Implement basic code for creating/updating a subuser

Author: DaneEveritt

app/Http/Controllers/Api/Client/Servers/SubuserController.php

@@ -2,11 +2,17 @@
 
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
 
+use Illuminate\Http\Request;
 use Pterodactyl\Models\Server;
+use Illuminate\Http\JsonResponse;
 use Pterodactyl\Repositories\Eloquent\SubuserRepository;
+use Pterodactyl\Services\Subusers\SubuserCreationService;
 use Pterodactyl\Transformers\Api\Client\SubuserTransformer;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest;
 
 class SubuserController extends ClientApiController
 {
@@ -15,16 +21,25 @@ class SubuserController extends ClientApiController
      */
     private $repository;
 
+    /**
+     * @var \Pterodactyl\Services\Subusers\SubuserCreationService
+     */
+    private $creationService;
+
     /**
      * SubuserController constructor.
      *
      * @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
+     * @param \Pterodactyl\Services\Subusers\SubuserCreationService $creationService
      */
-    public function __construct(SubuserRepository $repository)
-    {
+    public function __construct(
+        SubuserRepository $repository,
+        SubuserCreationService $creationService
+    ) {
         parent::__construct();
 
         $this->repository = $repository;
+        $this->creationService = $creationService;
     }
 
     /**
@@ -36,10 +51,76 @@ public function __construct(SubuserRepository $repository)
      */
     public function index(GetSubuserRequest $request, Server $server)
     {
-        $server->subusers->load('user');
-
         return $this->fractal->collection($server->subusers)
             ->transformWith($this->getTransformer(SubuserTransformer::class))
             ->toArray();
     }
+
+    /**
+     * Create a new subuser for the given server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest $request
+     * @param \Pterodactyl\Models\Server $server
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Service\Subuser\ServerSubuserExistsException
+     * @throws \Pterodactyl\Exceptions\Service\Subuser\UserIsServerOwnerException
+     * @throws \Throwable
+     */
+    public function store(StoreSubuserRequest $request, Server $server)
+    {
+        $response = $this->creationService->handle(
+            $server, $request->input('email'), $this->getDefaultPermissions($request)
+        );
+
+        return $this->fractal->item($response)
+            ->transformWith($this->getTransformer(SubuserTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Update a given subuser in the system for the server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest $request
+     *
+     * @return array
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function update(UpdateSubuserRequest $request)
+    {
+        $subuser = $request->subuser();
+        $this->repository->update($subuser->id, [
+            'permissions' => $this->getDefaultPermissions($request),
+        ]);
+
+        return $this->fractal->item($subuser->refresh())
+            ->transformWith($this->getTransformer(SubuserTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Removes a subusers from a server's assignment.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function delete(DeleteSubuserRequest $request)
+    {
+        $this->repository->delete($request->subuser()->id);
+
+        return JsonResponse::create([], JsonResponse::HTTP_NO_CONTENT);
+    }
+
+    /**
+     * Returns the default permissions for all subusers to ensure none are ever removed wrongly.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return array
+     */
+    protected function getDefaultPermissions(Request $request): array
+    {
+        return array_merge($request->input('permissions') ?? [], ['websocket.*']);
+    }
 }

app/Http/Requests/Api/Client/Servers/Subusers/AbstractSubuserRequest.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Subusers;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Repositories\Eloquent\SubuserRepository;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+abstract class AbstractSubuserRequest extends ClientApiRequest
+{
+    /**
+     * @var \Pterodactyl\Models\Subuser|null
+     */
+    protected $model;
+
+    /**
+     * Authorize the request and ensure that a user is not trying to modify themselves.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        if (! parent::authorize()) {
+            return false;
+        }
+
+        if ($this->subuser()->user_id === $this->user()->id) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Return the subuser model for the given request which can then be validated. If
+     * required request parameters are missing a 404 error will be returned, otherwise
+     * a model exception will be returned if the model is not found.
+     *
+     * @return \Pterodactyl\Models\Subuser
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
+     */
+    public function subuser()
+    {
+        /** @var \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository */
+        $repository = $this->container->make(SubuserRepository::class);
+
+        $parameters = $this->route()->parameters();
+        if (
+            ! isset($parameters['server'], $parameters['server'])
+            || ! is_string($parameters['subuser'])
+            || ! $parameters['server'] instanceof Server
+        ) {
+            throw new NotFoundHttpException;
+        }
+
+        return $this->model ?: $this->model = $repository->getUserForServer(
+            $this->route()->parameter('subuser'), $this->route()->parameter('server')->id
+        );
+    }
+}

app/Http/Requests/Api/Client/Servers/Subusers/DeleteSubuserRequest.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Subusers;
+
+use Pterodactyl\Models\Permission;
+
+class DeleteSubuserRequest extends AbstractSubuserRequest
+{
+    /**
+     * @return string
+     */
+    public function permission()
+    {
+        return Permission::ACTION_USER_DELETE;
+    }
+}

app/Http/Requests/Api/Client/Servers/Subusers/StoreSubuserRequest.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Subusers;
+
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class StoreSubuserRequest extends ClientApiRequest
+{
+    /**
+     * @return string
+     */
+    public function permission()
+    {
+        return Permission::ACTION_USER_CREATE;
+    }
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'email' => 'required|email',
+            'permissions' => 'required|array',
+            'permissions.*' => 'string',
+        ];
+    }
+}

app/Http/Requests/Api/Client/Servers/Subusers/UpdateSubuserRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Subusers;
+
+use Pterodactyl\Models\Permission;
+
+class UpdateSubuserRequest extends AbstractSubuserRequest
+{
+    /**
+     * @return string
+     */
+    public function permission()
+    {
+        return Permission::ACTION_USER_UPDATE;
+    }
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'permissions' => 'required|array',
+            'permissions.*' => 'string',
+        ];
+    }
+}

app/Models/Validable.php

@@ -140,7 +140,7 @@ public function validate()
         }
 
         return $this->getValidator()->setData(
-            $this->getAttributes()
+            $this->toArray()
         )->passes();
     }
 }

app/Repositories/Eloquent/SubuserRepository.php

@@ -3,7 +3,6 @@
 namespace Pterodactyl\Repositories\Eloquent;
 
 use Pterodactyl\Models\Subuser;
-use Illuminate\Support\Collection;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
 
@@ -20,19 +19,27 @@ public function model()
     }
 
     /**
-     * Returns the subusers for the given server instance with the associated user
-     * and permission relationships pre-loaded.
+     * Returns a subuser model for the given user and server combination. If no record
+     * exists an exception will be thrown.
      *
      * @param int $server
-     * @return \Illuminate\Support\Collection
+     * @param string $uuid
+     * @return \Pterodactyl\Models\Subuser
+     *
+     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
      */
-    public function getSubusersForServer(int $server): Collection
+    public function getUserForServer(int $server, string $uuid): Subuser
     {
-        return $this->getBuilder()
-            ->with('user', 'permissions')
-            ->where('server_id', $server)
-            ->get()
-            ->toBase();
+        /** @var \Pterodactyl\Models\Subuser $model */
+        $model = $this->getBuilder()
+            ->with('server', 'user')
+            ->select('subusers.*')
+            ->join('users', 'users.id', '=', 'subusers.user_id')
+            ->where('subusers.server_id', $server)
+            ->where('users.uuid', $uuid)
+            ->firstOrFail();
+
+        return $model;
     }
 
     /**