Node and user API routes implemented.

More attempts at the logic for API permissions, most likely will need
continued tweaking in the future, but base is there.

Author: DaneEveritt

app/Http/Controllers/API/Admin/NodeController.php

@@ -28,7 +28,10 @@
 use Illuminate\Http\Request;
 use Pterodactyl\Models\Node;
 use Pterodactyl\Http\Controllers\Controller;
+use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Repositories\NodeRepository;
 use Pterodactyl\Transformers\Admin\NodeTransformer;
+use Pterodactyl\Exceptions\DisplayValidationException;
 
 class NodeController extends Controller
 {
@@ -72,4 +75,93 @@ public function view(Request $request, $id)
             ->withResourceName('node')
             ->toArray();
     }
+
+    /**
+     * Display information about a single node on the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int                       $id
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function viewConfig(Request $request, $id)
+    {
+        $this->authorize('node-view-config', $request->apiKey());
+
+        $node = Node::findOrFail($id);
+
+        return response()->json(json_decode($node->getConfigurationAsJson()));
+    }
+
+    /**
+     * Create a new node on the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse|array
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('node-create', $request->apiKey());
+
+        $repo = new NodeRepository;
+        try {
+            $node = $repo->create(array_merge(
+                $request->only([
+                    'public', 'disk_overallocate', 'memory_overallocate',
+                ]),
+                $request->intersect([
+                    'name', 'location_id', 'fqdn',
+                    'scheme', 'memory', 'disk',
+                    'daemonBase', 'daemonSFTP', 'daemonListen',
+                ])
+            ));
+
+            $fractal = Fractal::create()->item($node)->transformWith(new NodeTransformer($request));
+            if ($request->input('include')) {
+                $fractal->parseIncludes(explode(',', $request->input('include')));
+            }
+
+            return $fractal->withResourceName('node')->toArray();
+        } catch (DisplayValidationException $ex) {
+            return response()->json([
+                'error' => json_decode($ex->getMessage()),
+            ], 400);
+        } catch (DisplayException $ex) {
+            return response()->json([
+                'error' => $ex->getMessage(),
+            ], 400);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            return response()->json([
+                'error' => 'An unhandled exception occured while attemping to create this node. Please try again.',
+            ], 500);
+        }
+    }
+
+    /**
+     * Delete a node from the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int                       $id
+     * @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
+     */
+    public function delete(Request $request, $id)
+    {
+        $this->authorize('node-delete', $request->apiKey());
+
+        $repo = new NodeRepository;
+        try {
+            $repo->delete($id);
+
+            return response('', 204);
+        } catch (DisplayException $ex) {
+            return response()->json([
+                'error' => $ex->getMessage(),
+            ], 400);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            return response()->json([
+                'error' => 'An unhandled exception occured while attemping to delete this node. Please try again.',
+            ], 500);
+        }
+    }
 }

app/Http/Controllers/API/Admin/UserController.php

@@ -0,0 +1,177 @@
+<?php
+/**
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Http\Controllers\API\Admin;
+
+use Fractal;
+use Illuminate\Http\Request;
+use Pterodactyl\Models\User;
+use Pterodactyl\Http\Controllers\Controller;
+use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Repositories\UserRepository;
+use Pterodactyl\Transformers\Admin\UserTransformer;
+use Pterodactyl\Exceptions\DisplayValidationException;
+
+class UserController extends Controller
+{
+    /**
+     * Controller to handle returning all users on the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('user-list', $request->apiKey());
+
+        $fractal = Fractal::create()->collection(User::all());
+        if ($request->input('include')) {
+            $fractal->parseIncludes(explode(',', $request->input('include')));
+        }
+
+        return $fractal->transformWith(new UserTransformer($request))
+            ->withResourceName('user')
+            ->toArray();
+    }
+
+    /**
+     * Display information about a single user on the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int                       $id
+     * @return array
+     */
+    public function view(Request $request, $id)
+    {
+        $this->authorize('user-view', $request->apiKey());
+
+        $fractal = Fractal::create()->item(User::findOrFail($id));
+        if ($request->input('include')) {
+            $fractal->parseIncludes(explode(',', $request->input('include')));
+        }
+
+        return $fractal->transformWith(new UserTransformer($request))
+            ->withResourceName('user')
+            ->toArray();
+    }
+
+    /**
+     * Create a new user on the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse|array
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('user-create', $request->apiKey());
+
+        $repo = new UserRepository;
+        try {
+            $user = $repo->create($request->only([
+                'custom_id', 'email', 'password', 'name_first',
+                'name_last', 'username', 'root_admin',
+            ]));
+
+            $fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
+            if ($request->input('include')) {
+                $fractal->parseIncludes(explode(',', $request->input('include')));
+            }
+
+            return $fractal->withResourceName('user')->toArray();
+        } catch (DisplayValidationException $ex) {
+            return response()->json([
+                'error' => json_decode($ex->getMessage()),
+            ], 400);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            return response()->json([
+                'error' => 'An unhandled exception occured while attemping to create this user. Please try again.',
+            ], 500);
+        }
+    }
+
+    /**
+     * Update a user.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int                       $user
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function update(Request $request, $user)
+    {
+        $this->authorize('user-edit', $request->apiKey());
+
+        $repo = new UserRepository;
+        try {
+            $user = $repo->update($user, $request->intersect([
+                'email', 'password', 'name_first',
+                'name_last', 'username', 'root_admin',
+            ]));
+
+            $fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
+            if ($request->input('include')) {
+                $fractal->parseIncludes(explode(',', $request->input('include')));
+            }
+
+            return $fractal->withResourceName('user')->toArray();
+        } catch (DisplayValidationException $ex) {
+            return response()->json([
+                'error' => json_decode($ex->getMessage()),
+            ], 400);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            return response()->json([
+                'error' => 'An unhandled exception occured while attemping to update this user. Please try again.',
+            ], 500);
+        }
+    }
+
+    /**
+     * Delete a user from the system.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int                       $id
+     * @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
+     */
+    public function delete(Request $request, $id)
+    {
+        $this->authorize('user-delete', $request->apiKey());
+
+        $repo = new UserRepository;
+        try {
+            $repo->delete($id);
+
+            return response('', 204);
+        } catch (DisplayException $ex) {
+            return response()->json([
+                'error' => $ex->getMessage(),
+            ], 400);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            return response()->json([
+                'error' => 'An unhandled exception occured while attemping to delete this user. Please try again.',
+            ], 500);
+        }
+    }
+}

app/Http/Controllers/Admin/UserController.php

@@ -136,26 +136,26 @@ public function postNew(Request $request)
      * Update a user.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  int                       $user
+     * @param  int                       $id
      * @return \Illuminate\Http\RedirectResponse
      */
-    public function updateUser(Request $request, $user)
+    public function updateUser(Request $request, $id)
     {
         try {
             $repo = new UserRepository;
-            $repo->update($user, $request->only([
+            $user = $repo->update($user, $request->intersect([
                 'email', 'password', 'name_first',
                 'name_last', 'username', 'root_admin',
             ]));
             Alert::success('User account was successfully updated.')->flash();
         } catch (DisplayValidationException $ex) {
-            return redirect()->route('admin.users.view', $user)->withErrors(json_decode($ex->getMessage()));
-        } catch (\Exception $e) {
-            Log::error($e);
+            return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));
+        } catch (\Exception $ex) {
+            Log::error($ex);
             Alert::danger('An error occured while attempting to update this user.')->flash();
         }
 
-        return redirect()->route('admin.users.view', $user);
+        return redirect()->route('admin.users.view', $id);
     }
 
     /**

app/Repositories/UserRepository.php

@@ -114,7 +114,7 @@ public function create(array $data)
      *
      * @param  int    $id
      * @param  array  $data
-     * @return bool
+     * @return \Pterodactyl\Models\User
      *
      * @throws \Pterodactyl\Exceptions\DisplayValidationException
      */
@@ -147,9 +147,9 @@ public function update($id, array $data)
             unset($data['password']);
         }
 
-        $user->fill($data);
+        $user->fill($data)->save();;
 
-        return $user->save();
+        return $user;
     }
 
     /**

app/Transformers/Admin/LocationTransformer.php

@@ -79,7 +79,11 @@ public function transform(Location $location)
      */
     public function includeServers(Location $location)
     {
-        return $this->collection($location->servers, new ServerTransformer, 'server');
+        if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
+            return;
+        }
+
+        return $this->collection($location->servers, new ServerTransformer($this->request), 'server');
     }
 
     /**
@@ -89,6 +93,10 @@ public function includeServers(Location $location)
      */
     public function includeNodes(Location $location)
     {
-        return $this->collection($location->nodes, new NodeTransformer, 'node');
+        if ($this->request && ! $this->request->apiKeyHasPermission('location-list')) {
+            return;
+        }
+
+        return $this->collection($location->nodes, new NodeTransformer($this->request), 'node');
     }
 }

app/Transformers/Admin/NodeTransformer.php

@@ -84,7 +84,7 @@ public function includeAllocations(Node $node)
             return;
         }
 
-        return $this->collection($node->allocations, new AllocationTransformer, 'allocation');
+        return $this->collection($node->allocations, new AllocationTransformer($this->request), 'allocation');
     }
 
     /**
@@ -98,7 +98,7 @@ public function includeLocation(Node $node)
             return;
         }
 
-        return $this->item($node->location, new LocationTransformer, 'location');
+        return $this->item($node->location, new LocationTransformer($this->request), 'location');
     }
 
     /**
@@ -112,6 +112,6 @@ public function includeServers(Node $node)
             return;
         }
 
-        return $this->collection($node->servers, new ServerTransformer, 'server');
+        return $this->collection($node->servers, new ServerTransformer($this->request), 'server');
     }
 }