fix: some user group permissions

These permissions were never meant to be directly edited by staff. They should never have been added to the staff user edit page as it just caused confusion when the settings reset at the daily group change. I've now added these settings to the group directly and allow the settings on the user edit page to override the group settings. I refrained from fixing the can_download permission for now, because so many different things affect it and it will need at 3 separate permissions to control everything it does. Trying to fix it will take much more effort than what can be fixed today. Because of this, I removed the setting from the user edit page to reduce confusion from staff who don't realize it is controlled by the scheduler every hour. Relevant issue: HDInnovations#1820.

Author: Roardom

app/Console/Commands/AutoBanDisposableUsers.php

@@ -70,12 +70,7 @@ final public function handle(): void
                     if ($v->fails()) {
                         // If User Is Using A Disposable Email Set The Users Group To Banned
                         $user->group_id = $bannedGroup[0];
-                        $user->can_upload = 0;
                         $user->can_download = 0;
-                        $user->can_comment = 0;
-                        $user->can_invite = 0;
-                        $user->can_request = 0;
-                        $user->can_chat = 0;
                         $user->save();
 
                         // Log The Ban To Ban Log

app/Console/Commands/AutoDisableInactiveUsers.php

@@ -62,12 +62,7 @@ final public function handle(): void
             foreach ($users as $user) {
                 if ($user->seedingTorrents()->doesntExist()) {
                     $user->group_id = $disabledGroup[0];
-                    $user->can_upload = false;
                     $user->can_download = false;
-                    $user->can_comment = false;
-                    $user->can_invite = false;
-                    $user->can_request = false;
-                    $user->can_chat = false;
                     $user->disabled_at = Carbon::now();
                     $user->save();
 

app/Console/Commands/AutoGroup.php

@@ -77,12 +77,8 @@ final public function handle(): void
                             if ($user->group_id === UserGroup::LEECH->value) {
                                 // Keep these as 0/1 instead of false/true
                                 // because it reduces 6% custom casting overhead
-                                $user->can_request = 0;
-                                $user->can_invite = 0;
                                 $user->can_download = 0;
                             } else {
-                                $user->can_request = 1;
-                                $user->can_invite = 1;
                                 $user->can_download = 1;
                             }
 

app/Console/Commands/AutoSoftDeleteDisabledUsers.php

@@ -71,12 +71,7 @@ final public function handle(): void
 
             foreach ($users as $user) {
                 $user->update([
-                    'can_upload'   => false,
                     'can_download' => false,
-                    'can_comment'  => false,
-                    'can_invite'   => false,
-                    'can_request'  => false,
-                    'can_chat'     => false,
                     'group_id'     => UserGroup::PRUNED->value,
                     'deleted_by'   => User::SYSTEM_USER_ID,
                 ]);

app/Http/Controllers/API/ChatController.php

@@ -142,7 +142,7 @@ public function createMessage(Request $request): \Illuminate\Contracts\Routing\R
         $targeted = $request->input('targeted');
         $save = $request->get('save');
 
-        if ($user->can_chat === false) {
+        if (!($user->can_chat ?? $user->group->can_chat)) {
             return response('error', 401);
         }
 

app/Http/Controllers/Staff/BanController.php

@@ -55,12 +55,7 @@ public function store(StoreBanRequest $request): \Illuminate\Http\RedirectRespon
 
         $user->update([
             'group_id'     => $bannedGroup[0],
-            'can_upload'   => 0,
             'can_download' => 0,
-            'can_comment'  => 0,
-            'can_invite'   => 0,
-            'can_request'  => 0,
-            'can_chat'     => 0,
         ]);
 
         $ban = Ban::create(['created_by' => $staff->id] + $request->validated());

app/Http/Controllers/Staff/MassActionController.php

@@ -72,11 +72,7 @@ public function update(): \Illuminate\Http\RedirectResponse
             $user->update([
                 'group_id'          => $memberGroup[0],
                 'active'            => 1,
-                'can_upload'        => 1,
                 'can_download'      => 1,
-                'can_request'       => 1,
-                'can_comment'       => 1,
-                'can_invite'        => 1,
                 'email_verified_at' => now(),
             ]);
 

app/Http/Controllers/Staff/UnbanController.php

@@ -41,12 +41,7 @@ public function store(StoreUnbanRequest $request): \Illuminate\Http\RedirectResp
 
         $user->update([
             'group_id'     => $request->group_id,
-            'can_upload'   => 1,
             'can_download' => 1,
-            'can_comment'  => 1,
-            'can_invite'   => 1,
-            'can_request'  => 1,
-            'can_chat'     => 1,
         ]);
 
         Ban::create([

app/Http/Controllers/Staff/UserController.php

@@ -93,12 +93,12 @@ public function update(UpdateUserRequest $request, User $user): \Illuminate\Http
     public function permissions(Request $request, User $user): \Illuminate\Http\RedirectResponse
     {
         $user->update([
-            'can_upload'   => $request->boolean('can_upload'),
+            'can_chat'     => $request->filled('can_chat') ? $request->boolean('can_chat') : null,
+            'can_comment'  => $request->filled('can_comment') ? $request->boolean('can_comment') : null,
             'can_download' => $request->boolean('can_download'),
-            'can_comment'  => $request->boolean('can_comment'),
-            'can_invite'   => $request->boolean('can_invite'),
-            'can_request'  => $request->boolean('can_request'),
-            'can_chat'     => $request->boolean('can_chat'),
+            'can_invite'   => $request->filled('can_invite') ? $request->boolean('can_invite') : null,
+            'can_request'  => $request->filled('can_request') ? $request->boolean('can_request') : null,
+            'can_upload'   => $request->filled('can_upload') ? $request->boolean('can_upload') : null,
         ]);
 
         cache()->forget('user:'.$user->passkey);
@@ -117,12 +117,7 @@ protected function destroy(Request $request, User $user): \Illuminate\Http\Redir
         abort_if($user->group->is_modo || $request->user()->is($user), 403);
 
         $user->update([
-            'can_upload'   => false,
             'can_download' => false,
-            'can_comment'  => false,
-            'can_invite'   => false,
-            'can_request'  => false,
-            'can_chat'     => false,
             'group_id'     => UserGroup::PRUNED->value,
             'deleted_by'   => auth()->id(),
         ]);

app/Http/Controllers/TorrentController.php

@@ -377,7 +377,7 @@ public function create(Request $request): \Illuminate\Contracts\View\Factory|\Il
     public function store(StoreTorrentRequest $request): \Illuminate\Http\RedirectResponse
     {
         $user = $request->user();
-        abort_if($user->can_upload === false || $user->group->can_upload == 0, 403, __('torrent.cant-upload').' '.__('torrent.cant-upload-desc'));
+        abort_unless($user->can_upload ?? $user->group->can_upload, 403, __('torrent.cant-upload').' '.__('torrent.cant-upload-desc'));
 
         abort_if(\is_array($request->file('torrent')), 400);
 

app/Http/Controllers/User/InviteController.php

@@ -57,7 +57,7 @@ public function create(Request $request, User $user): \Illuminate\Contracts\View
                 ->withErrors(trans('user.invites-disabled'));
         }
 
-        if ($user->can_invite == 0) {
+        if (!($user->can_invite ?? $user->group->can_invite)) {
             return to_route('home.index')
                 ->withErrors(trans('user.invites-banned'));
         }
@@ -82,7 +82,7 @@ public function create(Request $request, User $user): \Illuminate\Contracts\View
      */
     public function store(Request $request, User $user): \Illuminate\Http\RedirectResponse
     {
-        abort_unless($request->user()->is($user) && $user->can_invite, 403);
+        abort_unless($request->user()->is($user) && ($user->can_invite ?? $user->group->can_invite), 403);
 
         if (config('other.invites_restriced') && !\in_array($user->group->name, config('other.invite_groups'), true)) {
             return to_route('home.index')
@@ -135,7 +135,7 @@ public function store(Request $request, User $user): \Illuminate\Http\RedirectRe
      */
     public function destroy(Request $request, User $user, Invite $sentInvite): \Illuminate\Http\RedirectResponse
     {
-        abort_unless($request->user()->group->is_modo || ($request->user()->is($user) && $user->can_invite), 403);
+        abort_unless($request->user()->group->is_modo || ($request->user()->is($user) && ($user->can_invite ?? $user->group->can_invite)), 403);
 
         if ($sentInvite->accepted_by !== null) {
             return to_route('users.invites.index', ['user' => $user])
@@ -158,7 +158,7 @@ public function destroy(Request $request, User $user, Invite $sentInvite): \Illu
      */
     public function send(Request $request, User $user, Invite $sentInvite): \Illuminate\Http\RedirectResponse
     {
-        abort_unless($request->user()->group->is_modo || ($request->user()->is($user) && $user->can_invite), 403);
+        abort_unless($request->user()->group->is_modo || ($request->user()->is($user) && ($user->can_invite ?? $user->group->can_invite)), 403);
 
         if ($sentInvite->accepted_by !== null) {
             return to_route('users.invites.index', ['user' => $user])

app/Http/Livewire/Comment.php

@@ -131,7 +131,7 @@ final public function deleteComment(): void
 
     final public function postReply(): void
     {
-        abort_if(!$this->model instanceof Ticket && auth()->user()->can_comment === false, 403, __('comment.rights-revoked'));
+        abort_unles($this->model instanceof Ticket || (auth()->user()->can_comment ?? auth()->user()->group->can_comment), 403, __('comment.rights-revoked'));
 
         abort_if($this->model instanceof Torrent && $this->model->status !== Torrent::APPROVED, 403, __('comment.torrent-status'));
 

app/Http/Livewire/Comments.php

@@ -112,7 +112,7 @@ final public function loadMore(): void
     final public function postComment(): void
     {
         // Authorization
-        abort_if(!$this->model instanceof Ticket && $this->user->can_comment === false, 403, __('comment.rights-revoked'));
+        abort_unless($this->model instanceof Ticket || ($this->user->can_comment ?? $this->user->group->can_comment), 403, __('comment.rights-revoked'));
 
         abort_if($this->model instanceof Torrent && $this->model->status !== Torrent::APPROVED, 403, __('comment.torrent-status'));
 

app/Http/Requests/Staff/StoreGroupRequest.php

@@ -111,6 +111,22 @@ public function rules(Request $request): array
                 'required',
                 'boolean',
             ],
+            'can_chat' => [
+                'required',
+                'boolean',
+            ],
+            'can_comment' => [
+                'required',
+                'boolean',
+            ],
+            'can_invite' => [
+                'required',
+                'boolean',
+            ],
+            'can_request' => [
+                'required',
+                'boolean',
+            ],
             'can_upload' => [
                 'required',
                 'boolean',

app/Http/Requests/Staff/UpdateGroupRequest.php

@@ -117,6 +117,22 @@ public function rules(Request $request): array
                 'required',
                 'boolean',
             ],
+            'can_chat' => [
+                'required',
+                'boolean',
+            ],
+            'can_comment' => [
+                'required',
+                'boolean',
+            ],
+            'can_invite' => [
+                'required',
+                'boolean',
+            ],
+            'can_request' => [
+                'required',
+                'boolean',
+            ],
             'can_upload' => [
                 'required',
                 'boolean',

app/Models/Group.php

@@ -44,6 +44,10 @@
  * @property bool     $is_freeleech
  * @property bool     $is_double_upload
  * @property bool     $is_refundable
+ * @property bool     $can_chat
+ * @property bool     $can_comment
+ * @property bool     $can_invite
+ * @property bool     $can_request
  * @property bool     $can_upload
  * @property bool     $is_incognito
  * @property bool     $autogroup
@@ -65,7 +69,28 @@ class Group extends Model
     /**
      * Get the attributes that should be cast.
      *
-     * @return array{is_uploader: 'bool', is_internal: 'bool', is_editor: 'bool', is_owner: 'bool', is_admin: 'bool', is_modo: 'bool', is_trusted: 'bool', is_immune: 'bool', is_freeleech: 'bool', is_double_upload: 'bool', is_refundable: 'bool', can_upload: 'bool', is_incognito: 'bool', autogroup: 'bool', system_required: 'bool', min_ratio: 'decimal:2'}
+     * @return array{
+     *     is_uploader: 'bool',
+     *     is_internal: 'bool',
+     *     is_editor: 'bool',
+     *     is_owner: 'bool',
+     *     is_admin: 'bool',
+     *     is_modo: 'bool',
+     *     is_trusted: 'bool',
+     *     is_immune: 'bool',
+     *     is_freeleech: 'bool',
+     *     is_double_upload: 'bool',
+     *     is_refundable: 'bool',
+     *     can_chat: 'bool',
+     *     can_comment: 'bool',
+     *     can_invite: 'bool',
+     *     can_request: 'bool',
+     *     can_upload: 'bool',
+     *     is_incognito: 'bool',
+     *     autogroup: 'bool',
+     *     system_required: 'bool',
+     *     min_ratio: 'decimal:2',
+     * }
      */
     protected function casts(): array
     {
@@ -81,6 +106,10 @@ protected function casts(): array
             'is_freeleech'     => 'bool',
             'is_double_upload' => 'bool',
             'is_refundable'    => 'bool',
+            'can_chat'         => 'bool',
+            'can_comment'      => 'bool',
+            'can_invite'       => 'bool',
+            'can_request'      => 'bool',
             'can_upload'       => 'bool',
             'is_incognito'     => 'bool',
             'autogroup'        => 'bool',

app/Providers/FortifyServiceProvider.php

@@ -59,12 +59,7 @@ public function toResponse($request): \Illuminate\Http\RedirectResponse
 
                 if ($user->group_id == $disabledGroup[0]) {
                     $user->group_id = $memberGroup[0];
-                    $user->can_upload = 1;
                     $user->can_download = 1;
-                    $user->can_comment = 1;
-                    $user->can_invite = 1;
-                    $user->can_request = 1;
-                    $user->can_chat = 1;
                     $user->disabled_at = null;
                     $user->save();
 
@@ -123,11 +118,7 @@ public function toResponse($request): \Illuminate\Http\RedirectResponse|\Illumin
 
                 if ($user->group_id !== $bannedGroup[0]) {
                     if ($user->group_id === $validatingGroup[0]) {
-                        $user->can_upload = 1;
                         $user->can_download = 1;
-                        $user->can_request = 1;
-                        $user->can_comment = 1;
-                        $user->can_invite = 1;
                         $user->group_id = $memberGroup[0];
                         $user->active = true;
                         $user->save();

database/factories/GroupFactory.php

@@ -52,6 +52,10 @@ public function definition(): array
             'is_freeleech'     => $this->faker->boolean(),
             'is_double_upload' => $this->faker->boolean(),
             'is_refundable'    => $this->faker->boolean(),
+            'can_chat'         => $this->faker->boolean(),
+            'can_comment'      => $this->faker->boolean(),
+            'can_invite'       => $this->faker->boolean(),
+            'can_request'      => $this->faker->boolean(),
             'can_upload'       => $this->faker->boolean(),
             'is_incognito'     => $this->faker->boolean(),
             'autogroup'        => $this->faker->boolean(),

database/migrations/2024_07_26_211112_fix_some_user_group_perms.php

@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * NOTICE OF LICENSE.
+ *
+ * UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
+ * The details is bundled with this project in the file LICENSE.txt.
+ *
+ * @project    UNIT3D Community Edition
+ *
+ * @author     Roardom <roardom@protonmail.com>
+ * @license    https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
+ */
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class () extends Migration {
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('users', function (Blueprint $table): void {
+            $table->boolean('can_chat')->nullable()->change();
+            $table->boolean('can_comment')->nullable()->change();
+            $table->boolean('can_invite')->nullable()->change();
+            $table->boolean('can_request')->nullable()->after('can_invite')->change();
+            $table->boolean('can_upload')->nullable()->change();
+        });
+
+        Schema::table('groups', function (Blueprint $table): void {
+            $table->boolean('can_chat')->after('is_refundable');
+            $table->boolean('can_comment')->after('can_chat');
+            $table->boolean('can_invite')->after('can_comment');
+            $table->boolean('can_request')->after('can_invite');
+        });
+
+        DB::table('users')->update([
+            'can_chat'    => null,
+            'can_comment' => null,
+            'can_invite'  => null,
+            'can_request' => null,
+            'can_upload'  => null,
+        ]);
+
+        DB::table('groups')
+            ->whereNotIn('slug', [
+                'validating',
+                'guest',
+                'banned',
+                'bot',
+                'leech',
+                'disabled',
+                'pruned',
+            ])
+            ->update([
+                'can_comment' => true,
+                'can_chat'    => true,
+                'can_request' => true,
+                'can_invite'  => true,
+            ]);
+    }
+};