owner_id', $user->id);

60
        } else {

61
            $builder = $builder->whereIn('servers.id', $user->accessibleServers()->pluck('id')->all());

62
        }

63


64
        $servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());

65


66
        return $this->fractal->transformWith($transformer)->collection($servers)->toArray();

67
    }

68


69
    /**

70
     * Returns all the subuser permissions available on the system.

71
     */

72
    public function permissions(): array

73
    {

74
        return [

75
            'object' => 'system_permissions',

76
            'attributes' => [

77
                'permissions' => Permission::permissions(),

78
            ],

79
        ];

80
    }

81
}

82


83