Finish putting permissions on the API

Author: DaneEveritt

app/Http/Controllers/API/Admin/Nodes/AllocationController.php

@@ -3,14 +3,16 @@
 namespace Pterodactyl\Http\Controllers\API\Admin\Nodes;
 
 use Spatie\Fractal\Fractal;
-use Illuminate\Http\Request;
+use Pterodactyl\Models\Node;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Allocation;
 use Pterodactyl\Http\Controllers\Controller;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use Pterodactyl\Transformers\Api\Admin\AllocationTransformer;
 use Pterodactyl\Services\Allocations\AllocationDeletionService;
 use Pterodactyl\Contracts\Repository\AllocationRepositoryInterface;
+use Pterodactyl\Http\Requests\API\Admin\Allocations\GetAllocationsRequest;
+use Pterodactyl\Http\Requests\API\Admin\Allocations\DeleteAllocationRequest;
 
 class AllocationController extends Controller
 {
@@ -46,16 +48,16 @@ public function __construct(AllocationDeletionService $deletionService, Allocati
     /**
      * Return all of the allocations that exist for a given node.
      *
-     * @param \Illuminate\Http\Request $request
-     * @param int                      $node
+     * @param \Pterodactyl\Http\Requests\API\Admin\Allocations\GetAllocationsRequest $request
+     * @param \Pterodactyl\Models\Node                                               $node
      * @return array
      */
-    public function index(Request $request, int $node): array
+    public function index(GetAllocationsRequest $request, Node $node): array
     {
-        $allocations = $this->repository->getPaginatedAllocationsForNode($node, 100);
+        $allocations = $this->repository->getPaginatedAllocationsForNode($node->id, 100);
 
         return $this->fractal->collection($allocations)
-            ->transformWith(new AllocationTransformer($request))
+            ->transformWith((new AllocationTransformer)->setKey($request->key()))
             ->withResourceName('allocation')
             ->paginateWith(new IlluminatePaginatorAdapter($allocations))
             ->toArray();
@@ -64,14 +66,14 @@ public function index(Request $request, int $node): array
     /**
      * Delete a specific allocation from the Panel.
      *
-     * @param \Illuminate\Http\Request       $request
-     * @param int                            $node
-     * @param \Pterodactyl\Models\Allocation $allocation
+     * @param \Pterodactyl\Http\Requests\API\Admin\Allocations\DeleteAllocationRequest $request
+     * @param \Pterodactyl\Models\Node                                                 $node
+     * @param \Pterodactyl\Models\Allocation                                           $allocation
      * @return \Illuminate\Http\Response
      *
      * @throws \Pterodactyl\Exceptions\Service\Allocation\ServerUsingAllocationException
      */
-    public function delete(Request $request, int $node, Allocation $allocation): Response
+    public function delete(DeleteAllocationRequest $request, Node $node, Allocation $allocation): Response
     {
         $this->deletionService->handle($allocation);
 

app/Http/Controllers/API/Admin/Nodes/NodeController.php

@@ -3,7 +3,6 @@
 namespace Pterodactyl\Http\Controllers\API\Admin\Nodes;
 
 use Spatie\Fractal\Fractal;
-use Illuminate\Http\Request;
 use Pterodactyl\Models\Node;
 use Illuminate\Http\Response;
 use Illuminate\Http\JsonResponse;
@@ -13,8 +12,12 @@
 use Pterodactyl\Services\Nodes\NodeDeletionService;
 use Pterodactyl\Transformers\Api\Admin\NodeTransformer;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
-use Pterodactyl\Http\Requests\Admin\Node\NodeFormRequest;
 use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
+use Pterodactyl\Http\Requests\API\Admin\Nodes\GetNodeRequest;
+use Pterodactyl\Http\Requests\API\Admin\Nodes\GetNodesRequest;
+use Pterodactyl\Http\Requests\API\Admin\Nodes\StoreNodeRequest;
+use Pterodactyl\Http\Requests\API\Admin\Nodes\DeleteNodeRequest;
+use Pterodactyl\Http\Requests\API\Admin\Nodes\UpdateNodeRequest;
 
 class NodeController extends Controller
 {
@@ -69,52 +72,50 @@ public function __construct(
     /**
      * Return all of the nodes currently available on the Panel.
      *
-     * @param \Illuminate\Http\Request $request
+     * @param \Pterodactyl\Http\Requests\API\Admin\Nodes\GetNodesRequest $request
      * @return array
      */
-    public function index(Request $request): array
+    public function index(GetNodesRequest $request): array
     {
         $nodes = $this->repository->paginated(100);
 
-        $fractal = $this->fractal->collection($nodes)
-            ->transformWith(new NodeTransformer($request))
+        return $this->fractal->collection($nodes)
+            ->transformWith((new NodeTransformer)->setKey($request->key()))
             ->withResourceName('node')
-            ->paginateWith(new IlluminatePaginatorAdapter($nodes));
-
-        return $fractal->toArray();
+            ->paginateWith(new IlluminatePaginatorAdapter($nodes))
+            ->toArray();
     }
 
     /**
      * Return data for a single instance of a node.
      *
-     * @param \Illuminate\Http\Request $request
-     * @param \Pterodactyl\Models\Node $node
+     * @param \Pterodactyl\Http\Requests\API\Admin\Nodes\GetNodeRequest $request
+     * @param \Pterodactyl\Models\Node                                  $node
      * @return array
      */
-    public function view(Request $request, Node $node): array
+    public function view(GetNodeRequest $request, Node $node): array
     {
-        $fractal = $this->fractal->item($node)
-            ->transformWith(new NodeTransformer($request))
-            ->withResourceName('node');
-
-        return $fractal->toArray();
+        return $this->fractal->item($node)
+            ->transformWith((new NodeTransformer)->setKey($request->key()))
+            ->withResourceName('node')
+            ->toArray();
     }
 
     /**
      * Create a new node on the Panel. Returns the created node and a HTTP/201
      * status response on success.
      *
-     * @param \Pterodactyl\Http\Requests\Admin\Node\NodeFormRequest $request
+     * @param \Pterodactyl\Http\Requests\API\Admin\Nodes\StoreNodeRequest $request
      * @return \Illuminate\Http\JsonResponse
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
-    public function store(NodeFormRequest $request): JsonResponse
+    public function store(StoreNodeRequest $request): JsonResponse
     {
-        $node = $this->creationService->handle($request->normalize());
+        $node = $this->creationService->handle($request->validated());
 
         return $this->fractal->item($node)
-            ->transformWith(new NodeTransformer($request))
+            ->transformWith((new NodeTransformer)->setKey($request->key()))
             ->withResourceName('node')
             ->addMeta([
                 'link' => route('api.admin.node.view', ['node' => $node->id]),
@@ -125,20 +126,20 @@ public function store(NodeFormRequest $request): JsonResponse
     /**
      * Update an existing node on the Panel.
      *
-     * @param \Pterodactyl\Http\Requests\Admin\Node\NodeFormRequest $request
-     * @param \Pterodactyl\Models\Node                              $node
+     * @param \Pterodactyl\Http\Requests\API\Admin\Nodes\UpdateNodeRequest $request
+     * @param \Pterodactyl\Models\Node                                     $node
      * @return array
      *
      * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function update(NodeFormRequest $request, Node $node): array
+    public function update(UpdateNodeRequest $request, Node $node): array
     {
-        $node = $this->updateService->returnUpdatedModel()->handle($node, $request->normalize());
+        $node = $this->updateService->returnUpdatedModel()->handle($node, $request->validated());
 
         return $this->fractal->item($node)
-            ->transformWith(new NodeTransformer($request))
+            ->transformWith((new NodeTransformer)->setKey($request->key()))
             ->withResourceName('node')
             ->toArray();
     }
@@ -147,15 +148,16 @@ public function update(NodeFormRequest $request, Node $node): array
      * Deletes a given node from the Panel as long as there are no servers
      * currently attached to it.
      *
-     * @param \Pterodactyl\Models\Node $node
+     * @param \Pterodactyl\Http\Requests\API\Admin\Nodes\DeleteNodeRequest $request
+     * @param \Pterodactyl\Models\Node                                     $node
      * @return \Illuminate\Http\Response
      *
      * @throws \Pterodactyl\Exceptions\Service\HasActiveServersException
      */
-    public function delete(Node $node): Response
+    public function delete(DeleteNodeRequest $request, Node $node): Response
     {
         $this->deletionService->handle($node);
 
-        return response('', 201);
+        return response('', 204);
     }
 }

app/Http/Requests/API/Admin/Allocations/DeleteAllocationRequest.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Admin\Allocations;
+
+use Pterodactyl\Models\Node;
+use Pterodactyl\Models\Allocation;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\API\Admin\ApiAdminRequest;
+
+class DeleteAllocationRequest extends ApiAdminRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ALLOCATIONS;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * Determine if the requested allocation exists and belongs to the node that
+     * is being passed in the URL.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $node = $this->route()->parameter('node');
+        $allocation = $this->route()->parameter('allocation');
+
+        if ($node instanceof Node && $node->exists) {
+            if ($allocation instanceof Allocation && $allocation->exists && $allocation->node_id === $node->id) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

app/Http/Requests/API/Admin/Allocations/GetAllocationsRequest.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Admin\Allocations;
+
+use Pterodactyl\Models\Node;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\API\Admin\ApiAdminRequest;
+
+class GetAllocationsRequest extends ApiAdminRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_ALLOCATIONS;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::READ;
+
+    /**
+     * Determine if the node that we are requesting the allocations
+     * for exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $node = $this->route()->parameter('node');
+
+        return $node instanceof Node && $node->exists;
+    }
+}

app/Http/Requests/API/Admin/Nodes/DeleteNodeRequest.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Admin\Nodes;
+
+use Pterodactyl\Models\Node;
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\API\Admin\ApiAdminRequest;
+
+class DeleteNodeRequest extends ApiAdminRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_NODES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::WRITE;
+
+    /**
+     * Determine if the node being requested for editing exists
+     * on the Panel before validating the data.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $node = $this->route()->parameter('node');
+
+        return $node instanceof Node && $node->exists;
+    }
+}

app/Http/Requests/API/Admin/Nodes/GetNodeRequest.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Admin\Nodes;
+
+use Pterodactyl\Models\Node;
+use Pterodactyl\Http\Requests\API\Admin\ApiAdminRequest;
+
+class GetNodeRequest extends ApiAdminRequest
+{
+    /**
+     * Determine if the requested node exists on the Panel.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        $node = $this->route()->parameter('node');
+
+        return $node instanceof Node && $node->exists;
+    }
+}

app/Http/Requests/API/Admin/Nodes/GetNodesRequest.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Admin\Nodes;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Http\Requests\API\Admin\ApiAdminRequest;
+
+class GetNodesRequest extends ApiAdminRequest
+{
+    /**
+     * @var string
+     */
+    protected $resource = AdminAcl::RESOURCE_NODES;
+
+    /**
+     * @var int
+     */
+    protected $permission = AdminAcl::READ;
+}