wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[COMPONENT][Group] More flexible member roles than only isAdmin

Browse Source 
Refactor terminology of canAdmin to match current roles system
This commit is contained in:
Diogo Peralta Cordeiro 2022-02-14 04:35:13 +00:00
parent bc63c3727a
commit 3f9c86f0df
No known key found for this signature in database
GPG Key ID: 18D2D35001FBFAB0
7 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/Circle/Controller/SelfTagsSettings.php
View File

@ -27,7 +27,7 @@ class SelfTagsSettings extends Controller
public static function settingsSelfTags(Request $request, E\Actor $target, string $details_id) public static function settingsSelfTags(Request $request, E\Actor $target, string $details_id)
{ {
$actor = Common::actor(); $actor = Common::actor();
if (!$actor->canAdmin($target)) { if (!$actor->canModerate($target)) {
throw new ClientException(_m('You don\'t have enough permissions to edit {nickname}\'s settings', ['{nickname}' => $target->getNickname()])); throw new ClientException(_m('You don\'t have enough permissions to edit {nickname}\'s settings', ['{nickname}' => $target->getNickname()]));
} }

5
components/Group/Controller/Group.php
View File

@ -182,7 +182,7 @@ class Group extends FeedController
$local_group = DB::findOneBy(LocalGroup::class, ['actor_id' => $id]); $local_group = DB::findOneBy(LocalGroup::class, ['actor_id' => $id]);
$group_actor = $local_group->getActor(); $group_actor = $local_group->getActor();
$actor = Common::actor(); $actor = Common::actor();
if (!\is_null($group_actor) && $actor->canAdmin($group_actor)) { if (!\is_null($group_actor) && $actor->canModerate($group_actor)) {
return [ return [
'_template' => 'group/settings.html.twig', '_template' => 'group/settings.html.twig',
'group' => $group_actor, 'group' => $group_actor,
@ -256,7 +256,8 @@ class Group extends FeedController
DB::persist(GroupMember::create([ DB::persist(GroupMember::create([
'group_id' => $group->getId(), 'group_id' => $group->getId(),
'actor_id' => $actor->getId(), 'actor_id' => $actor->getId(),
'is_admin' => true, // Group Owner
'roles' => ActorLocalRoles::OPERATOR | ActorLocalRoles::MODERATOR | ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR,
])); ]));
DB::flush(); DB::flush();
Cache::delete(E\Actor::cacheKeys($actor->getId())['subscribers']); Cache::delete(E\Actor::cacheKeys($actor->getId())['subscribers']);

12
components/Group/Entity/GroupMember.php
View File

@ -44,7 +44,7 @@ class GroupMember extends Entity
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
private int $group_id; private int $group_id;
private int $actor_id; private int $actor_id;
private ?bool $is_admin = false; private int $roles;
private ?string $uri = null; private ?string $uri = null;
private DateTimeInterface $created; private DateTimeInterface $created;
private DateTimeInterface $modified; private DateTimeInterface $modified;
@ -71,15 +71,15 @@ class GroupMember extends Entity
return $this->actor_id; return $this->actor_id;
} }
public function setIsAdmin(?bool $is_admin): self public function setRoles(int $roles): self
{ {
$this->is_admin = $is_admin; $this->roles = $roles;
return $this; return $this;
} }
public function getIsAdmin(): ?bool public function getRoles(): int
{ {
return $this->is_admin; return $this->roles;
} }
public function setUri(?string $uri): self public function setUri(?string $uri): self
@ -125,7 +125,7 @@ class GroupMember extends Entity
'fields' => [ 'fields' => [
'group_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_group_id_fkey', 'not null' => true, 'description' => 'foreign key to group table'], 'group_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_group_id_fkey', 'not null' => true, 'description' => 'foreign key to group table'],
'actor_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_actor_id_fkey', 'not null' => true, 'description' => 'foreign key to actor table'], 'actor_id' => ['type' => 'int', 'foreign key' => true, 'target' => 'Actor.id', 'multiplicity' => 'one to one', 'name' => 'group_member_actor_id_fkey', 'not null' => true, 'description' => 'foreign key to actor table'],
'is_admin' => ['type' => 'bool', 'default' => false, 'description' => 'is this actor an admin?'], 'roles' => ['type' => 'int', 'not null' => true, 'description' => 'Bitmap of permissions this actor has'],
'uri' => ['type' => 'varchar', 'length' => 191, 'description' => 'universal identifier'], 'uri' => ['type' => 'varchar', 'length' => 191, 'description' => 'universal identifier'],
'created' => ['type' => 'datetime', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was created'], 'created' => ['type' => 'datetime', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was created'],
'modified' => ['type' => 'timestamp', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was modified'], 'modified' => ['type' => 'timestamp', 'not null' => true, 'default' => 'CURRENT_TIMESTAMP', 'description' => 'date this record was modified'],

2
components/Group/Group.php
View File

@ -76,7 +76,7 @@ class Group extends Component
{ {
$actor = Common::actor(); $actor = Common::actor();
$group = $vars['actor']; $group = $vars['actor'];
if (!\is_null($actor) && $group->isGroup() && $actor->canAdmin($group)) { if (!\is_null($actor) && $group->isGroup() && $actor->canModerate($group)) {
$url = Router::url('group_settings', ['id' => $group->getId()]); $url = Router::url('group_settings', ['id' => $group->getId()]);
$res[] = HTML::html(['a' => ['attrs' => ['href' => $url, 'title' => _m('Edit group settings'), 'class' => 'profile-extra-actions'], _m('Group settings')]]); $res[] = HTML::html(['a' => ['attrs' => ['href' => $url, 'title' => _m('Edit group settings'), 'class' => 'profile-extra-actions'], _m('Group settings')]]);
} }

2
components/Posting/Posting.php
View File

@ -120,7 +120,7 @@ class Posting extends Component
_m('Addressee') => VisibilityScope::ADDRESSEE->value, _m('Addressee') => VisibilityScope::ADDRESSEE->value,
]; ];
if (!is_null($context_actor) && $context_actor->isGroup()) { if (!is_null($context_actor) && $context_actor->isGroup()) {
if ($actor->canAdmin($context_actor)) { if ($actor->canModerate($context_actor)) {
if ($context_actor->getRoles() & ActorLocalRoles::PRIVATE_GROUP) { if ($context_actor->getRoles() & ActorLocalRoles::PRIVATE_GROUP) {
$visibility_options = array_merge([_m('Group') => VisibilityScope::GROUP->value], $visibility_options); $visibility_options = array_merge([_m('Group') => VisibilityScope::GROUP->value], $visibility_options);
} else { } else {

4
plugins/DeleteNote/DeleteNote.php
View File

@ -88,7 +88,7 @@ class DeleteNote extends NoteHandlerPlugin
private static function undertaker(Actor $actor, Note $note): Activity private static function undertaker(Actor $actor, Note $note): Activity
{ {
// Check permissions // Check permissions
if (!$actor->canAdmin($note->getActor())) { if (!$actor->canModerate($note->getActor())) {
throw new ClientException(_m('You don\'t have permissions to delete this note.'), 401); throw new ClientException(_m('You don\'t have permissions to delete this note.'), 401);
} }
@ -167,7 +167,7 @@ class DeleteNote extends NoteHandlerPlugin
fn () => DB::findOneBy(Activity::class, ['verb' => 'delete', 'object_type' => 'note', 'object_id' => $note->getId()], return_null: true), fn () => DB::findOneBy(Activity::class, ['verb' => 'delete', 'object_type' => 'note', 'object_id' => $note->getId()], return_null: true),
)) ))
// And has permissions // And has permissions
&& $actor->canAdmin($note->getActor())) { && $actor->canModerate($note->getActor())) {
$delete_action_url = Router::url('delete_note_action', ['note_id' => $note->getId()]); $delete_action_url = Router::url('delete_note_action', ['note_id' => $note->getId()]);
$query_string = $request->getQueryString(); $query_string = $request->getQueryString();
$delete_action_url .= '?from=' . mb_substr($query_string, 2); $delete_action_url .= '?from=' . mb_substr($query_string, 2);

8
src/Entity/Actor.php
View File

@ -23,6 +23,7 @@ declare(strict_types = 1);
namespace App\Entity; namespace App\Entity;
use App\Core\ActorLocalRoles;
use App\Core\Cache; use App\Core\Cache;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Core\Entity; use App\Core\Entity;
@ -34,6 +35,7 @@ use App\Util\Exception\NotFoundException;
use App\Util\Formatting; use App\Util\Formatting;
use App\Util\Nickname; use App\Util\Nickname;
use Component\Avatar\Avatar; use Component\Avatar\Avatar;
use Component\Group\Entity\GroupMember;
use Component\Language\Entity\ActorLanguage; use Component\Language\Entity\ActorLanguage;
use Component\Language\Entity\Language; use Component\Language\Entity\Language;
use Component\Subscription\Entity\ActorSubscription; use Component\Subscription\Entity\ActorSubscription;
@ -489,7 +491,7 @@ class Actor extends Entity
/** /**
* Check whether $this has permission for performing actions on behalf of $other * Check whether $this has permission for performing actions on behalf of $other
*/ */
public function canAdmin(self $other): bool public function canModerate(self $other): bool
{ {
if ($this->getIsLocal()) { if ($this->getIsLocal()) {
switch ($other->getType()) { switch ($other->getType()) {
@ -500,7 +502,9 @@ class Actor extends Entity
self::cacheKeys($this->getId(), $other->getId())['can-admin'], self::cacheKeys($this->getId(), $other->getId())['can-admin'],
function () use ($other) { function () use ($other) {
try { try {
return DB::findOneBy('group_member', ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getIsAdmin(); $member_roles = DB::findOneBy(GroupMember::class, ['group_id' => $other->getId(), 'actor_id' => $this->getId()])->getRoles();
// Either a moderator or the group owner
return $member_roles & ActorLocalRoles::MODERATOR || $member_roles & ActorLocalRoles::OPERATOR;
} catch (NotFoundException) { } catch (NotFoundException) {
return false; return false;
} }