pixelfed/app/Http/Controllers/GroupController.php

<?php

namespace App\Http\Controllers;

use App\Instance;
use App\Models\Group;
use App\Models\GroupBlock;
use App\Models\GroupCategory;
use App\Models\GroupInvitation;
use App\Models\GroupLike;
use App\Models\GroupLimit;
use App\Models\GroupMember;
use App\Models\GroupPost;
use App\Models\GroupReport;
use App\Profile;
use App\Services\AccountService;
use App\Services\GroupService;
use App\Services\HashidService;
use App\Services\StatusService;
use App\Status;
use App\User;
use Illuminate\Http\Request;
use Storage;

class GroupController extends GroupFederationController
{
    public function __construct()
    {
        $this->middleware('auth');
    }

    public function index(Request $request)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);

        return view('layouts.spa');
    }

    public function home(Request $request)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);

        return view('layouts.spa');
    }

    public function show(Request $request, $id, $path = false)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::find($id);

        if (! $group || $group->status) {
            return response()->view('groups.unavailable')->setStatusCode(404);
        }

        if ($request->wantsJson()) {
            return $this->showGroupObject($group);
        }

        return view('layouts.spa', compact('id', 'path'));
    }

    public function showStatus(Request $request, $gid, $sid)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::find($gid);
        $pid = optional($request->user())->profile_id ?? false;

        if (! $group || $group->status) {
            return response()->view('groups.unavailable')->setStatusCode(404);
        }

        if ($group->is_private) {
            abort_if(! $request->user(), 404);
            abort_if(! $group->isMember($pid), 404);
        }

        $gp = GroupPost::whereGroupId($gid)
            ->findOrFail($sid);

        return view('layouts.spa', compact('group', 'gp'));
    }

    public function getGroup(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::whereNull('status')->findOrFail($id);
        $pid = optional($request->user())->profile_id ?? false;

        $group = $this->toJson($group, $pid);

        return response()->json($group, 200, [], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
    }

    public function showStatusLikes(Request $request, $id, $sid)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::findOrFail($id);
        $user = $request->user();
        $pid = $user->profile_id;
        abort_if(! $group->isMember($pid), 404);
        $status = GroupPost::whereGroupId($id)->findOrFail($sid);
        $likes = GroupLike::whereStatusId($sid)
            ->cursorPaginate(10)
            ->map(function ($l) use ($group) {
                $account = AccountService::get($l->profile_id);
                $account['url'] = "/groups/{$group->id}/user/{$account['id']}";

                return $account;
            })
            ->filter(function ($l) {
                return $l && isset($l['id']);
            })
            ->values();

        return $likes;
    }

    public function groupSettings(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);
        abort_if(! in_array($group->selfRole($pid), ['founder', 'admin']), 404);

        return view('groups.settings', compact('group'));
    }

    public function joinGroup(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if($group->isMember($pid), 404);

        if (! $request->user()->is_admin) {
            abort_if(GroupService::getRejoinTimeout($group->id, $pid), 422, 'Cannot re-join this group for 24 hours after leaving or cancelling a request to join');
        }

        $member = new GroupMember;
        $member->group_id = $group->id;
        $member->profile_id = $pid;
        $member->role = 'member';
        $member->local_group = true;
        $member->local_profile = true;
        $member->join_request = $group->is_private;
        $member->save();

        GroupService::delSelf($group->id, $pid);
        GroupService::log(
            $group->id,
            $pid,
            'group:joined',
            null,
            GroupMember::class,
            $member->id
        );

        $group = $this->toJson($group, $pid);

        return $group;
    }

    public function updateGroup(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        $this->validate($request, [
            'description' => 'nullable|max:500',
            'membership' => 'required|in:all,local,private',
            'avatar' => 'nullable',
            'header' => 'nullable',
            'discoverable' => 'required',
            'activitypub' => 'required',
            'is_nsfw' => 'required',
            'category' => 'required|string|in:'.implode(',', GroupService::categories()),
        ]);

        $pid = $request->user()->profile_id;
        $group = Group::whereProfileId($pid)->findOrFail($id);
        $member = GroupMember::whereGroupId($group->id)->whereProfileId($pid)->firstOrFail();

        abort_if($member->role != 'founder', 403, 'Invalid group permission');

        $metadata = $group->metadata;
        $len = $group->is_private ? 12 : 4;

        if ($request->hasFile('avatar')) {
            $avatar = $request->file('avatar');

            if ($avatar) {
                if (isset($metadata['avatar']) &&
                    isset($metadata['avatar']['path']) &&
                    Storage::exists($metadata['avatar']['path'])
                ) {
                    Storage::delete($metadata['avatar']['path']);
                }

                $fileName = 'avatar_'.strtolower(str_random($len)).'.'.$avatar->extension();
                $path = $avatar->storePubliclyAs('public/g/'.$group->id.'/meta', $fileName);
                $url = url(Storage::url($path));
                $metadata['avatar'] = [
                    'path' => $path,
                    'url' => $url,
                    'updated_at' => now(),
                ];
            }
        }

        if ($request->hasFile('header')) {
            $header = $request->file('header');

            if ($header) {
                if (isset($metadata['header']) &&
                    isset($metadata['header']['path']) &&
                    Storage::exists($metadata['header']['path'])
                ) {
                    Storage::delete($metadata['header']['path']);
                }

                $fileName = 'header_'.strtolower(str_random($len)).'.'.$header->extension();
                $path = $header->storePubliclyAs('public/g/'.$group->id.'/meta', $fileName);
                $url = url(Storage::url($path));
                $metadata['header'] = [
                    'path' => $path,
                    'url' => $url,
                    'updated_at' => now(),
                ];
            }
        }

        $cat = GroupService::categoryById($group->category_id);
        if ($request->category !== $cat['name']) {
            $group->category_id = GroupCategory::whereName($request->category)->first()->id;
        }

        $changes = null;
        $group->description = e($request->input('description', null));
        $group->is_private = $request->input('membership') == 'private';
        $group->local_only = $request->input('membership') == 'local';
        $group->activitypub = $request->input('activitypub') == 'true';
        $group->discoverable = $request->input('discoverable') == 'true';
        $group->is_nsfw = $request->input('is_nsfw') == 'true';
        $group->metadata = $metadata;
        if ($group->isDirty()) {
            $changes = $group->getDirty();
        }
        $group->save();

        GroupService::log(
            $group->id,
            $pid,
            'group:settings:updated',
            $changes
        );

        GroupService::del($group->id);

        $res = $this->toJson($group, $pid);

        return $res;
    }

    protected function toJson($group, $pid = false)
    {
        abort_unless(config('groups.enabled'), 404);

        return GroupService::get($group->id, $pid);
    }

    public function groupLeave(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);

        $pid = $request->user()->profile_id;
        $group = Group::findOrFail($id);

        abort_if($pid == $group->profile_id, 422, 'Cannot leave a group you created');

        abort_if(! $group->isMember($pid), 403, 'Not a member of group.');

        GroupMember::whereGroupId($group->id)->whereProfileId($pid)->delete();
        GroupService::del($group->id);
        GroupService::delSelf($group->id, $pid);
        GroupService::setRejoinTimeout($group->id, $pid);

        return [200];
    }

    public function cancelJoinRequest(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);

        $pid = $request->user()->profile_id;
        $group = Group::findOrFail($id);

        abort_if($pid == $group->profile_id, 422, 'Cannot leave a group you created');
        abort_if($group->isMember($pid), 422, 'Cannot cancel approved join request, please leave group instead.');

        GroupMember::whereGroupId($group->id)->whereProfileId($pid)->delete();
        GroupService::del($group->id);
        GroupService::delSelf($group->id, $pid);
        GroupService::setRejoinTimeout($group->id, $pid);

        return [200];
    }

    public function metaBlockSearch(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);
        abort_if(! in_array($group->selfRole($pid), ['founder', 'admin']), 404);

        $type = $request->input('type');
        $item = $request->input('item');

        switch ($type) {
            case 'instance':
                $res = Instance::whereDomain($item)->first();
                if ($res) {
                    abort_if(GroupBlock::whereGroupId($group->id)->whereInstanceId($res->id)->exists(), 400);
                }
                break;

            case 'user':
                $res = Profile::whereUsername($item)->first();
                if ($res) {
                    abort_if(GroupBlock::whereGroupId($group->id)->whereProfileId($res->id)->exists(), 400);
                }
                if ($res->user_id != null) {
                    abort_if(User::whereIsAdmin(true)->whereId($res->user_id)->exists(), 400);
                }
                break;
        }

        return response()->json((bool) $res, ($res ? 200 : 404));
    }

    public function reportCreate(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);

        $id = $request->input('id');
        $type = $request->input('type');
        $types = [
            // original 3
            'spam',
            'sensitive',
            'abusive',

            // new
            'underage',
            'violence',
            'copyright',
            'impersonation',
            'scam',
            'terrorism',
        ];

        $gp = GroupPost::whereGroupId($group->id)->find($id);
        abort_if(! $gp, 422, 'Cannot report an invalid or deleted post');
        abort_if(! in_array($type, $types), 422, 'Invalid report type');
        abort_if($gp->profile_id === $pid, 422, 'Cannot report your own post');
        abort_if(
            GroupReport::whereGroupId($group->id)
                ->whereProfileId($pid)
                ->whereItemType(GroupPost::class)
                ->whereItemId($id)
                ->exists(),
            422,
            'You already reported this'
        );

        $report = new GroupReport;
        $report->group_id = $group->id;
        $report->profile_id = $pid;
        $report->type = $type;
        $report->item_type = GroupPost::class;
        $report->item_id = $id;
        $report->open = true;
        $report->save();

        GroupService::log(
            $group->id,
            $pid,
            'group:report:create',
            [
                'type' => $type,
                'report_id' => $report->id,
                'status_id' => $gp->status_id,
                'profile_id' => $gp->profile_id,
                'username' => optional(AccountService::get($gp->profile_id))['acct'],
                'gpid' => $gp->id,
                'url' => $gp->url(),
            ],
            GroupReport::class,
            $report->id
        );

        return response([200]);
    }

    public function reportAction(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);
        abort_if(! in_array($group->selfRole($pid), ['founder', 'admin']), 404);

        $this->validate($request, [
            'action' => 'required|in:cw,delete,ignore',
            'id' => 'required|string',
        ]);

        $action = $request->input('action');
        $id = $request->input('id');

        $report = GroupReport::whereGroupId($group->id)
            ->findOrFail($id);
        $status = Status::findOrFail($report->item_id);
        $gp = GroupPost::whereGroupId($group->id)
            ->whereStatusId($status->id)
            ->firstOrFail();

        switch ($action) {
            case 'cw':
                $status->is_nsfw = true;
                $status->save();
                StatusService::del($status->id);

                GroupReport::whereGroupId($group->id)
                    ->whereItemType($report->item_type)
                    ->whereItemId($report->item_id)
                    ->update(['open' => false]);

                GroupService::log(
                    $group->id,
                    $pid,
                    'group:moderation:action',
                    [
                        'type' => 'cw',
                        'report_id' => $report->id,
                        'status_id' => $status->id,
                        'profile_id' => $status->profile_id,
                        'status_url' => $gp->url(),
                    ],
                    GroupReport::class,
                    $report->id
                );

                return response()->json([200]);
                break;

            case 'ignore':
                GroupReport::whereGroupId($group->id)
                    ->whereItemType($report->item_type)
                    ->whereItemId($report->item_id)
                    ->update(['open' => false]);

                GroupService::log(
                    $group->id,
                    $pid,
                    'group:moderation:action',
                    [
                        'type' => 'ignore',
                        'report_id' => $report->id,
                        'status_id' => $status->id,
                        'profile_id' => $status->profile_id,
                        'status_url' => $gp->url(),
                    ],
                    GroupReport::class,
                    $report->id
                );

                return response()->json([200]);
                break;
        }
    }

    public function getMemberInteractionLimits(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);
        abort_if(! in_array($group->selfRole($pid), ['founder', 'admin']), 404);

        $profile_id = $request->input('profile_id');
        abort_if(! $group->isMember($profile_id), 404);
        $limits = GroupService::getInteractionLimits($group->id, $profile_id);

        return response()->json($limits);
    }

    public function updateMemberInteractionLimits(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $group = Group::findOrFail($id);
        $pid = $request->user()->profile_id;
        abort_if(! $group->isMember($pid), 404);
        abort_if(! in_array($group->selfRole($pid), ['founder', 'admin']), 404);

        $this->validate($request, [
            'profile_id' => 'required|exists:profiles,id',
            'can_post' => 'required',
            'can_comment' => 'required',
            'can_like' => 'required',
        ]);

        $member = $request->input('profile_id');
        $can_post = $request->input('can_post');
        $can_comment = $request->input('can_comment');
        $can_like = $request->input('can_like');
        $account = AccountService::get($member);

        abort_if(! $account, 422, 'Invalid profile');
        abort_if(! $group->isMember($member), 422, 'Invalid profile');

        $limit = GroupLimit::firstOrCreate([
            'profile_id' => $member,
            'group_id' => $group->id,
        ]);

        if ($limit->wasRecentlyCreated) {
            abort_if(GroupLimit::whereGroupId($group->id)->count() >= 25, 422, 'limit_reached');
        }

        $previousLimits = $limit->limits;

        $limit->limits = [
            'can_post' => $can_post,
            'can_comment' => $can_comment,
            'can_like' => $can_like,
        ];
        $limit->save();

        GroupService::clearInteractionLimits($group->id, $member);

        GroupService::log(
            $group->id,
            $pid,
            'group:member-limits:updated',
            [
                'profile_id' => $account['id'],
                'username' => $account['username'],
                'previousLimits' => $previousLimits,
                'newLimits' => $limit->limits,
            ],
            GroupLimit::class,
            $limit->id
        );

        return $request->all();
    }

    public function showProfile(Request $request, $id, $pid)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = Group::find($id);

        if (! $group || $group->status) {
            return response()->view('groups.unavailable')->setStatusCode(404);
        }

        return view('layouts.spa');
    }

    public function showProfileByUsername(Request $request, $id, $pid)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        if (! $request->user()) {
            return redirect("/{$pid}");
        }

        $group = Group::find($id);
        $cid = $request->user()->profile_id;

        if (! $group || $group->status) {
            return response()->view('groups.unavailable')->setStatusCode(404);
        }

        if (! $group->isMember($cid)) {
            return redirect("/{$pid}");
        }

        $profile = Profile::whereUsername($pid)->first();

        if (! $group->isMember($profile->id)) {
            return redirect("/{$pid}");
        }

        if ($profile) {
            $url = url("/groups/{$id}/user/{$profile->id}");

            return redirect($url);
        }

        abort(404, 'Invalid username');
    }

    public function groupInviteLanding(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort(404, 'Not yet implemented');
        $group = Group::findOrFail($id);

        return view('groups.invite', compact('group'));
    }

    public function groupShortLinkRedirect(Request $request, $hid)
    {
        abort_unless(config('groups.enabled'), 404);
        $gid = HashidService::decode($hid);
        $group = Group::findOrFail($gid);

        return redirect($group->url());
    }

    public function groupInviteClaim(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        $group = GroupService::get($id);
        abort_if(! $group || empty($group), 404);

        return view('groups.invite-claim', compact('group'));
    }

    public function groupMemberInviteCheck(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $pid = $request->user()->profile_id;
        $group = Group::findOrFail($id);
        abort_if($group->isMember($pid), 422, 'Already a member');

        $exists = GroupInvitation::whereGroupId($id)->whereToProfileId($pid)->exists();

        return response()->json([
            'gid' => $id,
            'can_join' => (bool) $exists,
        ]);
    }

    public function groupMemberInviteAccept(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $pid = $request->user()->profile_id;
        $group = Group::findOrFail($id);
        abort_if($group->isMember($pid), 422, 'Already a member');

        abort_if(! GroupInvitation::whereGroupId($id)->whereToProfileId($pid)->exists(), 422);

        $gm = new GroupMember;
        $gm->group_id = $id;
        $gm->profile_id = $pid;
        $gm->role = 'member';
        $gm->local_group = $group->local;
        $gm->local_profile = true;
        $gm->join_request = false;
        $gm->save();

        GroupInvitation::whereGroupId($id)->whereToProfileId($pid)->delete();
        GroupService::del($id);
        GroupService::delSelf($id, $pid);

        return ['next_url' => $group->url()];
    }

    public function groupMemberInviteDecline(Request $request, $id)
    {
        abort_unless(config('groups.enabled'), 404);
        abort_if(! $request->user(), 404);
        $pid = $request->user()->profile_id;
        $group = Group::findOrFail($id);
        abort_if($group->isMember($pid), 422, 'Already a member');

        return ['next_url' => '/'];
    }
}