Fix display of associated servers when viewing an administrative user in the Admin CP.

Author: DaneEveritt

CHANGELOG.md

@@ -22,6 +22,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Mobile views are now more... viewable. Fixes `col-xs-6` usage thoughout the Admin CP where it was intended to be `col-md-6`.
 * Node Configuration tokens and Download tokens are stored using the cache helpers rather than a database to speed up functions and make use of auto-expiration/deletion functions.
 * Old daemon routes using `/remote` have been changed to use `/daemon`, panel changes now reflect this.
+* Only display servers that a user is owner of or subuser of in the Admin CP rather than all servers if the user is marked as an admin.
 
 ## v0.6.0-beta.2.1 (Courageous Carniadactylus)
 ### Fixed

app/Models/User.php

@@ -56,6 +56,13 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
      */
     const USERNAME_RULES = 'regex:/^([\w\d\.\-]{1,255})$/';
 
+    /**
+     * Level of servers to display when using access() on a user.
+     *
+     * @var string
+     */
+    protected $accessLevel = 'all';
+
     /**
      * The table associated with the model.
      *
@@ -194,6 +201,22 @@ public function serverAccessArray()
         )->pluck('id')->all();
     }
 
+    /**
+     * Change the access level for a given call to `access()` on the user.
+     *
+     * @param  string  $level can be all, admin, subuser, owner
+     * @return void
+     */
+    public function setAccessLevel($level = 'all')
+    {
+        if (! in_array($level, ['all', 'admin', 'subuser', 'owner'])) {
+            $level = 'all';
+        }
+        $this->accessLevel = $level;
+
+        return $this;
+    }
+
     /**
      * Returns an array of all servers a user is able to access.
      * Note: does not account for user admin status.
@@ -209,10 +232,27 @@ public function access(...$load)
             $query = Server::with(! empty($load) ? $load : ['service', 'node', 'allocation']);
         }
 
-        if (! $this->isRootAdmin()) {
+        // If access level is set to owner, only display servers
+        // that the user owns.
+        if ($this->accessLevel === 'owner') {
+            $query->where('owner_id', $this->id);
+        }
+
+        // If set to all, display all servers they can access, including
+        // those they access as an admin.
+        //
+        // If set to subuser, only return the servers they can access because
+        // they are owner, or marked as a subuser of the server.
+        if (($this->accessLevel === 'all' && ! $this->isRootAdmin()) || $this->accessLevel === 'subuser') {
             $query->whereIn('id', $this->serverAccessArray());
         }
 
+        // If set to admin, only display the servers a user can access
+        // as an administrator (leaves out owned and subuser of).
+        if ($this->accessLevel === 'admin' && $this->isRootAdmin()) {
+            $query->whereNotIn('id', $this->serverAccessArray());
+        }
+
         return $query;
     }
 

resources/themes/pterodactyl/admin/users/view.blade.php

@@ -126,7 +126,7 @@
                         </tr>
                     </thead>
                     <tbody>
-                        @foreach($user->access()->get() as $server)
+                        @foreach($user->setAccessLevel('subuser')->access()->get() as $server)
                             <tr>
                                 <td><a href="{{ route('server.index', $server->uuidShort) }}/"><i class="fa fa-tachometer"></i></a></td>
                                 <td><code>{{ $server->uuidShort }}</code></td>