Avoid spamming the server for auditories when we don't have the rights (#4283)

Author: ildyria

app/Http/Resources/Models/UserResource.php

@@ -21,6 +21,7 @@ class UserResource extends Data
 	public ?string $username;
 	public ?string $email;
 	public bool $is_ldap;
+	public bool $may_administrate;
 	public UserSharedAlbumsVisibility $shared_albums_visibility;
 
 	public function __construct(?User $user)
@@ -30,6 +31,7 @@ public function __construct(?User $user)
 		$this->username = $user?->username;
 		$this->email = $user?->email;
 		$this->is_ldap = $user?->is_ldap ?? false;
+		$this->may_administrate = $user?->may_administrate ?? false;
 		$this->shared_albums_visibility = $user?->shared_albums_visibility ?? UserSharedAlbumsVisibility::DEFAULT;
 	}
 }

resources/js/composables/modals/useAdvisoryModal.ts

@@ -6,6 +6,7 @@
 
 import { ref } from "vue";
 import SecurityAdvisoriesService from "@/services/security-advisories-service";
+import { useUserStore } from "@/stores/UserState";
 
 const DISMISSED_KEY = "advisory_dismissed";
 
@@ -21,25 +22,33 @@ const advisories = ref<App.Http.Resources.Models.SecurityAdvisoryResource[]>([])
  * modal for admin users after login.
  *
  * The modal is shown at most once per browser session (controlled via
- * sessionStorage). Non-admin users receive a 403 from the endpoint, which
- * is caught and silently ignored.
+ * sessionStorage). The advisory endpoint is only queried when the current
+ * user has the `may_administrate` flag set on their user resource.
  */
 export function useAdvisoryModal() {
 	function advisoryCheck() {
-		if (sessionStorage.getItem(DISMISSED_KEY) !== null) {
-			return;
-		}
-
-		SecurityAdvisoriesService.getAdvisories()
-			.then((response) => {
-				if (response.data.length > 0) {
-					advisories.value = response.data;
-					isAdvisoriesVisible.value = true;
-				}
-			})
-			.catch(() => {
-				// 401/403 for non-admins or network errors: silently ignore.
-			});
+		const userStore = useUserStore();
+
+		userStore.load().then(() => {
+			if (!userStore.isAdmin) {
+				return;
+			}
+
+			if (sessionStorage.getItem(DISMISSED_KEY) !== null) {
+				return;
+			}
+
+			SecurityAdvisoriesService.getAdvisories()
+				.then((response) => {
+					if (response.data.length > 0) {
+						advisories.value = response.data;
+						isAdvisoriesVisible.value = true;
+					}
+				})
+				.catch(() => {
+					// Network errors: silently ignore.
+				});
+		});
 	}
 
 	function advisoryDismiss() {

resources/js/lychee.d.ts

@@ -832,6 +832,7 @@ declare namespace App.Http.Resources.Models {
 		username: string | null;
 		email: string | null;
 		is_ldap: boolean;
+		may_administrate: boolean;
 		shared_albums_visibility: App.Enum.UserSharedAlbumsVisibility;
 	};
 	export type WebAuthnResource = {

resources/js/stores/UserState.ts

@@ -73,5 +73,8 @@ export const useUserStore = defineStore("user-store", {
 		isGuest(): boolean {
 			return this.user !== undefined && this.user.id === null;
 		},
+		isAdmin(): boolean {
+			return this.user?.may_administrate === true;
+		},
 	},
 });