* @license MIT */ namespace Pterodactyl\Addons\AdvancedAdmin\Http\Controllers\Admin; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; use Illuminate\Routing\Controller; use Pterodactyl\Addons\AdvancedAdmin\Http\Requests\Roles\CreateRoleRequest; use Pterodactyl\Addons\AdvancedAdmin\Http\Requests\Roles\UpdateRoleRequest; use Pterodactyl\Addons\AdvancedAdmin\Http\Resources\RoleResource; use Pterodactyl\Addons\AdvancedAdmin\Models\Role; use Pterodactyl\Addons\AdvancedAdmin\Services\Roles\RoleService; class RoleController extends Controller { public function __construct(private readonly RoleService $roleService) {} /** GET /api/application/addons/roles */ public function index(Request $request): JsonResponse { $this->authorizeAdmin($request); $roles = Role::with('permissions') ->orderByDesc('priority') ->paginate(50); return RoleResource::collection($roles)->response(); } /** GET /api/application/addons/roles/{role} */ public function show(Request $request, Role $role): JsonResponse { $this->authorizeAdmin($request); return (new RoleResource($role->load('permissions')))->response(); } /** POST /api/application/addons/roles */ public function store(CreateRoleRequest $request): JsonResponse { $this->authorizeAdmin($request); $role = $this->roleService->create($request->validated(), $request->user()->id); return (new RoleResource($role->load('permissions')))->response()->setStatusCode(201); } /** PATCH /api/application/addons/roles/{role} */ public function update(UpdateRoleRequest $request, Role $role): JsonResponse { $this->authorizeAdmin($request); $updated = $this->roleService->update($role, $request->validated(), $request->user()->id); return (new RoleResource($updated->load('permissions')))->response(); } /** DELETE /api/application/addons/roles/{role} */ public function destroy(Request $request, Role $role): JsonResponse { $this->authorizeAdmin($request); $force = (bool) $request->boolean('force', false); $this->roleService->delete($role, $request->user()->id, $force); return response()->json(['deleted' => true]); } private function authorizeAdmin(Request $request): void { abort_unless($request->user() && $request->user()->root_admin, 403, 'Admin access required.'); } }