Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow viewing unlisted group pages when in group #10445

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 86 additions & 0 deletions app/Http/Controllers/GroupHistoryController.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
<?php

// Copyright (c) ppy Pty Ltd <[email protected]>. Licensed under the GNU Affero General Public License v3.0.
// See the LICENCE file in the repository root for full licence text.

declare(strict_types=1);

namespace App\Http\Controllers;

use App\Models\Group;
use App\Models\User;
use App\Models\UserGroupEvent;

class GroupHistoryController extends Controller
{
public function index()
{
$rawParams = request()->all();
$params = get_params($rawParams, null, [
'after:time',
'before:time',
'group:string',
'sort:string',
'user:string',
], ['null_missing' => true]);
$query = UserGroupEvent::visibleForUser(auth()->user());
$skipQuery = false;

if ($params['after'] !== null) {
$query->where('created_at', '>', $params['after']);
}

if ($params['before'] !== null) {
$query->where('created_at', '<', $params['before']);
}

if ($params['group'] !== null) {
// Not `app('groups')->byIdentifier(...)` because that would create the group if not found
$groupId = app('groups')->allByIdentifier()->get($params['group'])?->getKey();

if ($groupId !== null) {
$query->where('group_id', $groupId);
} else {
$skipQuery = true;
}
}

if ($params['user'] !== null) {
$userId = User::lookupWithHistory($params['user'], null, true)?->getKey();

if ($userId !== null) {
$query->where('user_id', $userId);
} else {
$skipQuery = true;
}
}

if ($skipQuery) {
$cursor = null;
$events = collect();
} else {
$cursorHelper = UserGroupEvent::makeDbCursorHelper($params['sort']);
[$events, $hasMore] = $query
->cursorSort($cursorHelper, cursor_from_params($rawParams))
->limit(50)
->getWithHasMore();
$cursor = $cursorHelper->next($events, $hasMore);
}

$eventGroupIds = $events->pluck('group_id');
$groups = app('groups')->all()->filter(
fn (Group $group) =>
$eventGroupIds->contains($group->getKey()) ||
priv_check('GroupShow', $group)->can(),
);
$json = [
'events' => json_collection($events, 'UserGroupEvent'),
'groups' => json_collection($groups, 'Group'),
...cursor_for_response($cursor),
];

return is_json_request()
? $json
: ext_view('group_history.index', compact('json'));
}
}
3 changes: 2 additions & 1 deletion app/Http/Controllers/GroupsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ class GroupsController extends Controller
public function show($id)
{
$group = app('groups')->byIdOrFail($id);
abort_unless($group->hasListing(), 404);
abort_if($group->identifier === 'default', 404);
priv_check('GroupShow', $group)->ensureCan();

$currentMode = default_mode();
$users = $group->users()
Expand Down
29 changes: 29 additions & 0 deletions app/Libraries/OsuAuthorize.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
use App\Models\Forum\Topic;
use App\Models\Forum\TopicCover;
use App\Models\Genre;
use App\Models\Group;
use App\Models\Language;
use App\Models\LegacyMatch\LegacyMatch;
use App\Models\Multiplayer\Room;
Expand All @@ -30,6 +31,7 @@
use App\Models\Traits\ReportableInterface;
use App\Models\User;
use App\Models\UserContestEntry;
use App\Models\UserGroupEvent;
use Carbon\Carbon;
use Ds;

Expand Down Expand Up @@ -1767,6 +1769,15 @@ public function checkForumTopicVote(?User $user, Topic $topic): string
return 'ok';
}

public function checkGroupShow(?User $user, Group $group): string
{
if ($group->hasListing() || $user?->isGroup($group)) {
return 'ok';
}

return 'unauthorized';
}

public function checkIsOwnClient(?User $user, Client $client): string
{
if ($user === null || $user->getKey() !== $client->user_id) {
Expand Down Expand Up @@ -1914,6 +1925,24 @@ public function checkScorePin(?User $user, ScoreBest|Solo\Score $score): string
return 'ok';
}

public function checkUserGroupEventShowActor(?User $user, UserGroupEvent $event): string
{
if ($event->group->identifier === 'default') {
return $user?->isPrivileged() ? 'ok' : 'unauthorized';
}

if ($user?->isGroup($event->group)) {
return 'ok';
}

return 'unauthorized';
}

public function checkUserGroupEventShowAll(?User $user): string
{
return 'unauthorized';
}

/**
* @param User|null $user
* @param User $pageOwner
Expand Down
3 changes: 3 additions & 0 deletions app/Libraries/RouteSection.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ class RouteSection
'friends_controller' => [
'_' => 'home',
],
'group_history_controller' => [
'_' => 'home',
],
'groups_controller' => [
'_' => 'home',
],
Expand Down
32 changes: 32 additions & 0 deletions app/Models/UserGroupEvent.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

namespace App\Models;

use App\Models\Traits\WithDbCursorHelper;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use InvalidArgumentException;

Expand All @@ -22,9 +24,12 @@
* @property string $type
* @property-read User|null $user
* @property int|null $user_id
* @method static Builder visibleForUser(User|null $user)
*/
class UserGroupEvent extends Model
{
use WithDbCursorHelper;

public const GROUP_ADD = 'group_add';
public const GROUP_REMOVE = 'group_remove';
public const GROUP_RENAME = 'group_rename';
Expand All @@ -36,6 +41,16 @@ class UserGroupEvent extends Model

public const UPDATED_AT = null;

protected const DEFAULT_SORT = 'id_desc';
protected const SORTS = [
'id_asc' => [
['column' => 'id', 'order' => 'ASC'],
],
'id_desc' => [
['column' => 'id', 'order' => 'DESC'],
],
];

protected $casts = [
'details' => 'array',
'hidden' => 'boolean',
Expand Down Expand Up @@ -147,6 +162,23 @@ public function user(): BelongsTo
return $this->belongsTo(User::class, 'user_id');
}

public function scopeVisibleForUser(Builder $query, ?User $user): void
{
if (priv_check_user($user, 'UserGroupEventShowAll')->can()) {
return;
}

$query->where('hidden', false);

$userGroupIds = priv_check_user($user, 'IsSpecialScope')->can()
? $user->groupIds()['active']
: [];

if (!empty($userGroupIds)) {
$query->orWhereIn('group_id', $userGroupIds);
}
}

public function getAttribute($key)
{
return match ($key) {
Expand Down
51 changes: 51 additions & 0 deletions app/Transformers/UserGroupEventTransformer.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
<?php

// Copyright (c) ppy Pty Ltd <[email protected]>. Licensed under the GNU Affero General Public License v3.0.
// See the LICENCE file in the repository root for full licence text.

declare(strict_types=1);

namespace App\Transformers;

use App\Models\UserGroupEvent;
use League\Fractal\Resource\ResourceInterface;

class UserGroupEventTransformer extends TransformerAbstract
{
protected array $availableIncludes = [
'actor',
];

protected array $defaultIncludes = [
'actor',
];

protected $permissions = [
'actor' => 'UserGroupEventShowActor',
];

public function transform(UserGroupEvent $event): array
{
$json = [
'created_at' => $event->created_at_json,
'group_id' => $event->group_id,
'hidden' => $event->isHidden(),
'id' => $event->id,
'type' => $event->type,
'user_id' => $event->user_id,
...$event->details,
];

unset($json['actor_name']);

return $json;
}

public function includeActor(UserGroupEvent $event): ResourceInterface
{
return $this->primitive([
'id' => $event->actor_id,
'name' => $event->details['actor_name'],
]);
}
}
11 changes: 11 additions & 0 deletions database/factories/GroupFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,22 @@ class GroupFactory extends Factory
{
protected $model = Group::class;

public function configure(): static
{
return $this->afterCreating(function () {
app('groups')->resetMemoized();
});
}

public function definition(): array
{
return [
'group_name' => fn() => "{$this->faker->colorName()} {$this->faker->domainWord()}",
'group_desc' => fn() => $this->faker->sentence(),
'identifier' => fn () => $this->faker->domainWord(),

// depends on identifier
'short_name' => fn (array $attr) => strtoupper($attr['identifier']),
];
}
}
66 changes: 66 additions & 0 deletions database/factories/UserGroupEventFactory.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
<?php

// Copyright (c) ppy Pty Ltd <[email protected]>. Licensed under the GNU Affero General Public License v3.0.
// See the LICENCE file in the repository root for full licence text.

declare(strict_types=1);

namespace Database\Factories;

use App\Models\Beatmap;
use App\Models\Group;
use App\Models\User;
use App\Models\UserGroupEvent;

class UserGroupEventFactory extends Factory
{
protected $model = UserGroupEvent::class;

public function configure(): static
{
// Fill in details after making the Model so that the caller can set
// their own details without overwriting the entire array.
return $this->afterMaking(function (UserGroupEvent $event) {
$defaultDetails = [
'actor_name' => $event->actor?->username,
'group_name' => $event->group->group_name,
'user_name' => $event->user?->username,
];

match ($event->type) {
UserGroupEvent::GROUP_RENAME => $defaultDetails['previous_group_name'] =
"Old {$event->group->group_name}",

UserGroupEvent::USER_ADD,
UserGroupEvent::USER_ADD_PLAYMODES,
UserGroupEvent::USER_REMOVE_PLAYMODES => $defaultDetails['playmodes'] =
$this->faker->randomElements(array_keys(Beatmap::MODES)),

default => null,
};

$event->details = array_merge($defaultDetails, $event->details);
});
}

public function definition(): array
{
return [
'actor_id' => User::factory(),
'details' => [],
'group_id' => Group::factory(),
'hidden' => false,
'type' => fn () => $this->faker->randomElement([
UserGroupEvent::GROUP_ADD,
UserGroupEvent::GROUP_REMOVE,
UserGroupEvent::GROUP_RENAME,
UserGroupEvent::USER_ADD,
UserGroupEvent::USER_ADD_PLAYMODES,
UserGroupEvent::USER_REMOVE,
UserGroupEvent::USER_REMOVE_PLAYMODES,
UserGroupEvent::USER_SET_DEFAULT,
]),
'user_id' => User::factory(),
];
}
}
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
},
"dependencies": {
"@discordapp/twemoji": "^14.0.2",
"@fortawesome/fontawesome-free": "^5.6.3",
"@fortawesome/fontawesome-free": "^5.15.4",
"@types/bootstrap": "^3.3.0",
"@types/d3": "^7.1.0",
"@types/grecaptcha": "^3.0.1",
Expand Down
3 changes: 3 additions & 0 deletions resources/css/bem-index.less
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,9 @@
@import "bem/game-mode";
@import "bem/game-mode-link";
@import "bem/grid-items";
@import "bem/group-history";
@import "bem/group-history-event";
@import "bem/group-history-search-form";
@import "bem/header-buttons";
@import "bem/header-nav-mobile";
@import "bem/header-nav-v4";
Expand Down
Loading