From 9585472679add29f8a64afd43e37792cd2cbd21e Mon Sep 17 00:00:00 2001
From: Diogo Peralta Cordeiro <mail@diogo.site>
Date: Tue, 28 Dec 2021 15:02:03 +0000
Subject: [PATCH] [ENTITY][Actor] Basic check if can admin for remote actors

---
 plugins/ActivityPub/ActivityPub.php | 18 ++++++++++++++
 src/Entity/Actor.php                | 38 +++++++++++++++++------------
 2 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/plugins/ActivityPub/ActivityPub.php b/plugins/ActivityPub/ActivityPub.php
index e78c69a308..efd62fe1dc 100644
--- a/plugins/ActivityPub/ActivityPub.php
+++ b/plugins/ActivityPub/ActivityPub.php
@@ -152,6 +152,24 @@ class ActivityPub extends Plugin
         return Event::next;
     }
 
+    /**
+     * Fill Actor->canAdmin() for Actors that came from ActivityPub
+     */
+    public function onFreeNetworkActorCanAdmin(Actor $actor, Actor $other, bool &$canAdmin): bool
+    {
+        // Are both in AP?
+        if (
+            !\is_null($ap_actor = ActivitypubActor::getByPK(['actor_id' => $actor->getId()]))
+            && !\is_null($ap_other = ActivitypubActor::getByPK(['actor_id' => $other->getId()]))
+        ) {
+            // Are they both in the same server?
+            $canAdmin = parse_url($ap_actor->getUri(), PHP_URL_HOST) === parse_url($ap_other->getUri(), PHP_URL_HOST);
+            return Event::stop;
+        }
+
+        return Event::next;
+    }
+
     /**
      * Overload core endpoints to make resources available in ActivityStreams 2.0
      *
diff --git a/src/Entity/Actor.php b/src/Entity/Actor.php
index b6e8a28f99..256e587374 100644
--- a/src/Entity/Actor.php
+++ b/src/Entity/Actor.php
@@ -517,22 +517,28 @@ class Actor extends Entity
      */
     public function canAdmin(self $other): bool
     {
-        switch ($other->getType()) {
-        case self::PERSON:
-            return $this->getId() === $other->getId();
-        case self::GROUP:
-            return Cache::get(
-                self::cacheKeys($this->getId(), $other->getId())['can-admin'],
-                function () use ($other) {
-                    try {
-                        return DB::findOneBy('group_member', ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getIsAdmin();
-                    } catch (NotFoundException) {
-                        return false;
-                    }
-                },
-            );
-        default:
-            return false;
+        if ($this->getIsLocal()) {
+            switch ($other->getType()) {
+                case self::PERSON:
+                    return $this->getId() === $other->getId();
+                case self::GROUP:
+                    return Cache::get(
+                        self::cacheKeys($this->getId(), $other->getId())['can-admin'],
+                        function () use ($other) {
+                            try {
+                                return DB::findOneBy('group_member', ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getIsAdmin();
+                            } catch (NotFoundException) {
+                                return false;
+                            }
+                        },
+                    );
+                default:
+                    return false;
+            }
+        } else {
+            $canAdmin = false;
+            Event::handle('FreeNetworkActorCanAdmin', [$this, $other, &$canAdmin]);
+            return $canAdmin;
         }
     }