Add support for user management of databases

DaneEveritt · DaneEveritt · commit bcb69603ad57 · 2018-03-02T19:03:55.000-06:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Adds back client API for sending commands or power toggles to a server though the Panel API: `/api/client/servers/<identifier>`
 * Added proper transformer for Packs and re-enabled missing includes on server.
 * Added support for using Filesystem as a caching driver, although not recommended.
+* Added support for user management of server databases.
 
 ## v0.7.3 (Derelict Dermodactylus)
 ### Fixed
diff --git a/app/Http/Controllers/Server/DatabaseController.php b/app/Http/Controllers/Server/DatabaseController.php
@@ -4,16 +4,19 @@
 
 use Illuminate\View\View;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\RedirectResponse;
 use Prologue\Alerts\AlertsMessageBag;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Traits\Controllers\JavascriptInjection;
 use Pterodactyl\Services\Databases\DatabasePasswordService;
+use Pterodactyl\Services\Databases\DatabaseManagementService;
 use Pterodactyl\Services\Databases\DeployServerDatabaseService;
 use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
 use Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface;
 use Pterodactyl\Http\Requests\Server\Database\StoreServerDatabaseRequest;
+use Pterodactyl\Http\Requests\Server\Database\DeleteServerDatabaseRequest;
 
 class DatabaseController extends Controller
 {
@@ -34,6 +37,11 @@ class DatabaseController extends Controller
      */
     private $databaseHostRepository;
 
+    /**
+     * @var \Pterodactyl\Services\Databases\DatabaseManagementService
+     */
+    private $managementService;
+
     /**
      * @var \Pterodactyl\Services\Databases\DatabasePasswordService
      */
@@ -50,19 +58,22 @@ class DatabaseController extends Controller
      * @param \Prologue\Alerts\AlertsMessageBag                                 $alert
      * @param \Pterodactyl\Services\Databases\DeployServerDatabaseService       $deployServerDatabaseService
      * @param \Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface $databaseHostRepository
+     * @param \Pterodactyl\Services\Databases\DatabaseManagementService         $managementService
      * @param \Pterodactyl\Services\Databases\DatabasePasswordService           $passwordService
      * @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface     $repository
      */
     public function __construct(
         AlertsMessageBag $alert,
         DeployServerDatabaseService $deployServerDatabaseService,
         DatabaseHostRepositoryInterface $databaseHostRepository,
+        DatabaseManagementService $managementService,
         DatabasePasswordService $passwordService,
         DatabaseRepositoryInterface $repository
     ) {
         $this->alert = $alert;
         $this->databaseHostRepository = $databaseHostRepository;
         $this->deployServerDatabaseService = $deployServerDatabaseService;
+        $this->managementService = $managementService;
         $this->passwordService = $passwordService;
         $this->repository = $repository;
     }
@@ -136,4 +147,19 @@ public function update(Request $request): JsonResponse
 
         return response()->json(['password' => $password]);
     }
+
+    /**
+     * Delete a database for this server from the SQL server and Panel database.
+     *
+     * @param \Pterodactyl\Http\Requests\Server\Database\DeleteServerDatabaseRequest $request
+     * @return \Illuminate\Http\Response
+     *
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function delete(DeleteServerDatabaseRequest $request): Response
+    {
+        $this->managementService->delete($request->attributes->get('database')->id);
+
+        return response('', Response::HTTP_NO_CONTENT);
+    }
 }
diff --git a/app/Http/Middleware/Server/DatabaseBelongsToServer.php b/app/Http/Middleware/Server/DatabaseBelongsToServer.php
@@ -38,8 +38,13 @@ public function __construct(DatabaseRepositoryInterface $repository)
     public function handle(Request $request, Closure $next)
     {
         $server = $request->attributes->get('server');
+        $database = $request->input('database') ?? $request->route()->parameter('database');
 
-        $database = $this->repository->find($request->input('database'));
+        if (! is_digit($database)) {
+            throw new NotFoundHttpException;
+        }
+
+        $database = $this->repository->find($database);
         if (is_null($database) || $database->server_id !== $server->id) {
             throw new NotFoundHttpException;
         }
diff --git a/app/Http/Requests/Server/Database/DeleteServerDatabaseRequest.php b/app/Http/Requests/Server/Database/DeleteServerDatabaseRequest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Server\Database;
+
+use Pterodactyl\Http\Requests\Server\ServerFormRequest;
+
+class DeleteServerDatabaseRequest extends ServerFormRequest
+{
+    /**
+     * @return bool
+     */
+    public function authorize()
+    {
+        if (! parent::authorize()) {
+            return false;
+        }
+
+        return config('pterodactyl.client_features.databases.enabled');
+    }
+
+    /**
+     * Return the user permission to validate this request aganist.
+     *
+     * @return string
+     */
+    protected function permission(): string
+    {
+        return 'delete-database';
+    }
+
+    /**
+     * Rules to validate this request aganist.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [];
+    }
+}
diff --git a/app/Models/Permission.php b/app/Models/Permission.php
@@ -93,6 +93,8 @@ class Permission extends Model implements CleansAttributes, ValidableContract
         'database' => [
             'view-databases' => null,
             'reset-db-password' => null,
+            'delete-database' => null,
+            'create-database' => null,
         ],
         'file' => [
             'access-sftp' => null,
diff --git a/public/js/laroute.js b/public/js/laroute.js
diff --git a/resources/lang/en/server.php b/resources/lang/en/server.php
@@ -248,6 +248,14 @@
                 'title' => 'Reset Database Password',
                 'description' => 'Allows a user to reset passwords for databases.',
             ],
+            'delete_database' => [
+                'title' => 'Delete Databases',
+                'description' => 'Allows a user to delete databases for this server from the Panel.',
+            ],
+            'create_database' => [
+                'title' => 'Create Database',
+                'description' => 'Allows a user to create additional databases for this server.',
+            ],
         ],
     ],
     'files' => [
diff --git a/resources/themes/pterodactyl/server/databases/index.blade.php b/resources/themes/pterodactyl/server/databases/index.blade.php
@@ -21,7 +21,7 @@
 
 @section('content')
 <div class="row">
-    <div class="{{ $allowCreation ? 'col-xs-12 col-sm-8' : 'col-xs-12' }}">
+    <div class="{{ $allowCreation && Gate::allows('create-database', $server) ? 'col-xs-12 col-sm-8' : 'col-xs-12' }}">
         <div class="box">
             <div class="box-header with-border">
                 <h3 class="box-title">@lang('server.config.database.your_dbs')</h3>
@@ -50,11 +50,20 @@
                                         </code>
                                     </td>
                                     <td class="middle"><code>{{ $database->host->host }}:{{ $database->host->port }}</code></td>
-                                    @can('reset-db-password', $server)
+                                    @if(Gate::allows('reset-db-password', $server) || Gate::allows('delete-database', $server))
                                         <td>
-                                            <button class="btn btn-xs btn-primary pull-right" data-action="reset-password" data-id="{{ $database->id }}"><i class="fa fa-fw fa-refresh"></i> @lang('server.config.database.reset_password')</button>
+                                            @can('delete-database', $server)
+                                                <button class="btn btn-xs btn-danger pull-right" data-action="delete-database" data-id="{{ $database->id }}">
+                                                    <i class="fa fa-fw fa-trash-o"></i>
+                                                </button>
+                                            @endcan
+                                            @can('reset-db-password', $server)
+                                                <button class="btn btn-xs btn-primary pull-right" style="margin-right:10px;" data-action="reset-password" data-id="{{ $database->id }}">
+                                                    <i class="fa fa-fw fa-refresh"></i> @lang('server.config.database.reset_password')
+                                                </button>
+                                            @endcan
                                         </td>
-                                    @endcan
+                                    @endif
                                 </tr>
                             @endforeach
                         </tbody>
@@ -69,7 +78,7 @@
             @endif
         </div>
     </div>
-    @if($allowCreation)
+    @if($allowCreation && Gate::allows('create-database', $server))
         <div class="col-xs-12 col-sm-4">
             <div class="box box-success">
                 <div class="box-header with-border">
@@ -153,5 +162,37 @@
                 });
             });
         @endcan
+        @can('delete-database', $server)
+            $('[data-action="delete-database"]').click(function (event) {
+                event.preventDefault();
+                var self = $(this);
+                swal({
+                    title: '',
+                    type: 'warning',
+                    text: 'Are you sure that you want to delete this database? There is no going back, all data will immediately be removed.',
+                    showCancelButton: true,
+                    confirmButtonText: 'Delete',
+                    confirmButtonColor: '#d9534f',
+                    closeOnConfirm: false,
+                    showLoaderOnConfirm: true,
+                }, function () {
+                    $.ajax({
+                        method: 'DELETE',
+                        url: Router.route('server.databases.delete', { server: '{{ $server->uuidShort }}', database: self.data('id') }),
+                        headers: { 'X-CSRF-TOKEN': $('meta[name="_token"]').attr('content') },
+                    }).done(function () {
+                        self.parent().parent().slideUp();
+                        swal.close();
+                    }).fail(function (jqXHR) {
+                        console.error(jqXHR);
+                        swal({
+                            type: 'error',
+                            title: 'Whoops!',
+                            text: (typeof jqXHR.responseJSON.error !== 'undefined') ? jqXHR.responseJSON.error : 'An error occured while processing this request.'
+                        });
+                    });
+                });
+            });
+        @endcan
     </script>
 @endsection
diff --git a/routes/server.php b/routes/server.php
@@ -41,6 +41,8 @@
     Route::post('/new', 'DatabaseController@store')->name('server.databases.new');
 
     Route::patch('/password', 'DatabaseController@update')->middleware('server..database')->name('server.databases.password');
+
+    Route::delete('/delete/{database}', 'DatabaseController@delete')->middleware('server..database')->name('server.databases.delete');
 });
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,13 @@ public function __construct(DatabaseRepositoryInterface $repository)`
`38`	`38`	`public function handle(Request $request, Closure $next)`
`39`	`39`	`{`
`40`	`40`	`$server = $request->attributes->get('server');`
	`41`	`+ $database = $request->input('database') ?? $request->route()->parameter('database');`
`41`	`42`
`42`		`- $database = $this->repository->find($request->input('database'));`
	`43`	`+ if (! is_digit($database)) {`
	`44`	`+ throw new NotFoundHttpException;`
	`45`	`+ }`
	`46`	`+`
	`47`	`+ $database = $this->repository->find($database);`
`43`	`48`	`if (is_null($database) \|\| $database->server_id !== $server->id) {`
`44`	`49`	`throw new NotFoundHttpException;`
`45`	`50`	`}`