Address two bugs in subuser system.

DaneEveritt · DaneEveritt · commit 0afa568095ee · 2016-12-30T16:28:43.000-05:00
1.) Prevents adding the owner of a server as a subuser which could
potentially break things.
2.) Prevents adding duplicate subusers for a server.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,8 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Fixes bug where assigning a variable a default value (or valid value) of `0` would cause the panel to reject the value thinking it did not exist.
 * Addresses potential for crash by limiting total ports that can be assigned per-range to 2000.
 * Fixes server names requiring at minimum 4 characters. Name can now be 1 to 200 characters long. :pencil2:
+* Fixes bug that would allow adding the owner of a server as a subuser for that same server.
+* Fixes bug that would allow creating multiple subusers with the same email address.
 
 ## v0.5.5 (Bodacious Boreopterus)
 ### Added
diff --git a/app/Repositories/SubuserRepository.php b/app/Repositories/SubuserRepository.php
@@ -117,6 +117,7 @@ public function __construct()
     public function create($sid, array $data)
     {
         $server = Models\Server::findOrFail($sid);
+
         $validator = Validator::make($data, [
             'permissions' => 'required|array',
             'email' => 'required|email',
@@ -140,6 +141,10 @@ public function create($sid, array $data)
                 } catch (\Exception $ex) {
                     throw $ex;
                 }
+            } else if ($server->owner === $user->id) {
+                throw new DisplayException('You cannot add the owner of a server as a subuser.');
+            } else if (Models\Subuser::select('id')->where('user_id', $user->id)->where('server_id', $server->id)->first()) {
+                throw new DisplayException('A subuser with that email already exists for this server.');
             }
 
             $uuid = new UuidService;
@@ -159,6 +164,7 @@ public function create($sid, array $data)
                     if (! is_null($this->permissions[$permission])) {
                         array_push($daemonPermissions, $this->permissions[$permission]);
                     }
+
                     $model = new Models\Permission;
                     $model->fill([
                         'user_id' => $user->id,

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,7 @@ public function __construct()`
`117`	`117`	`public function create($sid, array $data)`
`118`	`118`	`{`
`119`	`119`	`$server = Models\Server::findOrFail($sid);`
	`120`	`+`
`120`	`121`	`$validator = Validator::make($data, [`
`121`	`122`	`'permissions' => 'required\|array',`
`122`	`123`	`'email' => 'required\|email',`
`@@ -140,6 +141,10 @@ public function create($sid, array $data)`
`140`	`141`	`} catch (\Exception $ex) {`
`141`	`142`	`throw $ex;`
`142`	`143`	`}`
	`144`	`+ } else if ($server->owner === $user->id) {`
	`145`	`+ throw new DisplayException('You cannot add the owner of a server as a subuser.');`
	`146`	`+ } else if (Models\Subuser::select('id')->where('user_id', $user->id)->where('server_id', $server->id)->first()) {`
	`147`	`+ throw new DisplayException('A subuser with that email already exists for this server.');`
`143`	`148`	`}`
`144`	`149`
`145`	`150`	`$uuid = new UuidService;`
`@@ -159,6 +164,7 @@ public function create($sid, array $data)`
`159`	`164`	`if (! is_null($this->permissions[$permission])) {`
`160`	`165`	`array_push($daemonPermissions, $this->permissions[$permission]);`
`161`	`166`	`}`
	`167`	`+`
`162`	`168`	`$model = new Models\Permission;`
`163`	`169`	`$model->fill([`
`164`	`170`	`'user_id' => $user->id,`