/** * Updates permissions for a given subuser. * @param integer $id The ID of the subuser row in MySQL. (Not the user ID) * @param array $data * @throws DisplayValidationException * @throws DisplayException * @return void */ public function update($id, array $data) { $validator = Validator::make($data, ['permissions' => 'required|array', 'user' => 'required|exists:users,id', 'server' => 'required|exists:servers,id']); if ($validator->fails()) { throw new DisplayValidationException(json_encode($validator->all())); } $subuser = Models\Subuser::findOrFail($id); $server = Models\Server::findOrFail($data['server']); DB::beginTransaction(); try { Models\Permission::where('user_id', $subuser->user_id)->where('server_id', $subuser->server_id)->delete(); $daemonPermissions = $this->coreDaemonPermissions; foreach ($data['permissions'] as $permission) { if (array_key_exists($permission, $this->permissions)) { // Build the daemon permissions array for sending. if (!is_null($this->permissions[$permission])) { array_push($daemonPermissions, $this->permissions[$permission]); } $model = new Models\Permission(); $model->fill(['user_id' => $data['user'], 'server_id' => $data['server'], 'permission' => $permission]); $model->save(); } } // Contact Daemon // We contact even if they don't have any daemon permissions to overwrite // if they did have them previously. $node = Models\Node::getByID($server->node); $client = Models\Node::guzzleRequest($server->node); $res = $client->request('PATCH', '/server', ['headers' => ['X-Access-Server' => $server->uuid, 'X-Access-Token' => $node->daemonSecret], 'json' => ['keys' => [$subuser->daemonSecret => $daemonPermissions]]]); DB::commit(); return true; } catch (\GuzzleHttp\Exception\TransferException $ex) { DB::rollBack(); throw new DisplayException('There was an error attempting to connect to the daemon to update permissions.', $ex); } catch (\Exception $ex) { DB::rollBack(); throw $ex; } return false; }