[COMPONENT][Group] More flexible member roles than only isAdmin

Refactor terminology of canAdmin to match current roles system

components/Circle/Controller/SelfTagsSettings.php

@@ -27,7 +27,7 @@ class SelfTagsSettings extends Controller
     public static function settingsSelfTags(Request $request, E\Actor $target, string $details_id)
     {
         $actor = Common::actor();
-        if (!$actor->canAdmin($target)) {
+        if (!$actor->canModerate($target)) {
             throw new ClientException(_m('You don\'t have enough permissions to edit {nickname}\'s settings', ['{nickname}' => $target->getNickname()]));
         }
 

components/Group/Controller/Group.php

@@ -182,7 +182,7 @@ class Group extends FeedController
         $local_group = DB::findOneBy(LocalGroup::class, ['actor_id' => $id]);
         $group_actor = $local_group->getActor();
         $actor       = Common::actor();
-        if (!\is_null($group_actor) && $actor->canAdmin($group_actor)) {
+        if (!\is_null($group_actor) && $actor->canModerate($group_actor)) {
             return [
                 '_template'          => 'group/settings.html.twig',
                 'group'              => $group_actor,
@@ -256,7 +256,8 @@ class Group extends FeedController
             DB::persist(GroupMember::create([
                 'group_id' => $group->getId(),
                 'actor_id' => $actor->getId(),
-                'is_admin' => true,
+                // Group Owner
+                'roles' => ActorLocalRoles::OPERATOR | ActorLocalRoles::MODERATOR | ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR,
             ]));
             DB::flush();
             Cache::delete(E\Actor::cacheKeys($actor->getId())['subscribers']);

components/Group/Entity/GroupMember.php

@@ -44,7 +44,7 @@ class GroupMember extends Entity
     // @codeCoverageIgnoreStart
     private int $group_id;
     private int $actor_id;
-    private ?bool $is_admin = false;
+    private int $roles;
     private ?string $uri    = null;
     private DateTimeInterface $created;
     private DateTimeInterface $modified;
@@ -71,15 +71,15 @@ class GroupMember extends Entity
         return $this->actor_id;
     }
 
-    public function setIsAdmin(?bool $is_admin): self
+    public function setRoles(int $roles): self
     {
-        $this->is_admin = $is_admin;
+        $this->roles = $roles;
         return $this;
     }
 
-    public function getIsAdmin(): ?bool
+    public function getRoles(): int
     {
-        return $this->is_admin;
+        return $this->roles;
     }
 
     public function setUri(?string $uri): self
@@ -125,7 +125,7 @@ class GroupMember extends Entity
             'fields' => [
                 'group_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_group_id_fkey', 'not null' => true, 'description' => 'foreign key to group table'],
                 'actor_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_actor_id_fkey', 'not null' => true, 'description' => 'foreign key to actor table'],
-                'is_admin' => ['type' => 'bool', 'default' => false, 'description' => 'is this actor an admin?'],
+                'roles'    => ['type' => 'int', 'not null' => true, 'description' => 'Bitmap of permissions this actor has'],
                 'uri'      => ['type' => 'varchar', 'length' => 191, 'description' => 'universal identifier'],
                 'created'  => ['type' => 'datetime', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was created'],
                 'modified' => ['type' => 'timestamp', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was modified'],

components/Group/Group.php

@@ -76,7 +76,7 @@ class Group extends Component
     {
         $actor = Common::actor();
         $group = $vars['actor'];
-        if (!\is_null($actor) && $group->isGroup() && $actor->canAdmin($group)) {
+        if (!\is_null($actor) && $group->isGroup() && $actor->canModerate($group)) {
             $url   = Router::url('group_settings', ['id' => $group->getId()]);
             $res[] = HTML::html(['a' => ['attrs' => ['href' => $url, 'title' => _m('Edit group settings'), 'class' => 'profile-extra-actions'], _m('Group settings')]]);
         }

components/Posting/Posting.php

@@ -120,7 +120,7 @@ class Posting extends Component
             _m('Addressee') => VisibilityScope::ADDRESSEE->value,
         ];
         if (!is_null($context_actor) && $context_actor->isGroup()) {
-            if ($actor->canAdmin($context_actor)) {
+            if ($actor->canModerate($context_actor)) {
                 if ($context_actor->getRoles() & ActorLocalRoles::PRIVATE_GROUP) {
                     $visibility_options = array_merge([_m('Group') => VisibilityScope::GROUP->value], $visibility_options);
                 } else {

plugins/DeleteNote/DeleteNote.php

@@ -88,7 +88,7 @@ class DeleteNote extends NoteHandlerPlugin
     private static function undertaker(Actor $actor, Note $note): Activity
     {
         // Check permissions
-        if (!$actor->canAdmin($note->getActor())) {
+        if (!$actor->canModerate($note->getActor())) {
             throw new ClientException(_m('You don\'t have permissions to delete this note.'), 401);
         }
 
@@ -167,7 +167,7 @@ class DeleteNote extends NoteHandlerPlugin
                 fn () => DB::findOneBy(Activity::class, ['verb' => 'delete', 'object_type' => 'note', 'object_id' => $note->getId()], return_null: true),
             ))
             // And has permissions
-            && $actor->canAdmin($note->getActor())) {
+            && $actor->canModerate($note->getActor())) {
             $delete_action_url = Router::url('delete_note_action', ['note_id' => $note->getId()]);
             $query_string      = $request->getQueryString();
             $delete_action_url .= '?from=' . mb_substr($query_string, 2);

src/Entity/Actor.php

@@ -23,6 +23,7 @@ declare(strict_types = 1);
 
 namespace App\Entity;
 
+use App\Core\ActorLocalRoles;
 use App\Core\Cache;
 use App\Core\DB\DB;
 use App\Core\Entity;
@@ -34,6 +35,7 @@ use App\Util\Exception\NotFoundException;
 use App\Util\Formatting;
 use App\Util\Nickname;
 use Component\Avatar\Avatar;
+use Component\Group\Entity\GroupMember;
 use Component\Language\Entity\ActorLanguage;
 use Component\Language\Entity\Language;
 use Component\Subscription\Entity\ActorSubscription;
@@ -489,7 +491,7 @@ class Actor extends Entity
     /**
      * Check whether $this has permission for performing actions on behalf of $other
      */
-    public function canAdmin(self $other): bool
+    public function canModerate(self $other): bool
     {
         if ($this->getIsLocal()) {
             switch ($other->getType()) {
@@ -500,7 +502,9 @@ class Actor extends Entity
                         self::cacheKeys($this->getId(), $other->getId())['can-admin'],
                         function () use ($other) {
                             try {
-                                return DB::findOneBy('group_member', ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getIsAdmin();
+                                $member_roles = DB::findOneBy(GroupMember::class, ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getRoles();
+                                // Either a moderator or the group owner
+                                return $member_roles & ActorLocalRoles::MODERATOR || $member_roles & ActorLocalRoles::OPERATOR;
                             } catch (NotFoundException) {
                                 return false;
                             }