Path: blob/1.0-develop/app/Http/Controllers/Api/Client/Servers/SubuserController.php
10280 views
<?php12namespace Pterodactyl\Http\Controllers\Api\Client\Servers;34use Illuminate\Http\Request;5use Pterodactyl\Models\Server;6use Illuminate\Http\JsonResponse;7use Pterodactyl\Facades\Activity;8use Pterodactyl\Models\Permission;9use Illuminate\Support\Facades\Log;10use Pterodactyl\Repositories\Eloquent\SubuserRepository;11use Pterodactyl\Services\Subusers\SubuserCreationService;12use Pterodactyl\Transformers\Api\Client\SubuserTransformer;13use Pterodactyl\Repositories\Wings\DaemonRevocationRepository;14use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;15use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;16use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest;17use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest;18use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest;19use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest;2021class SubuserController extends ClientApiController22{23/**24* SubuserController constructor.25*/26public function __construct(27private SubuserRepository $repository,28private SubuserCreationService $creationService,29private DaemonRevocationRepository $revocationRepository,30) {31parent::__construct();32}3334/**35* Return the users associated with this server instance.36*/37public function index(GetSubuserRequest $request, Server $server): array38{39return $this->fractal->collection($server->subusers)40->transformWith($this->getTransformer(SubuserTransformer::class))41->toArray();42}4344/**45* Returns a single subuser associated with this server instance.46*/47public function view(GetSubuserRequest $request): array48{49$subuser = $request->attributes->get('subuser');5051return $this->fractal->item($subuser)52->transformWith($this->getTransformer(SubuserTransformer::class))53->toArray();54}5556/**57* Create a new subuser for the given server.58*59* @throws \Pterodactyl\Exceptions\Model\DataValidationException60* @throws \Pterodactyl\Exceptions\Service\Subuser\ServerSubuserExistsException61* @throws \Pterodactyl\Exceptions\Service\Subuser\UserIsServerOwnerException62* @throws \Throwable63*/64public function store(StoreSubuserRequest $request, Server $server): array65{66$response = $this->creationService->handle(67$server,68$request->input('email'),69$this->getDefaultPermissions($request)70);7172Activity::event('server:subuser.create')73->subject($response->user)74->property(['email' => $request->input('email'), 'permissions' => $this->getDefaultPermissions($request)])75->log();7677return $this->fractal->item($response)78->transformWith($this->getTransformer(SubuserTransformer::class))79->toArray();80}8182/**83* Update a given subuser in the system for the server.84*85* @throws \Pterodactyl\Exceptions\Model\DataValidationException86* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException87*/88public function update(UpdateSubuserRequest $request, Server $server): array89{90/** @var \Pterodactyl\Models\Subuser $subuser */91$subuser = $request->attributes->get('subuser');9293$permissions = $this->getDefaultPermissions($request);94$current = $subuser->permissions;9596sort($permissions);97sort($current);9899$log = Activity::event('server:subuser.update')100->subject($subuser->user)101->property([102'email' => $subuser->user->email,103'old' => $current,104'new' => $permissions,105'revoked' => true,106]);107108// Only update the database and hit up the Wings instance to invalidate JTI's if the permissions109// have actually changed for the user.110if ($permissions !== $current) {111$log->transaction(function ($instance) use ($request, $subuser, $server) {112$this->repository->update($subuser->id, [113'permissions' => $this->getDefaultPermissions($request),114]);115116try {117$this->revocationRepository->setNode($server->node)->deauthorize(118$subuser->user->uuid,119[$server->uuid],120);121} catch (DaemonConnectionException $exception) {122// Don't block this request if we can't connect to the Wings instance. Chances are it is123// offline and the token will be invalid once Wings boots back.124Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);125126$instance->property('revoked', false);127}128});129}130131$log->reset();132133return $this->fractal->item($subuser->refresh())134->transformWith($this->getTransformer(SubuserTransformer::class))135->toArray();136}137138/**139* Removes a subusers from a server's assignment.140*/141public function delete(DeleteSubuserRequest $request, Server $server): JsonResponse142{143/** @var \Pterodactyl\Models\Subuser $subuser */144$subuser = $request->attributes->get('subuser');145146$log = Activity::event('server:subuser.delete')147->subject($subuser->user)148->property('email', $subuser->user->email)149->property('revoked', true);150151$log->transaction(function ($instance) use ($server, $subuser) {152$subuser->delete();153154try {155$this->revocationRepository->setNode($server->node)->deauthorize(156$subuser->user->uuid,157[$server->uuid],158);159} catch (DaemonConnectionException $exception) {160// Don't block this request if we can't connect to the Wings instance.161Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);162163$instance->property('revoked', false);164}165});166167return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);168}169170/**171* Returns the default permissions for subusers and parses out any permissions172* that were passed that do not also exist in the internally tracked list of173* permissions.174*/175protected function getDefaultPermissions(Request $request): array176{177$allowed = Permission::permissions()178->map(function ($value, $prefix) {179return array_map(function ($value) use ($prefix) {180return "$prefix.$value";181}, array_keys($value['keys']));182})183->flatten()184->all();185186$cleaned = array_intersect($request->input('permissions') ?? [], $allowed);187188return array_unique(array_merge($cleaned, [Permission::ACTION_WEBSOCKET_CONNECT]));189}190}191192193