From 3f9c86f0dfd2b0960cc1f2f72035cf70ce7d237b Mon Sep 17 00:00:00 2001 From: Diogo Peralta Cordeiro Date: Mon, 14 Feb 2022 04:35:13 +0000 Subject: [PATCH] [COMPONENT][Group] More flexible member roles than only isAdmin Refactor terminology of canAdmin to match current roles system --- components/Circle/Controller/SelfTagsSettings.php | 2 +- components/Group/Controller/Group.php | 5 +++-- components/Group/Entity/GroupMember.php | 12 ++++++------ components/Group/Group.php | 2 +- components/Posting/Posting.php | 2 +- plugins/DeleteNote/DeleteNote.php | 4 ++-- src/Entity/Actor.php | 8 ++++++-- 7 files changed, 20 insertions(+), 15 deletions(-) diff --git a/components/Circle/Controller/SelfTagsSettings.php b/components/Circle/Controller/SelfTagsSettings.php index bc8aa5293d..813607104f 100644 --- a/components/Circle/Controller/SelfTagsSettings.php +++ b/components/Circle/Controller/SelfTagsSettings.php @@ -27,7 +27,7 @@ class SelfTagsSettings extends Controller public static function settingsSelfTags(Request $request, E\Actor $target, string $details_id) { $actor = Common::actor(); - if (!$actor->canAdmin($target)) { + if (!$actor->canModerate($target)) { throw new ClientException(_m('You don\'t have enough permissions to edit {nickname}\'s settings', ['{nickname}' => $target->getNickname()])); } diff --git a/components/Group/Controller/Group.php b/components/Group/Controller/Group.php index 70434ee3af..134a8f7a6e 100644 --- a/components/Group/Controller/Group.php +++ b/components/Group/Controller/Group.php @@ -182,7 +182,7 @@ class Group extends FeedController $local_group = DB::findOneBy(LocalGroup::class, ['actor_id' => $id]); $group_actor = $local_group->getActor(); $actor = Common::actor(); - if (!\is_null($group_actor) && $actor->canAdmin($group_actor)) { + if (!\is_null($group_actor) && $actor->canModerate($group_actor)) { return [ '_template' => 'group/settings.html.twig', 'group' => $group_actor, @@ -256,7 +256,8 @@ class Group extends FeedController DB::persist(GroupMember::create([ 'group_id' => $group->getId(), 'actor_id' => $actor->getId(), - 'is_admin' => true, + // Group Owner + 'roles' => ActorLocalRoles::OPERATOR | ActorLocalRoles::MODERATOR | ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR, ])); DB::flush(); Cache::delete(E\Actor::cacheKeys($actor->getId())['subscribers']); diff --git a/components/Group/Entity/GroupMember.php b/components/Group/Entity/GroupMember.php index c1b4b3ccd4..ae02bf76d7 100644 --- a/components/Group/Entity/GroupMember.php +++ b/components/Group/Entity/GroupMember.php @@ -44,7 +44,7 @@ class GroupMember extends Entity // @codeCoverageIgnoreStart private int $group_id; private int $actor_id; - private ?bool $is_admin = false; + private int $roles; private ?string $uri = null; private DateTimeInterface $created; private DateTimeInterface $modified; @@ -71,15 +71,15 @@ class GroupMember extends Entity return $this->actor_id; } - public function setIsAdmin(?bool $is_admin): self + public function setRoles(int $roles): self { - $this->is_admin = $is_admin; + $this->roles = $roles; return $this; } - public function getIsAdmin(): ?bool + public function getRoles(): int { - return $this->is_admin; + return $this->roles; } public function setUri(?string $uri): self @@ -125,7 +125,7 @@ class GroupMember extends Entity 'fields' => [ 'group_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_group_id_fkey', 'not null' => true, 'description' => 'foreign key to group table'], 'actor_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_actor_id_fkey', 'not null' => true, 'description' => 'foreign key to actor table'], - 'is_admin' => ['type' => 'bool', 'default' => false, 'description' => 'is this actor an admin?'], + 'roles' => ['type' => 'int', 'not null' => true, 'description' => 'Bitmap of permissions this actor has'], 'uri' => ['type' => 'varchar', 'length' => 191, 'description' => 'universal identifier'], 'created' => ['type' => 'datetime', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was created'], 'modified' => ['type' => 'timestamp', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was modified'], diff --git a/components/Group/Group.php b/components/Group/Group.php index 89bd8760fd..a1d43caa7f 100644 --- a/components/Group/Group.php +++ b/components/Group/Group.php @@ -76,7 +76,7 @@ class Group extends Component { $actor = Common::actor(); $group = $vars['actor']; - if (!\is_null($actor) && $group->isGroup() && $actor->canAdmin($group)) { + if (!\is_null($actor) && $group->isGroup() && $actor->canModerate($group)) { $url = Router::url('group_settings', ['id' => $group->getId()]); $res[] = HTML::html(['a' => ['attrs' => ['href' => $url, 'title' => _m('Edit group settings'), 'class' => 'profile-extra-actions'], _m('Group settings')]]); } diff --git a/components/Posting/Posting.php b/components/Posting/Posting.php index 9138c8112a..6b2a8a0243 100644 --- a/components/Posting/Posting.php +++ b/components/Posting/Posting.php @@ -120,7 +120,7 @@ class Posting extends Component _m('Addressee') => VisibilityScope::ADDRESSEE->value, ]; if (!is_null($context_actor) && $context_actor->isGroup()) { - if ($actor->canAdmin($context_actor)) { + if ($actor->canModerate($context_actor)) { if ($context_actor->getRoles() & ActorLocalRoles::PRIVATE_GROUP) { $visibility_options = array_merge([_m('Group') => VisibilityScope::GROUP->value], $visibility_options); } else { diff --git a/plugins/DeleteNote/DeleteNote.php b/plugins/DeleteNote/DeleteNote.php index f1e666b512..20c8a010d6 100644 --- a/plugins/DeleteNote/DeleteNote.php +++ b/plugins/DeleteNote/DeleteNote.php @@ -88,7 +88,7 @@ class DeleteNote extends NoteHandlerPlugin private static function undertaker(Actor $actor, Note $note): Activity { // Check permissions - if (!$actor->canAdmin($note->getActor())) { + if (!$actor->canModerate($note->getActor())) { throw new ClientException(_m('You don\'t have permissions to delete this note.'), 401); } @@ -167,7 +167,7 @@ class DeleteNote extends NoteHandlerPlugin fn () => DB::findOneBy(Activity::class, ['verb' => 'delete', 'object_type' => 'note', 'object_id' => $note->getId()], return_null: true), )) // And has permissions - && $actor->canAdmin($note->getActor())) { + && $actor->canModerate($note->getActor())) { $delete_action_url = Router::url('delete_note_action', ['note_id' => $note->getId()]); $query_string = $request->getQueryString(); $delete_action_url .= '?from=' . mb_substr($query_string, 2); diff --git a/src/Entity/Actor.php b/src/Entity/Actor.php index b55bfa708d..e9545d1b1a 100644 --- a/src/Entity/Actor.php +++ b/src/Entity/Actor.php @@ -23,6 +23,7 @@ declare(strict_types = 1); namespace App\Entity; +use App\Core\ActorLocalRoles; use App\Core\Cache; use App\Core\DB\DB; use App\Core\Entity; @@ -34,6 +35,7 @@ use App\Util\Exception\NotFoundException; use App\Util\Formatting; use App\Util\Nickname; use Component\Avatar\Avatar; +use Component\Group\Entity\GroupMember; use Component\Language\Entity\ActorLanguage; use Component\Language\Entity\Language; use Component\Subscription\Entity\ActorSubscription; @@ -489,7 +491,7 @@ class Actor extends Entity /** * Check whether $this has permission for performing actions on behalf of $other */ - public function canAdmin(self $other): bool + public function canModerate(self $other): bool { if ($this->getIsLocal()) { switch ($other->getType()) { @@ -500,7 +502,9 @@ class Actor extends Entity self::cacheKeys($this->getId(), $other->getId())['can-admin'], function () use ($other) { try { - return DB::findOneBy('group_member', ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getIsAdmin(); + $member_roles = DB::findOneBy(GroupMember::class, ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getRoles(); + // Either a moderator or the group owner + return $member_roles & ActorLocalRoles::MODERATOR || $member_roles & ActorLocalRoles::OPERATOR; } catch (NotFoundException) { return false; }