Completed subuser system

Author: DaneEveritt

.env.example

@@ -10,7 +10,7 @@ DB_PASSWORD=secret
 
 CACHE_DRIVER=file
 SESSION_DRIVER=file
-QUEUE_DRIVER=sync
+QUEUE_DRIVER=database
 
 REDIS_HOST=localhost
 REDIS_PASSWORD=null

app/Http/Controllers/Server/SubuserController.php

@@ -3,8 +3,15 @@
 namespace Pterodactyl\Http\Controllers\Server;
 
 use DB;
+use Auth;
 use Alert;
+use Log;
+
 use Pterodactyl\Models;
+use Pterodactyl\Repositories\SubuserRepository;
+
+use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Exceptions\DisplayValidationException;
 
 use Illuminate\Http\Request;
 use Pterodactyl\Http\Controllers\Controller;
@@ -71,7 +78,106 @@ public function getView(Request $request, $uuid, $id)
 
     public function postView(Request $request, $uuid, $id)
     {
-        //
+
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('edit-subuser', $server);
+
+        $subuser = Models\Subuser::where(DB::raw('md5(id)'), $id)->where('server_id', $server->id)->first();
+
+        try {
+
+            if (!$subuser) {
+                throw new DisplayException('Unable to locate a subuser by that ID.');
+            } else if ($subuser->user_id === Auth::user()->id) {
+                throw new DisplayException('You are not authorized to edit you own account.');
+            }
+
+            $repo = new SubuserRepository;
+            $repo->update($subuser->id, [
+                'permissions' => $request->input('permissions'),
+                'server' => $server->id,
+                'user' => $subuser->user_id
+            ]);
+
+            Alert::success('Subuser permissions have successfully been updated.')->flash();
+        } catch (DisplayValidationException $ex) {
+            return redirect()->route('server.subusers.view', [
+                'uuid' => $uuid,
+                'id' => $id
+            ])->withErrors(json_decode($ex->getMessage()));
+        } catch (DisplayException $ex) {
+            Alert::danger($ex->getMessage())->flash();
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            Alert::danger('An unknown error occured while attempting to update this subuser.')->flash();
+        }
+        return redirect()->route('server.subusers.view', [
+            'uuid' => $uuid,
+            'id' => $id
+        ]);
+    }
+
+    public function getNew(Request $request, $uuid)
+    {
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('create-subuser', $server);
+
+        return view('server.users.new', [
+            'server' => $server,
+            'node' => Models\Node::find($server->node)
+        ]);
+    }
+
+    public function postNew(Request $request, $uuid)
+    {
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('create-subuser', $server);
+
+        try {
+            $repo = new SubuserRepository;
+            $id = $repo->create($server->id, $request->except([
+                '_token'
+            ]));
+            Alert::success('Successfully created new subuser.')->flash();
+            return redirect()->route('server.subusers.view', [
+                'uuid' => $uuid,
+                'id' => md5($id)
+            ]);
+        } catch (DisplayValidationException $ex) {
+            return redirect()->route('server.subusers.new', $uuid)->withErrors(json_decode($ex->getMessage()))->withInput();
+        } catch (DisplayException $ex) {
+            Alert::danger($ex->getMessage())->flash();
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            Alert::danger('An unknown error occured while attempting to add a new subuser.')->flash();
+        }
+        return redirect()->route('server.subusers.new', $uuid)->withInput();
+    }
+
+    public function deleteSubuser(Request $request, $uuid, $id)
+    {
+        $server = Models\Server::getByUUID($uuid);
+        $this->authorize('delete-subuser', $server);
+
+        try {
+            $subuser = Models\Subuser::select('id')->where(DB::raw('md5(id)'), $id)->where('server_id', $server->id)->first();
+            if (!$subuser) {
+                throw new DisplayException('No subuser by that ID was found on the system.');
+            }
+
+            $repo = new SubuserRepository;
+            $repo->delete($subuser->id);
+            return response('', 204);
+        } catch (DisplayException $ex) {
+            response()->json([
+                'error' => $ex->getMessage()
+            ], 422);
+        } catch (\Exception $ex) {
+            Log::error($ex);
+            response()->json([
+                'error' => 'An unknown error occured while attempting to delete this subuser.'
+            ], 503);
+        }
     }
 
 }

app/Http/Routes/AuthRoutes.php

@@ -35,6 +35,7 @@ public function map(Router $router) {
 
             // Show Password Reset Form
             $router->get('password', [
+                'as' => 'auth.password',
                 'uses' => 'Auth\PasswordController@getEmail'
             ]);
 
@@ -45,6 +46,7 @@ public function map(Router $router) {
 
             // Show Verification Checkpoint
             $router->get('password/reset/{token}', [
+                'as' => 'auth.reset',
                 'uses' => 'Auth\PasswordController@getReset'
             ]);
 

app/Http/Routes/ServerRoutes.php

@@ -58,6 +58,15 @@ public function map(Router $router) {
                 'uses' => 'Server\SubuserController@getIndex'
             ]);
 
+            $router->get('users/new', [
+                'as' => 'server.subusers.new',
+                'uses' => 'Server\SubuserController@getNew'
+            ]);
+
+            $router->post('users/new', [
+                'uses' => 'Server\SubuserController@postNew'
+            ]);
+
             $router->get('users/view/{id}', [
                 'as' => 'server.subusers.view',
                 'uses' => 'Server\SubuserController@getView'
@@ -67,6 +76,10 @@ public function map(Router $router) {
                 'uses' => 'Server\SubuserController@postView'
             ]);
 
+            $router->delete('users/delete/{id}', [
+                'uses' => 'Server\SubuserController@deleteSubuser'
+            ]);
+
             // Assorted AJAX Routes
             $router->group(['prefix' => 'ajax'], function ($server) use ($router) {
                 // Returns Server Status

app/Models/Permission.php

@@ -14,6 +14,13 @@ class Permission extends Model
      */
     protected $table = 'permissions';
 
+    /**
+     * Fields that are not mass assignable.
+     *
+     * @var array
+     */
+    protected $guarded = ['id', 'created_at', 'updated_at'];
+
     public function scopePermission($query, $permission)
     {
         return $query->where('permission', $permission);

app/Models/Subuser.php

@@ -15,6 +15,20 @@ class Subuser extends Model
      */
     protected $table = 'subusers';
 
+    /**
+     * The attributes excluded from the model's JSON form.
+     *
+     * @var array
+     */
+    protected $hidden = ['daemonSecret'];
+
+    /**
+     * Fields that are not mass assignable.
+     *
+     * @var array
+     */
+    protected $guarded = ['id', 'created_at', 'updated_at'];
+
     /**
      * @var mixed
      */