Add admin check for uploads (#4282)

Author: ildyria

app/Actions/Import/FromUrl.php

@@ -10,6 +10,7 @@
 
 use App\Actions\Photo\Create;
 use App\DTO\ImportMode;
+use App\Enum\UserUploadTrustLevel;
 use App\Exceptions\Handler;
 use App\Exceptions\MassImportException;
 use App\Image\Files\DownloadedFile;
@@ -18,6 +19,7 @@
 use App\Repositories\ConfigManager;
 use App\Services\Image\FileExtensionService;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Safe\Exceptions\InfoException;
 use function Safe\ini_get;
 use function Safe\parse_url;
@@ -43,19 +45,30 @@ public function do(array $urls, ?Album $album, int $intended_owner_id): Collecti
 		$config_manager = resolve(ConfigManager::class);
 		$result = new Collection();
 		$exceptions = [];
+
+		$user = Auth::user();
+		if ($user?->may_administrate === true) {
+			$upload_trust_level = UserUploadTrustLevel::TRUSTED;
+		} elseif ($user !== null) {
+			$upload_trust_level = $user->upload_trust_level;
+		} else {
+			$upload_trust_level = $config_manager->getValueAsEnum('guest_upload_trust_level', UserUploadTrustLevel::class)
+				?? UserUploadTrustLevel::CHECK;
+		}
+
 		$create = new Create(
 			import_mode: new ImportMode(
 				delete_imported: true,
 				skip_duplicates: $config_manager->getValueAsBool('skip_duplicates'),
 				shall_rename_photo_title: $config_manager->getValueAsBool('renamer_photo_title_enabled'),
 			),
-			intended_owner_id: $intended_owner_id
+			intended_owner_id: $intended_owner_id,
+			upload_trust_level: $upload_trust_level,
 		);
 
 		$file_extension_service = resolve(FileExtensionService::class);
 		foreach ($urls as $url) {
 			try {
-				// Reset the execution timeout for every iteration.
 				try {
 					set_time_limit((int) ini_get('max_execution_time'));
 				} catch (InfoException) {

app/Actions/Photo/Create.php

@@ -24,6 +24,7 @@
 use App\DTO\PhotoCreate\PhotoPartnerDTO;
 use App\DTO\PhotoCreate\StandaloneDTO;
 use App\DTO\PhotoCreate\VideoPartnerDTO;
+use App\Enum\UserUploadTrustLevel;
 use App\Exceptions\Internal\LycheeLogicException;
 use App\Exceptions\PhotoResyncedException;
 use App\Exceptions\PhotoSkippedException;
@@ -44,8 +45,9 @@ class Create
 	public function __construct(
 		?ImportMode $import_mode,
 		int $intended_owner_id,
+		UserUploadTrustLevel $upload_trust_level,
 	) {
-		$this->strategy_parameters = new ImportParam($import_mode, $intended_owner_id);
+		$this->strategy_parameters = new ImportParam($import_mode, $intended_owner_id, upload_trust_level: $upload_trust_level);
 	}
 
 	/**
@@ -144,6 +146,7 @@ private function handleDuplicate(InitDTO $init_dto): Photo
 			$pipes[] = Duplicate\SaveIfDirty::class;
 		}
 		$pipes[] = Duplicate\ThrowSkipDuplicate::class;
+		$pipes[] = Duplicate\ThrowUntrustedDuplicate::class;
 		$pipes[] = Shared\SetHighlighted::class;
 		$pipes[] = Shared\Save::class;
 		$pipes[] = Shared\SetParent::class;
@@ -178,6 +181,7 @@ private function handleStandalone(InitDTO $init_dto): Photo
 			Standalone\PlaceGoogleMotionVideo::class,
 			Standalone\SetChecksum::class,
 			Standalone\AutoRenamer::class,
+			Shared\SetUploadValidated::class,
 			Shared\Save::class,
 			Shared\SetParent::class,
 			Shared\SaveStatistics::class,
@@ -275,6 +279,7 @@ private function handlePhotoLivePartner(InitDTO $init_dto): Photo
 			Standalone\PlaceGoogleMotionVideo::class,
 			Standalone\SetChecksum::class,
 			Standalone\AutoRenamer::class,
+			Shared\SetUploadValidated::class,
 			Shared\Save::class,
 			Shared\SetParent::class,
 			Standalone\CreateOriginalSizeVariant::class,

app/Actions/Photo/Pipes/Duplicate/ThrowUntrustedDuplicate.php

@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Actions\Photo\Pipes\Duplicate;
+
+use App\Contracts\PhotoCreate\DuplicatePipe;
+use App\DTO\PhotoCreate\DuplicateDTO;
+use App\Exceptions\PhotoSkippedException;
+
+class ThrowUntrustedDuplicate implements DuplicatePipe
+{
+	public function handle(DuplicateDTO $state, \Closure $next): DuplicateDTO
+	{
+		if ($state->photo->is_validated) {
+			return $next($state);
+		}
+
+		throw new PhotoSkippedException('The photo has been skipped, there is already a copy waiting for moderation');
+	}
+}

app/Actions/Photo/Pipes/Shared/SetUploadValidated.php

@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Actions\Photo\Pipes\Shared;
+
+use App\Contracts\PhotoCreate\SharedPipe;
+use App\DTO\PhotoCreate\DuplicateDTO;
+use App\DTO\PhotoCreate\StandaloneDTO;
+use App\Enum\UserUploadTrustLevel;
+use App\Repositories\ConfigManager;
+
+/**
+ * Determines and sets the `is_validated` flag on the photo being created.
+ *
+ * Rules (evaluated in order):
+ *  1. If the trust level was pre-resolved at dispatch time (e.g. from a queued job),
+ *     use it directly — no DB lookup required.
+ *  2. If there is no authenticated owner (guest upload, intended_owner_id === 0),
+ *     use the `guest_upload_trust_level` config.
+ *  3. If the intended owner is an admin (`may_administrate`), always validated.
+ *  4. Otherwise use the owner's `upload_trust_level`.
+ *
+ * Trust level mapping:
+ *  - CHECK   → not validated (false)
+ *  - MONITOR → validated (true)  — behaves as TRUSTED in this iteration
+ *  - TRUSTED → validated (true)
+ */
+class SetUploadValidated implements SharedPipe
+{
+	public function __construct(
+		protected readonly ConfigManager $config_manager,
+	) {
+	}
+
+	public function handle(DuplicateDTO|StandaloneDTO $state, \Closure $next): DuplicateDTO|StandaloneDTO
+	{
+		$state->photo->is_validated = $state->upload_trust_level !== UserUploadTrustLevel::CHECK;
+
+		return $next($state);
+	}
+}

app/Actions/User/Create.php

@@ -8,6 +8,7 @@
 
 namespace App\Actions\User;
 
+use App\Enum\UserUploadTrustLevel;
 use App\Exceptions\ConflictingPropertyException;
 use App\Exceptions\InvalidPropertyException;
 use App\Exceptions\ModelDBException;
@@ -35,6 +36,7 @@ public function do(
 		bool $may_administrate = false,
 		?int $quota_kb = null,
 		?string $note = null,
+		?UserUploadTrustLevel $upload_trust_level = null,
 	): User {
 		if (User::query()->where('username', '=', $username)->count() !== 0) {
 			throw new ConflictingPropertyException('Username already exists');
@@ -52,6 +54,9 @@ public function do(
 		$user->password = Hash::make($password);
 		$user->quota_kb = $quota_kb;
 		$user->note = $note;
+		$user->upload_trust_level = $upload_trust_level
+			?? $this->config_manager->getValueAsEnum('default_user_trust_level', UserUploadTrustLevel::class)
+			?? UserUploadTrustLevel::TRUSTED;
 		$user->save();
 
 		return $user;

app/Actions/User/Save.php

@@ -8,6 +8,7 @@
 
 namespace App\Actions\User;
 
+use App\Enum\UserUploadTrustLevel;
 use App\Exceptions\ConflictingPropertyException;
 use App\Exceptions\InvalidPropertyException;
 use App\Exceptions\ModelDBException;
@@ -42,6 +43,7 @@ public function do(User $user,
 		bool $may_administrate = false,
 		?int $quota_kb = null,
 		?string $note = null,
+		?UserUploadTrustLevel $upload_trust_level = null,
 	): void {
 		if (User::query()
 			->where('username', '=', $username)
@@ -62,6 +64,9 @@ public function do(User $user,
 		$user->may_administrate = $may_administrate;
 		$user->note = $note;
 		$user->quota_kb = $quota_kb;
+		if ($upload_trust_level !== null) {
+			$user->upload_trust_level = $upload_trust_level;
+		}
 		if ($password !== null && $password !== '') {
 			$user->password = Hash::make($password);
 		}

app/Contracts/Http/Requests/RequestAttribute.php

@@ -100,6 +100,7 @@ class RequestAttribute
 	public const MAY_UPLOAD_ATTRIBUTE = 'may_upload';
 	public const MAY_EDIT_OWN_SETTINGS_ATTRIBUTE = 'may_edit_own_settings';
 	public const MAY_ADMINISTRATE = 'may_administrate';
+	public const UPLOAD_TRUST_LEVEL_ATTRIBUTE = 'upload_trust_level';
 	public const SHARED_ALBUMS_VISIBILITY_ATTRIBUTE = 'shared_albums_visibility';
 
 	/**

app/DTO/ImportDTO.php

@@ -10,6 +10,7 @@
 
 use App\Actions\Album\Create as AlbumCreate;
 use App\Actions\Photo\Create as PhotoCreate;
+use App\Enum\UserUploadTrustLevel;
 use App\Jobs\ImportImageJob;
 use App\Jobs\RecomputeAlbumSizeJob;
 use App\Jobs\RecomputeAlbumStatsJob;
@@ -39,7 +40,7 @@ public function __construct(
 		public readonly bool $should_execute_jobs = false,
 	) {
 		$this->album_create = new AlbumCreate($intended_owner_id);
-		$this->photo_create = new PhotoCreate($import_mode, $intended_owner_id);
+		$this->photo_create = new PhotoCreate($import_mode, $intended_owner_id, upload_trust_level: UserUploadTrustLevel::TRUSTED);
 		$this->album_renamer = new AlbumRenamer($intended_owner_id);
 		$this->photo_renamer = new PhotoRenamer($intended_owner_id);
 	}

app/DTO/ImportParam.php

@@ -8,11 +8,15 @@
 
 namespace App\DTO;
 
+use App\Enum\UserUploadTrustLevel;
+use App\Exceptions\Internal\LycheeLogicException;
 use App\Metadata\Extractor;
 use App\Models\Album;
 
 final class ImportParam
 {
+	public UserUploadTrustLevel $upload_trust_level;
+
 	/**
 	 * @param ImportMode     $import_mode
 	 * @param int            $intended_owner_id indicates the intended owner of the image
@@ -30,6 +34,8 @@ public function __construct(
 		public bool $is_highlighted = false,
 		public Extractor|null $exif_info = null,
 		public ?bool $apply_watermark = null,
+		?UserUploadTrustLevel $upload_trust_level = null,
 	) {
+		$this->upload_trust_level = $upload_trust_level ?? throw new LycheeLogicException('Upload trust level must be provided');
 	}
 }

app/DTO/PhotoCreate/InitDTO.php

@@ -11,6 +11,7 @@
 use App\Contracts\Models\AbstractAlbum;
 use App\DTO\ImportMode;
 use App\DTO\ImportParam;
+use App\Enum\UserUploadTrustLevel;
 use App\Image\Files\NativeLocalFile;
 use App\Metadata\Extractor;
 use App\Models\Photo;
@@ -23,6 +24,9 @@ class InitDTO
 	// Indicates the intended owner of the image.
 	public readonly int $intended_owner_id;
 
+	// Pre-resolved upload trust level (set when session context is available at dispatch time).
+	public readonly UserUploadTrustLevel $upload_trust_level;
+
 	// Indicates whether the new photo shall be highlighted.
 	public bool $is_highlighted = false;
 
@@ -60,6 +64,7 @@ public function __construct(
 		$this->source_file = $source_file;
 		$this->import_mode = $parameters->import_mode;
 		$this->intended_owner_id = $parameters->intended_owner_id;
+		$this->upload_trust_level = $parameters->upload_trust_level;
 		$this->is_highlighted = $parameters->is_highlighted;
 		$this->exif_info = $parameters->exif_info;
 		$this->apply_watermark = $parameters->apply_watermark;