feat: Add user-group sharing support + activate feature (#3425)

Author: ildyria

app/Actions/Sharing/Propagate.php

@@ -49,7 +49,7 @@ private function applyUpdate(Album $album): void
 		// for each descendant, create a new permission if it does not exist.
 		// or update the existing permission.
 		$descendants = $album->descendants()->getQuery()->select('id')->pluck('id');
-		$permissions = $album->access_permissions()->whereNotNull('user_id')->get();
+		$permissions = $album->access_permissions()->whereNotNull(APC::USER_ID)->orWhereNotNull(APC::USER_GROUP_ID)->get();
 
 		// This is super inefficient.
 		// It would be better to do it in a single query...
@@ -59,6 +59,7 @@ private function applyUpdate(Album $album): void
 				$perm = AccessPermission::updateOrCreate([
 					APC::BASE_ALBUM_ID => $descendant,
 					APC::USER_ID => $permission->user_id,
+					APC::USER_GROUP_ID => $permission->user_group_id,
 				], [
 					APC::GRANTS_FULL_PHOTO_ACCESS => $permission->grants_full_photo_access,
 					APC::GRANTS_DOWNLOAD => $permission->grants_download,
@@ -106,7 +107,10 @@ private function applyOverwrite(Album $album): void
 		// 2. applying the new permissions.
 
 		DB::table(APC::ACCESS_PERMISSIONS)
-			->whereNotNull('user_id')
+			->where(fn ($q) => $q
+				->whereNotNull(APC::USER_ID)
+				->orWhereNotNull(APC::USER_GROUP_ID)
+			)
 			->whereIn(
 				'base_album_id',
 				DB::table('albums')
@@ -122,7 +126,7 @@ private function applyOverwrite(Album $album): void
 			->where('_rgt', '<', $album->_rgt)
 			->pluck('id');
 
-		$access_permissions = $album->access_permissions()->whereNotNull('user_id')->get();
+		$access_permissions = $album->access_permissions()->whereNotNull('user_id')->orWhereNotNull('user_group_id')->get();
 
 		$new_perm = $access_permissions->reduce(
 			fn (?array $acc, AccessPermission $permission) => array_merge(
@@ -131,6 +135,7 @@ private function applyOverwrite(Album $album): void
 					fn ($descendant_id) => [
 						APC::BASE_ALBUM_ID => $descendant_id,
 						APC::USER_ID => $permission->user_id,
+						APC::USER_GROUP_ID => $permission->user_group_id,
 						APC::GRANTS_FULL_PHOTO_ACCESS => $permission->grants_full_photo_access,
 						APC::GRANTS_DOWNLOAD => $permission->grants_download,
 						APC::GRANTS_UPLOAD => $permission->grants_upload,

app/Actions/Sharing/Share.php

@@ -17,14 +17,21 @@ class Share
 	 * Create an access permission from a resource.
 	 *
 	 * @param AccessPermissionResource $access_permission_resource
+	 * @param int|null                 $user_id
+	 * @param int|null                 $user_group_id
 	 * @param string                   $base_album_id
 	 *
 	 * @return AccessPermission
 	 */
-	public function do(AccessPermissionResource $access_permission_resource, int $user_id, string $base_album_id): AccessPermission
-	{
+	public function do(
+		AccessPermissionResource $access_permission_resource,
+		string $base_album_id,
+		?int $user_id = null,
+		?int $user_group_id = null,
+	): AccessPermission {
 		$perm = new AccessPermission();
 		$perm->user_id = $user_id;
+		$perm->user_group_id = $user_group_id;
 		$perm->base_album_id = $base_album_id;
 		$perm->grants_full_photo_access = $access_permission_resource->grants_full_photo_access;
 		$perm->grants_download = $access_permission_resource->grants_download;
@@ -33,6 +40,7 @@ public function do(AccessPermissionResource $access_permission_resource, int $us
 		$perm->grants_delete = $access_permission_resource->grants_delete;
 		$perm->load('user');
 		$perm->load('album');
+		$perm->load('user_group');
 		$perm->save();
 
 		return $perm;

app/Constants/UsersUserGroupsConstants.php

@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Constants;
+
+class UsersUserGroupsConstants
+{
+	// computed table name
+	public const USERS_USER_GROUPS = 'users_user_groups';
+
+	// Id names
+	public const USER_ID = 'user_id';
+	public const USER_GROUP_ID = 'user_group_id';
+
+	// Attributes name
+	public const ROLE = 'role';
+}

app/Contracts/Http/Requests/HasUserGroupIds.php

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Contracts\Http\Requests;
+
+interface HasUserGroupIds
+{
+	/**
+	 * @return int[]
+	 */
+	public function userGroupIds(): array;
+}

app/Contracts/Http/Requests/RequestAttribute.php

@@ -14,6 +14,7 @@ class RequestAttribute
 
 	public const USER_ID_ATTRIBUTE = 'user_id';
 	public const USER_IDS_ATTRIBUTE = 'user_ids';
+	public const USER_GROUP_IDS_ATTRIBUTE = 'group_ids';
 
 	public const GROUP_ID = 'group_id';
 	public const NAME_ATTRIBUTE = 'name';

app/Http/Controllers/Gallery/SharingController.php

@@ -46,16 +46,35 @@ class SharingController extends Controller
 	public function create(AddSharingRequest $request, Share $share): array
 	{
 		// delete any already created.
-		AccessPermission::whereIn('user_id', $request->userIds())
-			->whereIn('base_album_id', $request->albumIds())
+		AccessPermission::whereIn(APC::BASE_ALBUM_ID, $request->albumIds())
+			->where(fn ($q) => $q->whereIn(APC::USER_ID, $request->userIds())
+				->orWhereIn(APC::USER_GROUP_ID, $request->userGroupIds()))
 			->delete();
 
 		$access_permissions = [];
+
 		// Not optimal, but this is barely used, so who cares.
 		// A better approach would be to do a massive insert in a single SQL query from the cross product.
-		foreach ($request->userIds() as $user_id) {
-			foreach ($request->albumIds() as $album_id) {
-				$access_permissions[] = $share->do($request->permResource(), $user_id, $album_id);
+		foreach ($request->albumIds() as $album_id) {
+			foreach ($request->userIds() as $user_id) {
+				// Create a new sharing permission for each user and album combination.
+				// This is not optimal, but it is simple and works.
+				// A better approach would be to do a massive insert in a single SQL query from the cross product.
+				$access_permissions[] = $share->do(
+					access_permission_resource: $request->permResource(),
+					user_id: $user_id,
+					base_album_id: $album_id
+				);
+			}
+			foreach ($request->userGroupIds() as $user_group_id) {
+				// Create a new sharing permission for each user group and album combination.
+				// This is not optimal, but it is simple and works.
+				// A better approach would be to do a massive insert in a single SQL query from the cross product.
+				$access_permissions[] = $share->do(
+					access_permission_resource: $request->permResource(),
+					user_group_id: $user_group_id,
+					base_album_id: $album_id
+				);
 			}
 		}
 
@@ -92,9 +111,10 @@ public function edit(EditSharingRequest $request): AccessPermissionResource
 	 */
 	public function list(ListSharingRequest $request): Collection
 	{
-		$query = AccessPermission::with(['album', 'user']);
-		$query = $query->whereNotNull(APC::USER_ID);
+		$query = AccessPermission::with(['album', 'user', 'user_group']);
 		$query = $query->where(APC::BASE_ALBUM_ID, '=', $request->album()->id);
+		$query = $query->where(fn ($q) => $q->whereNotNull(APC::USER_ID)
+			->orWhereNotNull(APC::USER_GROUP_ID));
 
 		return AccessPermissionResource::collect($query->get());
 	}
@@ -108,12 +128,14 @@ public function list(ListSharingRequest $request): Collection
 	 */
 	public function listAll(ListAllSharingRequest $request): Collection
 	{
-		$query = AccessPermission::with(['album', 'user']);
+		$query = AccessPermission::with(['album', 'user', 'user_group']);
 		$query = $query->when(
 			!Auth::user()->may_administrate,
 			fn ($q) => $q->whereIn('base_album_id', BaseAlbumImpl::select('id')
-						->where('owner_id', '=', Auth::id())));
-		$query = $query->whereNotNull('user_id');
+				->where('owner_id', '=', Auth::id()))
+		);
+		$query = $query->whereNotNull(APC::USER_ID);
+		$query = $query->orWhereNotNull(APC::USER_GROUP_ID);
 		$query = $query->orderBy('base_album_id', 'asc');
 
 		return AccessPermissionResource::collect($query->get());
@@ -134,10 +156,12 @@ public function listAlbums(ListAllSharingRequest $request, ListAlbums $list_albu
 			$owner_id = $user->id;
 		}
 
-		return TargetAlbumResource::collect($list_albums->do(
-			albums_filtering: resolve(Collection::class),
-			parent_id: null,
-			owner_id: $owner_id)
+		return TargetAlbumResource::collect(
+			$list_albums->do(
+				albums_filtering: resolve(Collection::class),
+				parent_id: null,
+				owner_id: $owner_id
+			)
 		);
 	}
 
@@ -173,4 +197,4 @@ public function propagate(PropagateSharingRequest $request, Propagate $propagate
 			$propagate->update($album);
 		}
 	}
-}
+}

app/Http/Requests/Sharing/AddSharingRequest.php

@@ -10,28 +10,32 @@
 
 use App\Contracts\Http\Requests\HasAccessPermissionResource;
 use App\Contracts\Http\Requests\HasAlbumIds;
+use App\Contracts\Http\Requests\HasUserGroupIds;
 use App\Contracts\Http\Requests\HasUserIds;
 use App\Contracts\Http\Requests\RequestAttribute;
 use App\Contracts\Models\AbstractAlbum;
 use App\Http\Requests\BaseApiRequest;
 use App\Http\Requests\Traits\HasAccessPermissionResourceTrait;
 use App\Http\Requests\Traits\HasAlbumIdsTrait;
+use App\Http\Requests\Traits\HasUserGroupIdsTrait;
 use App\Http\Requests\Traits\HasUserIdsTrait;
 use App\Http\Resources\Models\AccessPermissionResource;
 use App\Policies\AlbumPolicy;
 use App\Rules\IntegerIDRule;
 use App\Rules\RandomIDRule;
 use Illuminate\Support\Facades\Gate;
+use Illuminate\Validation\ValidationException;
 
 /**
  * Represents a request for setting the shares of specific albums.
  *
  * Only the owner of the album (or the admin) can set the shares.
  */
-class AddSharingRequest extends BaseApiRequest implements HasAlbumIds, HasUserIds, HasAccessPermissionResource
+class AddSharingRequest extends BaseApiRequest implements HasAlbumIds, HasUserIds, HasAccessPermissionResource, HasUserGroupIds
 {
 	use HasAlbumIdsTrait;
 	use HasUserIdsTrait;
+	use HasUserGroupIdsTrait;
 	use HasAccessPermissionResourceTrait;
 
 	/**
@@ -50,8 +54,10 @@ public function rules(): array
 		return [
 			RequestAttribute::ALBUM_IDS_ATTRIBUTE => 'required|array|min:1',
 			RequestAttribute::ALBUM_IDS_ATTRIBUTE . '.*' => ['required', new RandomIDRule(false)],
-			RequestAttribute::USER_IDS_ATTRIBUTE => 'required|array|min:1',
+			RequestAttribute::USER_IDS_ATTRIBUTE => 'present|array',
 			RequestAttribute::USER_IDS_ATTRIBUTE . '.*' => ['required', new IntegerIDRule(false)],
+			RequestAttribute::USER_GROUP_IDS_ATTRIBUTE => 'present|array',
+			RequestAttribute::USER_GROUP_IDS_ATTRIBUTE . '.*' => ['required', new IntegerIDRule(false)],
 			RequestAttribute::GRANTS_DOWNLOAD_ATTRIBUTE => ['required', 'boolean'],
 			RequestAttribute::GRANTS_FULL_PHOTO_ACCESS_ATTRIBUTE => ['required', 'boolean'],
 			RequestAttribute::GRANTS_UPLOAD_ATTRIBUTE => ['required', 'boolean'],
@@ -62,11 +68,20 @@ public function rules(): array
 
 	/**
 	 * {@inheritDoc}
+	 *
+	 * @throws ValidationException if no users or groups are specified
 	 */
 	protected function processValidatedValues(array $values, array $files): void
 	{
 		$this->album_ids = $values[RequestAttribute::ALBUM_IDS_ATTRIBUTE];
 		$this->user_ids = $values[RequestAttribute::USER_IDS_ATTRIBUTE];
+		$this->user_group_ids = $values[RequestAttribute::USER_GROUP_IDS_ATTRIBUTE];
+
+		if ($this->user_ids === [] && $this->user_group_ids === []) {
+			// If no users or groups are specified, we do not create a permission.
+			throw new ValidationException('You must specify at least one user or group to share with.', 422);
+		}
+
 		$this->perm_resource = new AccessPermissionResource(
 			grants_edit: static::toBoolean($values[RequestAttribute::GRANTS_EDIT_ATTRIBUTE]),
 			grants_delete: static::toBoolean($values[RequestAttribute::GRANTS_DELETE_ATTRIBUTE]),

app/Http/Requests/Sharing/EditSharingRequest.php

@@ -64,7 +64,7 @@ protected function processValidatedValues(array $values, array $files): void
 	{
 		/** @var int $id */
 		$id = $values[RequestAttribute::PERMISSION_ID];
-		$this->perm = AccessPermission::with(['album', 'user'])->findOrFail($id);
+		$this->perm = AccessPermission::with(['album', 'user', 'user_group'])->findOrFail($id);
 
 		$this->perm_resource = new AccessPermissionResource(
 			grants_edit: static::toBoolean($values[RequestAttribute::GRANTS_EDIT_ATTRIBUTE]),

app/Http/Requests/Traits/HasUserGroupIdsTrait.php

@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Http\Requests\Traits;
+
+trait HasUserGroupIdsTrait
+{
+	/**
+	 * @var array<int,int>
+	 */
+	protected array $user_group_ids = [];
+
+	/**
+	 * @return array<int,int>
+	 */
+	public function userGroupIds(): array
+	{
+		return $this->user_group_ids;
+	}
+}

app/Http/Resources/Models/AccessPermissionResource.php

@@ -18,7 +18,9 @@ class AccessPermissionResource extends Data
 	public function __construct(
 		public ?int $id = null,
 		public ?int $user_id = null,
+		public ?int $user_group_id = null,
 		public ?string $username = null,
+		public ?string $user_group_name = null,
 		public ?string $album_title = null,
 		public ?string $album_id = null,
 		public bool $grants_full_photo_access = false,
@@ -33,8 +35,10 @@ public static function fromModel(AccessPermission $access_permission): AccessPer
 	{
 		return new AccessPermissionResource(
 			id: $access_permission->id,
-			user_id: $access_permission->user_id,
-			username: $access_permission->user->name,
+			user_id: $access_permission->user?->id,
+			username: $access_permission->user?->name,
+			user_group_id: $access_permission->user_group?->id,
+			user_group_name: $access_permission->user_group?->name,
 			album_title: $access_permission->album->title,
 			album_id: $access_permission->base_album_id,
 			grants_full_photo_access: $access_permission->grants_full_photo_access,