Code cleanup & fix frontend searching servers; closes pterodactyl#2100

Author: DaneEveritt

app/Contracts/Repository/ServerRepositoryInterface.php

@@ -2,7 +2,6 @@
 
 namespace Pterodactyl\Contracts\Repository;
 
-use Pterodactyl\Models\User;
 use Pterodactyl\Models\Server;
 use Illuminate\Support\Collection;
 use Illuminate\Contracts\Pagination\LengthAwarePaginator;
@@ -107,16 +106,6 @@ public function loadDatabaseRelations(Server $server, bool $refresh = false): Se
      */
     public function getDaemonServiceData(Server $server, bool $refresh = false): array;
 
-    /**
-     * Return a paginated list of servers that a user can access at a given level.
-     *
-     * @param \Pterodactyl\Models\User $user
-     * @param int $level
-     * @param bool|int $paginate
-     * @return \Illuminate\Pagination\LengthAwarePaginator|\Illuminate\Database\Eloquent\Collection
-     */
-    public function filterUserAccessServers(User $user, int $level, $paginate = 25);
-
     /**
      * Return a server by UUID.
      *

app/Http/Controllers/Api/Client/ClientApiController.php

@@ -10,6 +10,38 @@
 
 abstract class ClientApiController extends ApplicationApiController
 {
+    /**
+     * Returns only the includes which are valid for the given transformer.
+     *
+     * @param \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer
+     * @param array $merge
+     * @return string[]
+     */
+    protected function getIncludesForTransformer(BaseClientTransformer $transformer, array $merge = [])
+    {
+        $filtered = array_filter($this->parseIncludes(), function ($datum) use ($transformer) {
+            return in_array($datum, $transformer->getAvailableIncludes());
+        });
+
+        return array_merge($filtered, $merge);
+    }
+
+    /**
+     * Returns the parsed includes for this request.
+     */
+    protected function parseIncludes()
+    {
+        $includes = $this->request->query('include');
+
+        if (! is_string($includes)) {
+            return $includes;
+        }
+
+        return array_map(function ($item) {
+            return trim($item);
+        }, explode(',', $includes));
+    }
+
     /**
      * Return an instance of an application transformer.
      *

app/Http/Controllers/Api/Client/ClientController.php

@@ -3,7 +3,9 @@
 namespace Pterodactyl\Http\Controllers\Api\Client;
 
 use Pterodactyl\Models\User;
+use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Permission;
+use Spatie\QueryBuilder\QueryBuilder;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
 use Pterodactyl\Transformers\Api\Client\ServerTransformer;
 use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;
@@ -36,32 +38,36 @@ public function __construct(ServerRepository $repository)
      */
     public function index(GetServersRequest $request): array
     {
-        // Check for the filter parameter on the request.
-        switch ($request->input('filter')) {
-            case 'all':
-                $filter = User::FILTER_LEVEL_ALL;
-                break;
-            case 'admin':
-                $filter = User::FILTER_LEVEL_ADMIN;
-                break;
-            case 'owner':
-                $filter = User::FILTER_LEVEL_OWNER;
-                break;
-            case 'subuser-of':
-            default:
-                $filter = User::FILTER_LEVEL_SUBUSER;
-                break;
+        $user = $request->user();
+        $level = $request->getFilterLevel();
+        $transformer = $this->getTransformer(ServerTransformer::class);
+
+        // Start the query builder and ensure we eager load any requested relationships from the request.
+        $builder = Server::query()->with($this->getIncludesForTransformer($transformer, ['node']));
+
+        if ($level === User::FILTER_LEVEL_OWNER) {
+            $builder = $builder->where('owner_id', $request->user()->id);
+        }
+        // If set to all, display all servers they can access, including those they access as an
+        // admin. If set to subuser, only return the servers they can access because they are owner,
+        // or marked as a subuser of the server.
+        elseif (($level === User::FILTER_LEVEL_ALL && ! $user->root_admin) || $level === User::FILTER_LEVEL_SUBUSER) {
+            $builder = $builder->whereIn('id', $user->accessibleServers()->pluck('id')->all());
         }
+        // If set to admin, only display the servers a user can access because they are an administrator.
+        // This means only servers the user would not have access to if they were not an admin (because they
+        // are not an owner or subuser) are returned.
+        elseif ($level === User::FILTER_LEVEL_ADMIN && $user->root_admin) {
+            $builder = $builder->whereNotIn('id', $user->accessibleServers()->pluck('id')->all());
+        }
+
+        $builder = QueryBuilder::for($builder)->allowedFilters(
+            'uuid', 'name', 'external_id'
+        );
 
-        $servers = $this->repository
-            ->setSearchTerm($request->input('query'))
-            ->filterUserAccessServers(
-                $request->user(), $filter, config('pterodactyl.paginate.frontend.servers')
-            );
+        $servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());
 
-        return $this->fractal->collection($servers)
-            ->transformWith($this->getTransformer(ServerTransformer::class))
-            ->toArray();
+        return $this->fractal->transformWith($transformer)->collection($servers)->toArray();
     }
 
     /**

app/Http/Controllers/Base/IndexController.php

@@ -2,8 +2,6 @@
 
 namespace Pterodactyl\Http\Controllers\Base;
 
-use Illuminate\Http\Request;
-use Pterodactyl\Models\User;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 
@@ -27,15 +25,10 @@ public function __construct(ServerRepositoryInterface $repository)
     /**
      * Returns listing of user's servers.
      *
-     * @param \Illuminate\Http\Request $request
      * @return \Illuminate\View\View
      */
-    public function index(Request $request)
+    public function index()
     {
-        $servers = $this->repository->setSearchTerm($request->input('query'))->filterUserAccessServers(
-            $request->user(), User::FILTER_LEVEL_ALL, config('pterodactyl.paginate.frontend.servers')
-        );
-
-        return view('templates/base.core', ['servers' => $servers]);
+        return view('templates/base.core');
     }
 }

app/Http/Requests/Api/Client/GetServersRequest.php

@@ -2,6 +2,8 @@
 
 namespace Pterodactyl\Http\Requests\Api\Client;
 
+use Pterodactyl\Models\User;
+
 class GetServersRequest extends ClientApiRequest
 {
     /**
@@ -11,4 +13,28 @@ public function authorize(): bool
     {
         return true;
     }
+
+    /**
+     * Return the filtering method for servers when the client base endpoint is requested.
+     *
+     * @return int
+     */
+    public function getFilterLevel(): int
+    {
+        switch ($this->input('type')) {
+            case 'all':
+                return User::FILTER_LEVEL_ALL;
+                break;
+            case 'admin':
+                return User::FILTER_LEVEL_ADMIN;
+                break;
+            case 'owner':
+                return User::FILTER_LEVEL_OWNER;
+                break;
+            case 'subuser-of':
+            default:
+                return User::FILTER_LEVEL_SUBUSER;
+                break;
+        }
+    }
 }

app/Http/ViewComposers/Server/ServerDataComposer.php

@@ -7,6 +7,7 @@
 use Illuminate\Validation\Rules\In;
 use Illuminate\Auth\Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Database\Eloquent\Builder;
 use Pterodactyl\Models\Traits\Searchable;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Pterodactyl\Traits\Helpers\AvailableLanguages;
@@ -260,4 +261,21 @@ public function recoveryTokens()
     {
         return $this->hasMany(RecoveryToken::class);
     }
+
+    /**
+     * Returns all of the servers that a user can access by way of being the owner of the
+     * server, or because they are assigned as a subuser for that server.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function accessibleServers()
+    {
+        return $this->hasMany(Server::class, 'owner_id')
+            ->select('servers.*')
+            ->leftJoin('subusers', 'subusers.server_id', '=', 'servers.id')
+            ->where(function (Builder $builder) {
+                $builder->where('servers.owner_id', $this->id)->orWhere('subusers.user_id', $this->id);
+            })
+            ->groupBy('servers.id');
+    }
 }

app/Http/ViewComposers/ServerListComposer.php

@@ -4,8 +4,6 @@
 
 use Illuminate\Support\ServiceProvider;
 use Pterodactyl\Http\ViewComposers\AssetComposer;
-use Pterodactyl\Http\ViewComposers\ServerListComposer;
-use Pterodactyl\Http\ViewComposers\Server\ServerDataComposer;
 
 class ViewComposerServiceProvider extends ServiceProvider
 {
@@ -15,10 +13,5 @@ class ViewComposerServiceProvider extends ServiceProvider
     public function boot()
     {
         $this->app->make('view')->composer('*', AssetComposer::class);
-
-        $this->app->make('view')->composer('server.*', ServerDataComposer::class);
-
-        // Add data to make the sidebar work when viewing a server.
-        $this->app->make('view')->composer(['server.*'], ServerListComposer::class);
     }
 }