chore: ♻️ Add encrypted prop back in

# Conflicts:
#	app/Http/Controllers/Admin/ProductController.php
#	app/Http/Controllers/ServerController.php
#	app/Models/Server.php
#	app/Models/User.php
#	lang/cs.json
#	lang/en.json
#	themes/default/views/admin/products/create.blade.php
#	themes/default/views/admin/products/edit.blade.php
#	themes/default/views/admin/settings/tabs/system.blade.php
#	themes/default/views/servers/create.blade.php
#	themes/default/views/servers/index.blade.php
#	themes/default/views/servers/settings.blade.php

.editorconfig

@@ -3,9 +3,9 @@ root = true
 [*]
 charset = utf-8
 end_of_line = lf
-insert_final_newline = true
+indent_size = 2
 indent_style = space
-indent_size = 4
+insert_final_newline = true
 trim_trailing_whitespace = true
 
 [*.md]
@@ -13,3 +13,24 @@ trim_trailing_whitespace = false
 
 [*.{yml,yaml}]
 indent_size = 2
+
+[docker-compose.yml]
+indent_size = 2
+
+[*.php]
+indent_size = 4
+
+[*.blade.php]
+indent_size = 2
+
+[*.js]
+indent_size = 4
+
+[*.jsx]
+indent_size = 2
+
+[*.tsx]
+indent_size = 2
+
+[*.json]
+indent_size = 4

.env.example

@@ -1,5 +1,5 @@
 ### --- App Settings --- ###
-APP_NAME=Controlpanel.gg
+APP_NAME=CtrlPanel.gg
 APP_ENV=production
 APP_KEY=
 APP_DEBUG=false
@@ -64,4 +64,4 @@ MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 
 # Settings Cache
-SETTINGS_CACHE_ENABLED=true
+SETTINGS_CACHE_ENABLED=true

.github/ISSUE_TEMPLATE/config.yml

@@ -5,4 +5,4 @@ contact_links:
     about: Please visit our Discord for help with your installation.
   - name: ❓ General Question
     url: https://discord.gg/4Y6HjD2uyU
-    about: Please visit our Discord for general questions about the ControlPanel.
+    about: Please visit our Discord for general questions about the CtrlPanel.

.gitignore

@@ -10,6 +10,7 @@ storage/debugbar
 .env.backup
 .idea
 .phpunit.result.cache
+.editorconfig
 docker-compose.override.yml
 Homestead.json
 Homestead.yaml

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 ControlPanel.gg
+Copyright (c) 2021 CtrlPanel.gg
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,7 +1,7 @@
 ### Features
 
--   PayPal Integration
--   Stripe Integration
+-   PayPal, Stripe and Mollie Integration
+-   Hourly, Weekely, Monthly, Quarterly and Annual billing Cycles
 -   Referral System
 -   Partner System
 -   Ticket System
@@ -17,19 +17,19 @@
 -   Theme Support
 -   and so much more!
 
-# ControlPanel-gg
+# CtrlPanel-gg
 
-![controlpanel](https://user-images.githubusercontent.com/67899387/214684708-739c1d21-06e8-4dec-a4f1-81533a46cc7e.png)
+![ctrlpanel](https://user-images.githubusercontent.com/67899387/214684708-739c1d21-06e8-4dec-a4f1-81533a46cc7e.png)
 
 
 ![](https://img.shields.io/endpoint?label=v0.9%20Installations&url=https%3A%2F%2Fmarket.ctrlpanel.gg%2Fcallhome.php%3Fgetinstalls)
 ![](https://img.shields.io/badge/Overall%20Installations-5000%2B-green)
-![](https://img.shields.io/github/stars/ControlPanel-gg/dashboard) ![](https://img.shields.io/github/forks/ControlPanel-gg/dashboard) ![](https://img.shields.io/github/tag/ControlPanel-gg/dashboard) [![Crowdin](https://badges.crowdin.net/controlpanelgg/localized.svg)](https://crowdin.com/project/controlpanelgg) ![](https://img.shields.io/github/issues/ControlPanel-gg/dashboard) ![](https://img.shields.io/github/license/ControlPanel-gg/dashboard) ![](https://img.shields.io/discord/787829714483019826)
+![](https://img.shields.io/github/stars/ctrlpanel-gg/dashboard) ![](https://img.shields.io/github/forks/ctrlpanel-gg/panel) ![](https://img.shields.io/github/tag/ctrlpanel-gg/panel) [![Crowdin](https://badges.crowdin.com/project/controlpanelgg/localized.svg)](https://crowdin.com/project/controlpanelgg) ![](https://img.shields.io/github/issues/ctrlpanel-gg/panel) ![](https://img.shields.io/github/license/ctrlpanel-gg/panel) ![](https://img.shields.io/discord/787829714483019826)
 ## About
 
-ControlPanel's Dashboard is a dashboard application designed to offer clients a management tool to manage their pterodactyl servers. This dashboard comes with a credit-based billing solution that credits users hourly for each server they have and suspends them if they run out of credits.
+CtrlPanel's Dashboard is a dashboard application designed to offer clients a management tool to manage their pterodactyl servers. This dashboard comes with a credit-based billing solution that charges users depending on the billing cycle you chose for each server they have and suspends them if they run out of credits.
 
-This dashboard offers an easy to use and free billing solution for all starting and experienced hosting providers. This dashboard has many customisation options and added discord Oauth verification to offer a solid link between your discord server and your dashboard. You can check our [Demo here](https://demo.controlpanel.gg "Demo").
+This dashboard offers an easy to use and free billing solution for all starting and experienced hosting providers. This dashboard has many customisation options and added discord Oauth verification to offer a solid link between your discord server and your dashboard. You can check our [Demo here](https://demo.CtrlPanel.gg "Demo").
 
 ### [Installation](https://ctrlpanel.gg/docs/intro "Installation")
 

app/Classes/AbstractExtension.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Classes;
+
+abstract class AbstractExtension
+{
+    abstract public static function getConfig(): array;
+}

app/Classes/LegacySettingsMigration.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Classes;
+
+use Exception;
+use Illuminate\Support\Facades\DB;
+use Spatie\LaravelSettings\Migrations\SettingsMigration;
+
+
+abstract class LegacySettingsMigration extends SettingsMigration
+{
+    public function getNewValue(string $name, string $group)
+    {
+        $new_value = DB::table('settings')->where([['group', '=', $group], ['name', '=', $name]])->get(['payload'])->first();
+
+        if (is_null($new_value) || is_null($new_value->payload)) {
+            return null;
+        }
+
+        // Some keys returns '""' as a value.
+        if ($new_value->payload === '""') {
+            return null;
+        }
+
+
+        // remove the quotes from the string
+        if (substr($new_value->payload, 0, 1) === '"' && substr($new_value->payload, -1) === '"') {
+            return substr($new_value->payload, 1, -1);
+        }
+
+        return $new_value->payload;
+    }
+
+    /**
+     * Get the old value from the settings_old table.
+     * @param string $key The key to get the value from table.
+     * @param int|string|bool|null $default The default value to return if the value is null. If value is not nullable, a default must be provided.
+     */
+    public function getOldValue(string $key,  int|string|bool|null $default = null)
+    {
+        $old_value = DB::table('settings_old')->where('key', '=', $key)->get(['value', 'type'])->first();
+
+        if (is_null($old_value) || is_null($old_value->value)) {
+            return $default;
+        }
+
+        switch ($old_value->type) {
+            case 'string':
+            case 'text':
+                // Edgecase: The value is a boolean, but it's stored as a string.
+                if ($old_value->value === "false" || $old_value->value === "true") {
+                    return filter_var($old_value->value, FILTER_VALIDATE_BOOL);
+                }
+                return $old_value->value;
+            case 'boolean':
+                return filter_var($old_value->value, FILTER_VALIDATE_BOOL);
+            case 'integer':
+                return filter_var($old_value->value, FILTER_VALIDATE_INT);
+            default:
+                throw new Exception("Unknown type: {$old_value->type}");
+        }
+    }
+}

app/Classes/PaymentExtensions.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Classes;
+
+use App\Models\Payment;
+use App\Models\ShopProduct;
+
+abstract class PaymentExtension extends AbstractExtension
+{
+    /**
+     * Returns the redirect url of the payment gateway to redirect the user to
+     */
+    abstract public static function getRedirectUrl(Payment $payment, ShopProduct $shopProduct, string $totalPriceString): string;
+}

app/Classes/PterodactylClient.php

@@ -266,6 +266,7 @@ class PterodactylClient
             'docker_image' => $egg->docker_image,
             'startup' => $egg->startup,
             'environment' => $egg->getEnvironmentVariables(),
+            'oom_disabled' => !$server->product->oom_killer,
             'limits' => [
                 'memory' => $server->product->memory,
                 'swap' => $server->product->swap,
@@ -378,6 +379,7 @@ class PterodactylClient
             'io' => $product->io,
             'cpu' => $product->cpu,
             'threads' => null,
+            'oom_disabled' => !$server->product->oom_killer,
             'feature_limits' => [
                 'databases' => $product->databases,
                 'backups' => $product->backups,

app/Console/Commands/ChargeServers.php

@@ -0,0 +1,139 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Server;
+use App\Notifications\ServersSuspendedNotification;
+use Carbon\Carbon;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+
+class ChargeServers extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'servers:charge';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Charge all users with severs that are due to be charged';
+
+    /**
+     * A list of users that have to be notified
+     * @var array
+     */
+    protected $usersToNotify = [];
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+        Server::whereNull('suspended')->with('user', 'product')->chunk(10, function ($servers) {
+            /** @var Server $server */
+            foreach ($servers as $server) {
+                /** @var Product $product */
+                $product = $server->product;
+                /** @var User $user */
+                $user = $server->user;
+
+                $billing_period = $product->billing_period;
+
+
+                // check if server is due to be charged by comparing its last_billed date with the current date and the billing period
+                $newBillingDate = null;
+                switch ($billing_period) {
+                    case 'annually':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addYear();
+                        break;
+                    case 'half-annually':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addMonths(6);
+                        break;
+                    case 'quarterly':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addMonths(3);
+                        break;
+                    case 'monthly':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addMonth();
+                        break;
+                    case 'weekly':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addWeek();
+                        break;
+                    case 'daily':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addDay();
+                        break;
+                    case 'hourly':
+                        $newBillingDate = Carbon::parse($server->last_billed)->addHour();
+                    default:
+                        $newBillingDate = Carbon::parse($server->last_billed)->addHour();
+                        break;
+                };
+
+                if (!($newBillingDate->isPast())) {
+                    continue;
+                }
+
+                // check if the server is canceled or if user has enough credits to charge the server or
+                if ($server->canceled || $user->credits <= $product->price) {
+                    try {
+                        // suspend server
+                        $this->line("<fg=yellow>{$server->name}</> from user: <fg=blue>{$user->name}</> has been <fg=red>suspended!</>");
+                        $server->suspend();
+
+                        // add user to notify list
+                        if (!in_array($user, $this->usersToNotify)) {
+                            array_push($this->usersToNotify, $user);
+                        }
+                    } catch (\Exception $exception) {
+                        $this->error($exception->getMessage());
+                    }
+                    return;
+                }
+
+                // charge credits to user
+                $this->line("<fg=blue>{$user->name}</> Current credits: <fg=green>{$user->credits}</> Credits to be removed: <fg=red>{$product->price}</>");
+                $user->decrement('credits', $product->price);
+
+                // update server last_billed date in db
+                DB::table('servers')->where('id', $server->id)->update(['last_billed' => $newBillingDate]);
+            }
+
+            return $this->notifyUsers();
+        });
+    }
+
+    /**
+     * @return bool
+     */
+    public function notifyUsers()
+    {
+        if (!empty($this->usersToNotify)) {
+            /** @var User $user */
+            foreach ($this->usersToNotify as $user) {
+                $this->line("<fg=yellow>Notified user:</> <fg=blue>{$user->name}</>");
+                $user->notify(new ServersSuspendedNotification());
+            }
+        }
+
+        #reset array
+        $this->usersToNotify = array();
+        return true;
+    }
+}

app/Console/Commands/DeleteExpiredCoupons.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Settings\CouponSettings;
+use App\Models\Coupon;
+use Carbon\Carbon;
+use Illuminate\Console\Command;
+
+
+class DeleteExpiredCoupons extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'coupons:delete';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Delete expired coupons from DB.';
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle(CouponSettings $couponSettings)
+    {
+        if ($couponSettings->delete_coupon_on_expires) {
+            $expired_coupons = Coupon::where('expires_at', '<=', Carbon::now(config('app.timezone')))->get();
+
+            foreach ($expired_coupons as $expired_coupon) {
+                $expired_coupon->delete();
+            }
+        }
+    }
+}

app/Console/Commands/GetGithubVersion.php

@@ -32,7 +32,7 @@ class GetGithubVersion extends Command
     public function handle()
     {
         try{
-            $latestVersion = Http::get('https://api.github.com/repos/controlpanel-gg/dashboard/tags')->json()[0]['name'];
+            $latestVersion = Http::get('https://api.github.com/repos/ctrlpanel-gg/panel/tags')->json()[0]['name'];
             Storage::disk('local')->put('latestVersion', $latestVersion);
         } catch (Exception $e) {
             Storage::disk('local')->put('latestVersion', "unknown");

app/Console/Commands/MakeUserCommand.php

@@ -101,6 +101,8 @@ class MakeUserCommand extends Command
             ['Referral code', $user->referral_code],
         ]);
 
+        $user->syncRoles(1);
+
         return 1;
     }
 }

app/Console/Kernel.php

@@ -8,6 +8,17 @@ use Illuminate\Support\Facades\Storage;
 
 class Kernel extends ConsoleKernel
 {
+    /**
+     * The Artisan commands provided by your application.
+     *
+     * @var array
+     */
+    protected $commands = [
+        Commands\ChargeCreditsCommand::class,
+        Commands\ChargeServers::class,
+        Commands\DeleteExpiredCoupons::class,
+    ];
+
     /**
      * Define the application's command schedule.
      *
@@ -16,9 +27,10 @@ class Kernel extends ConsoleKernel
      */
     protected function schedule(Schedule $schedule)
     {
-        $schedule->command('credits:charge')->hourly();
+        $schedule->command('servers:charge')->everyMinute();
         $schedule->command('cp:versioncheck:get')->daily();
         $schedule->command('payments:open:clear')->daily();
+        $schedule->command('coupons:delete')->daily();
 
         //log cronjob activity
         $schedule->call(function () {

app/Enums/PaymentStatus.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Enums;
+
+// Payment status are open, processing, paid and canceled
+enum PaymentStatus: String
+{
+    case OPEN = "open";
+    case PROCESSING = "processing";
+    case PAID = "paid";
+    case CANCELED = "canceled";
+}

app/Events/CouponUsedEvent.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Events;
+
+use App\Models\Coupon;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+class CouponUsedEvent
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public Coupon $coupon;
+    public string $couponCode;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct(string $couponCode)
+    {
+
+        $this->couponCode = $couponCode;
+        $this->coupon = Coupon::where('code', $couponCode)->first();
+    }
+}

app/Extensions/PaymentGateways/Mollie/MollieExtension.php

@@ -2,17 +2,20 @@
 
 namespace App\Extensions\PaymentGateways\Mollie;
 
-use App\Helpers\AbstractExtension;
+use App\Classes\AbstractExtension;
+use App\Enums\PaymentStatus;
 use App\Events\PaymentEvent;
 use App\Events\UserUpdateCreditsEvent;
 use App\Models\PartnerDiscount;
 use App\Models\Payment;
 use App\Models\ShopProduct;
 use App\Models\User;
+use App\Models\Coupon;
+use App\Traits\Coupon as CouponTrait;
+use App\Events\CouponUsedEvent;
 use Exception;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\Log;
@@ -23,6 +26,8 @@ use Illuminate\Support\Facades\Http;
  */
 class MollieExtension extends AbstractExtension
 {
+    use CouponTrait;
+
     public static function getConfig(): array
     {
         return [
@@ -33,31 +38,10 @@ class MollieExtension extends AbstractExtension
         ];
     }
 
-    static function pay(Request $request): void
+    public static function getRedirectUrl(Payment $payment, ShopProduct $shopProduct, string $totalPriceString): string
     {
         $url = 'https://api.mollie.com/v2/payments';
         $settings = new MollieSettings();
-
-        $user = Auth::user();
-        $shopProduct = ShopProduct::findOrFail($request->shopProduct);
-        $discount = PartnerDiscount::getDiscount();
-
-        // create a new payment
-        $payment = Payment::create([
-            'user_id' => $user->id,
-            'payment_id' => null,
-            'payment_method' => 'mollie',
-            'type' => $shopProduct->type,
-            'status' => 'open',
-            'amount' => $shopProduct->quantity,
-            'price' => $shopProduct->price - ($shopProduct->price * $discount / 100),
-            'tax_value' => $shopProduct->getTaxValue(),
-            'tax_percent' => $shopProduct->getTaxPercent(),
-            'total_price' => $shopProduct->getTotalPrice(),
-            'currency_code' => $shopProduct->currency_code,
-            'shop_item_product_id' => $shopProduct->id,
-        ]);
-
         try {
             $response = Http::withHeaders([
                 'Content-Type' => 'application/json',
@@ -65,7 +49,7 @@ class MollieExtension extends AbstractExtension
             ])->post($url, [
                 'amount' => [
                     'currency' => $shopProduct->currency_code,
-                    'value' => number_format($shopProduct->getTotalPrice(), 2, '.', ''),
+                    'value' => $totalPriceString,
                 ],
                 'description' => "Order #{$payment->id} - " . $shopProduct->name,
                 'redirectUrl' => route('payment.MollieSuccess'),
@@ -78,31 +62,21 @@ class MollieExtension extends AbstractExtension
 
             if ($response->status() != 201) {
                 Log::error('Mollie Payment: ' . $response->body());
-                $payment->delete();
-
-                Redirect::route('store.index')->with('error', __('Payment failed'))->send();
-                return;
+                throw new Exception('Payment failed');
             }
 
-            $payment->update([
-                'payment_id' => $response->json()['id'],
-            ]);
-
-            Redirect::away($response->json()['_links']['checkout']['href'])->send();
-            return;
+            return $response->json()['_links']['checkout']['href'];
         } catch (Exception $ex) {
             Log::error('Mollie Payment: ' . $ex->getMessage());
-            $payment->delete();
-
-            Redirect::route('store.index')->with('error', __('Payment failed'))->send();
-            return;
+            throw new Exception('Payment failed');
         }
     }
 
     static function success(Request $request): void
     {
         $payment = Payment::findOrFail($request->input('payment'));
-        $payment->status = 'pending';
+        $payment->status = PaymentStatus::PROCESSING;
+        $payment->save();
 
         Redirect::route('home')->with('success', 'Your payment is being processed')->send();
         return;
@@ -123,16 +97,15 @@ class MollieExtension extends AbstractExtension
                 return response()->json(['success' => false]);
             }
 
-            $payment = Payment::findOrFail($response->json()['metadata']['payment_id']);
-            $payment->status->update([
-                'status' => $response->json()['status'],
-            ]);
 
+            $payment = Payment::findOrFail($response->json()['metadata']['payment_id']);
             $shopProduct = ShopProduct::findOrFail($payment->shop_item_product_id);
             event(new PaymentEvent($payment, $payment, $shopProduct));
 
             if ($response->json()['status'] == 'paid') {
                 $user = User::findOrFail($payment->user_id);
+                $payment->status = PaymentStatus::PAID;
+                $payment->save();
                 event(new UserUpdateCreditsEvent($user));
             }
         } catch (Exception $ex) {

app/Extensions/PaymentGateways/Mollie/MollieSettings.php

@@ -15,12 +15,7 @@ class MollieSettings extends Settings
         return 'mollie';
     }
 
-    public static function encrypted(): array
-    {
-        return [
-            'api_key',
-        ];
-    }
+
 
     public static function getOptionInputData()
     {

app/Extensions/PaymentGateways/Mollie/web_routes.php

@@ -4,10 +4,6 @@ use Illuminate\Support\Facades\Route;
 use App\Extensions\PaymentGateways\Mollie\MollieExtension;
 
 Route::middleware(['web', 'auth'])->group(function () {
-    Route::get('payment/MolliePay/{shopProduct}', function () {
-        MollieExtension::pay(request());
-    })->name('payment.MolliePay');
-
     Route::get(
         'payment/MollieSuccess',
         function () {

app/Extensions/PaymentGateways/PayPal/PayPalExtension.php

@@ -2,14 +2,18 @@
 
 namespace App\Extensions\PaymentGateways\PayPal;
 
-use App\Helpers\AbstractExtension;
+use App\Events\CouponUsedEvent;
 use App\Events\PaymentEvent;
 use App\Events\UserUpdateCreditsEvent;
 use App\Extensions\PaymentGateways\PayPal\PayPalSettings;
+use App\Classes\PaymentExtension;
+use App\Enums\PaymentStatus;
 use App\Models\PartnerDiscount;
 use App\Models\Payment;
 use App\Models\ShopProduct;
 use App\Models\User;
+use App\Models\Coupon;
+use App\Traits\Coupon as CouponTrait;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Redirect;
@@ -25,8 +29,10 @@ use PayPalHttp\HttpException;
 /**
  * Summary of PayPalExtension
  */
-class PayPalExtension extends AbstractExtension
+class PayPalExtension extends PaymentExtension
 {
+    use CouponTrait;
+
     public static function getConfig(): array
     {
         return [
@@ -35,29 +41,8 @@ class PayPalExtension extends AbstractExtension
         ];
     }
 
-    static function PaypalPay(Request $request): void
+    public static function getRedirectUrl(Payment $payment, ShopProduct $shopProduct, string $totalPriceString): string
     {
-        /** @var User $user */
-        $user = Auth::user();
-        $shopProduct = ShopProduct::findOrFail($request->shopProduct);
-        $discount = PartnerDiscount::getDiscount();
-
-        // create a new payment
-        $payment = Payment::create([
-            'user_id' => $user->id,
-            'payment_id' => null,
-            'payment_method' => 'paypal',
-            'type' => $shopProduct->type,
-            'status' => 'open',
-            'amount' => $shopProduct->quantity,
-            'price' => $shopProduct->price - ($shopProduct->price * $discount / 100),
-            'tax_value' => $shopProduct->getTaxValue(),
-            'tax_percent' => $shopProduct->getTaxPercent(),
-            'total_price' => $shopProduct->getTotalPrice(),
-            'currency_code' => $shopProduct->currency_code,
-            'shop_item_product_id' => $shopProduct->id,
-        ]);
-
         $request = new OrdersCreateRequest();
         $request->prefer('return=representation');
         $request->body = [
@@ -65,18 +50,16 @@ class PayPalExtension extends AbstractExtension
             "purchase_units" => [
                 [
                     "reference_id" => uniqid(),
-                    "description" => $shopProduct->display . ($discount ? (" (" . __('Discount') . " " . $discount . '%)') : ""),
-                    "amount"       => [
-                        "value"         => $shopProduct->getTotalPrice(),
+                    "description" => $shopProduct->display,
+                    "amount" => [
+                        "value" => $totalPriceString,
                         'currency_code' => strtoupper($shopProduct->currency_code),
                         'breakdown' => [
-                            'item_total' =>
-                            [
+                            'item_total' => [
                                 'currency_code' => strtoupper($shopProduct->currency_code),
-                                'value' => $shopProduct->getPriceAfterDiscount(),
+                                'value' => $totalPriceString
                             ],
-                            'tax_total' =>
-                            [
+                            'tax_total' => [
                                 'currency_code' => strtoupper($shopProduct->currency_code),
                                 'value' => $shopProduct->getTaxValue(),
                             ]
@@ -87,11 +70,9 @@ class PayPalExtension extends AbstractExtension
             "application_context" => [
                 "cancel_url" => route('payment.Cancel'),
                 "return_url" => route('payment.PayPalSuccess', ['payment' => $payment->id]),
-                'brand_name' =>  config('app.name', 'Controlpanel.GG'),
+                'brand_name' =>  config('app.name', 'CtrlPanel.GG'),
                 'shipping_preference'  => 'NO_SHIPPING'
             ]
-
-
         ];
 
         try {
@@ -108,17 +89,15 @@ class PayPalExtension extends AbstractExtension
                 throw new \Exception('No redirect link found');
             }
 
-            Redirect::away($response->result->links[1]->href)->send();
-            return;
+            return $response->result->links[1]->href;
         } catch (HttpException $ex) {
             Log::error('PayPal Payment: ' . $ex->getMessage());
-            $payment->delete();
 
-            Redirect::route('store.index')->with('error', __('Payment failed'))->send();
-            return;
+            throw new \Exception('PayPal Payment: ' . $ex->getMessage());
         }
     }
 
+
     static function PaypalSuccess(Request $laravelRequest): void
     {
         $user = Auth::user();
@@ -136,10 +115,11 @@ class PayPalExtension extends AbstractExtension
             if ($response->statusCode == 201 || $response->statusCode == 200) {
                 //update payment
                 $payment->update([
-                    'status' => 'paid',
+                    'status' => PaymentStatus::PAID,
                     'payment_id' => $response->result->id,
                 ]);
 
+
                 event(new UserUpdateCreditsEvent($user));
                 event(new PaymentEvent($user, $payment, $shopProduct));
 
@@ -151,7 +131,7 @@ class PayPalExtension extends AbstractExtension
                 dd($response);
             } else {
                 $payment->update([
-                    'status' => 'cancelled',
+                    'status' => PaymentStatus::CANCELED,
                     'payment_id' => $response->result->id,
                 ]);
                 abort(500);
@@ -163,7 +143,7 @@ class PayPalExtension extends AbstractExtension
                 dd($ex->getMessage());
             } else {
                 $payment->update([
-                    'status' => 'cancelled',
+                    'status' => PaymentStatus::CANCELED,
                     'payment_id' => $response->result->id,
                 ]);
                 abort(422);
@@ -173,7 +153,8 @@ class PayPalExtension extends AbstractExtension
 
     static function getPayPalClient(): PayPalHttpClient
     {
-        $environment = env('APP_ENV') == 'local'
+
+        $environment = config('app.env') == 'local'
             ? new SandboxEnvironment(self::getPaypalClientId(), self::getPaypalClientSecret())
             : new ProductionEnvironment(self::getPaypalClientId(), self::getPaypalClientSecret());
         return new PayPalHttpClient($environment);
@@ -184,7 +165,7 @@ class PayPalExtension extends AbstractExtension
     static function getPaypalClientId(): string
     {
         $settings = new PayPalSettings();
-        return env('APP_ENV') == 'local' ?  $settings->sandbox_client_id : $settings->client_id;
+        return config('app.env') == 'local' ?  $settings->sandbox_client_id : $settings->client_id;
     }
     /**
      * @return string
@@ -192,6 +173,6 @@ class PayPalExtension extends AbstractExtension
     static function getPaypalClientSecret(): string
     {
         $settings = new PayPalSettings();
-        return env('APP_ENV') == 'local' ? $settings->sandbox_client_secret : $settings->client_secret;
+        return config('app.env') == 'local' ? $settings->sandbox_client_secret : $settings->client_secret;
     }
 }

app/Extensions/PaymentGateways/PayPal/PayPalSettings.php

@@ -18,15 +18,7 @@ class PayPalSettings extends Settings
     }
 
 
-    public static function encrypted(): array
-    {
-        return [
-            'client_id',
-            'client_secret',
-            'sandbox_client_id',
-            'sandbox_client_secret'
-        ];
-    }
+
 
     /**
      * Summary of optionInputData array

app/Extensions/PaymentGateways/PayPal/migrations/2023_03_04_135248_create_pay_pal_settings.php

@@ -77,6 +77,10 @@ class CreatePayPalSettings extends SettingsMigration
         // Always get the first value of the key.
         $old_value = DB::table('settings_old')->where('key', '=', $key)->get(['value', 'type'])->first();
 
+        if (is_null($old_value)) {
+            return null;
+        }
+
         // Handle the old values to return without it being a string in all cases.
         if ($old_value->type === "string" || $old_value->type === "text") {
             if (is_null($old_value->value)) {

app/Extensions/PaymentGateways/PayPal/web_routes.php

@@ -4,10 +4,6 @@ use Illuminate\Support\Facades\Route;
 use App\Extensions\PaymentGateways\PayPal\PayPalExtension;
 
 Route::middleware(['web', 'auth'])->group(function () {
-    Route::get('payment/PayPalPay/{shopProduct}', function () {
-        PayPalExtension::PaypalPay(request());
-    })->name('payment.PayPalPay');
-
     Route::get(
         'payment/PayPalSuccess',
         function () {

app/Extensions/PaymentGateways/Stripe/StripeExtension.php

@@ -2,14 +2,18 @@
 
 namespace App\Extensions\PaymentGateways\Stripe;
 
-use App\Helpers\AbstractExtension;
+use App\Classes\AbstractExtension;
+use App\Enums\PaymentStatus;
 use App\Events\PaymentEvent;
+use App\Events\CouponUsedEvent;
 use App\Events\UserUpdateCreditsEvent;
 use App\Extensions\PaymentGateways\Stripe\StripeSettings;
 use App\Models\PartnerDiscount;
 use App\Models\Payment;
 use App\Models\ShopProduct;
 use App\Models\User;
+use App\Models\Coupon;
+use App\Traits\Coupon as CouponTrait;
 use App\Notifications\ConfirmPaymentNotification;
 use Exception;
 use Illuminate\Http\Request;
@@ -21,6 +25,8 @@ use Stripe\StripeClient;
 
 class StripeExtension extends AbstractExtension
 {
+    use CouponTrait;
+
     public static function getConfig(): array
     {
         return [
@@ -31,40 +37,14 @@ class StripeExtension extends AbstractExtension
         ];
     }
 
-    /**
-     * @param  Request  $request
-     * @param  ShopProduct  $shopProduct
-     */
-    public static function StripePay(Request $request)
+    public static function getRedirectUrl(Payment $payment, ShopProduct $shopProduct, string $totalPriceString): string
     {
-        $user = Auth::user();
-        $shopProduct = ShopProduct::findOrFail($request->shopProduct);
-
-        // check if the price is valid for stripe
-        if (!self::checkPriceAmount($shopProduct->getTotalPrice(), strtoupper($shopProduct->currency_code), 'stripe')) {
-            Redirect::route('home')->with('error', __('The product you chose can\'t be purchased with this payment method. The total amount is too small. Please buy a bigger amount or try a different payment method.'))->send();
-            return;
+        // check if the total price is valid for stripe
+        $totalPriceNumber = floatval($totalPriceString);
+        if (!self::checkPriceAmount($totalPriceNumber, strtoupper($shopProduct->currency_code), 'stripe')) {
+            throw new Exception('Invalid price amount');
         }
 
-        $discount = PartnerDiscount::getDiscount();
-
-
-        // create payment
-        $payment = Payment::create([
-            'user_id' => $user->id,
-            'payment_id' => null,
-            'payment_method' => 'stripe',
-            'type' => $shopProduct->type,
-            'status' => 'open',
-            'amount' => $shopProduct->quantity,
-            'price' => $shopProduct->price - ($shopProduct->price * $discount / 100),
-            'tax_value' => $shopProduct->getTaxValue(),
-            'total_price' => $shopProduct->getTotalPrice(),
-            'tax_percent' => $shopProduct->getTaxPercent(),
-            'currency_code' => $shopProduct->currency_code,
-            'shop_item_product_id' => $shopProduct->id,
-        ]);
-
         $stripeClient = self::getStripeClient();
         $request = $stripeClient->checkout->sessions->create([
             'line_items' => [
@@ -72,10 +52,10 @@ class StripeExtension extends AbstractExtension
                     'price_data' => [
                         'currency' => $shopProduct->currency_code,
                         'product_data' => [
-                            'name' => $shopProduct->display . ($discount ? (' (' . __('Discount') . ' ' . $discount . '%)') : ''),
+                            'name' => $shopProduct->display,
                             'description' => $shopProduct->description,
                         ],
-                        'unit_amount_decimal' => round($shopProduct->getPriceAfterDiscount() * 100, 2),
+                        'unit_amount_decimal' => $totalPriceString,
                     ],
                     'quantity' => 1,
                 ],
@@ -102,7 +82,7 @@ class StripeExtension extends AbstractExtension
             ],
         ]);
 
-        Redirect::to($request->url)->send();
+        return $request->url;
     }
 
     /**
@@ -115,7 +95,6 @@ class StripeExtension extends AbstractExtension
         $payment = Payment::findOrFail($request->input('payment'));
         $shopProduct = ShopProduct::findOrFail($payment->shop_item_product_id);
 
-
         Redirect::route('home')->with('success', 'Please wait for success')->send();
 
         $stripeClient = self::getStripeClient();
@@ -133,12 +112,11 @@ class StripeExtension extends AbstractExtension
                 //update payment
                 $payment->update([
                     'payment_id' => $paymentSession->payment_intent,
-                    'status' => 'paid',
+                    'status' => PaymentStatus::PAID,
                 ]);
 
                 //payment notification
                 $user->notify(new ConfirmPaymentNotification($payment));
-
                 event(new UserUpdateCreditsEvent($user));
                 event(new PaymentEvent($user, $payment, $shopProduct));
 
@@ -150,7 +128,7 @@ class StripeExtension extends AbstractExtension
                     //update payment
                     $payment->update([
                         'payment_id' => $paymentSession->payment_intent,
-                        'status' => 'processing',
+                        'status' => PaymentStatus::PROCESSING,
                     ]);
 
                     event(new PaymentEvent($user, $payment, $shopProduct));
@@ -191,7 +169,7 @@ class StripeExtension extends AbstractExtension
                 //update payment db entry status
                 $payment->update([
                     'payment_id' => $payment->payment_id ?? $paymentIntent->id,
-                    'status' => 'paid'
+                    'status' => PaymentStatus::PAID,
                 ]);
 
                 //payment notification
@@ -281,7 +259,7 @@ class StripeExtension extends AbstractExtension
      * @return bool
      * @description check if the amount is higher than the minimum amount for the stripe gateway
      */
-    public static function checkPriceAmount($amount, $currencyCode, $payment_method)
+    public static function checkPriceAmount(float $amount,  string $currencyCode, string $payment_method)
     {
         $minimums = [
             "USD" => [

app/Extensions/PaymentGateways/Stripe/StripeSettings.php

@@ -19,15 +19,7 @@ class StripeSettings extends Settings
         return 'stripe';
     }
 
-    public static function encrypted(): array
-    {
-        return [
-            "secret_key",
-            "endpoint_secret",
-            "test_secret_key",
-            "test_endpoint_secret"
-        ];
-    }
+
 
     public static function getOptionInputData()
     {

app/Extensions/PaymentGateways/Stripe/migrations/2023_03_04_181917_create_stripe_settings.php

@@ -10,9 +10,9 @@ class CreateStripeSettings extends SettingsMigration
         $table_exists = DB::table('settings_old')->exists();
 
         $this->migrator->addEncrypted('stripe.secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:SECRET') : null);
-        $this->migrator->addEncrypted('stripe.endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_SECRET') : null);
+        $this->migrator->add('stripe.endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_SECRET') : null);
         $this->migrator->addEncrypted('stripe.test_secret_key', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:TEST_SECRET') : null);
-        $this->migrator->addEncrypted('stripe.test_endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_TEST_SECRET') : null);
+        $this->migrator->add('stripe.test_endpoint_secret', $table_exists ? $this->getOldValue('SETTINGS::PAYMENTS:STRIPE:ENDPOINT_TEST_SECRET') : null);
         $this->migrator->add('stripe.enabled', false);
     }
 
@@ -75,6 +75,10 @@ class CreateStripeSettings extends SettingsMigration
         // Always get the first value of the key.
         $old_value = DB::table('settings_old')->where('key', '=', $key)->get(['value', 'type'])->first();
 
+        if (is_null($old_value)) {
+            return null;
+        }
+
         // Handle the old values to return without it being a string in all cases.
         if ($old_value->type === "string" || $old_value->type === "text") {
             if (is_null($old_value->value)) {

app/Extensions/PaymentGateways/Stripe/web_routes.php

@@ -4,10 +4,6 @@ use Illuminate\Support\Facades\Route;
 use App\Extensions\PaymentGateways\Stripe\StripeExtension;
 
 Route::middleware(['web', 'auth'])->group(function () {
-    Route::get('payment/StripePay/{shopProduct}', function () {
-        StripeExtension::StripePay(request());
-    })->name('payment.StripePay');
-
     Route::get(
         'payment/StripeSuccess',
         function () {

app/Helpers/AbstractExtension.php

@@ -1,9 +0,0 @@
-<?php
-
-namespace App\Helpers;
-
-// create a abstract class for the extension that will contain all the methods that will be used in the extension
-abstract class AbstractExtension
-{
-    abstract public static function getConfig(): array;
-}

app/Helpers/ExtensionHelper.php

@@ -18,8 +18,9 @@ class ExtensionHelper
         foreach ($extensionNamespaces as $extensionNamespace) {
             $extensions = array_merge($extensions, glob($extensionNamespace . '/*', GLOB_ONLYDIR));
         }
+
         // remove base path from every extension but keep app/Extensions/...
-        $extensions = array_map(fn ($item) => str_replace('/', '\\', str_replace(app_path() . '/', 'App/', $item)), $extensions);
+        $extensions = array_map(fn ($item) => str_replace(app_path() . '/', 'App/', $item), $extensions);
 
         return $extensions;
     }
@@ -33,7 +34,7 @@ class ExtensionHelper
     {
         $extensions = glob(app_path() . '/Extensions/' . $namespace . '/*', GLOB_ONLYDIR);
         // remove base path from every extension but keep app/Extensions/...
-        $extensions = array_map(fn ($item) => str_replace('/', '\\', str_replace(app_path() . '/', 'App/', $item)), $extensions);
+        $extensions = array_map(fn ($item) => str_replace(app_path() . '/', 'App/', $item), $extensions);
 
         return $extensions;
     }
@@ -60,7 +61,10 @@ class ExtensionHelper
     public static function getAllExtensionClasses()
     {
         $extensions = self::getAllExtensions();
-        // add the ExtensionClass to the end of the namespace 
+
+        // replace all slashes with backslashes
+        $extensions = array_map(fn ($item) => str_replace('/', '\\', $item), $extensions);
+        // add the ExtensionClass to the end of the namespace
         $extensions = array_map(fn ($item) => $item . '\\' . basename($item) . 'Extension', $extensions);
         // filter out non existing extension classes
         $extensions = array_filter($extensions, fn ($item) => class_exists($item));
@@ -76,6 +80,9 @@ class ExtensionHelper
     public static function getAllExtensionClassesByNamespace(string $namespace)
     {
         $extensions = self::getAllExtensionsByNamespace($namespace);
+
+        // replace all slashes with backslashes
+        $extensions = array_map(fn ($item) => str_replace('/', '\\', $item), $extensions);
         // add the ExtensionClass to the end of the namespace
         $extensions = array_map(fn ($item) => $item . '\\' . basename($item) . 'Extension', $extensions);
         // filter out non existing extension classes
@@ -97,7 +104,7 @@ class ExtensionHelper
             if (!(basename($extension) ==  $extensionName)) {
                 continue;
             }
-
+            $extension = str_replace('/', '\\', $extension);
             $extensionClass = $extension . '\\' . $extensionName . 'Extension';
             return $extensionClass;
         }
@@ -177,10 +184,13 @@ class ExtensionHelper
     {
         $extensions = self::getAllExtensions();
 
+
         $settings = [];
         foreach ($extensions as $extension) {
-
             $extensionName = basename($extension);
+
+            // replace all slashes with backslashes
+            $extension = str_replace('/', '\\', $extension);
             $settingsClass = $extension . '\\' . $extensionName . 'Settings';
             if (class_exists($settingsClass)) {
                 $settings[] = $settingsClass;
@@ -193,6 +203,9 @@ class ExtensionHelper
     public static function getExtensionSettings(string $extensionName)
     {
         $extension = self::getExtension($extensionName);
+        // replace all slashes with backslashes
+        $extension = str_replace('/', '\\', $extension);
+
         $settingClass = $extension . '\\' . $extensionName . 'Settings';
 
         if (class_exists($settingClass)) {
@@ -207,6 +220,6 @@ class ExtensionHelper
      */
     private static function extensionNameToPath(string $extensionName)
     {
-        return app_path() . '/' . str_replace('\\', '/', str_replace('App\\', '', $extensionName));
+        return app_path() . '/' .  str_replace('App/', '', $extensionName);
     }
 }

app/Http/Controllers/Admin/ActivityLogController.php

@@ -14,6 +14,7 @@ use Spatie\Activitylog\Models\Activity;
 
 class ActivityLogController extends Controller
 {
+    const VIEW_PERMISSION = "admin.logs.read";
     /**
      * Display a listing of the resource.
      *
@@ -21,6 +22,9 @@ class ActivityLogController extends Controller
      */
     public function index(Request $request)
     {
+        $this->checkPermission(self::VIEW_PERMISSION);
+
+
         $cronLogs = Storage::disk('logs')->exists('cron.log') ? Storage::disk('logs')->get('cron.log') : null;
 
         if ($request->input('search')) {

app/Http/Controllers/Admin/ApplicationApiController.php

@@ -16,6 +16,8 @@ use Illuminate\Http\Response;
 
 class ApplicationApiController extends Controller
 {
+    const READ_PERMISSION = "admin.api.read";
+    const WRITE_PERMISSION = "admin.api.write";
     /**
      * Display a listing of the resource.
      *
@@ -23,6 +25,8 @@ class ApplicationApiController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.api.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -35,6 +39,8 @@ class ApplicationApiController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.api.create');
     }
 
@@ -76,6 +82,7 @@ class ApplicationApiController extends Controller
      */
     public function edit(ApplicationApi $applicationApi)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.api.edit', [
             'applicationApi' => $applicationApi,
         ]);
@@ -107,6 +114,8 @@ class ApplicationApiController extends Controller
      */
     public function destroy(ApplicationApi $applicationApi)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $applicationApi->delete();
 
         return redirect()->back()->with('success', __('api key has been removed!'));

app/Http/Controllers/Admin/CouponController.php

@@ -0,0 +1,242 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\Coupon;
+use App\Settings\LocaleSettings;
+use App\Traits\Coupon as CouponTrait;
+use Illuminate\Http\Request;
+use Carbon\Carbon;
+
+class CouponController extends Controller
+{
+    const READ_PERMISSION = "admin.coupons.read";
+    const WRITE_PERMISSION = "admin.coupons.write";
+
+    use CouponTrait;
+
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(LocaleSettings $localeSettings)
+    {
+        $this->checkPermission(self::READ_PERMISSION);
+
+        return view('admin.coupons.index', [
+            'locale_datatables' => $localeSettings->datatables
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function create()
+    {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
+        return view('admin.coupons.create');
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $coupon_code = $request->input('code');
+        $random_codes_amount = $request->input('range_codes');
+        $rules = $this->requestRules($request);
+
+         // If for some reason you pass both fields at once.
+         if ($coupon_code && $random_codes_amount) {
+            return redirect()->back()->with('error', __('Only one of the two code inputs must be provided.'))->withInput($request->all());
+        }
+
+        if (!$coupon_code && !$random_codes_amount) {
+            return redirect()->back()->with('error', __('At least one of the two code inputs must be provided.'))->withInput($request->all());
+        }
+
+        $request->validate($rules);
+
+        if (array_key_exists('range_codes', $rules)) {
+            $data = [];
+            $coupons = Coupon::generateRandomCoupon($random_codes_amount);
+
+            // Scroll through all the randomly generated coupons.
+            foreach ($coupons as $coupon) {
+                $data[] = [
+                    'code' => $coupon,
+                    'type' => $request->input('type'),
+                    'value' => $request->input('value'),
+                    'max_uses' => $request->input('max_uses'),
+                    'expires_at' => $request->input('expires_at'),
+                    'created_at' => Carbon::now(), // Does not fill in by itself when using the 'insert' method.
+                    'updated_at' => Carbon::now()
+                ];
+            }
+            Coupon::insert($data);
+        } else {
+            Coupon::create($request->except('_token'));
+        }
+
+        return redirect()->route('admin.coupons.index')->with('success', __("The coupon's was registered successfully."));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  \App\Models\Coupon  $coupon
+     * @return \Illuminate\Http\Response
+     */
+    public function show(Coupon $coupon)
+    {
+        //
+    }
+
+    /**
+     * Show the form for editing the specified resource.
+     *
+     * @param  \App\Models\Coupon  $coupon
+     * @return \Illuminate\Http\Response
+     */
+    public function edit(Coupon $coupon)
+    {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
+        return view('admin.coupons.edit', [
+            'coupon' => $coupon,
+            'expired_at' => $coupon->expires_at ? Carbon::createFromTimestamp($coupon->expires_at) : null
+        ]);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Models\Coupon  $coupon
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, Coupon $coupon)
+    {
+        $coupon_code = $request->input('code');
+        $random_codes_amount = $request->input('range_codes');
+        $rules = $this->requestRules($request);
+
+        // If for some reason you pass both fields at once.
+        if ($coupon_code && $random_codes_amount) {
+            return redirect()->back()->with('error', __('Only one of the two code inputs must be provided.'))->withInput($request->all());
+        }
+
+        if (!$coupon_code && !$random_codes_amount) {
+            return redirect()->back()->with('error', __('At least one of the two code inputs must be provided.'))->withInput($request->all());
+        }
+
+        $request->validate($rules);
+        $coupon->update($request->except('_token'));
+
+        return redirect()->route('admin.coupons.index')->with('success', __('coupon has been updated!'));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  \App\Models\Coupon  $coupon
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy(Coupon $coupon)
+    {
+        $this->checkPermission(self::WRITE_PERMISSION);
+        $coupon->delete();
+
+        return redirect()->back()->with('success', __('coupon has been removed!'));
+    }
+
+    private function requestRules(Request $request)
+    {
+        $coupon_code = $request->input('code');
+        $random_codes_amount = $request->input('range_codes');
+        $rules = [
+            "type" => "required|string|in:percentage,amount",
+            "max_uses" => "required|integer|digits_between:1,100",
+            "value" => "required|numeric|between:0,100",
+            "expires_at" => "nullable|date|after:" . Carbon::now()->format(Coupon::formatDate())
+        ];
+
+        if ($coupon_code) {
+            $rules['code'] = "required|string|min:4";
+        } elseif ($random_codes_amount) {
+            $rules['range_codes'] = 'required|integer|digits_between:1,100';
+        }
+
+        return $rules;
+    }
+
+    public function redeem(Request $request)
+    {
+        return $this->validateCoupon($request->user(), $request->input('couponCode'), $request->input('productId'));
+    }
+
+    public function dataTable()
+    {
+        $query = Coupon::selectRaw('
+            coupons.*,
+            CASE
+                WHEN coupons.uses >= coupons.max_uses THEN "USES_LIMIT_REACHED"
+                WHEN coupons.expires_at IS NOT NULL AND coupons.expires_at < NOW() THEN "EXPIRED"
+                ELSE "VALID"
+            END as derived_status
+        ');
+
+        return datatables($query)
+            ->addColumn('actions', function(Coupon $coupon) {
+                return '
+                    <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.coupons.edit', $coupon->id).'" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
+
+                    <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.coupons.destroy', $coupon->id).'">
+                        '.csrf_field().'
+                        '.method_field('DELETE').'
+                        <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
+                    </form>
+                ';
+            })
+            ->addColumn('status', function (Coupon $coupon) {
+                $color = ($coupon->derived_status == 'VALID') ? 'success' : 'danger';
+                $status = str_replace('_', ' ', $coupon->derived_status);
+
+                return '<span class="badge badge-'.$color.'">'.$status.'</span>';
+            })
+            ->editColumn('uses', function (Coupon $coupon) {
+                return "{$coupon->uses} / {$coupon->max_uses}";
+            })
+            ->editColumn('value', function (Coupon $coupon) {
+                if ($coupon->type === 'percentage') {
+                    return $coupon->value . "%";
+                }
+
+                return number_format($coupon->value, 2, '.', '');
+            })
+            ->editColumn('expires_at', function (Coupon $coupon) {
+                if (!$coupon->expires_at) {
+                    return __('Never');
+                }
+
+                return Carbon::createFromTimestamp($coupon->expires_at);
+            })
+            ->editColumn('created_at', function(Coupon $coupon) {
+                return Carbon::createFromTimeString($coupon->created_at);
+            })
+            ->editColumn('code', function (Coupon $coupon) {
+                return "<code>{$coupon->code}</code>";
+            })
+            ->orderColumn('status', 'derived_status $1')
+            ->rawColumns(['actions', 'code', 'status'])
+            ->make();
+    }
+}

app/Http/Controllers/Admin/LegalController.php

@@ -10,6 +10,8 @@ use Qirolab\Theme\Theme;
 
 class LegalController extends Controller
 {
+    const READ_PERMISSION = "admin.legal.read";
+    const WRITE_PERMISSION = "admin.legal.write";
     /**
      * Display
      *
@@ -17,6 +19,8 @@ class LegalController extends Controller
      */
     public function index()
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $tos = File::get(Theme::path($path = 'views', "default") . '/information/tos-content.blade.php');
         $privacy = File::get(Theme::path($path = 'views', "default") . '/information/privacy-content.blade.php');
         $imprint = File::get(Theme::path($path = 'views', "default") . '/information/imprint-content.blade.php');
@@ -29,6 +33,8 @@ class LegalController extends Controller
     }
 
     public function update(Request $request){
+        $this->checkPermission(self::READ_PERMISSION);
+
         $tos = $request->tos;
         $privacy = $request->privacy;
         $imprint = $request->imprint;

app/Http/Controllers/Admin/OverViewController.php

@@ -19,6 +19,8 @@ use Carbon\Carbon;
 
 class OverViewController extends Controller
 {
+    const READ_PERMISSION = "admin.overview.read";
+    const SYNC_PERMISSION = "admin.overview.sync";
     public const TTL = 86400;
 
     private $pterodactyl;
@@ -27,14 +29,18 @@ class OverViewController extends Controller
     {
         $this->pterodactyl = new PterodactylClient($ptero_settings);
     }
-    
+
     public function index(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         //Get counters
         $counters = collect();
         //Set basic variables in the collection
-        $counters->put('users', User::query()->count());
-        $counters->put('credits', number_format(User::query()->where('role', '!=', 'admin')->sum('credits'), 2, '.', ''));
+        $counters->put('users', collect());
+        $counters['users']->active = User::where("suspended", 0)->count();
+        $counters['users']->total = User::query()->count();
+        $counters->put('credits', number_format(User::query()->whereHas("roles", function($q){ $q->where("id", "!=", "1"); })->sum('credits'), 2, '.', ''));
         $counters->put('payments', Payment::query()->count());
         $counters->put('eggs', Egg::query()->count());
         $counters->put('nests', Nest::query()->count());
@@ -169,7 +175,8 @@ class OverViewController extends Controller
             $nodeId = $server['attributes']['node'];
 
             if ($CPServer = Server::query()->where('pterodactyl_id', $server['attributes']['id'])->first()) {
-                $price = Product::query()->where('id', $CPServer->product_id)->first()->price;
+                $product = Product::query()->where('id', $CPServer->product_id)->first();
+                $price = $product->getMonthlyPrice();
                 if (! $CPServer->suspended) {
                     $counters['earnings']->active += $price;
                     $counters['servers']->active++;
@@ -225,6 +232,8 @@ class OverViewController extends Controller
      */
     public function syncPterodactyl()
     {
+        $this->checkPermission(self::SYNC_PERMISSION);
+
         Node::syncNodes();
         Egg::syncEggs();
 

app/Http/Controllers/Admin/PartnerController.php

@@ -11,8 +11,12 @@ use Illuminate\Http\Request;
 
 class PartnerController extends Controller
 {
+    const READ_PERMISSION = "admin.partners.read";
+    const WRITE_PERMISSION = "admin.partners.write";
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.partners.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -25,6 +29,8 @@ class PartnerController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.partners.create', [
             'partners' => PartnerDiscount::get(),
             'users' => User::orderBy('name')->get(),
@@ -62,6 +68,8 @@ class PartnerController extends Controller
      */
     public function edit(PartnerDiscount $partner)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.partners.edit', [
             'partners' => PartnerDiscount::get(),
             'partner' => $partner,
@@ -98,6 +106,8 @@ class PartnerController extends Controller
      */
     public function destroy(PartnerDiscount $partner)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $partner->delete();
 
         return redirect()->back()->with('success', __('partner has been removed!'));
@@ -112,11 +122,11 @@ class PartnerController extends Controller
         return datatables($query)
             ->addColumn('actions', function (PartnerDiscount $partner) {
                 return '
-                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.partners.edit', $partner->id).'" class="btn btn-sm btn-info mr-1"><i class="fas fa-pen"></i></a>
+                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.partners.edit', $partner->id).'" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
                            <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.partners.destroy', $partner->id).'">
                             '.csrf_field().'
                             '.method_field('DELETE').'
-                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                        </form>
                 ';
             })
@@ -135,6 +145,7 @@ class PartnerController extends Controller
             ->editColumn('referral_system_commission', function (PartnerDiscount $partner, ReferralSettings $referral_settings) {
                 return $partner->referral_system_commission >= 0 ? $partner->referral_system_commission . '%' : __('Default') . ' ('.$referral_settings->percentage . '%)';
             })
+            ->orderColumn('user', 'user_id $1')
             ->rawColumns(['user', 'actions'])
             ->make();
     }

app/Http/Controllers/Admin/PaymentController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Admin;
 
+use App\Events\CouponUsedEvent;
 use App\Events\PaymentEvent;
 use App\Events\UserUpdateCreditsEvent;
 use App\Http\Controllers\Controller;
@@ -9,6 +10,7 @@ use App\Models\PartnerDiscount;
 use App\Models\Payment;
 use App\Models\User;
 use App\Models\ShopProduct;
+use App\Traits\Coupon as CouponTrait;
 use Exception;
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\View\Factory;
@@ -18,16 +20,26 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use App\Helpers\ExtensionHelper;
+use App\Settings\CouponSettings;
 use App\Settings\GeneralSettings;
 use App\Settings\LocaleSettings;
+use Illuminate\Support\Facades\Log;
 
 class PaymentController extends Controller
 {
+    const BUY_PERMISSION = 'user.shop.buy';
+    const VIEW_PERMISSION = "admin.payments.read";
+
+    use CouponTrait;
+
     /**
      * @return Application|Factory|View
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::VIEW_PERMISSION);
+
+
         return view('admin.payments.index')->with([
             'payments' => Payment::paginate(15),
             'locale_datatables' => $locale_settings->datatables
@@ -39,8 +51,10 @@ class PaymentController extends Controller
      * @param  ShopProduct  $shopProduct
      * @return Application|Factory|View
      */
-    public function checkOut(ShopProduct $shopProduct, GeneralSettings $general_settings)
+    public function checkOut(ShopProduct $shopProduct, GeneralSettings $general_settings, CouponSettings $coupon_settings)
     {
+        $this->checkPermission(self::BUY_PERMISSION);
+
         $discount = PartnerDiscount::getDiscount();
         $price = $shopProduct->price - ($shopProduct->price * $discount / 100);
 
@@ -73,7 +87,8 @@ class PaymentController extends Controller
             'total' => $shopProduct->getTotalPrice(),
             'paymentGateways'   => $paymentGateways,
             'productIsFree' => $price <= 0,
-            'credits_display_name' => $general_settings->credits_display_name
+            'credits_display_name' => $general_settings->credits_display_name,
+            'isCouponsEnabled' => $coupon_settings->enabled,
         ]);
     }
 
@@ -114,16 +129,67 @@ class PaymentController extends Controller
 
     public function pay(Request $request)
     {
-        $product = ShopProduct::find($request->product_id);
-        $paymentGateway = $request->payment_method;
+        try {
+            $user = Auth::user();
+            $user = User::findOrFail($user->id);
+            $productId = $request->product_id;
+            $shopProduct = ShopProduct::findOrFail($productId);
+            $discount = PartnerDiscount::getDiscount();
 
-        // on free products, we don't need to use a payment gateway
-        $realPrice = $product->price - ($product->price * PartnerDiscount::getDiscount() / 100);
-        if ($realPrice <= 0) {
-            return $this->handleFreeProduct($product);
+
+            $paymentGateway = $request->payment_method;
+            $couponCode = $request->coupon_code;
+
+            $subtotal = $shopProduct->price;
+
+            // Apply Coupon
+            if ($couponCode) {
+                if ($this->isCouponValid($couponCode, $user, $shopProduct->id)) {
+                    $subtotal = $this->applyCoupon($couponCode, $subtotal);
+                }
+            }
+
+            // Apply Partner Discount
+            $subtotal = $subtotal - ($subtotal * $discount / 100);
+            if ($subtotal <= 0) {
+                if ($couponCode) {
+                    event(new CouponUsedEvent($couponCode));
+                }
+
+                return $this->handleFreeProduct($shopProduct);
+            }
+
+            // Format the total price to a readable string
+            $totalPriceString = number_format($subtotal, 2, '.', '');
+
+            // create a new payment
+            $payment = Payment::create([
+                'user_id' => $user->id,
+                'payment_id' => null,
+                'payment_method' => $paymentGateway,
+                'type' => $shopProduct->type,
+                'status' => 'open',
+                'amount' => $shopProduct->quantity,
+                'price' => $totalPriceString,
+                'tax_value' => $shopProduct->getTaxValue(),
+                'tax_percent' => $shopProduct->getTaxPercent(),
+                'total_price' => $shopProduct->getTotalPrice(),
+                'currency_code' => $shopProduct->currency_code,
+                'shop_item_product_id' => $shopProduct->id,
+            ]);
+
+            $paymentGatewayExtension = ExtensionHelper::getExtensionClass($paymentGateway);
+            $redirectUrl = $paymentGatewayExtension::getRedirectUrl($payment, $shopProduct, $totalPriceString);
+
+            if ($couponCode) {
+                event(new CouponUsedEvent($couponCode));
+            }
+        } catch (Exception $e) {
+            Log::error($e->getMessage());
+            return redirect()->route('store.index')->with('error', __('Oops, something went wrong! Please try again later.'));
         }
 
-        return redirect()->route('payment.' . $paymentGateway . 'Pay', ['shopProduct' => $product->id]);
+        return redirect()->away($redirectUrl);
     }
 
     /**

app/Http/Controllers/Admin/ProductController.php

@@ -19,6 +19,10 @@ use Illuminate\Http\Request;
 
 class ProductController extends Controller
 {
+    const READ_PERMISSION = "admin.products.read";
+    const WRITE_PERMISSION = "admin.products.write";
+    const EDIT_PERMISSION = "admin.products.edit";
+    const DELETE_PERMISSION = "admin.products.delete";
     /**
      * Display a listing of the resource.
      *
@@ -26,6 +30,8 @@ class ProductController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.products.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -38,6 +44,7 @@ class ProductController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.products.create', [
             'locations' => Location::with('nodes')->get(),
             'nests' => Nest::with('eggs')->get(),
@@ -45,10 +52,13 @@ class ProductController extends Controller
         ]);
     }
 
-    public function clone(Product $product)
+    public function clone(Product $product, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.products.create', [
             'product' => $product,
+            'credits_display_name' =>  $general_settings->credits_display_name,
             'locations' => Location::with('nodes')->get(),
             'nests' => Nest::with('eggs')->get(),
         ]);
@@ -78,10 +88,14 @@ class ProductController extends Controller
             'nodes.*' => 'required|exists:nodes,id',
             'eggs.*' => 'required|exists:eggs,id',
             'disabled' => 'nullable',
+            'oom_killer' => 'nullable',
+            'billing_period' => 'required|in:hourly,daily,weekly,monthly,quarterly,half-annually,annually',
         ]);
 
+
         $disabled = ! is_null($request->input('disabled'));
-        $product = Product::create(array_merge($request->all(), ['disabled' => $disabled]));
+        $oomkiller = ! is_null($request->input('oom_killer'));
+        $product = Product::create(array_merge($request->all(), ['disabled' => $disabled, 'oom_killer' => $oomkiller]));
 
         //link nodes and eggs
         $product->eggs()->attach($request->input('eggs'));
@@ -98,6 +112,8 @@ class ProductController extends Controller
      */
     public function show(Product $product, UserSettings $user_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.products.show', [
             'product' => $product,
             'minimum_credits' => $user_settings->min_credits_to_make_server,
@@ -113,6 +129,8 @@ class ProductController extends Controller
      */
     public function edit(Product $product, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::EDIT_PERMISSION);
+
         return view('admin.products.edit', [
             'product' => $product,
             'locations' => Location::with('nodes')->get(),
@@ -146,10 +164,13 @@ class ProductController extends Controller
             'nodes.*' => 'required|exists:nodes,id',
             'eggs.*' => 'required|exists:eggs,id',
             'disabled' => 'nullable',
+            'oom_killer' => 'nullable',
+            'billing_period' => 'required|in:hourly,daily,weekly,monthly,quarterly,half-annually,annually',
         ]);
 
         $disabled = ! is_null($request->input('disabled'));
-        $product->update(array_merge($request->all(), ['disabled' => $disabled]));
+        $oomkiller = ! is_null($request->input('oom_killer'));
+        $product->update(array_merge($request->all(), ['disabled' => $disabled, 'oom_killer' => $oomkiller]));
 
         //link nodes and eggs
         $product->eggs()->detach();
@@ -167,6 +188,8 @@ class ProductController extends Controller
      */
     public function disable(Product $product)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $product->update(['disabled' => ! $product->disabled]);
 
         return redirect()->route('admin.products.index')->with('success', 'Product has been updated!');
@@ -180,6 +203,8 @@ class ProductController extends Controller
      */
     public function destroy(Product $product)
     {
+        $this->checkPermission(self::DELETE_PERMISSION);
+
         $servers = $product->servers()->count();
         if ($servers > 0) {
             return redirect()->back()->with('error', "Product cannot be removed while it's linked to {$servers} servers");
@@ -198,17 +223,18 @@ class ProductController extends Controller
     public function dataTable()
     {
         $query = Product::with(['servers']);
+
         return datatables($query)
             ->addColumn('actions', function (Product $product) {
                 return '
-                            <a data-content="'.__('Show').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.show', $product->id).'" class="btn btn-sm text-white btn-warning mr-1"><i class="fas fa-eye"></i></a>
-                            <a data-content="'.__('Clone').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.clone', $product->id).'" class="btn btn-sm text-white btn-primary mr-1"><i class="fas fa-clone"></i></a>
-                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.edit', $product->id).'" class="btn btn-sm btn-info mr-1"><i class="fas fa-pen"></i></a>
+                            <a data-content="'.__('Show').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.show', $product->id).'" class="mr-1 text-white btn btn-sm btn-warning"><i class="fas fa-eye"></i></a>
+                            <a data-content="'.__('Clone').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.clone', $product->id).'" class="mr-1 text-white btn btn-sm btn-primary"><i class="fas fa-clone"></i></a>
+                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.products.edit', $product->id).'" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
 
                            <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.products.destroy', $product->id).'">
                             '.csrf_field().'
                             '.method_field('DELETE').'
-                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                        </form>
                 ';
             })
@@ -222,7 +248,7 @@ class ProductController extends Controller
             ->addColumn('eggs', function (Product $product) {
                 return $product->eggs()->count();
             })
-            ->addColumn('disabled', function (Product $product) {
+            ->editColumn('disabled', function (Product $product) {
                 $checked = $product->disabled == false ? 'checked' : '';
 
                 return '
@@ -239,6 +265,9 @@ class ProductController extends Controller
             ->editColumn('minimum_credits', function (Product $product, UserSettings $user_settings) {
                 return $product->minimum_credits==-1 ? $user_settings->min_credits_to_make_server : $product->minimum_credits;
             })
+            ->editColumn('oom_killer', function (Product $product) {
+                return $product->oom_killer ? __("enabled") : __("disabled");
+            })
             ->editColumn('created_at', function (Product $product) {
                 return $product->created_at ? $product->created_at->diffForHumans() : '';
             })

app/Http/Controllers/Admin/RoleController.php

@@ -0,0 +1,219 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Exception;
+use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Contracts\View\Factory;
+use Illuminate\Contracts\View\View;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+class RoleController extends Controller
+{
+
+    const READ_PERMISSION = "admin.roles.read";
+    const CREATE_PERMISSION = "admin.roles.create";
+    const EDIT_PERMISSION = "admin.roles.edit";
+    const DELETE_PERMISSION = "admin.roles.delete";
+    /**
+     * Display a listing of the resource.
+     *
+     * @param Request $request
+     * @return mixed
+     * @throws Exception
+     */
+    public function index(Request $request)
+    {
+
+        $this->checkPermission(self::READ_PERMISSION);
+
+        //datatables
+        if ($request->ajax()) {
+            return $this->dataTableQuery();
+        }
+
+        $html = $this->dataTable();
+        return view('admin.roles.index', compact('html'));
+    }
+
+    /**
+     * Show the form for creating a new resource.
+     *
+     * @return Application|Factory|View
+     */
+    public function create()
+    {
+        $this->checkPermission(self::CREATE_PERMISSION);
+
+        $permissions = Permission::all();
+
+        return view('admin.roles.edit', compact('permissions'));
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @return RedirectResponse
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $this->checkPermission(self::CREATE_PERMISSION);
+
+        $role = Role::create([
+            'name' => $request->name,
+            'color' => $request->color,
+            'power' => $request->power
+        ]);
+
+        if ($request->permissions) {
+            $role->givePermissionTo($request->permissions);
+        }
+
+        return redirect()
+            ->route('admin.roles.index')
+            ->with('success', __('Role saved'));
+    }
+
+    /**
+     * Display the specified resource.
+     */
+    public function show()
+    {
+        abort(404);
+    }
+
+    /**
+     * Show the form for editing the specified resource.
+     *
+     * @param Role $role
+     * @return Application|Factory|View
+     */
+    public function edit(Role $role)
+    {
+        $this->checkPermission(self::EDIT_PERMISSION);
+
+        if(Auth::user()->roles[0]->power < $role->power){
+            return back()->with("error","You dont have enough Power to edit that Role");
+        }
+
+        $permissions = Permission::all();
+
+        return view('admin.roles.edit', compact('role', 'permissions'));
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param Role $role
+     * @return RedirectResponse
+     */
+    public function update(Request $request, Role $role)
+    {
+        $this->checkPermission(self::EDIT_PERMISSION);
+
+        if(Auth::user()->roles[0]->power < $role->power){
+            return back()->with("error","You dont have enough Power to edit that Role");
+        }
+
+        if ($request->permissions) {
+            if($role->id != 1){ //disable admin permissions change
+                $role->syncPermissions($request->permissions);
+            }
+        }
+
+        //if($role->id == 1 || $role->id == 3 || $role->id == 4){ //dont let the user change the names of these roles
+        //    $role->update([
+        //        'color' => $request->color
+        //    ]);
+        //}else{
+            $role->update([
+                'name' => $request->name,
+                'color' => $request->color
+            ]);
+        //}
+
+        //if($role->id == 1){
+        //    return redirect()->route('admin.roles.index')->with('success', __('Role updated. Name and Permissions of this Role cannot be changed'));
+        //}elseif($role->id == 4 || $role->id == 3){
+        //    return redirect()->route('admin.roles.index')->with('success', __('Role updated. Name of this Role cannot be changed'));
+       // }else{
+            return redirect()
+                ->route('admin.roles.index')
+                ->with('success', __('Role saved'));
+        //}
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @return RedirectResponse
+     */
+    public function destroy(Role $role)
+    {
+        $this->checkPermission(self::DELETE_PERMISSION);
+
+        if($role->id == 1 || $role->id == 3 || $role->id == 4){ //cannot delete the hard coded roles
+            return back()->with("error","You cannot delete that role");
+        }
+
+        $users = User::role($role)->get();
+
+        foreach($users as $user){
+            //$user->syncRoles(['Member']);
+            $user->syncRoles(4);
+        }
+
+        $role->delete();
+
+        return redirect()
+            ->route('admin.roles.index')
+            ->with('success', __('Role removed'));
+    }
+
+    /**
+     * @return mixed
+     * @throws Exception
+     */
+    public function dataTable()
+    {
+        $query = Role::query()->withCount(['users', 'permissions'])->get();
+
+        return datatables($query)
+            ->editColumn('id', function (Role $role) {
+                return $role->id;
+            })
+            ->addColumn('actions', function (Role $role) {
+                return '
+                            <a title="Edit" href="'.route("admin.roles.edit", $role).'" class="btn btn-sm btn-info"><i
+                                    class="fa fas fa-edit"></i></a>
+                            <form class="d-inline" method="post" action="'.route("admin.roles.destroy", $role).'">
+                            ' . csrf_field() . '
+                            ' . method_field("DELETE") . '
+                                <button title="Delete" type="submit" class="btn btn-sm btn-danger confirm"><i
+                                        class="fa fas fa-trash"></i></button>
+                            </form>
+                ';
+            })
+
+            ->editColumn('name', function (Role $role) {
+                return "<span style='background-color: $role->color' class='badge'>$role->name</span>";
+            })
+            ->editColumn('users_count', function ($query) {
+                return $query->users_count;
+            })
+            ->editColumn('permissions_count', function ($query){
+                return $query->permissions_count;
+            })
+            ->editColumn('power', function (Role $role){
+                return $role->power;
+            })
+            ->rawColumns(['actions', 'name'])
+            ->make(true);
+    }
+}

app/Http/Controllers/Admin/ServerController.php

@@ -20,6 +20,13 @@ use Illuminate\Support\Facades\Log;
 
 class ServerController extends Controller
 {
+
+    const READ_PERMISSION = "admin.servers.read";
+    const WRITE_PERMISSION = "admin.servers.write";
+    const SUSPEND_PERMISSION = "admin.servers.suspend";
+    const CHANGEOWNER_PERMISSION = "admin.servers.write.owner";
+    const CHANGE_IDENTIFIER_PERMISSION = "admin.servers.write.identifier";
+    const DELETE_PERMISSION = "admin.servers.delete";
     private $pterodactyl;
 
     public function __construct(PterodactylSettings $ptero_settings)
@@ -34,6 +41,8 @@ class ServerController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.servers.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -47,6 +56,8 @@ class ServerController extends Controller
      */
     public function edit(Server $server)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         // get all users from the database
         $users = User::all();
 
@@ -70,7 +81,7 @@ class ServerController extends Controller
         ]);
 
 
-        if ($request->get('user_id') != $server->user_id) {
+        if ($request->get('user_id') != $server->user_id && $this->can(self::CHANGEOWNER_PERMISSION)) {
             // find the user
             $user = User::findOrFail($request->get('user_id'));
 
@@ -89,7 +100,10 @@ class ServerController extends Controller
         }
 
         // update the identifier
-        $server->identifier = $request->get('identifier');
+        if ($this->can(self::CHANGE_IDENTIFIER_PERMISSION)) {
+
+            $server->identifier = $request->get('identifier');
+        }
         $server->save();
 
         return redirect()->route('admin.servers.index')->with('success', 'Server updated!');
@@ -103,6 +117,7 @@ class ServerController extends Controller
      */
     public function destroy(Server $server)
     {
+        $this->checkPermission(self::DELETE_PERMISSION);
         try {
             $server->delete();
 
@@ -113,11 +128,31 @@ class ServerController extends Controller
     }
 
     /**
-     * @param  Server  $server
+     * Cancel the Server billing cycle.
+     *
+     * @param Server $server
+     * @return RedirectResponse|Response
+     */
+    public function cancel(Server $server)
+    {
+        try {
+            $server->update([
+                'canceled' => now(),
+            ]);
+            return redirect()->route('servers.index')->with('success', __('Server canceled'));
+        } catch (Exception $e) {
+            return redirect()->route('servers.index')->with('error', __('An exception has occurred while trying to cancel the server"') . $e->getMessage() . '"');
+        }
+    }
+
+    /**
+     * @param Server $server
      * @return RedirectResponse
      */
     public function toggleSuspended(Server $server)
     {
+        $this->checkPermission(self::SUSPEND_PERMISSION);
+
         try {
             $server->isSuspended() ? $server->unSuspend() : $server->suspend();
         } catch (Exception $exception) {

app/Http/Controllers/Admin/SettingsController.php

@@ -15,6 +15,8 @@ use Qirolab\Theme\Theme;
 
 class SettingsController extends Controller
 {
+
+
     /**
      * Display a listing of the resource.
      *
@@ -23,6 +25,7 @@ class SettingsController extends Controller
     public function index()
     {
 
+
         // get all other settings in app/Settings directory
         // group items by file name like $categories
         $settings = collect();
@@ -61,6 +64,7 @@ class SettingsController extends Controller
                     'type' => $optionInputData[$key]['type'] ?? 'string',
                     'description' => $optionInputData[$key]['description'] ?? '',
                     'options' => $optionInputData[$key]['options'] ?? [],
+                    'identifier' => $optionInputData[$key]['identifier'] ?? 'option'
                 ];
             }
 
@@ -92,6 +96,9 @@ class SettingsController extends Controller
     public function update(Request $request)
     {
         $category = request()->get('category');
+
+        $this->checkPermission("settings." . strtolower($category) . ".write");
+
         $settings_class = request()->get('settings_class');
 
         if (method_exists($settings_class, 'getValidations')) {
@@ -113,19 +120,44 @@ class SettingsController extends Controller
             $rp = new \ReflectionProperty($settingsClass, $key);
             $rpType = $rp->getType();
 
+
             if ($rpType == 'bool') {
                 $settingsClass->$key = $request->has($key);
                 continue;
             }
+            if ($rp->name == 'available') {
+                $settingsClass->$key = implode(",", $request->$key);
+                continue;
+            }
 
             $nullable = $rpType->allowsNull();
             if ($nullable) $settingsClass->$key = $request->input($key) ?? null;
             else $settingsClass->$key = $request->input($key);
         }
-
         $settingsClass->save();
 
 
         return Redirect::to('admin/settings' . '#' . $category)->with('success', 'Settings updated successfully.');
     }
+
+    public function updateIcons(Request $request)
+    {
+        $request->validate([
+            'icon' => 'nullable|max:10000|mimes:jpg,png,jpeg',
+            'logo' => 'nullable|max:10000|mimes:jpg,png,jpeg',
+            'favicon' => 'nullable|max:10000|mimes:ico',
+        ]);
+
+        if ($request->hasFile('icon')) {
+            $request->file('icon')->storeAs('public', 'icon.png');
+        }
+        if ($request->hasFile('logo')) {
+            $request->file('logo')->storeAs('public', 'logo.png');
+        }
+        if ($request->hasFile('favicon')) {
+            $request->file('favicon')->storeAs('public', 'favicon.ico');
+        }
+
+        return Redirect::to('admin/settings')->with('success', 'Icons updated successfully.');
+    }
 }

app/Http/Controllers/Admin/ShopProductController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Admin;
 
+use App\Http\Controllers\Controller;
 use App\Models\ShopProduct;
 use App\Settings\GeneralSettings;
 use App\Settings\LocaleSettings;
@@ -11,12 +12,15 @@ use Illuminate\Contracts\View\View;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
-use Illuminate\Routing\Controller;
 use Illuminate\Validation\Rule;
 
 class ShopProductController extends Controller
 {
 
+    const READ_PERMISSION = 'admin.store.read';
+    const WRITE_PERMISSION = 'admin.store.write';
+    const DISABLE_PERMISSION = 'admin.store.disable';
+
     /**
      * Display a listing of the resource.
      *
@@ -24,6 +28,8 @@ class ShopProductController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $isStoreEnabled = $general_settings->store_enabled;
 
 
@@ -40,6 +46,8 @@ class ShopProductController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.store.create', [
             'currencyCodes' => config('currency_codes'),
             'credits_display_name' => $general_settings->credits_display_name
@@ -78,6 +86,8 @@ class ShopProductController extends Controller
      */
     public function edit(ShopProduct $shopProduct, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.store.edit', [
             'currencyCodes' => config('currency_codes'),
             'shopProduct' => $shopProduct,
@@ -117,6 +127,8 @@ class ShopProductController extends Controller
      */
     public function disable(ShopProduct $shopProduct)
     {
+        $this->checkPermission(self::DISABLE_PERMISSION);
+
         $shopProduct->update(['disabled' => !$shopProduct->disabled]);
 
         return redirect()->route('admin.store.index')->with('success', __('Product has been updated!'));
@@ -130,6 +142,7 @@ class ShopProductController extends Controller
      */
     public function destroy(ShopProduct $shopProduct)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $shopProduct->delete();
 
         return redirect()->back()->with('success', __('Store item has been removed!'));
@@ -143,16 +156,16 @@ class ShopProductController extends Controller
         return datatables($query)
             ->addColumn('actions', function (ShopProduct $shopProduct) {
                 return '
-                            <a data-content="' . __('Edit') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.store.edit', $shopProduct->id) . '" class="btn btn-sm btn-info mr-1"><i class="fas fa-pen"></i></a>
+                            <a data-content="' . __('Edit') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.store.edit', $shopProduct->id) . '" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
 
                            <form class="d-inline" onsubmit="return submitResult();" method="post" action="' . route('admin.store.destroy', $shopProduct->id) . '">
                             ' . csrf_field() . '
                             ' . method_field('DELETE') . '
-                           <button data-content="' . __('Delete') . '" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                           <button data-content="' . __('Delete') . '" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                        </form>
                 ';
             })
-            ->addColumn('disabled', function (ShopProduct $shopProduct) {
+            ->editColumn('disabled', function (ShopProduct $shopProduct) {
                 $checked = $shopProduct->disabled == false ? 'checked' : '';
 
                 return '

app/Http/Controllers/Admin/TicketCategoryController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Http\Controllers\Moderation;
+namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
 use App\Models\Ticket;
@@ -9,15 +9,20 @@ use Illuminate\Http\Request;
 
 class TicketCategoryController extends Controller
 {
+    const READ_PERMISSION = "admin.tickets.category.read";
+    const WRITE_PERMISSION = "admin.tickets.category.write";
     /**
+     *
      * Display a listing of the resource.
      *
      * @return \Illuminate\Http\Response
      */
     public function index()
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $categories = TicketCategory::all();
-        return view('moderator.ticket.category')->with("categories",$categories);
+        return view('admin.ticket.category')->with("categories",$categories);
     }
 
     /**
@@ -28,6 +33,8 @@ class TicketCategoryController extends Controller
      */
     public function store(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $request->validate([
             'name' => 'required|string|max:191',
         ]);
@@ -35,7 +42,7 @@ class TicketCategoryController extends Controller
         TicketCategory::create($request->all());
 
 
-        return redirect(route("moderator.ticket.category.index"))->with("success",__("Category created"));
+        return redirect(route("admin.ticket.category.index"))->with("success",__("Category created"));
     }
 
     /**
@@ -46,6 +53,8 @@ class TicketCategoryController extends Controller
      */
     public function update(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $request->validate([
             'category' => 'required|int',
             'name' => 'required|string|max:191',
@@ -68,6 +77,8 @@ class TicketCategoryController extends Controller
      */
     public function destroy($id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $category = TicketCategory::where("id",$id)->firstOrFail();
 
         if($category->id == 5 ){ //cannot delete "other" category
@@ -84,7 +95,7 @@ class TicketCategoryController extends Controller
         $category->delete();
 
         return redirect()
-            ->route('moderator.ticket.category.index')
+            ->route('admin.ticket.category.index')
             ->with('success', __('Category removed'));
     }
 
@@ -101,7 +112,7 @@ class TicketCategoryController extends Controller
             })
             ->addColumn('actions', function (TicketCategory $category) {
                 return '
-                           <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('moderator.ticket.category.destroy', $category->id).'">
+                           <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.ticket.category.destroy', $category->id).'">
                             '.csrf_field().'
                             '.method_field('DELETE').'
                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>

app/Http/Controllers/Admin/TicketsController.php

@@ -1,8 +1,9 @@
 <?php
 
-namespace App\Http\Controllers\Moderation;
+namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
+use App\Http\Controllers\Moderation\Exception;
 use App\Models\Server;
 use App\Models\Ticket;
 use App\Models\TicketBlacklist;
@@ -17,9 +18,16 @@ use Illuminate\Support\Facades\Auth;
 
 class TicketsController extends Controller
 {
+    const READ_PERMISSION = "admin.tickets.read";
+    const WRITE_PERMISSION = "admin.tickets.write";
+
+    const BLACKLIST_READ_PERMISSION ='admin.ticket_blacklist.read';
+    const BLACKLIST_WRITE_PERMISSION ='admin.ticket_blacklist.write';
     public function index(LocaleSettings $locale_settings)
     {
-        return view('moderator.ticket.index', [
+        $this->checkPermission(self::READ_PERMISSION);
+
+        return view('admin.ticket.index', [
             'tickets' => Ticket::orderBy('id', 'desc')->paginate(10),
             'ticketcategories' => TicketCategory::all(),
             'locale_datatables' => $locale_settings->datatables
@@ -28,6 +36,7 @@ class TicketsController extends Controller
 
     public function show($ticket_id, PterodactylSettings $ptero_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch (Exception $e)
@@ -39,11 +48,12 @@ class TicketsController extends Controller
         $server = Server::where('id', $ticket->server)->first();
         $pterodactyl_url = $ptero_settings->panel_url;
 
-        return view('moderator.ticket.show', compact('ticket', 'ticketcategory', 'ticketcomments', 'server', 'pterodactyl_url'));
+        return view('admin.ticket.show', compact('ticket', 'ticketcategory', 'ticketcomments', 'server', 'pterodactyl_url'));
     }
 
     public function changeStatus($ticket_id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch(Exception $e)
@@ -65,6 +75,7 @@ class TicketsController extends Controller
 
     public function delete($ticket_id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch (Exception $e)
@@ -80,6 +91,9 @@ class TicketsController extends Controller
 
     public function reply(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
+
         $this->validate($request, ['ticketcomment' => 'required']);
         try {
             $ticket = Ticket::where('id', $request->input('ticket_id'))->firstOrFail();
@@ -107,14 +121,15 @@ class TicketsController extends Controller
 
     public function dataTable()
     {
-        $query = Ticket::query();
+        $query = Ticket::leftJoin('ticket_categories', 'tickets.ticketcategory_id', '=', 'ticket_categories.id')
+            ->select(['tickets.*', 'ticket_categories.name as category_name']);
 
         return datatables($query)
-            ->addColumn('category', function (Ticket $tickets) {
-                return $tickets->ticketcategory->name;
+            ->addColumn('category', function (Ticket $ticket) {
+                return $ticket->category_name;
             })
             ->editColumn('title', function (Ticket $tickets) {
-                return '<a class="text-info"  href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
+                return '<a class="text-info"  href="'.route('admin.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
             })
             ->editColumn('user_id', function (Ticket $tickets) {
                 return '<a href="'.route('admin.users.show', $tickets->user->id).'">'.$tickets->user->name.'</a>';
@@ -125,16 +140,16 @@ class TicketsController extends Controller
                 $statusButtonText = ($tickets->status == "Closed") ? __('Reopen') : __('Close');
 
                 return '
-                            <a data-content="'.__('View').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'" class="btn btn-sm text-white btn-info mr-1"><i class="fas fa-eye"></i></a>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.changeStatus', ['ticket_id' => $tickets->ticket_id]).'">
+                            <a data-content="'.__('View').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.ticket.show', ['ticket_id' => $tickets->ticket_id]).'" class="mr-1 text-white btn btn-sm btn-info"><i class="fas fa-eye"></i></a>
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.changeStatus', ['ticket_id' => $tickets->ticket_id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
-                            <button data-content="'.__($statusButtonText).'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white '.$statusButtonColor.'  mr-1"><i class="fas '.$statusButtonIcon.'"></i></button>
+                            <button data-content="'.__($statusButtonText).'" data-toggle="popover" data-trigger="hover" data-placement="top" class="text-white btn btn-sm '.$statusButtonColor.'  mr-1"><i class="fas '.$statusButtonIcon.'"></i></button>
                             </form>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.delete', ['ticket_id' => $tickets->ticket_id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.delete', ['ticket_id' => $tickets->ticket_id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
-                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 text-white btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                             </form>
                 ';
             })
@@ -164,19 +179,24 @@ class TicketsController extends Controller
                 return ['display' => $tickets->updated_at ? $tickets->updated_at->diffForHumans() : '',
                         'raw' => $tickets->updated_at ? strtotime($tickets->updated_at) : ''];
             })
-            ->rawColumns(['category', 'title', 'user_id', 'status', 'priority', 'updated_at', 'actions'])
+            ->orderColumn('category', 'category_name $1')
+            ->rawColumns(['title', 'user_id', 'status', 'priority', 'updated_at', 'actions'])
             ->make(true);
     }
 
     public function blacklist(LocaleSettings $locale_settings)
     {
-        return view('moderator.ticket.blacklist', [
+        $this->checkPermission(self::BLACKLIST_READ_PERMISSION);
+
+        return view('admin.ticket.blacklist', [
             'locale_datatables' => $locale_settings->datatables
         ]);
     }
 
     public function blacklistAdd(Request $request)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         try {
         $user = User::where('id', $request->user_id)->firstOrFail();
         $check = TicketBlacklist::where('user_id', $user->id)->first();
@@ -202,6 +222,8 @@ class TicketsController extends Controller
 
     public function blacklistDelete($id)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         $blacklist = TicketBlacklist::where('id', $id)->first();
         $blacklist->delete();
 
@@ -210,6 +232,8 @@ class TicketsController extends Controller
 
     public function blacklistChange($id)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         try {
             $blacklist = TicketBlacklist::where('id', $id)->first();
         }
@@ -254,15 +278,15 @@ class TicketsController extends Controller
             })
             ->addColumn('actions', function (TicketBlacklist $blacklist) {
                 return '
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.blacklist.change', ['id' => $blacklist->id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.blacklist.change', ['id' => $blacklist->id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
-                            <button data-content="'.__('Change Status').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-warning mr-1"><i class="fas fa-sync-alt"></i></button>
+                            <button data-content="'.__('Change Status').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 text-white btn btn-sm btn-warning"><i class="fas fa-sync-alt"></i></button>
                             </form>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.blacklist.delete', ['id' => $blacklist->id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.blacklist.delete', ['id' => $blacklist->id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
-                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 text-white btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                             </form>
                 ';
             })

app/Http/Controllers/Admin/UsefulLinkController.php

@@ -15,6 +15,8 @@ use Illuminate\Http\Response;
 
 class UsefulLinkController extends Controller
 {
+    const READ_PERMISSION = "admin.useful_links.read";
+    const WRITE_PERMISSION = "admin.useful_links.write";
     /**
      * Display a listing of the resource.
      *
@@ -22,6 +24,7 @@ class UsefulLinkController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
         return view('admin.usefullinks.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -34,6 +37,7 @@ class UsefulLinkController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $positions = UsefulLinkLocation::cases();
         return view('admin.usefullinks.create')->with('positions', $positions);
     }
@@ -84,6 +88,8 @@ class UsefulLinkController extends Controller
      */
     public function edit(UsefulLink $usefullink)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $positions = UsefulLinkLocation::cases();
         return view('admin.usefullinks.edit', [
             'link' => $usefullink,
@@ -126,6 +132,7 @@ class UsefulLinkController extends Controller
      */
     public function destroy(UsefulLink $usefullink)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $usefullink->delete();
 
         return redirect()->back()->with('success', __('product has been removed!'));

app/Http/Controllers/Admin/UserController.php

@@ -26,9 +26,24 @@ use Illuminate\Support\HtmlString;
 use Illuminate\Validation\Rule;
 use Illuminate\Validation\ValidationException;
 use Spatie\QueryBuilder\QueryBuilder;
+use Spatie\Permission\Models\Role;
 
 class UserController extends Controller
 {
+    const READ_PERMISSION = "admin.users.read";
+    const WRITE_PERMISSION = "admin.users.write";
+    const SUSPEND_PERMISSION = "admin.users.suspend";
+    const CHANGE_EMAIL_PERMISSION = "admin.users.write.email";
+    const CHANGE_CREDITS_PERMISSION = "admin.users.write.credits";
+    const CHANGE_USERNAME_PERMISSION = "admin.users.write.username";
+    const CHANGE_PASSWORD_PERMISSION = "admin.users.write.password";
+    const CHANGE_ROLE_PERMISSION ="admin.users.write.role";
+    const CHANGE_REFERAL_PERMISSION ="admin.users.write.referal";
+    const CHANGE_PTERO_PERMISSION = "admin.users.write.pterodactyl";
+    const DELETE_PERMISSION = "admin.users.delete";
+    const NOTIFY_PERMISSION = "admin.users.notify";
+    const LOGIN_PERMISSION = "admin.users.login_as";
+
     private $pterodactyl;
 
     public function __construct(PterodactylSettings $ptero_settings)
@@ -44,6 +59,8 @@ class UserController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.users.index', [
             'locale_datatables' => $locale_settings->datatables,
             'credits_display_name' => $general_settings->credits_display_name
@@ -58,6 +75,8 @@ class UserController extends Controller
      */
     public function show(User $user, LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         //QUERY ALL REFERRALS A USER HAS
         //i am not proud of this at all.
         $allReferals = [];
@@ -108,9 +127,13 @@ class UserController extends Controller
      */
     public function edit(User $user, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
+        $roles = Role::all();
         return view('admin.users.edit')->with([
             'user' => $user,
-            'credits_display_name' => $general_settings->credits_display_name
+            'credits_display_name' => $general_settings->credits_display_name,
+            'roles' => $roles
         ]);
     }
 
@@ -125,23 +148,27 @@ class UserController extends Controller
      */
     public function update(Request $request, User $user)
     {
-        $request->validate([
+        $data = $request->validate([
             'name' => 'required|string|min:4|max:30',
             'pterodactyl_id' => "required|numeric|unique:users,pterodactyl_id,{$user->id}",
             'email' => 'required|string|email',
             'credits' => 'required|numeric|min:0|max:99999999',
             'server_limit' => 'required|numeric|min:0|max:1000000',
-            'role' => Rule::in(['admin', 'moderator', 'client', 'member']),
             'referral_code' => "required|string|min:2|max:32|unique:users,referral_code,{$user->id}",
         ]);
 
+        //update roles
+        if ($request->roles && $this->can(self::CHANGE_ROLE_PERMISSION)) {
+            $user->syncRoles($request->roles);
+        }
+
         if (isset($this->pterodactyl->getUser($request->input('pterodactyl_id'))['errors'])) {
             throw ValidationException::withMessages([
                 'pterodactyl_id' => [__("User does not exists on pterodactyl's panel")],
             ]);
         }
 
-        if (!is_null($request->input('new_password'))) {
+        if (!is_null($request->input('new_password')) && $this->can(self::CHANGE_PASSWORD_PERMISSION)) {
             $request->validate([
                 'new_password' => 'required|string|min:8',
                 'new_password_confirmation' => 'required|same:new_password',
@@ -152,7 +179,24 @@ class UserController extends Controller
             ]);
         }
 
-        $user->update($request->all());
+        // if($this->can(self::CHANGE_USERNAME_PERMISSION)){
+        //    $user->name = $request->name;
+        // }
+        // if($this->can(self::CHANGE_CREDITS_PERMISSION)){
+        //     $user->credits = $request->credits;
+        // }
+        // if($this->can(self::CHANGE_PTERO_PERMISSION)){
+        //     $user->pterodactyl_id = $request->pterodactyl_id;
+        // }
+        // if($this->can(self::CHANGE_REFERAL_PERMISSION)){
+        //     $user->referral_code = $request->referral_code;
+        // }
+        // if($this->can(self::CHANGE_EMAIL_PERMISSION)){
+        //     $user->email = $request->email;
+        // }
+
+        $user->update($data);
+
         event(new UserUpdateCreditsEvent($user));
 
         return redirect()->route('admin.users.index')->with('success', 'User updated!');
@@ -166,7 +210,9 @@ class UserController extends Controller
      */
     public function destroy(User $user)
     {
-        if ($user->role === 'admin' && User::query()->where('role', 'admin')->count() === 1) {
+        $this->checkPermission(self::DELETE_PERMISSION);
+
+        if ($user->hasRole(1) && User::role(1)->count() === 1) {
             return redirect()->back()->with('error', __('You can not delete the last admin!'));
         }
 
@@ -195,6 +241,8 @@ class UserController extends Controller
      */
     public function loginAs(Request $request, User $user)
     {
+        $this->checkPermission(self::LOGIN_PERMISSION);
+
         $request->session()->put('previousUser', Auth::user()->id);
         Auth::login($user);
 
@@ -207,6 +255,7 @@ class UserController extends Controller
      */
     public function logBackIn(Request $request)
     {
+
         Auth::loginUsingId($request->session()->get('previousUser'), true);
         $request->session()->remove('previousUser');
 
@@ -221,7 +270,11 @@ class UserController extends Controller
      */
     public function notifications()
     {
-        return view('admin.users.notifications');
+        $this->checkPermission(self::NOTIFY_PERMISSION);
+
+        $roles = Role::all();
+
+        return view('admin.users.notifications')->with(["roles" => $roles]);
     }
 
     /**
@@ -235,12 +288,16 @@ class UserController extends Controller
      */
     public function notify(Request $request)
     {
+        $this->checkPermission(self::NOTIFY_PERMISSION);
+
+//TODO: reimplement the required validation on all,users and roles . didnt work -- required_without:users,roles
         $data = $request->validate([
             'via' => 'required|min:1|array',
             'via.*' => 'required|string|in:mail,database',
-            'all' => 'required_without:users|boolean',
-            'users' => 'required_without:all|min:1|array',
-            'users.*' => 'exists:users,id',
+            'all' => 'boolean',
+            'users' => 'min:1|array',
+            'roles' => 'min:1|array',
+            'roles.*' => 'required_without:all,users|exists:roles,id',
             'title' => 'required|string|min:1',
             'content' => 'required|string|min:1',
         ]);
@@ -259,7 +316,14 @@ class UserController extends Controller
                 ->line(new HtmlString($data['content']));
         }
         $all = $data['all'] ?? false;
-        $users = $all ? User::all() : User::whereIn('id', $data['users'])->get();
+        $roles = $data['roles'] ?? false;
+        if(!$roles){
+            $users = $all ? User::all() : User::whereIn('id', $data['users'])->get();
+        } else{
+            $users = User::role($data["roles"])->get();
+        }
+
+
         try {
             Notification::send($users, new DynamicNotification($data['via'], $database, $mail));
         } catch (Exception $e) {
@@ -275,6 +339,12 @@ class UserController extends Controller
      */
     public function toggleSuspended(User $user)
     {
+        $this->checkPermission(self::SUSPEND_PERMISSION);
+
+        if (Auth::user()->id === $user->id) {
+            return redirect()->back()->with('error', __('You can not suspend yourself!'));
+        }
+
         try {
             !$user->isSuspended() ? $user->suspend() : $user->unSuspend();
         } catch (Exception $exception) {
@@ -289,17 +359,19 @@ class UserController extends Controller
      */
     public function dataTable(Request $request)
     {
-        $query =  User::with('discordUser')->withCount('servers');
-        // manually count referrals in user_referrals table
-        $query->selectRaw('users.*, (SELECT COUNT(*) FROM user_referrals WHERE user_referrals.referral_id = users.id) as referrals_count');
-
+        $query = User::query()
+            ->withCount('servers')
+            ->leftJoin('model_has_roles', 'users.id', '=', 'model_has_roles.model_id')
+            ->leftJoin('roles', 'model_has_roles.role_id', '=', 'roles.id')
+            ->selectRaw('users.*, roles.name as role_name, (SELECT COUNT(*) FROM user_referrals WHERE user_referrals.referral_id = users.id) as referrals_count')
+            ->where('model_has_roles.model_type', User::class);
 
         return datatables($query)
             ->addColumn('avatar', function (User $user) {
-                return '<img width="28px" height="28px" class="rounded-circle ml-1" src="' . $user->getAvatar() . '">';
+                return '<img width="28px" height="28px" class="ml-1 rounded-circle" src="' . $user->getAvatar() . '">';
             })
             ->addColumn('credits', function (User $user) {
-                return '<i class="fas fa-coins mr-2"></i> ' . $user->credits();
+                return '<i class="mr-2 fas fa-coins"></i> ' . $user->credits();
             })
             ->addColumn('verified', function (User $user) {
                 return $user->getVerifiedStatus();
@@ -313,10 +385,10 @@ class UserController extends Controller
                 $suspendText = $user->isSuspended() ? __('Unsuspend') : __('Suspend');
 
                 return '
-                <a data-content="' . __('Login as User') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.users.loginas', $user->id) . '" class="btn btn-sm btn-primary mr-1"><i class="fas fa-sign-in-alt"></i></a>
-                <a data-content="' . __('Verify') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.users.verifyEmail', $user->id) . '" class="btn btn-sm btn-secondary mr-1"><i class="fas fa-envelope"></i></a>
-                <a data-content="' . __('Show') . '" data-toggle="popover" data-trigger="hover" data-placement="top"  href="' . route('admin.users.show', $user->id) . '" class="btn btn-sm text-white btn-warning mr-1"><i class="fas fa-eye"></i></a>
-                <a data-content="' . __('Edit') . '" data-toggle="popover" data-trigger="hover" data-placement="top"  href="' . route('admin.users.edit', $user->id) . '" class="btn btn-sm btn-info mr-1"><i class="fas fa-pen"></i></a>
+                <a data-content="' . __('Login as User') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.users.loginas', $user->id) . '" class="mr-1 btn btn-sm btn-primary"><i class="fas fa-sign-in-alt"></i></a>
+                <a data-content="' . __('Verify') . '" data-toggle="popover" data-trigger="hover" data-placement="top" href="' . route('admin.users.verifyEmail', $user->id) . '" class="mr-1 btn btn-sm btn-secondary"><i class="fas fa-envelope"></i></a>
+                <a data-content="' . __('Show') . '" data-toggle="popover" data-trigger="hover" data-placement="top"  href="' . route('admin.users.show', $user->id) . '" class="mr-1 text-white btn btn-sm btn-warning"><i class="fas fa-eye"></i></a>
+                <a data-content="' . __('Edit') . '" data-toggle="popover" data-trigger="hover" data-placement="top"  href="' . route('admin.users.edit', $user->id) . '" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
                 <form class="d-inline" method="post" action="' . route('admin.users.togglesuspend', $user->id) . '">
                              ' . csrf_field() . '
                             <button data-content="' . $suspendText . '" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm ' . $suspendColor . ' text-white mr-1"><i class="far ' . $suspendIcon . '"></i></button>
@@ -324,27 +396,18 @@ class UserController extends Controller
                 <form class="d-inline" onsubmit="return submitResult();" method="post" action="' . route('admin.users.destroy', $user->id) . '">
                              ' . csrf_field() . '
                              ' . method_field('DELETE') . '
-                            <button data-content="' . __('Delete') . '" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                            <button data-content="' . __('Delete') . '" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                         </form>
                 ';
             })
             ->editColumn('role', function (User $user) {
-                switch ($user->role) {
-                    case 'admin':
-                        $badgeColor = 'badge-danger';
-                        break;
-                    case 'moderator':
-                        $badgeColor = 'badge-info';
-                        break;
-                    case 'client':
-                        $badgeColor = 'badge-success';
-                        break;
-                    default:
-                        $badgeColor = 'badge-secondary';
-                        break;
+                $html = '';
+
+                foreach ($user->roles as $role) {
+                    $html .= "<span style='background-color: $role->color' class='badge'>$role->name</span>";
                 }
 
-                return '<span class="badge ' . $badgeColor . '">' . $user->role . '</span>';
+                return $html;
             })
             ->editColumn('last_seen', function (User $user) {
                 return $user->last_seen ? $user->last_seen->diffForHumans() : __('Never');
@@ -352,6 +415,7 @@ class UserController extends Controller
             ->editColumn('name', function (User $user, PterodactylSettings $ptero_settings) {
                 return '<a class="text-info" target="_blank" href="' . $ptero_settings->panel_url . '/admin/users/view/' . $user->pterodactyl_id . '">' . strip_tags($user->name) . '</a>';
             })
+            ->orderColumn('role', 'role_name $1')
             ->rawColumns(['avatar', 'name', 'credits', 'role', 'usage',  'actions'])
             ->make();
     }

app/Http/Controllers/Admin/VoucherController.php

@@ -19,6 +19,8 @@ use Illuminate\Validation\ValidationException;
 
 class VoucherController extends Controller
 {
+    const READ_PERMISSION = "admin.voucher.read";
+    const WRITE_PERMISSION = "admin.voucher.write";
     /**
      * Display a listing of the resource.
      *
@@ -26,6 +28,8 @@ class VoucherController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.vouchers.index', [
             'locale_datatables' => $locale_settings->datatables,
             'credits_display_name' => $general_settings->credits_display_name
@@ -39,6 +43,7 @@ class VoucherController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.vouchers.create', [
             'credits_display_name' => $general_settings->credits_display_name
         ]);
@@ -84,6 +89,7 @@ class VoucherController extends Controller
      */
     public function edit(Voucher $voucher, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.vouchers.edit', [
             'voucher' => $voucher,
             'credits_display_name' => $general_settings->credits_display_name
@@ -120,6 +126,7 @@ class VoucherController extends Controller
      */
     public function destroy(Voucher $voucher)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $voucher->delete();
 
         return redirect()->back()->with('success', __('voucher has been removed!'));
@@ -127,6 +134,8 @@ class VoucherController extends Controller
 
     public function users(Voucher $voucher, LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.vouchers.users', [
             'voucher' => $voucher,
             'locale_datatables' => $locale_settings->datatables,
@@ -194,7 +203,7 @@ class VoucherController extends Controller
                 return '<a class="text-info" target="_blank" href="'.route('admin.users.show', $user->id).'">'.$user->name.'</a>';
             })
             ->addColumn('credits', function (User $user) {
-                return '<i class="fas fa-coins mr-2"></i> '.$user->credits();
+                return '<i class="mr-2 fas fa-coins"></i> '.$user->credits();
             })
             ->addColumn('last_seen', function (User $user) {
                 return $user->last_seen ? $user->last_seen->diffForHumans() : '';
@@ -205,28 +214,33 @@ class VoucherController extends Controller
 
     public function dataTable()
     {
-        $query = Voucher::query();
+        $query = Voucher::selectRaw('
+            vouchers.*,
+            CASE
+                WHEN (SELECT COUNT(*) FROM user_voucher WHERE user_voucher.voucher_id = vouchers.id) >= vouchers.uses THEN "USES_LIMIT_REACHED"
+                WHEN vouchers.expires_at IS NOT NULL AND vouchers.expires_at < NOW() THEN "EXPIRED"
+                ELSE "VALID"
+            END as derived_status
+        ');
 
         return datatables($query)
             ->addColumn('actions', function (Voucher $voucher) {
                 return '
-                            <a data-content="'.__('Users').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.vouchers.users', $voucher->id).'" class="btn btn-sm btn-primary mr-1"><i class="fas fa-users"></i></a>
-                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.vouchers.edit', $voucher->id).'" class="btn btn-sm btn-info mr-1"><i class="fas fa-pen"></i></a>
+                            <a data-content="'.__('Users').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.vouchers.users', $voucher->id).'" class="mr-1 btn btn-sm btn-primary"><i class="fas fa-users"></i></a>
+                            <a data-content="'.__('Edit').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.vouchers.edit', $voucher->id).'" class="mr-1 btn btn-sm btn-info"><i class="fas fa-pen"></i></a>
 
                            <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.vouchers.destroy', $voucher->id).'">
                             '.csrf_field().'
                             '.method_field('DELETE').'
-                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>
+                           <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="mr-1 btn btn-sm btn-danger"><i class="fas fa-trash"></i></button>
                        </form>
                 ';
             })
             ->addColumn('status', function (Voucher $voucher) {
-                $color = 'success';
-                if ($voucher->getStatus() != __('VALID')) {
-                    $color = 'danger';
-                }
+                $color = ($voucher->derived_status == 'VALID') ? 'success' : 'danger';
+                $status = str_replace('_', ' ', $voucher->derived_status);
 
-                return '<span class="badge badge-'.$color.'">'.$voucher->getStatus().'</span>';
+                return '<span class="badge badge-'.$color.'">'.$status.'</span>';
             })
             ->editColumn('uses', function (Voucher $voucher) {
                 return "{$voucher->used} / {$voucher->uses}";
@@ -236,14 +250,15 @@ class VoucherController extends Controller
             })
             ->editColumn('expires_at', function (Voucher $voucher) {
                 if (! $voucher->expires_at) {
-                    return '';
+                    return __("Never");
                 }
 
-                return $voucher->expires_at ? $voucher->expires_at->diffForHumans() : '';
+                return $voucher->expires_at ? $voucher->expires_at->diffForHumans() : __("Never");
             })
             ->editColumn('code', function (Voucher $voucher) {
                 return "<code>{$voucher->code}</code>";
             })
+            ->orderColumn('status', 'derived_status $1')
             ->rawColumns(['actions', 'code', 'status'])
             ->make();
     }

app/Http/Controllers/Api/RoleController.php

@@ -0,0 +1,160 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Illuminate\Contracts\Pagination\LengthAwarePaginator;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Validation\Rule;
+use Spatie\Permission\Models\Role;
+use Spatie\QueryBuilder\QueryBuilder;
+
+class RoleController extends Controller
+{
+    const ALLOWED_INCLUDES = ['permissions', 'users'];
+
+    const ALLOWED_FILTERS = ['name'];
+
+    /**
+     * Display a listing of the resource.
+     *
+     * @return LengthAwarePaginator
+     */
+    public function index(Request $request)
+    {
+        $query = QueryBuilder::for(Role::class)
+            ->allowedIncludes(self::ALLOWED_INCLUDES)
+            ->allowedFilters(self::ALLOWED_FILTERS);
+
+        return $query->paginate($request->input('per_page') ?? 50);
+    }
+
+    /**
+     * Show the form for creating a new resource.
+     *
+     * @return Response
+     */
+    public function create()
+    {
+        //
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  Request  $request
+     * @return Response
+     */
+    public function store(Request $request)
+    {
+        $request->validate([
+            'name' => 'required|string|max:191',
+            'color' => [
+                'required',
+                'regex:/^#([a-f0-9]{6}|[a-f0-9]{3})$/i'
+            ],
+            'power' => 'required',
+        ]);
+
+        $role = Role::create([
+            'name' => $request->name,
+            'color' => $request->color,
+            'power' => $request->power,
+        ]);
+
+        if ($request->permissions) {
+            $permissions = explode(",",$request->permissions);
+            foreach($permissions as $permission){
+                $role->givePermissionTo($permission);
+            }
+        }
+
+        return $role;
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $id
+     * @return Role|Collection|Model
+     */
+    public function show(int $id)
+    {
+        $query = QueryBuilder::for(Role::class)
+            ->where('id', '=', $id)
+            ->allowedIncludes(self::ALLOWED_INCLUDES);
+
+        return $query->firstOrFail();
+    }
+
+    /**
+     * Show the form for editing the specified resource.
+     *
+     * @param  int  $id
+     * @return Response
+     */
+    public function edit($id)
+    {
+        //
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  Request  $request
+     * @param  int  $id
+     * @return Response
+     */
+    public function update(Request $request, int $id)
+    {
+        $role = Role::findOrFail($id);
+
+        $request->validate([
+            'name' => 'sometimes|string|max:191',
+            'color' => [
+                'sometimes',
+                'regex:/^#([a-f0-9]{6}|[a-f0-9]{3})$/i'
+            ],
+            'power' => 'sometimes',
+        ]);
+
+        if ($request->permissions) {
+            $permissions = explode(",",$request->permissions);
+                $role->syncPermissions($permissions);
+        }
+
+
+        $role->update($request->except('permissions'));
+
+        return $role;
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $id
+     * @return Response
+     */
+    public function destroy(int $id)
+    {
+        $role = Role::findOrFail($id);
+
+        if($role->id == 1 || $role->id == 3|| $role->id == 4){ //cannot delete admin and User role
+            return response()->json([
+                'error' => 'Not allowed to delete Admin, Client or Member'], 400);
+        }
+
+        $users = User::role($role)->get();
+
+        foreach($users as $user){
+            $user->syncRoles([4]);
+        }
+        $role->delete();
+
+        return $role;
+    }
+}

app/Http/Controllers/Api/UserController.php

@@ -2,15 +2,12 @@
 
 namespace App\Http\Controllers\Api;
 
+use App\Classes\Pterodactyl;
 use App\Events\UserUpdateCreditsEvent;
 use App\Http\Controllers\Controller;
 use App\Models\DiscordUser;
 use App\Models\User;
 use App\Notifications\ReferralNotification;
-use App\Traits\Referral;
-use App\Settings\PterodactylSettings;
-use App\Classes\PterodactylClient;
-use App\Settings\ReferralSettings;
 use App\Settings\UserSettings;
 use Carbon\Carbon;
 use Illuminate\Contracts\Foundation\Application;
@@ -31,18 +28,9 @@ use Spatie\QueryBuilder\QueryBuilder;
 
 class UserController extends Controller
 {
-    use Referral;
+    const ALLOWED_INCLUDES = ['servers', 'notifications', 'payments', 'vouchers', 'roles', 'discordUser'];
 
-    const ALLOWED_INCLUDES = ['servers', 'notifications', 'payments', 'vouchers', 'discordUser'];
-
-    const ALLOWED_FILTERS = ['name', 'server_limit', 'email', 'pterodactyl_id', 'role', 'suspended'];
-
-    private $pterodactyl;
-
-    public function __construct(PterodactylSettings $ptero_settings)
-    {
-        $this->pterodactyl = new PterodactylClient($ptero_settings);
-    }
+    const ALLOWED_FILTERS = ['name', 'server_limit', 'email', 'pterodactyl_id', 'suspended'];
 
     /**
      * Display a listing of the resource.
@@ -98,14 +86,13 @@ class UserController extends Controller
             'email' => 'sometimes|string|email',
             'credits' => 'sometimes|numeric|min:0|max:1000000',
             'server_limit' => 'sometimes|numeric|min:0|max:1000000',
-            'role' => ['sometimes', Rule::in(['admin', 'moderator', 'client', 'member'])],
         ]);
 
         event(new UserUpdateCreditsEvent($user));
 
         //Update Users Password on Pterodactyl
         //Username,Mail,First and Lastname are required aswell
-        $response = $this->pterodactyl->application->patch('/application/users/' . $user->pterodactyl_id, [
+        $response = Pterodactyl::client()->patch('/application/users/'.$user->pterodactyl_id, [
             'username' => $request->name,
             'first_name' => $request->name,
             'last_name' => $request->name,
@@ -118,7 +105,10 @@ class UserController extends Controller
                 'pterodactyl_error_status' => $response->toException()->getCode(),
             ]);
         }
-        $user->update($request->all());
+        if($request->has("role")){
+            $user->syncRoles($request->role);
+        }
+        $user->update($request->except('role'));
 
         return $user;
     }
@@ -213,7 +203,7 @@ class UserController extends Controller
      *
      * @throws ValidationException
      */
-    public function suspend(int $id)
+    public function suspend(Request $request, int $id)
     {
         $discordUser = DiscordUser::find($id);
         $user = $discordUser ? $discordUser->user : User::findOrFail($id);
@@ -237,12 +227,12 @@ class UserController extends Controller
      *
      * @throws ValidationException
      */
-    public function unsuspend(int $id)
+    public function unsuspend(Request $request, int $id)
     {
         $discordUser = DiscordUser::find($id);
         $user = $discordUser ? $discordUser->user : User::findOrFail($id);
 
-        if (!$user->isSuspended()) {
+        if (! $user->isSuspended()) {
             throw ValidationException::withMessages([
                 'error' => 'You cannot unsuspend an User who is not suspended.',
             ]);
@@ -253,10 +243,25 @@ class UserController extends Controller
         return $user;
     }
 
+    /**
+     * Create a unique Referral Code for User
+     *
+     * @return string
+     */
+    protected function createReferralCode()
+    {
+        $referralcode = STR::random(8);
+        if (User::where('referral_code', '=', $referralcode)->exists()) {
+            $this->createReferralCode();
+        }
+
+        return $referralcode;
+    }
+
     /**
      * @throws ValidationException
      */
-    public function store(Request $request, UserSettings $user_settings, ReferralSettings $referral_settings)
+    public function store(Request $request, UserSettings $userSettings)
     {
         $request->validate([
             'name' => ['required', 'string', 'max:30', 'min:4', 'alpha_num', 'unique:users'],
@@ -265,7 +270,7 @@ class UserController extends Controller
         ]);
 
         // Prevent the creation of new users via API if this is enabled.
-        if (!$user_settings->creation_enabled) {
+        if (! $userSettings->creation_enabled) {
             throw ValidationException::withMessages([
                 'error' => 'The creation of new users has been blocked by the system administrator.',
             ]);
@@ -274,13 +279,13 @@ class UserController extends Controller
         $user = User::create([
             'name' => $request->input('name'),
             'email' => $request->input('email'),
-            'credits' => $user_settings->initial_credits,
-            'server_limit' => $user_settings->initial_server_limit,
+            'credits' => config('SETTINGS::USER:INITIAL_CREDITS', 150),
+            'server_limit' => config('SETTINGS::USER:INITIAL_SERVER_LIMIT', 1),
             'password' => Hash::make($request->input('password')),
             'referral_code' => $this->createReferralCode(),
         ]);
 
-        $response = $this->pterodactyl->application->post('/application/users', [
+        $response = Pterodactyl::client()->post('/application/users', [
             'external_id' => App::environment('local') ? Str::random(16) : (string) $user->id,
             'username' => $user->name,
             'email' => $user->email,
@@ -303,12 +308,12 @@ class UserController extends Controller
             'pterodactyl_id' => $response->json()['attributes']['id'],
         ]);
         //INCREMENT REFERRAL-USER CREDITS
-        if (!empty($request->input('referral_code'))) {
+        if (! empty($request->input('referral_code'))) {
             $ref_code = $request->input('referral_code');
             $new_user = $user->id;
             if ($ref_user = User::query()->where('referral_code', '=', $ref_code)->first()) {
-                if ($referral_settings->mode === 'register' || $referral_settings->mode === 'both') {
-                    $ref_user->increment('credits', $referral_settings->reward);
+                if (config('SETTINGS::REFERRAL:MODE') == 'register' || config('SETTINGS::REFERRAL:MODE') == 'both') {
+                    $ref_user->increment('credits', config('SETTINGS::REFERRAL::REWARD'));
                     $ref_user->notify(new ReferralNotification($ref_user->id, $new_user));
                 }
                 //INSERT INTO USER_REFERRALS TABLE

app/Http/Controllers/Auth/RegisterController.php

@@ -22,6 +22,7 @@ use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\Str;
 use Illuminate\Validation\ValidationException;
+use Spatie\Permission\Models\Role;
 
 class RegisterController extends Controller
 {
@@ -139,8 +140,10 @@ class RegisterController extends Controller
 
         ]);
 
+        $user->syncRoles(Role::findByName('User'));
+
         $response = $this->pterodactyl->application->post('/application/users', [
-            'external_id' => $user->pterodactyl_id,
+            'external_id' => null,
             'username' => $user->name,
             'email' => $user->email,
             'first_name' => $user->name,
@@ -150,6 +153,10 @@ class RegisterController extends Controller
             'language' => 'en',
         ]);
 
+        $user->update([
+            'pterodactyl_id' => $response->json()['attributes']['id'],
+        ]);
+
         if ($response->failed()) {
             $user->delete();
             Log::error('Pterodactyl Registration Error: ' . $response->json()['errors'][0]['detail']);

app/Http/Controllers/Controller.php

@@ -2,12 +2,44 @@
 
 namespace App\Http\Controllers;
 
+use App\Models\User;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Support\Facades\Auth;
 
 class Controller extends BaseController
 {
     use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
+    /**
+     * Check if user has permissions
+     * Abort 403 if the user doesn't have the required permission
+     *
+     * @param string $permission
+     * @return void
+     */
+    public function checkPermission(string $permission)
+    {
+        /** @var User $user */
+        $user = Auth::user();
+
+        if (!$user->can($permission)) {
+            abort(403, __('User does not have the right permissions.'));
+        }
+    }
+
+    /**
+     * Check if user has permissions
+     *
+     * @param string $permission
+     * @return bool
+     */
+    public function can(string $permission): bool
+    {
+        /** @var User $user */
+        $user = Auth::user();
+
+        return $user->can($permission);
+    }
 }

app/Http/Controllers/HomeController.php

@@ -34,7 +34,7 @@ class HomeController extends Controller
         if (Storage::exists('callHome')) {
             return;
         }
-        Http::asForm()->post('https://market.controlpanel.gg/callhome.php', [
+        Http::asForm()->post('https://market.CtrlPanel.gg/callhome.php', [
             'id' => Hash::make(URL::current()),
         ]);
         Storage::put('callHome', 'This is only used to count the installations of cpgg.');
@@ -101,7 +101,7 @@ class HomeController extends Controller
 
         /** Build our Time-Left-Box */
         if ($credits > 0.01 and $usage > 0) {
-            $daysLeft = number_format(($credits * 30) / $usage, 2, '.', '');
+            $daysLeft = number_format($credits / ($usage / 30), 2, '.', '');
             $hoursLeft = number_format($credits / ($usage / 30 / 24), 2, '.', '');
 
             $bg = $this->getTimeLeftBoxBackground($daysLeft);

app/Http/Controllers/ProfileController.php

@@ -26,38 +26,22 @@ class ProfileController extends Controller
     /** Display a listing of the resource. */
     public function index(UserSettings $user_settings, DiscordSettings $discord_settings, ReferralSettings $referral_settings)
     {
-        switch (Auth::user()->role) {
-            case 'admin':
-                $badgeColor = 'badge-danger';
-                break;
-            case 'mod':
-                $badgeColor = 'badge-info';
-                break;
-            case 'client':
-                $badgeColor = 'badge-success';
-                break;
-            default:
-                $badgeColor = 'badge-secondary';
-                break;
-        }
 
         return view('profile.index')->with([
             'user' => Auth::user(),
             'credits_reward_after_verify_discord' => $user_settings->credits_reward_after_verify_discord,
             'force_email_verification' => $user_settings->force_email_verification,
             'force_discord_verification' => $user_settings->force_discord_verification,
-            'badgeColor' => $badgeColor,
             'discord_client_id' => $discord_settings->client_id,
             'discord_client_secret' => $discord_settings->client_secret,
-            'referral_enabled' => $referral_settings->enabled,
-            'referral_allowed' => $referral_settings->allowed
+            'referral_enabled' => $referral_settings->enabled
         ]);
     }
 
     public function selfDestroyUser()
     {
         $user = Auth::user();
-        if ($user->role == "admin") return back()->with("error", "You cannot delete yourself as an admin!");
+        if ($user->hasRole("Admin")) return back()->with("error", "You cannot delete yourself as an admin!");
 
         $user->delete();
 

app/Http/Controllers/ServerController.php

@@ -9,6 +9,7 @@ use App\Models\Pterodactyl\Node;
 use App\Models\Product;
 use App\Models\Server;
 use App\Notifications\ServerCreationError;
+use Carbon\Carbon;
 use App\Settings\UserSettings;
 use App\Settings\ServerSettings;
 use App\Settings\PterodactylSettings;
@@ -24,6 +25,9 @@ use Illuminate\Support\Facades\Request as FacadesRequest;
 
 class ServerController extends Controller
 {
+    const CREATE_PERMISSION = 'user.server.create';
+    const UPGRADE_PERMISSION = 'user.server.upgrade';
+
     private $pterodactyl;
 
     public function __construct(PterodactylSettings $ptero_settings)
@@ -41,7 +45,7 @@ class ServerController extends Controller
 
             //Get server infos from ptero
             $serverAttributes = $this->pterodactyl->getServerAttributes($server->pterodactyl_id);
-            if (! $serverAttributes) {
+            if (!$serverAttributes) {
                 continue;
             }
             $serverRelationships = $serverAttributes['relationships'];
@@ -81,7 +85,9 @@ class ServerController extends Controller
     /** Show the form for creating a new resource. */
     public function create(UserSettings $user_settings, ServerSettings $server_settings, GeneralSettings $general_settings)
     {
-        $validate_configuration = $this->validateConfigurationRules($user_settings, $server_settings);
+        $this->checkPermission(self::CREATE_PERMISSION);
+
+        $validate_configuration = $this->validateConfigurationRules($user_settings, $server_settings, $general_settings);
 
         if (!is_null($validate_configuration)) {
             return $validate_configuration;
@@ -123,7 +129,7 @@ class ServerController extends Controller
     /**
      * @return null|RedirectResponse
      */
-    private function validateConfigurationRules(UserSettings $user_settings, ServerSettings $server_settings)
+    private function validateConfigurationRules(UserSettings $user_settings, ServerSettings $server_settings, GeneralSettings $generalSettings)
     {
         //limit validation
         if (Auth::user()->servers()->count() >= Auth::user()->server_limit) {
@@ -141,14 +147,14 @@ class ServerController extends Controller
             // Check if node has enough memory and disk space
             $checkResponse = $this->pterodactyl->checkNodeResources($node, $product->memory, $product->disk);
             if ($checkResponse == false) {
-                return redirect()->route('servers.index')->with('error', __("The node '".$nodeName."' doesn't have the required memory or disk left to allocate this product."));
+                return redirect()->route('servers.index')->with('error', __("The node '" . $nodeName . "' doesn't have the required memory or disk left to allocate this product."));
             }
 
             // Min. Credits
             if (Auth::user()->credits < ($product->minimum_credits == -1
                 ? $user_settings->min_credits_to_make_server
                 : $product->minimum_credits)) {
-                return redirect()->route('servers.index')->with('error', 'You do not have the required amount of '.CREDITS_DISPLAY_NAME.' to use this product!');
+                return redirect()->route('servers.index')->with('error', 'You do not have the required amount of ' . $generalSettings->credits_display_name . ' to use this product!');
             }
         }
 
@@ -158,7 +164,7 @@ class ServerController extends Controller
         }
 
         //Required Verification for creating an server
-        if (!$server_settings->creation_enabled && Auth::user()->role != 'admin') {
+        if (!$server_settings->creation_enabled && Auth::user()->cannot("admin.servers.bypass_creation_enabled")) {
             return redirect()->route('servers.index')->with('error', __('The system administrator has blocked the creation of new servers.'));
         }
 
@@ -171,12 +177,12 @@ class ServerController extends Controller
     }
 
     /** Store a newly created resource in storage. */
-    public function store(Request $request, UserSettings $user_settings, ServerSettings $server_settings)
+    public function store(Request $request, UserSettings $user_settings, ServerSettings $server_settings, GeneralSettings $generalSettings)
     {
         /** @var Node $node */
         /** @var Egg $egg */
         /** @var Product $product */
-        $validate_configuration = $this->validateConfigurationRules($user_settings, $server_settings);
+        $validate_configuration = $this->validateConfigurationRules($user_settings, $server_settings, $generalSettings);
 
         if (!is_null($validate_configuration)) {
             return $validate_configuration;
@@ -197,11 +203,12 @@ class ServerController extends Controller
         $server = $request->user()->servers()->create([
             'name' => $request->input('name'),
             'product_id' => $request->input('product'),
+            'last_billed' => Carbon::now()->toDateTimeString(),
         ]);
 
         //get free allocation ID
         $allocationId = $this->pterodactyl->getFreeAllocationId($node);
-        if (! $allocationId) {
+        if (!$allocationId) {
             return $this->noAllocationsError($server);
         }
 
@@ -218,11 +225,8 @@ class ServerController extends Controller
             'identifier' => $serverAttributes['identifier'],
         ]);
 
-        if ($server_settings->charge_first_hour) {
-            if ($request->user()->credits >= $server->product->getHourlyPrice()) {
-                $request->user()->decrement('credits', $server->product->getHourlyPrice());
-            }
-        }
+        // Charge first billing cycle
+        $request->user()->decrement('credits', $server->product->price);
 
         return redirect()->route('servers.index')->with('success', __('Server created'));
     }
@@ -251,8 +255,6 @@ class ServerController extends Controller
      */
     private function serverCreationFailed(Response $response, Server $server)
     {
-        $server->delete();
-
         return redirect()->route('servers.index')->with('error', json_encode($response->json()));
     }
 
@@ -264,7 +266,23 @@ class ServerController extends Controller
 
             return redirect()->route('servers.index')->with('success', __('Server removed'));
         } catch (Exception $e) {
-            return redirect()->route('servers.index')->with('error', __('An exception has occurred while trying to remove a resource "').$e->getMessage().'"');
+            return redirect()->route('servers.index')->with('error', __('An exception has occurred while trying to remove a resource"') . $e->getMessage() . '"');
+        }
+    }
+
+    /** Cancel Server */
+    public function cancel(Server $server)
+    {
+        if ($server->user_id != Auth::user()->id) {
+            return back()->with('error', __('This is not your Server!'));
+        }
+        try {
+            $server->update([
+                'canceled' => now(),
+            ]);
+            return redirect()->route('servers.index')->with('success', __('Server canceled'));
+        } catch (Exception $e) {
+            return redirect()->route('servers.index')->with('error', __('An exception has occurred while trying to cancel the server"') . $e->getMessage() . '"');
         }
     }
 
@@ -293,10 +311,10 @@ class ServerController extends Controller
         $pteroNode = $this->pterodactyl->getNode($serverRelationships['node']['attributes']['id']);
 
         $products = Product::orderBy('created_at')
-        ->whereHas('nodes', function (Builder $builder) use ($serverRelationships) { //Only show products for that node
-            $builder->where('id', '=', $serverRelationships['node']['attributes']['id']);
-        })
-        ->get();
+            ->whereHas('nodes', function (Builder $builder) use ($serverRelationships) { //Only show products for that node
+                $builder->where('id', '=', $serverRelationships['node']['attributes']['id']);
+            })
+            ->get();
 
         // Set the each product eggs array to just contain the eggs name
         foreach ($products as $product) {
@@ -316,10 +334,12 @@ class ServerController extends Controller
 
     public function upgrade(Server $server, Request $request)
     {
+        $this->checkPermission(self::UPGRADE_PERMISSION);
+
         if ($server->user_id != Auth::user()->id) {
             return redirect()->route('servers.index');
         }
-        if (! isset($request->product_upgrade)) {
+        if (!isset($request->product_upgrade)) {
             return redirect()->route('servers.show', ['server' => $server->id])->with('error', __('this product is the only one'));
         }
         $user = Auth::user();
@@ -338,27 +358,54 @@ class ServerController extends Controller
         $requiredisk = $newProduct->disk - $oldProduct->disk;
         $checkResponse = $this->pterodactyl->checkNodeResources($node, $requireMemory, $requiredisk);
         if ($checkResponse == false) {
-            return redirect()->route('servers.index')->with('error', __("The node '".$nodeName."' doesn't have the required memory or disk left to upgrade the server."));
+            return redirect()->route('servers.index')->with('error', __("The node '" . $nodeName . "' doesn't have the required memory or disk left to upgrade the server."));
         }
 
-        $priceupgrade = $newProduct->getHourlyPrice();
+        // calculate the amount of credits that the user overpayed for the old product when canceling the server right now
+        // billing periods are hourly, daily, weekly, monthly, quarterly, half-annually, annually
+        $billingPeriod = $oldProduct->billing_period;
+        // seconds
+        $billingPeriods = [
+            'hourly' => 3600,
+            'daily' => 86400,
+            'weekly' => 604800,
+            'monthly' => 2592000,
+            'quarterly' => 7776000,
+            'half-annually' => 15552000,
+            'annually' => 31104000
+        ];
+        // Get the amount of hours the user has been using the server
+        $billingPeriodMultiplier = $billingPeriods[$billingPeriod];
+        $timeDifference = now()->diffInSeconds($server->last_billed);
 
-        if ($priceupgrade < $oldProduct->getHourlyPrice()) {
-            $priceupgrade = 0;
-        }
-        if ($user->credits >= $priceupgrade && $user->credits >= $newProduct->minimum_credits) {
-            $server->product_id = $request->product_upgrade;
-            $server->update();
+        // Calculate the price for the time the user has been using the server
+        $overpayedCredits = $oldProduct->price - $oldProduct->price * ($timeDifference / $billingPeriodMultiplier);
+
+
+        if ($user->credits >= $newProduct->price && $user->credits >= $newProduct->minimum_credits) {
             $server->allocation = $serverAttributes['allocation'];
             $response = $this->pterodactyl->updateServer($server, $newProduct);
             if ($response->failed()) return redirect()->route('servers.index')->with('error', __("The system was unable to update your server product. Please try again later or contact support."));
-            //update user balance
-            $user->decrement('credits', $priceupgrade);
             //restart the server
             $response = $this->pterodactyl->powerAction($server, 'restart');
-            if ($response->failed()) {
-                return redirect()->route('servers.index')->with('error', $response->json()['errors'][0]['detail']);
-            }
+            if ($response->failed()) return redirect()->route('servers.index')->with('error', 'Upgrade Failed! Could not restart the server:   ' . $response->json()['errors'][0]['detail']);
+
+
+            // Remove the allocation property from the server object as it is not a column in the database
+            unset($server->allocation);
+            // Update the server on controlpanel
+            $server->update([
+                'product_id' => $newProduct->id,
+                'updated_at' => now(),
+                'last_billed' => now(),
+                'canceled' => null,
+            ]);
+
+            // Refund the user the overpayed credits
+            if ($overpayedCredits > 0) $user->increment('credits', $overpayedCredits);
+
+            // Withdraw the credits for the new product
+            $user->decrement('credits', $newProduct->price);
 
             return redirect()->route('servers.show', ['server' => $server->id])->with('success', __('Server Successfully Upgraded'));
         } else {

app/Http/Controllers/TicketsController.php

@@ -21,9 +21,12 @@ use Illuminate\Support\Str;
 
 class TicketsController extends Controller
 {
-    public function index(LocaleSettings $locale_settings)
+    const READ_PERMISSION = 'user.ticket.read';
+    const WRITE_PERMISSION = 'user.ticket.write';
+    public function index(LocaleSettings $locale_settings, TicketSettings $ticketSettings)
     {
         return view('ticket.index', [
+            'ticketsettings' => $ticketSettings,
             'tickets' => Ticket::where('user_id', Auth::user()->id)->paginate(10),
             'ticketcategories' => TicketCategory::all(),
             'locale_datatables' => $locale_settings->datatables
@@ -39,6 +42,7 @@ class TicketsController extends Controller
                 'ticketcategory' => 'required',
                 'priority' => 'required',
                 'message' => 'required',
+                'g-recaptcha-response' => ['required', 'recaptcha'],
             ]
         );
         $ticket = new Ticket(
@@ -55,17 +59,13 @@ class TicketsController extends Controller
         );
         $ticket->save();
         $user = Auth::user();
-        switch ($ticket_settings->notify) {
-            case 'all':
-                $admin = User::where('role', 'admin')->orWhere('role', 'mod')->get();
-                Notification::send($admin, new AdminCreateNotification($ticket, $user));
-            case 'admin':
-                $admin = User::where('role', 'admin')->get();
-                Notification::send($admin, new AdminCreateNotification($ticket, $user));
-            case 'moderator':
-                $admin = User::where('role', 'mod')->get();
-                Notification::send($admin, new AdminCreateNotification($ticket, $user));
+
+        $staffNotify = User::permission('admin.tickets.get_notification')->get();
+        foreach($staffNotify as $staff){
+            Notification::send($staff, new AdminCreateNotification($ticket, $user));
         }
+
+
         $user->notify(new CreateNotification($ticket));
 
         return redirect()->route('ticket.index')->with('success', __('A ticket has been opened, ID: #') . $ticket->ticket_id);
@@ -73,6 +73,7 @@ class TicketsController extends Controller
 
     public function show($ticket_id, PterodactylSettings $ptero_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
         try {
             $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch (Exception $e) {
@@ -108,15 +109,19 @@ class TicketsController extends Controller
             'message' => $request->input('message'),
         ]);
         $user = Auth::user();
-        $admin = User::where('role', 'admin')->orWhere('role', 'mod')->get();
         $newmessage = $request->input('ticketcomment');
-        Notification::send($admin, new AdminReplyNotification($ticket, $user, $newmessage));
+
+        $staffNotify = User::permission('admin.tickets.get_notification')->get();
+        foreach($staffNotify as $staff){
+            Notification::send($staff, new AdminReplyNotification($ticket, $user, $newmessage));
+        }
 
         return redirect()->back()->with('success', __('Your comment has been submitted'));
     }
 
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         //check in blacklist
         $check = TicketBlacklist::where('user_id', Auth::user()->id)->first();
         if ($check && $check->status == 'True') {

app/Http/Kernel.php

@@ -4,7 +4,6 @@ namespace App\Http;
 
 use App\Http\Middleware\ApiAuthToken;
 use App\Http\Middleware\CheckSuspended;
-use App\Http\Middleware\GlobalNames;
 use App\Http\Middleware\isAdmin;
 use App\Http\Middleware\isMod;
 use App\Http\Middleware\LastSeen;
@@ -27,6 +26,7 @@ class Kernel extends HttpKernel
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+
     ];
 
     /**
@@ -43,14 +43,12 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
             LastSeen::class,
-            GlobalNames::class,
             \App\Http\Middleware\SetLocale::class,
         ],
 
         'api' => [
             'throttle:api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            GlobalNames::class,
         ],
     ];
 
@@ -76,5 +74,9 @@ class Kernel extends HttpKernel
         'moderator' => isMod::class,
         'api.token' => ApiAuthToken::class,
         'checkSuspended' => CheckSuspended::class,
+        'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
+        'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
+        'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
     ];
+
 }

app/Http/Middleware/GlobalNames.php

@@ -1,25 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-
-class GlobalNames
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  Request  $request
-     * @param  Closure  $next
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        $unsupported_lang_array = explode(',', config('app.unsupported_locales'));
-        $unsupported_lang_array = array_map('strtolower', $unsupported_lang_array);
-        define('UNSUPPORTED_LANGS', $unsupported_lang_array);
-
-        return $next($request);
-    }
-}

app/Http/Middleware/isAdmin.php

@@ -1,27 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use App\Providers\RouteServiceProvider;
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
-
-class isAdmin
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  Request  $request
-     * @param  Closure  $next
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (Auth::user() && Auth::user()->role == 'admin') {
-            return $next($request);
-        }
-
-        return redirect(RouteServiceProvider::HOME);
-    }
-}

app/Http/Middleware/isMod.php

@@ -1,27 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use App\Providers\RouteServiceProvider;
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
-
-class isMod
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  Request  $request
-     * @param  Closure  $next
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (Auth::user() && Auth::user()->role == 'moderator' || Auth::user() && Auth::user()->role == 'admin') {
-            return $next($request);
-        }
-
-        return redirect(RouteServiceProvider::HOME);
-    }
-}

app/Listeners/CouponUsed.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace App\Listeners;
+
+use App\Events\CouponUsedEvent;
+use App\Settings\CouponSettings;
+use Carbon\Carbon;
+
+class CouponUsed
+{
+    private $delete_coupon_on_expires;
+    private $delete_coupon_on_uses_reached;
+
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct(CouponSettings $couponSettings)
+    {
+        $this->delete_coupon_on_expires = $couponSettings->delete_coupon_on_expires;
+        $this->delete_coupon_on_uses_reached = $couponSettings->delete_coupon_on_uses_reached;
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  \App\Events\CouponUsedEvent  $event
+     * @return void
+     */
+    public function handle(CouponUsedEvent $event)
+    {
+        // Automatically increments the coupon usage.
+        $this->incrementUses($event);
+
+        if ($this->delete_coupon_on_expires) {
+            if (!is_null($event->coupon->expired_at)) {
+                if ($event->coupon->expires_at <= Carbon::now()->timestamp) {
+                    $event->coupon->delete();
+                }
+            }
+        }
+
+        if ($this->delete_coupon_on_uses_reached) {
+            if ($event->coupon->uses >= $event->coupon->max_uses) {
+                $event->coupon->delete();
+            }
+        }
+    }
+
+    /**
+     * Increments the use of a coupon.
+     *
+     * @param \App\Events\CouponUsedEvent  $event
+     */
+    private function incrementUses(CouponUsedEvent $event)
+    {
+        $event->coupon->increment('uses');
+        $event->coupon->save();
+    }
+}

app/Listeners/UserPayment.php

@@ -2,6 +2,7 @@
 
 namespace App\Listeners;
 
+use App\Enums\PaymentStatus;
 use App\Events\PaymentEvent;
 use App\Models\User;
 use Illuminate\Support\Facades\DB;
@@ -35,7 +36,7 @@ class UserPayment
         $this->referral_always_give_commission = $referral_settings->always_give_commission;
         $this->credits_display_name = $general_settings->credits_display_name;
     }
-    
+
     /**
      * Handle the event.
      *
@@ -48,7 +49,7 @@ class UserPayment
         $shopProduct = $event->shopProduct;
 
         // only update user if payment is paid
-        if ($event->payment->status != "paid") {
+        if ($event->payment->status != PaymentStatus::PAID->value) {
             return;
         }
 
@@ -79,8 +80,8 @@ class UserPayment
             }
         }
         //update role give Referral-reward
-        if ($user->role == 'member') {
-            $user->update(['role' => 'client']);
+        if ($user->hasRole(4)) {
+            $user->syncRoles(3);
 
             //give referral commission only on first purchase
             if (($this->referral_mode === "commission" || $this->referral_mode === "both") && $shopProduct->type == "Credits" && !$this->referral_always_give_commission) {

app/Listeners/Verified.php

@@ -7,7 +7,6 @@ use App\Settings\UserSettings;
 class Verified
 {
     private $server_limit_after_verify_email;
-
     private $credits_reward_after_verify_email;
 
     /**
@@ -29,9 +28,10 @@ class Verified
      */
     public function handle($event)
     {
-        if (! $event->user->email_verified_reward) {
+        if (!$event->user->email_verified_reward) {
             $event->user->increment('server_limit', $this->server_limit_after_verify_email);
             $event->user->increment('credits', $this->credits_reward_after_verify_email);
+            $event->user->update(['email_verified_reward' => true]);
         }
     }
 }

app/Models/Coupon.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace App\Models;
+
+use App\Settings\CouponSettings;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Spatie\Activitylog\LogOptions;
+use Spatie\Activitylog\Traits\LogsActivity;
+use Carbon\Carbon;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+
+class Coupon extends Model
+{
+    use HasFactory, LogsActivity;
+
+    public function getActivitylogOptions(): LogOptions
+    {
+        return LogOptions::defaults()
+            ->logOnlyDirty()
+            ->logOnly(['*'])
+            ->dontSubmitEmptyLogs();
+    }
+
+    /**
+     * @var string[]
+     */
+    protected $fillable = [
+        'code',
+        'type',
+        'value',
+        'uses',
+        'max_uses',
+        'expires_at'
+    ];
+
+    /**
+     * @var string[]
+     */
+    protected $casts = [
+        'value' => 'float',
+        'uses' => 'integer',
+        'max_uses' => 'integer',
+        'expires_at' => 'timestamp'
+    ];
+
+    /**
+     * Returns the date format used by the coupons.
+     *
+     * @return string
+     */
+    public static function formatDate(): string
+    {
+        return 'Y-MM-DD HH:mm:ss';
+    }
+
+    /**
+     * Returns the current state of the coupon.
+     *
+     * @return string
+     */
+    public function getStatus()
+    {
+        if ($this->uses >= $this->max_uses) {
+            return 'USES_LIMIT_REACHED';
+        }
+
+        if (!is_null($this->expires_at)) {
+            if ($this->expires_at <= Carbon::now(config('app.timezone'))->timestamp) {
+                return __('EXPIRED');
+            }
+        }
+
+        return __('VALID');
+    }
+
+    /**
+     * Check if a user has already exceeded the uses of a coupon.
+     *
+     * @param User $user The request being made.
+     *
+     * @return bool
+     */
+    public function isMaxUsesReached($user): bool
+    {
+        $coupon_settings = new CouponSettings;
+        $coupon_uses = $user->coupons()->where('id', $this->id)->count();
+
+        return $coupon_uses >= $coupon_settings->max_uses_per_user;
+    }
+
+    /**
+     * Generate a specified quantity of coupon codes.
+     *
+     * @param int $amount Amount of coupons to be generated.
+     *
+     * @return array
+     */
+    public static function generateRandomCoupon(int $amount = 10): array
+    {
+        $coupons = [];
+
+        for ($i = 0; $i < $amount; $i++) {
+            $random_coupon = strtoupper(bin2hex(random_bytes(3)));
+
+            $coupons[] = $random_coupon;
+        }
+
+        return $coupons;
+    }
+
+    /**
+     * @return BelongsToMany
+     */
+    public function users()
+    {
+        return $this->belongsToMany(User::class, 'user_coupons');
+    }
+}

app/Models/Product.php

@@ -45,12 +45,46 @@ class Product extends Model
 
     public function getHourlyPrice()
     {
-        return ($this->price / 30) / 24;
+        // calculate the hourly price with the billing period
+        switch($this->billing_period) {
+            case 'daily':
+                return $this->price / 24;
+            case 'weekly':
+                return $this->price / 24 / 7;
+            case 'monthly':
+                return $this->price / 24 / 30;
+            case 'quarterly':
+                return $this->price / 24 / 30 / 3;
+            case 'half-annually':
+                return $this->price / 24 / 30 / 6;
+            case 'annually':
+                return $this->price / 24 / 365;
+            default:
+                return $this->price;
+        }
     }
 
-    public function getDailyPrice()
+    public function getMonthlyPrice()
     {
-        return $this->price / 30;
+        // calculate the hourly price with the billing period
+        switch($this->billing_period) {
+            case 'hourly':
+                return $this->price * 24 * 30;
+            case 'daily':
+                return $this->price * 30;
+            case 'weekly':
+                return $this->price * 4;
+            case 'monthly':
+                return $this->price;
+            case 'quarterly':
+                return $this->price / 3;
+            case 'half-annually':
+                return $this->price / 6;
+            case 'annually':
+                return $this->price / 12;
+            default:
+                return $this->price;
+        }
     }
 
     public function getWeeklyPrice()

app/Models/Server.php

@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use Carbon\Carbon;
 use App\Classes\PterodactylClient;
 use App\Settings\PterodactylSettings;
 use Exception;
@@ -52,12 +53,14 @@ class Server extends Model
      * @var string[]
      */
     protected $fillable = [
-        'name',
-        'description',
-        'suspended',
-        'identifier',
-        'product_id',
-        'pterodactyl_id',
+        "name",
+        "description",
+        "suspended",
+        "identifier",
+        "product_id",
+        "pterodactyl_id",
+        "last_billed",
+        "canceled"
     ];
 
     /**
@@ -69,6 +72,8 @@ class Server extends Model
 
     public function __construct()
     {
+        parent::__construct();
+
         $ptero_settings = new PterodactylSettings();
         $this->pterodactyl = new PterodactylClient($ptero_settings);
     }
@@ -136,9 +141,11 @@ class Server extends Model
         if ($response->successful()) {
             $this->update([
                 'suspended' => null,
+                'last_billed' => Carbon::now()->toDateTimeString(),
             ]);
         }
 
+
         return $this;
     }
 

app/Models/ShopProduct.php

@@ -36,6 +36,13 @@ class ShopProduct extends Model
         'disabled',
     ];
 
+    /**
+     * @var string[]
+     */
+    protected $casts = [
+        'price' => 'float'
+    ];
+
     public static function boot()
     {
         parent::boot();

app/Models/User.php

@@ -4,8 +4,6 @@ namespace App\Models;
 
 use App\Notifications\Auth\QueuedVerifyEmail;
 use App\Notifications\WelcomeMessage;
-use App\Settings\GeneralSettings;
-use App\Settings\UserSettings;
 use App\Classes\PterodactylClient;
 use App\Settings\PterodactylSettings;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
@@ -15,16 +13,18 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\HasOne;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Facades\DB;
 use Spatie\Activitylog\LogOptions;
 use Spatie\Activitylog\Traits\CausesActivity;
 use Spatie\Activitylog\Traits\LogsActivity;
+use Spatie\Permission\Traits\HasRoles;
 
 /**
  * Class User
  */
 class User extends Authenticatable implements MustVerifyEmail
 {
-    use HasFactory, Notifiable, LogsActivity, CausesActivity;
+    use HasFactory, Notifiable, LogsActivity, CausesActivity, HasRoles;
 
     private PterodactylClient $pterodactyl;
 
@@ -66,6 +66,7 @@ class User extends Authenticatable implements MustVerifyEmail
         'avatar',
         'suspended',
         'referral_code',
+        'email_verified_reward',
     ];
 
     /**
@@ -88,10 +89,13 @@ class User extends Authenticatable implements MustVerifyEmail
         'last_seen' => 'datetime',
         'credits' => 'float',
         'server_limit' => 'float',
+        'email_verified_reward' => 'boolean'
     ];
 
     public function __construct()
     {
+        parent::__construct();
+
         $ptero_settings = new PterodactylSettings();
         $this->pterodactyl = new PterodactylClient($ptero_settings);
     }
@@ -100,8 +104,8 @@ class User extends Authenticatable implements MustVerifyEmail
     {
         parent::boot();
 
-        static::created(function (User $user, GeneralSettings $general_settings, UserSettings $user_settings) {
-            $user->notify(new WelcomeMessage($user, $general_settings, $user_settings));
+        static::created(function (User $user) {
+            $user->notify(new WelcomeMessage($user));
         });
 
         static::deleting(function (User $user) {
@@ -166,6 +170,14 @@ class User extends Authenticatable implements MustVerifyEmail
         return $this->belongsToMany(Voucher::class);
     }
 
+    /**
+     * @return BelongsToMany
+     */
+    public function coupons()
+    {
+        return $this->belongsToMany(Coupon::class, 'user_coupons');
+    }
+
     /**
      * @return HasOne
      */
@@ -223,12 +235,6 @@ class User extends Authenticatable implements MustVerifyEmail
         return $this;
     }
 
-    private function getServersWithProduct()
-    {
-        return $this->servers()
-            ->with('product')
-            ->get();
-    }
 
     /**
      * @return string
@@ -242,12 +248,21 @@ class User extends Authenticatable implements MustVerifyEmail
     {
         $usage = 0;
         foreach ($this->getServersWithProduct() as $server) {
-            $usage += $server->product->price;
+            $usage += $server->product->getHourlyPrice() * 24 * 30;
         }
 
         return number_format($usage, 2, '.', '');
     }
 
+    private function getServersWithProduct()
+    {
+        return $this->servers()
+            ->whereNull('suspended')
+            ->whereNull('canceled')
+            ->with('product')
+            ->get();
+    }
+
     /**
      * @return array|string|string[]
      */
@@ -268,17 +283,28 @@ class User extends Authenticatable implements MustVerifyEmail
     public function verifyEmail()
     {
         $this->forceFill([
-            'email_verified_at' => now(),
+            'email_verified_at' => now()
         ])->save();
     }
 
     public function reVerifyEmail()
     {
         $this->forceFill([
-            'email_verified_at' => null,
+            'email_verified_at' => null
         ])->save();
     }
 
+    public function referredBy()
+    {
+        $referee = DB::table('user_referrals')->where("registered_user_id", $this->id)->first();
+
+        if ($referee) {
+            $referee = User::where("id", $referee->referral_id)->firstOrFail();
+            return $referee;
+        }
+        return Null;
+    }
+
     public function getActivitylogOptions(): LogOptions
     {
         return LogOptions::defaults()

app/Notifications/ReferralNotification.php

@@ -19,6 +19,10 @@ class ReferralNotification extends Notification
 
     private $ref_user;
 
+    private $reward;
+
+    private $credits_display_name;
+
     /**
      * Create a new notification instance.
      *
@@ -26,6 +30,11 @@ class ReferralNotification extends Notification
      */
     public function __construct(int $user, int $ref_user)
     {
+        $general_settings= new GeneralSettings();
+        $referral_settings = new ReferralSettings();
+
+        $this->credits_display_name = $general_settings->credits_display_name;
+        $this->reward = $referral_settings->reward;
         $this->user = User::findOrFail($user);
         $this->ref_user = User::findOrFail($ref_user);
     }
@@ -47,12 +56,12 @@ class ReferralNotification extends Notification
      * @param  mixed  $notifiable
      * @return array
      */
-    public function toArray($notifiable, GeneralSettings $general_settings, ReferralSettings $referral_settings)
+    public function toArray($notifiable)
     {
         return [
             'title' => __('Someone registered using your Code!'),
             'content' => '
-                <p>You received '. $referral_settings->reward . ' ' . $general_settings->credits_display_name . '</p>
+                <p>You received '. $this->reward . ' ' . $this->credits_display_name . '</p>
                 <p>because ' . $this->ref_user->name . ' registered with your Referral-Code!</p>
                 <p>Thank you very much for supporting us!.</p>
                 <p>'.config('app.name', 'Laravel').'</p>

app/Notifications/WelcomeMessage.php

@@ -33,8 +33,11 @@ class WelcomeMessage extends Notification implements ShouldQueue
      *
      * @param  User  $user
      */
-    public function __construct(User $user, GeneralSettings $general_settings, UserSettings $user_settings)
+    public function __construct(User $user)
     {
+        $general_settings= new GeneralSettings();
+        $user_settings = new UserSettings();
+
         $this->user = $user;
         $this->credits_display_name = $general_settings->credits_display_name;
         $this->credits_reward_after_verify_discord = $user_settings->credits_reward_after_verify_discord;

app/Providers/AppServiceProvider.php

@@ -2,8 +2,8 @@
 
 namespace App\Providers;
 
-use App\Extensions\PaymentGateways\PayPal\PayPalSettings;
 use App\Models\UsefulLink;
+use App\Settings\GeneralSettings;
 use App\Settings\MailSettings;
 use Exception;
 use Illuminate\Pagination\Paginator;
@@ -12,6 +12,7 @@ use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\Facades\URL;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\ServiceProvider;
+use Qirolab\Theme\Theme;
 
 
 class AppServiceProvider extends ServiceProvider
@@ -60,6 +61,21 @@ class AppServiceProvider extends ServiceProvider
             URL::forceScheme('https');
         }
 
+        //get the Github Branch the panel is running on
+        try {
+            $stringfromfile = file(base_path() . '/.git/HEAD');
+
+            $firstLine = $stringfromfile[0]; //get the string from the array
+
+            $explodedstring = explode('/', $firstLine, 3); //seperate out by the "/" in the string
+
+            $branchname = $explodedstring[2]; //get the one that is always the branch name
+        } catch (Exception $e) {
+            $branchname = 'unknown';
+            Log::notice($e);
+        }
+        config(['BRANCHNAME' => $branchname]);
+
         // Do not run this code if no APP_KEY is set
         if (config('app.key') == null) return;
 
@@ -73,7 +89,22 @@ class AppServiceProvider extends ServiceProvider
         }
 
 
-        $settings = $this->app->make(MailSettings::class);
-        $settings->setConfig();
+        try {
+            $generalSettings = $this->app->make(GeneralSettings::class);
+            if (!file_exists(base_path('themes') . "/" . $generalSettings->theme)) {
+                $generalSettings->theme = "default";
+            }
+
+            if ($generalSettings->theme && $generalSettings->theme !== config('theme.active')) {
+                Theme::set($generalSettings->theme, "default");
+            } else {
+                Theme::set("default", "default");
+            }
+
+            $settings = $this->app->make(MailSettings::class);
+            $settings->setConfig();
+        } catch (Exception $e) {
+            Log::error("Couldnt load Settings. Probably the installation is not completet. " . $e);
+        }
     }
 }

app/Providers/EventServiceProvider.php

@@ -4,12 +4,15 @@ namespace App\Providers;
 
 use App\Events\PaymentEvent;
 use App\Events\UserUpdateCreditsEvent;
+use App\Events\CouponUsedEvent;
+use App\Listeners\CouponUsed;
 use App\Listeners\CreateInvoice;
 use App\Listeners\UnsuspendServers;
 use App\Listeners\UserPayment;
-use App\Listeners\Verified;
+use App\Listeners\Verified as ListenerVerified;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
+use Illuminate\Auth\Events\Verified;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
 use SocialiteProviders\Manager\SocialiteWasCalled;
 
@@ -31,12 +34,15 @@ class EventServiceProvider extends ServiceProvider
             CreateInvoice::class,
             UserPayment::class,
         ],
+        CouponUsedEvent::class => [
+            CouponUsed::class
+        ],
         SocialiteWasCalled::class => [
             // ... other providers
             'SocialiteProviders\\Discord\\DiscordExtendSocialite@handle',
         ],
-        'Illuminate\Auth\Events\Verified' => [
-            Verified::class,
+        Verified::class => [
+            ListenerVerified::class,
         ],
     ];
 

app/Settings/CouponSettings.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Settings;
+
+use Spatie\LaravelSettings\Settings;
+
+class CouponSettings extends Settings
+{
+    public bool $enabled;
+    public bool $delete_coupon_on_expires;
+    public bool $delete_coupon_on_uses_reached;
+    public ?int $max_uses_per_user;
+
+    public static function group(): string
+    {
+        return 'coupon';
+    }
+
+		/**
+     * Summary of validations array
+     * @return array<string, string>
+     */
+    public static function getValidations()
+    {
+        return [
+            'enabled' => "nullable|boolean",
+            'delete_coupon_on_expires' => 'nullable|boolean',
+            'delete_coupon_on_uses_reached' => 'nullable|boolean',
+            'max_uses_per_user' => 'nullable|integer',
+        ];
+    }
+
+		/**
+     * Summary of optionInputData array
+     * Only used for the settings page
+     * @return array<array<'type'|'label'|'description'|'options', string|bool|float|int|array<string, string>>>
+     */
+    public static function getOptionInputData()
+    {
+        return [
+            "category_icon" => "fas fa-ticket-alt",
+            'enabled' => [
+                'label' => 'Enable Coupons',
+                'type' => 'boolean',
+                'description' => 'Enables coupons to be used in the store.'
+            ],
+            'delete_coupon_on_expires' => [
+                'label' => 'Auto Delete Expired Coupons',
+                'type' => 'boolean',
+                'description' => 'Automatically deletes the coupon if it expires.'
+            ],
+            'delete_coupon_on_uses_reached' => [
+                'label' => 'Delete Coupon When Max Uses Reached',
+                'type' => 'boolean',
+                'description' => 'Delete a coupon as soon as its maximum usage is reached.'
+            ],
+            'max_uses_per_user' => [
+                'label' => 'Max Uses Per User',
+                'type' => 'number',
+                'description' => 'Maximum number of uses that a user can make of the same coupon.'
+            ],
+        ];
+    }
+}

app/Settings/DiscordSettings.php

@@ -18,15 +18,6 @@ class DiscordSettings extends Settings
         return 'discord';
     }
 
-    public static function encrypted(): array
-    {
-        return [
-            'bot_token',
-            'client_id',
-            'client_secret'
-        ];
-    }
-
     /**
      * Summary of validations array
      * @return array<string, string>

app/Settings/GeneralSettings.php

@@ -9,12 +9,12 @@ class GeneralSettings extends Settings
     public bool $store_enabled;
     public string $credits_display_name;
     public bool $recaptcha_enabled;
-    public string $recaptcha_site_key;
-    public string $recaptcha_secret_key;
-    public string $phpmyadmin_url;
+    public ?string $recaptcha_site_key;
+    public ?string $recaptcha_secret_key;
+    public ?string $phpmyadmin_url;
     public bool $alert_enabled;
     public string $alert_type;
-    public string $alert_message;
+    public ?string $alert_message;
     public string $theme;
 
     //public int $initial_user_role; wait for Roles & Permissions PR.
@@ -24,13 +24,7 @@ class GeneralSettings extends Settings
         return 'general';
     }
 
-    public static function encrypted(): array
-    {
-        return [
-            'recaptcha_site_key',
-            'recaptcha_secret_key'
-        ];
-    }
+
 
     /**
      * Summary of validations array
@@ -39,15 +33,15 @@ class GeneralSettings extends Settings
     public static function getValidations()
     {
         return [
-            'store_enabled' => 'boolean',
+            'store_enabled' => 'nullable|string',
             'credits_display_name' => 'required|string',
-            'recaptcha_enabled' => 'nullable|boolean',
+            'recaptcha_enabled' => 'nullable|string',
             'recaptcha_site_key' => 'nullable|string',
             'recaptcha_secret_key' => 'nullable|string',
             'phpmyadmin_url' => 'nullable|string',
-            'alert_enabled' => 'nullable|boolean',
+            'alert_enabled' => 'nullable|string',
             'alert_type' => 'required|in:primary,secondary,success,danger,warning,info',
-            'alert_message' => 'required|string',
+            'alert_message' => 'nullable|string',
             'theme' => 'required|in:default,BlueInfinity' // TODO: themes should be made/loaded dynamically
         ];
     }
@@ -120,7 +114,7 @@ class GeneralSettings extends Settings
                 'description' => 'The type of alert to display.'
             ],
             'alert_message' => [
-                'type' => 'string',
+                'type' => 'textarea',
                 'label' => 'Alert Message',
                 'description' => 'The message to display in the alert.'
             ],

app/Settings/InvoiceSettings.php

@@ -6,13 +6,13 @@ use Spatie\LaravelSettings\Settings;
 
 class InvoiceSettings extends Settings
 {
+    public bool $enabled;
     public ?string $company_address;
     public ?string $company_mail;
     public ?string $company_name;
     public ?string $company_phone;
     public ?string $company_vat;
     public ?string $company_website;
-    public bool $enabled;
     public ?string $prefix;
 
     public static function group(): string
@@ -33,7 +33,7 @@ class InvoiceSettings extends Settings
             'company_phone' => 'nullable|string',
             'company_vat' => 'nullable|string',
             'company_website' => 'nullable|string',
-            'enabled' => 'nullable|boolean',
+            'enabled' => 'nullable|string',
             'prefix' => 'nullable|string',
         ];
     }

app/Settings/LocaleSettings.php

@@ -24,11 +24,11 @@ class LocaleSettings extends Settings
     public static function getValidations()
     {
         return [
-            'available' => 'nullable|array',
-            'clients_can_change' => 'nullable|boolean',
+            'available' => 'array|required',
+            'clients_can_change' => 'nullable|string',
             'datatables' => 'nullable|string',
             'default' => 'required|in:' . implode(',', config('app.available_locales')),
-            'dynamic' => 'nullable|boolean',
+            'dynamic' => 'nullable|string',
         ];
     }
 
@@ -62,6 +62,7 @@ class LocaleSettings extends Settings
                 'type' => 'select',
                 'description' => 'The default locale to use.',
                 'options' => config('app.available_locales'),
+                'identifier' => 'display'
             ],
             'dynamic' => [
                 'label' => 'Dynamic Locale',

app/Settings/MailSettings.php

@@ -14,7 +14,6 @@ class MailSettings extends Settings
     public ?string $mail_from_address;
     public ?string $mail_from_name;
     public ?string $mail_mailer;
-    public bool $mail_enabled;
 
     public static function group(): string
     {
@@ -24,7 +23,7 @@ class MailSettings extends Settings
     public static function encrypted(): array
     {
         return [
-            'mail_password'
+            'mail_password',
         ];
     }
 
@@ -57,7 +56,6 @@ class MailSettings extends Settings
             'mail_from_address' => 'nullable|string',
             'mail_from_name' => 'nullable|string',
             'mail_mailer' => 'nullable|string',
-            'mail_enabled' => 'nullable|boolean',
         ];
     }
 
@@ -87,12 +85,17 @@ class MailSettings extends Settings
             ],
             'mail_password' => [
                 'label' => 'Mail Password',
-                'type' => 'string',
+                'type' => 'password',
                 'description' => 'The password of your mail server.',
             ],
             'mail_encryption' => [
                 'label' => 'Mail Encryption',
-                'type' => 'string',
+                'type' => 'select',
+                'options' => [
+                    'null' => 'None',
+                    'tls' => 'TLS',
+                    'ssl' => 'SSL'
+                ],
                 'description' => 'The encryption of your mail server.',
             ],
             'mail_from_address' => [
@@ -110,10 +113,6 @@ class MailSettings extends Settings
                 'type' => 'string',
                 'description' => 'The mailer of your mail server.',
             ],
-            'mail_enabled' => [
-                'label' => 'Mail Enabled',
-                'type' => 'boolean',
-            ],
         ];
     }
 }

app/Settings/PterodactylSettings.php

@@ -20,7 +20,7 @@ class PterodactylSettings extends Settings
     {
         return [
             'admin_token',
-            'user_token'
+            'user_token',
         ];
     }
 

app/Settings/ReferralSettings.php

@@ -6,7 +6,6 @@ use Spatie\LaravelSettings\Settings;
 
 class ReferralSettings extends Settings
 {
-    public string $allowed;
     public bool $always_give_commission;
     public bool $enabled;
     public ?float $reward;
@@ -25,11 +24,10 @@ class ReferralSettings extends Settings
     public static function getValidations()
     {
         return [
-            'allowed' => 'required|in:Everyone,Clients',
-            'always_give_commission' => 'nullable|boolean',
-            'enabled' => 'nullable|boolean',
+            'always_give_commission' => 'nullable|string',
+            'enabled' => 'nullable|string',
             'reward' => 'nullable|numeric',
-            'mode' => 'required|in:Commission,Sign-Up,Both',
+            'mode' => 'required|in:commission,sign-up,both',
             'percentage' => 'nullable|numeric',
         ];
     }
@@ -43,19 +41,10 @@ class ReferralSettings extends Settings
     {
         return [
             'category_icon' => 'fas fa-user-friends',
-            'allowed' => [
-                'label' => 'Allowed',
-                'type' => 'select',
-                'description' => 'Who is allowed to see their referral-URL',
-                'options' => [
-                    'everyone' => 'Everyone',
-                    'clients' => 'Clients',
-                ],
-            ],
             'always_give_commission' => [
                 'label' => 'Always Give Commission',
                 'type' => 'boolean',
-                'description' => 'Always give commission to the referrer.',
+                'description' => 'Always give commission to the referrer or only on the first Purchase.',
             ],
             'enabled' => [
                 'label' => 'Enabled',

app/Settings/ServerSettings.php

@@ -9,7 +9,6 @@ class ServerSettings extends Settings
     public int $allocation_limit;
     public bool $creation_enabled;
     public bool $enable_upgrade;
-    public bool $charge_first_hour;
 
     public static function group(): string
     {
@@ -24,9 +23,8 @@ class ServerSettings extends Settings
     {
         return [
             'allocation_limit' => 'required|integer|min:0',
-            'creation_enabled' => 'nullable|boolean',
-            'enable_upgrade' => 'nullable|boolean',
-            'charge_first_hour' => 'nullable|boolean',
+            'creation_enabled' => 'nullable|string',
+            'enable_upgrade' => 'nullable|string',
         ];
     }
 
@@ -47,17 +45,12 @@ class ServerSettings extends Settings
             'creation_enabled' => [
                 'label' => 'Creation Enabled',
                 'type' => 'boolean',
-                'description' => 'Whether or not users can create servers.',
+                'description' => 'Enable the user server creation.',
             ],
             'enable_upgrade' => [
-                'label' => 'Enable Upgrade',
+                'label' => 'Server Upgrade Enabled',
                 'type' => 'boolean',
-                'description' => 'Whether or not users can upgrade their servers.',
-            ],
-            'charge_first_hour' => [
-                'label' => 'Charge First Hour',
-                'type' => 'boolean',
-                'description' => 'Whether or not the first hour of a server is charged.',
+                'description' => 'Enable the server upgrade feature.',
             ],
         ];
     }

app/Settings/TicketSettings.php

@@ -7,7 +7,7 @@ use Spatie\LaravelSettings\Settings;
 class TicketSettings extends Settings
 {
     public bool $enabled;
-    public string $notify;
+    public ?string $information;
 
     public static function group(): string
     {
@@ -21,8 +21,8 @@ class TicketSettings extends Settings
     public static function getValidations()
     {
         return [
-            'enabled' => 'nullable|boolean',
-            'notify' => 'nullable|string',
+            'enabled' => 'nullable|string',
+            'information' => 'nullable|string',
         ];
     }
 
@@ -40,16 +40,10 @@ class TicketSettings extends Settings
                 'type' => 'boolean',
                 'description' => 'Enable or disable the ticket system.',
             ],
-            'notify' => [
-                'label' => 'Notify',
-                'type' => 'select',
-                'description' => 'Who will receive an E-Mail when a new Ticket is created.',
-                'options' => [
-                    'admin' => 'Admins',
-                    'moderator' => 'Moderators',
-                    'all' => 'Admins and Moderators',
-                    'none' => 'Nobody',
-                ],
+            'information' => [
+                'label' => 'Ticket Information',
+                'type' => 'textarea',
+                'description' => 'Message shown on the right side when users create a new ticket.',
             ],
         ];
     }

app/Settings/UserSettings.php

@@ -6,6 +6,8 @@ use Spatie\LaravelSettings\Settings;
 
 class UserSettings extends Settings
 {
+    public bool $register_ip_check;
+    public bool $creation_enabled;
     public float $credits_reward_after_verify_discord;
     public float $credits_reward_after_verify_email;
     public bool $force_discord_verification;
@@ -16,8 +18,6 @@ class UserSettings extends Settings
     public int $server_limit_after_irl_purchase;
     public int $server_limit_after_verify_discord;
     public int $server_limit_after_verify_email;
-    public bool $register_ip_check;
-    public bool $creation_enabled;
 
     public static function group(): string
     {
@@ -33,16 +33,16 @@ class UserSettings extends Settings
         return [
             'credits_reward_after_verify_discord' => 'required|numeric',
             'credits_reward_after_verify_email' => 'required|numeric',
-            'force_discord_verification' => 'nullable|boolean',
-            'force_email_verification' => 'nullable|boolean',
+            'force_discord_verification' => 'nullable|string',
+            'force_email_verification' => 'nullable|string',
             'initial_credits' => 'required|numeric',
             'initial_server_limit' => 'required|numeric',
             'min_credits_to_make_server' => 'required|numeric',
             'server_limit_after_irl_purchase' => 'required|numeric',
             'server_limit_after_verify_discord' => 'required|numeric',
             'server_limit_after_verify_email' => 'required|numeric',
-            'register_ip_check' => 'nullable|boolean',
-            'creation_enabled' => 'nullable|boolean',
+            'register_ip_check' => 'nullable|string',
+            'creation_enabled' => 'nullable|string',
         ];
     }
 
@@ -91,9 +91,9 @@ class UserSettings extends Settings
                 'description' => 'The minimum amount of credits a user needs to create a server.',
             ],
             'server_limit_after_irl_purchase' => [
-                'label' => 'Server Limit After IRL Purchase',
+                'label' => 'Server Limit After first purchase',
                 'type' => 'number',
-                'description' => 'The amount of servers a user can create after they purchase a server.',
+                'description' => 'The amount of servers a user can create after they make their first purchase.',
             ],
             'server_limit_after_verify_discord' => [
                 'label' => 'Server Limit After Verify Discord',
@@ -106,14 +106,14 @@ class UserSettings extends Settings
                 'description' => 'The amount of servers a user can create after they verify their email.',
             ],
             'register_ip_check' => [
-                'label' => 'Register IP Check',
+                'label' => 'Register IP Check Enabled',
                 'type' => 'boolean',
                 'description' => 'Check if the IP a user is registering from is already in use.',
             ],
             'creation_enabled' => [
                 'label' => 'Creation Enabled',
                 'type' => 'boolean',
-                'description' => 'Whether or not users can create servers.',
+                'description' => 'Enable the user registration.',
             ],
         ];
     }

app/Settings/WebsiteSettings.php

@@ -31,13 +31,13 @@ class WebsiteSettings extends Settings
     public static function getValidations()
     {
         return [
-            'motd_enabled' => 'nullable|boolean',
+            'motd_enabled' => 'nullable|string',
             'motd_message' => 'nullable|string',
-            'show_imprint' => 'nullable|boolean',
-            'show_privacy' => 'nullable|boolean',
-            'show_tos' => 'nullable|boolean',
-            'useful_links_enabled' => 'nullable|boolean',
-            'enable_login_logo' => 'nullable|boolean',
+            'show_imprint' => 'nullable|string',
+            'show_privacy' => 'nullable|string',
+            'show_tos' => 'nullable|string',
+            'useful_links_enabled' => 'nullable|string',
+            'enable_login_logo' => 'nullable|string',
             'seo_title' => 'nullable|string',
             'seo_description' => 'nullable|string',
         ];

app/Traits/Coupon.php

@@ -0,0 +1,115 @@
+<?php
+
+namespace App\Traits;
+
+use App\Settings\CouponSettings;
+use App\Models\Coupon as CouponModel;
+use App\Models\ShopProduct;
+use App\Models\User;
+use Illuminate\Http\JsonResponse;
+use stdClass;
+
+trait Coupon
+{
+    public function validateCoupon($requestUser, $couponCode, $productId): JsonResponse
+    {
+        $coupon = CouponModel::where('code', $couponCode)->first();
+        $shopProduct = ShopProduct::findOrFail($productId);
+        $coupon_settings = new CouponSettings;
+        $response = response()->json([
+            'isValid' => false,
+            'error' => __('This coupon does not exist.')
+        ], 404);
+
+        if (!is_null($coupon)) {
+            if ($coupon->getStatus() == 'USES_LIMIT_REACHED') {
+                $response = response()->json([
+                    'isValid' => false,
+                    'error' => __('This coupon has reached the maximum amount of uses.')
+                ], 422);
+
+                return $response;
+            }
+
+            if ($coupon->getStatus() == 'EXPIRED') {
+                $response = response()->json([
+                    'isValid' => false,
+                    'error' => __('This coupon has expired.')
+                ], 422);
+
+                return $response;
+            }
+
+            if ($coupon->isMaxUsesReached($requestUser, $coupon_settings)) {
+                $response = response()->json([
+                    'isValid' => false,
+                    'error' => __('You have reached the maximum uses of this coupon.')
+                ], 422);
+
+                return $response;
+            }
+
+            if ($coupon->type === 'amount' && $coupon->value >= $shopProduct->price) {
+                $response = response()->json([
+                    'isValid' => false,
+                    'error' => __('The coupon you are trying to use would give you 100% off, so it cannot be used for this product, sorry.')
+                ], 422);
+
+                return $response;
+            }
+
+            $response = response()->json([
+                'isValid' => true,
+                'couponCode' => $coupon->code,
+                'couponType' => $coupon->type,
+                'couponValue' => $coupon->value
+            ]);
+        }
+
+        return $response;
+    }
+
+    public function isCouponValid(string $couponCode, User $user, string $productId): bool
+    {
+        if (is_null($couponCode)) return false;
+
+        $coupon = CouponModel::where('code', $couponCode)->first();
+        $shopProduct = ShopProduct::findOrFail($productId);
+
+        if ($coupon->getStatus() == 'USES_LIMIT_REACHED') {
+            return false;
+        }
+
+        if ($coupon->getStatus() == 'EXPIRED') {
+            return false;
+        }
+
+        if ($coupon->isMaxUsesReached($user)) {
+            return false;
+        }
+
+        if ($coupon->type === 'amount' && $coupon->value >= $shopProduct->price) {
+            return false;
+        }
+
+        return true;
+    }
+
+    public function applyCoupon(string $couponCode, float $price)
+    {
+        $coupon = CouponModel::where('code', $couponCode)->first();
+
+        if ($coupon->type === 'percentage') {
+            return $price - ($price * $coupon->value / 100);
+        }
+
+        if ($coupon->type === 'amount') {
+            // There is no discount if the value of the coupon is greater than or equal to the value of the product.
+            if ($coupon->value >= $price) {
+                return $price;
+            }
+        }
+
+        return $price - $coupon->value;
+    }
+}

composer.json

@@ -26,6 +26,7 @@
         "qirolab/laravel-themer": "^2.0.2",
         "socialiteproviders/discord": "^4.1.2",
         "spatie/laravel-activitylog": "^4.7.3",
+        "spatie/laravel-permission": "^5.10",
         "spatie/laravel-query-builder": "^5.1.2",
         "spatie/laravel-settings": "^2.7",
         "spatie/laravel-validation-rules": "^3.2.2",

config/app.php

@@ -4,7 +4,7 @@ use Illuminate\Support\Facades\Facade;
 
 return [
 
-    'version' => '0.9.4',
+    'version' => '0.10',
 
     /*
     |--------------------------------------------------------------------------
@@ -17,7 +17,7 @@ return [
     |
     */
 
-    'name' => env('APP_NAME', 'Controlpanel.gg'),
+    'name' => env('APP_NAME', 'CtrlPanel.gg'),
 
     /*
     |--------------------------------------------------------------------------

config/mail.php

@@ -93,7 +93,7 @@ return [
 
     'from' => [
         'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'),
-        'name' => env('MAIL_FROM_NAME', 'ControlPanel'),
+        'name' => env('MAIL_FROM_NAME', 'CtrlPanel'),
     ],
 
     /*

config/permission.php

@@ -0,0 +1,161 @@
+<?php
+
+return [
+
+    'models' => [
+
+        /*
+         * When using the "HasPermissions" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your permissions. Of course, it
+         * is often just the "Permission" model but you may use whatever you like.
+         *
+         * The model you want to use as a Permission model needs to implement the
+         * `Spatie\Permission\Contracts\Permission` contract.
+         */
+
+        'permission' => Spatie\Permission\Models\Permission::class,
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your roles. Of course, it
+         * is often just the "Role" model but you may use whatever you like.
+         *
+         * The model you want to use as a Role model needs to implement the
+         * `Spatie\Permission\Contracts\Role` contract.
+         */
+
+        'role' => Spatie\Permission\Models\Role::class,
+
+    ],
+
+    'table_names' => [
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your roles. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'roles' => 'roles',
+
+        /*
+         * When using the "HasPermissions" trait from this package, we need to know which
+         * table should be used to retrieve your permissions. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'permissions' => 'permissions',
+
+        /*
+         * When using the "HasPermissions" trait from this package, we need to know which
+         * table should be used to retrieve your models permissions. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'model_has_permissions' => 'model_has_permissions',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your models roles. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'model_has_roles' => 'model_has_roles',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your roles permissions. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'role_has_permissions' => 'role_has_permissions',
+    ],
+
+    'column_names' => [
+        /*
+         * Change this if you want to name the related pivots other than defaults
+         */
+        'role_pivot_key' => null, //default 'role_id',
+        'permission_pivot_key' => null, //default 'permission_id',
+
+        /*
+         * Change this if you want to name the related model primary key other than
+         * `model_id`.
+         *
+         * For example, this would be nice if your primary keys are all UUIDs. In
+         * that case, name this `model_uuid`.
+         */
+
+        'model_morph_key' => 'model_id',
+
+        /*
+         * Change this if you want to use the teams feature and your related model's
+         * foreign key is other than `team_id`.
+         */
+
+        'team_foreign_key' => 'team_id',
+    ],
+
+    /*
+     * When set to true, the method for checking permissions will be registered on the gate.
+     * Set this to false, if you want to implement custom logic for checking permissions.
+     */
+
+    'register_permission_check_method' => true,
+
+    /*
+     * When set to true the package implements teams using the 'team_foreign_key'. If you want
+     * the migrations to register the 'team_foreign_key', you must set this to true
+     * before doing the migration. If you already did the migration then you must make a new
+     * migration to also add 'team_foreign_key' to 'roles', 'model_has_roles', and
+     * 'model_has_permissions'(view the latest version of package's migration file)
+     */
+
+    'teams' => false,
+
+    /*
+     * When set to true, the required permission names are added to the exception
+     * message. This could be considered an information leak in some contexts, so
+     * the default setting is false here for optimum safety.
+     */
+
+    'display_permission_in_exception' => false,
+
+    /*
+     * When set to true, the required role names are added to the exception
+     * message. This could be considered an information leak in some contexts, so
+     * the default setting is false here for optimum safety.
+     */
+
+    'display_role_in_exception' => false,
+
+    /*
+     * By default wildcard permission lookups are disabled.
+     */
+
+    'enable_wildcard_permission' => true,
+
+    'cache' => [
+
+        /*
+         * By default all permissions are cached for 24 hours to speed up performance.
+         * When permissions or roles are updated the cache is flushed automatically.
+         */
+
+        'expiration_time' => \DateInterval::createFromDateString('24 hours'),
+
+        /*
+         * The cache key used to store all permissions.
+         */
+
+        'key' => 'spatie.permission.cache',
+
+        /*
+         * You may optionally indicate a specific cache driver to use for permission and
+         * role caching using any of the `store` drivers listed in the cache.php config
+         * file. Using 'default' here means to use the `default` set in cache.php.
+         */
+
+        'store' => 'default',
+    ],
+];

config/permissions_web.php

@@ -0,0 +1,137 @@
+<?php
+
+return [
+    '*',
+
+    /*
+        * Permissions for admin
+        */
+
+    'admin.roles.read',
+    'admin.roles.create',
+    'admin.roles.edit',
+    'admin.roles.delete',
+
+
+    'admin.ticket.read',
+    'admin.tickets.write',
+    'admin.tickets.get_notification',
+
+    'admin.tickets.category.read',
+    'admin.tickets.category.write',
+
+    'admin.ticket_blacklist.read',
+    'admin.ticket_blacklist.write',
+
+    'admin.overview.read',
+    'admin.overview.sync',
+
+    'admin.api.read',
+    'admin.api.write',
+
+    'admin.users.read',
+    'admin.users.write',
+    'admin.users.suspend',
+    'admin.users.write.credits',
+    'admin.users.write.username',
+    'admin.users.write.password',
+    'admin.users.write.role',
+    'admin.users.write.referal',
+    'admin.users.write.pterodactyl',
+    'admin.users.write.email',
+    'admin.users.notify',
+    'admin.users.login_as',
+    'admin.users.delete',
+
+    'admin.servers.read',
+    'admin.servers.write',
+    'admin.servers.suspend',
+    'admin.servers.write.owner',
+    'admin.servers.write.identifier',
+    'admin.servers.delete',
+    'admin.servers.bypass_creation_enabled',
+
+    'admin.products.read',
+    'admin.products.create',
+    'admin.products.edit',
+    'admin.products.delete',
+
+    'admin.store.read',
+    'admin.store.write',
+    'admin.store.disable',
+
+    'admin.voucher.read',
+    'admin.voucher.write',
+
+    'admin.useful_links.read',
+    'admin.useful_links.write',
+
+    'admin.legal.read',
+    'admin.legal.write',
+
+    'admin.payments.read',
+
+    'admin.partners.read',
+    'admin.partners.write',
+
+    'admin.coupons.read',
+    'admin.coupons.write',
+
+    'admin.logs.read',
+
+    /*
+     * Settings Permissions
+     */
+    'settings.discord.read',
+    'settings.discord.write',
+
+    'settings.general.read',
+    'settings.general.write',
+
+    'settings.invoice.read',
+    'settings.invoice.write',
+
+    'settings.locale.read',
+    'settings.locale.write',
+
+    'settings.mail.read',
+    'settings.mail.write',
+
+    'settings.pterodactyl.read',
+    'settings.pterodactyl.write',
+
+    'settings.referral.read',
+    'settings.referral.write',
+
+    'settings.server.read',
+    'settings.server.write',
+
+    'settings.ticket.read',
+    'settings.ticket.write',
+
+    'settings.user.read',
+    'settings.user.write',
+
+    'settings.website.read',
+    'settings.website.write',
+
+    'settings.paypal.read',
+    'settings.paypal.write',
+
+    'settings.stripe.read',
+    'settings.stripe.write',
+
+    'settings.mollie.read',
+    'settings.mollie.write',
+
+
+    /*
+    * Permissions for users
+    */
+    'user.server.create',
+    'user.server.upgrade',
+    'user.shop.buy',
+    'user.ticket.read',
+    'user.ticket.write',
+    'user.referral',
+];

config/settings.php

@@ -12,6 +12,7 @@ use App\Settings\ServerSettings;
 use App\Settings\UserSettings;
 use App\Settings\WebsiteSettings;
 use App\Settings\TicketSettings;
+use App\Settings\CouponSettings;
 
 return [
 
@@ -31,6 +32,7 @@ return [
         UserSettings::class,
         WebsiteSettings::class,
         TicketSettings::class,
+        CouponSettings::class,
     ],
 
     /*

config/view.php

@@ -14,7 +14,7 @@ return [
     */
 
     'paths' => [
-        resource_path('views'),
+        base_path('themes'),
     ],
 
     /*

database/migrations/2022_01_05_144858_rename_configurations_table.php

@@ -28,7 +28,6 @@ return new class extends Migration
         DB::table('settings')->where('key', 'REGISTER_IP_CHECK')->update(['key' => 'SETTINGS::SYSTEM:REGISTER_IP_CHECK']);
         DB::table('settings')->where('key', 'CREDITS_DISPLAY_NAME')->update(['key' => 'SETTINGS::SYSTEM:CREDITS_DISPLAY_NAME']);
         DB::table('settings')->where('key', 'ALLOCATION_LIMIT')->update(['key' => 'SETTINGS::SERVER:ALLOCATION_LIMIT']);
-        DB::table('settings')->where('key', 'SERVER_CREATE_CHARGE_FIRST_HOUR')->update(['key' => 'SETTINGS::SYSTEM:SERVER_CREATE_CHARGE_FIRST_HOUR']);
         DB::table('settings')->where('key', 'SALES_TAX')->update(['key' => 'SETTINGS::PAYMENTS:SALES_TAX']);
     }
 
@@ -52,7 +51,6 @@ return new class extends Migration
         DB::table('configurations')->where('key', 'SETTINGS::USER:FORCE_EMAIL_VERIFICATION')->update(['key' => 'FORCE_EMAIL_VERIFICATION']);
         DB::table('configurations')->where('key', 'SETTINGS::USER:FORCE_DISCORD_VERIFICATION')->update(['key' => 'FORCE_DISCORD_VERIFICATION']);
         DB::table('configurations')->where('key', 'SETTINGS::SYSTEM:REGISTER_IP_CHECK')->update(['key' => 'REGISTER_IP_CHECK']);
-        DB::table('configurations')->where('key', 'SETTINGS::SYSTEM:SERVER_CREATE_CHARGE_FIRST_HOUR')->update(['key' => 'SERVER_CREATE_CHARGE_FIRST_HOUR']);
         DB::table('configurations')->where('key', 'SETTINGS::SERVER:ALLOCATION_LIMIT')->update(['key' => 'ALLOCATION_LIMIT']);
         DB::table('configurations')->where('key', 'SETTINGS::SERVER:CREDITS_DISPLAY_NAME')->update(['key' => 'SETTINGS::SYSTEM:CREDITS_DISPLAY_NAME']);
         DB::table('configurations')->where('key', 'SETTINGS::PAYMENTS:SALES_TAX')->update(['key' => 'SALES_TAX']);

database/migrations/2023_04_03_231829_update_users_table.php

@@ -26,7 +26,7 @@ return new class extends Migration
     public function down()
     {
         Schema::table('users', function (Blueprint $table) {
-            $table->integer('pterodactyl_id')->nullable->change();
+            $table->integer('pterodactyl_id')->nullable()->change();
         });
     }
 };

database/migrations/2023_04_29_232942_create_permission_tables.php

@@ -0,0 +1,142 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+use Spatie\Permission\PermissionRegistrar;
+
+class CreatePermissionTables extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $tableNames = config('permission.table_names');
+        $columnNames = config('permission.column_names');
+        $teams = config('permission.teams');
+
+        if (empty($tableNames)) {
+            throw new \Exception('Error: config/permission.php not loaded. Run [php artisan config:clear] and try again.');
+        }
+        if ($teams && empty($columnNames['team_foreign_key'] ?? null)) {
+            throw new \Exception('Error: team_foreign_key on config/permission.php not loaded. Run [php artisan config:clear] and try again.');
+        }
+
+        Schema::create($tableNames['permissions'], function (Blueprint $table) {
+            $table->bigIncrements('id'); // permission id
+            $table->string('name');       // For MySQL 8.0 use string('name', 125);
+            $table->string('guard_name'); // For MySQL 8.0 use string('guard_name', 125);
+            $table->timestamps();
+
+            $table->unique(['name', 'guard_name']);
+        });
+
+        Schema::create($tableNames['roles'], function (Blueprint $table) use ($teams, $columnNames) {
+            $table->bigIncrements('id'); // role id
+            if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing
+                $table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable();
+                $table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index');
+            }
+            $table->string('name');       // For MySQL 8.0 use string('name', 125);
+            $table->string('color')->nullable()->default('#485460');       // For MySQL 8.0 use string('name', 125);
+            $table->string('guard_name'); // For MySQL 8.0 use string('guard_name', 125);
+            $table->timestamps();
+            if ($teams || config('permission.testing')) {
+                $table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']);
+            } else {
+                $table->unique(['name', 'guard_name']);
+            }
+        });
+
+        Schema::create($tableNames['model_has_permissions'], function (Blueprint $table) use ($tableNames, $columnNames, $teams) {
+            $table->unsignedBigInteger(PermissionRegistrar::$pivotPermission);
+
+            $table->string('model_type');
+            $table->unsignedBigInteger($columnNames['model_morph_key']);
+            $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index');
+
+            $table->foreign(PermissionRegistrar::$pivotPermission)
+                ->references('id') // permission id
+                ->on($tableNames['permissions'])
+                ->onDelete('cascade');
+            if ($teams) {
+                $table->unsignedBigInteger($columnNames['team_foreign_key']);
+                $table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index');
+
+                $table->primary([$columnNames['team_foreign_key'], PermissionRegistrar::$pivotPermission, $columnNames['model_morph_key'], 'model_type'],
+                    'model_has_permissions_permission_model_type_primary');
+            } else {
+                $table->primary([PermissionRegistrar::$pivotPermission, $columnNames['model_morph_key'], 'model_type'],
+                    'model_has_permissions_permission_model_type_primary');
+            }
+
+        });
+
+        Schema::create($tableNames['model_has_roles'], function (Blueprint $table) use ($tableNames, $columnNames, $teams) {
+            $table->unsignedBigInteger(PermissionRegistrar::$pivotRole);
+
+            $table->string('model_type');
+            $table->unsignedBigInteger($columnNames['model_morph_key']);
+            $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index');
+
+            $table->foreign(PermissionRegistrar::$pivotRole)
+                ->references('id') // role id
+                ->on($tableNames['roles'])
+                ->onDelete('cascade');
+            if ($teams) {
+                $table->unsignedBigInteger($columnNames['team_foreign_key']);
+                $table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index');
+
+                $table->primary([$columnNames['team_foreign_key'], PermissionRegistrar::$pivotRole, $columnNames['model_morph_key'], 'model_type'],
+                    'model_has_roles_role_model_type_primary');
+            } else {
+                $table->primary([PermissionRegistrar::$pivotRole, $columnNames['model_morph_key'], 'model_type'],
+                    'model_has_roles_role_model_type_primary');
+            }
+        });
+
+        Schema::create($tableNames['role_has_permissions'], function (Blueprint $table) use ($tableNames) {
+            $table->unsignedBigInteger(PermissionRegistrar::$pivotPermission);
+            $table->unsignedBigInteger(PermissionRegistrar::$pivotRole);
+
+            $table->foreign(PermissionRegistrar::$pivotPermission)
+                ->references('id') // permission id
+                ->on($tableNames['permissions'])
+                ->onDelete('cascade');
+
+            $table->foreign(PermissionRegistrar::$pivotRole)
+                ->references('id') // role id
+                ->on($tableNames['roles'])
+                ->onDelete('cascade');
+
+            $table->primary([PermissionRegistrar::$pivotPermission, PermissionRegistrar::$pivotRole], 'role_has_permissions_permission_id_role_id_primary');
+        });
+
+        app('cache')
+            ->store(config('permission.cache.store') != 'default' ? config('permission.cache.store') : null)
+            ->forget(config('permission.cache.key'));
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        $tableNames = config('permission.table_names');
+
+        if (empty($tableNames)) {
+            throw new \Exception('Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.');
+        }
+
+        Schema::drop($tableNames['role_has_permissions']);
+        Schema::drop($tableNames['model_has_roles']);
+        Schema::drop($tableNames['model_has_permissions']);
+        Schema::drop($tableNames['roles']);
+        Schema::drop($tableNames['permissions']);
+    }
+}

database/migrations/2023_05_05_090127_role_power.php

@@ -0,0 +1,38 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Artisan;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->integer('power')->after("color")->default(50);
+        });
+
+        Artisan::call('db:seed', [
+            '--class' => 'PermissionsSeeder',
+            '--force' => true
+        ]);
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->dropColumn('power');
+        });
+    }
+};

database/migrations/2023_05_05_103834_oom_killer.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('products', function (Blueprint $table) {
+            $table->boolean('oom_killer')->after("allocations")->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('products', function (Blueprint $table) {
+            $table->dropColumn('oom_killer');
+        });
+    }
+};

database/migrations/2023_05_08_092704_add_billing_period_to_products.php

@@ -0,0 +1,52 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+class AddBillingPeriodToProducts extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        // User already has installed the addon before
+        if (Schema::hasColumn("products", "billing_period")) {
+            return;
+        }
+
+        Schema::table('products', function (Blueprint $table) {
+
+            $table->string('billing_period')->default("hourly");
+            $table->decimal('price', 15, 4)->change();
+            $table->decimal('minimum_credits', 15, 4)->change();
+        });
+
+        DB::statement('UPDATE products SET billing_period="hourly"');
+
+        $products = DB::table('products')->get();
+        foreach ($products as $product) {
+            $price = $product->price;
+            $price = $price / 30 / 24;
+            DB::table('products')->where('id', $product->id)->update(['price' => $price]);
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('products', function (Blueprint $table) {
+            $table->dropColumn('billing_period');
+            $table->decimal('price', 10, 0)->change();
+            $table->float('minimum_credits')->change();
+        });
+    }
+}

database/migrations/2023_05_08_094402_update_user_credits_datatype.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class UpdateUserCreditsDatatype extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->decimal('credits', 15, 4)->default(0)->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->decimal('credits', ['11', '2'])->change();
+        });
+    }
+}