WIP

Author: ildyria

app/Http/Controllers/Admin/UserGroupsController.php

@@ -0,0 +1,110 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Http\Controllers\Admin;
+
+use App\Actions\Statistics\Spaces;
+use App\Actions\User\Create;
+use App\Actions\User\Save;
+use App\Exceptions\UnauthorizedException;
+use App\Http\Requests\UserManagement\AddUserRequest;
+use App\Http\Requests\UserManagement\DeleteUserRequest;
+use App\Http\Requests\UserManagement\ManagmentListUsersRequest;
+use App\Http\Requests\UserManagement\SetUserSettingsRequest;
+use App\Http\Resources\Models\UserManagementResource;
+use App\Models\User;
+use Illuminate\Routing\Controller;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
+
+/**
+ * Controller responsible for user management.
+ */
+class UserGroupsController extends Controller
+{
+	/**
+	 * Get the list of users for management purposes.
+	 *
+	 * @param ManagmentListUsersRequest $request
+	 * @param Spaces                    $spaces
+	 *
+	 * @return Collection<array-key, UserManagementResource>
+	 */
+	public function list(ManagmentListUsersRequest $request, Spaces $spaces): Collection
+	{
+		/** @var Collection<int,User> $users */
+		$users = User::select(['id', 'username', 'may_administrate', 'may_upload', 'may_edit_own_settings', 'quota_kb', 'description', 'note'])->orderBy('id', 'asc')->get();
+		$spacesPerUser = $spaces->getFullSpacePerUser();
+		/** @var Collection<int,array{0:User,1:array{id:int,username:string,size:int}}> $zipped */
+		$zipped = $users->zip($spacesPerUser);
+
+		return $zipped->map(fn ($item) => new UserManagementResource($item[0], $item[1], $request->is_se()));
+	}
+
+	/**
+	 * Save modification done to a user.
+	 * Note that an admin can change the password of a user at will.
+	 *
+	 * @param SetUserSettingsRequest $request
+	 * @param Save                   $save
+	 *
+	 * @return void
+	 */
+	public function save(SetUserSettingsRequest $request, Save $save): void
+	{
+		$save->do(
+			user: $request->user2(),
+			username: $request->username(),
+			password: $request->password(),
+			mayUpload: $request->mayUpload(),
+			mayEditOwnSettings: $request->mayEditOwnSettings(),
+			quota_kb: $request->quota_kb(),
+			note: $request->note()
+		);
+	}
+
+	/**
+	 * Deletes a user.
+	 *
+	 * The albums and photos owned by the user are re-assigned to the
+	 * admin user.
+	 *
+	 * @param DeleteUserRequest $request
+	 *
+	 * @return void
+	 */
+	public function delete(DeleteUserRequest $request): void
+	{
+		if ($request->user2()->id === Auth::id()) {
+			throw new UnauthorizedException('You are not allowed to delete yourself');
+		}
+		$request->user2()->delete();
+	}
+
+	/**
+	 * Create a new user.
+	 *
+	 * @param AddUserRequest $request
+	 * @param Create         $create
+	 *
+	 * @return UserManagementResource
+	 */
+	public function create(AddUserRequest $request, Create $create): UserManagementResource
+	{
+		$user = $create->do(
+			username: $request->username(),
+			password: $request->password(),
+			mayUpload: $request->mayUpload(),
+			mayEditOwnSettings: $request->mayEditOwnSettings(),
+			quota_kb: $request->quota_kb(),
+			note: $request->note()
+		);
+
+		return new UserManagementResource($user, ['id' => $user->id, 'size' => 0], $request->is_se());
+	}
+}

app/Policies/UserGroupPolicy.php

@@ -0,0 +1,51 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Policies;
+
+use App\Models\User;
+use App\Models\UserGroup;
+
+/**
+ * This class has a DUAL purpose:.
+ *
+ * 1. Define the Rights of the current user over managing Users.
+ * 2. Define the Rights of the current user with regard to what it can modify on its profile.
+ */
+class UserGroupPolicy extends BasePolicy
+{
+	public const CAN_CREATE = 'canCreateOrEditOrDelete';
+	public const CAN_EDIT = 'canCreateOrEditOrDelete';
+	public const CAN_DELETE = 'canCreateOrEditOrDelete';
+	public const CAN_ADD_OR_REMOVE_USER = 'canAddOrRemoveUser';
+	public const CAN_LIST = 'canList';
+
+	public function canCreateOrEditOrDelete(User $user): bool
+	{
+		// Note, the administrator is already handled in the `before()` method and every one else is not allowed to create/delete users.
+		return false;
+	}
+
+	public function canList(User $user): bool
+	{
+		return $user->may_upload;
+	}
+
+	/**
+	 * This defines if a user can add another user to the group.
+	 *
+	 * @param User      $user
+	 * @param UserGroup $userGroup
+	 *
+	 * @return bool
+	 */
+	public function canAddOrRemoveUser(User $user, UserGroup $userGroup): bool
+	{
+		return false;
+	}
+}

app/Providers/AuthServiceProvider.php

@@ -15,10 +15,12 @@
 use App\Models\LiveMetrics;
 use App\Models\Photo;
 use App\Models\User;
+use App\Models\UserGroup;
 use App\Policies\AlbumPolicy;
 use App\Policies\MetricsPolicy;
 use App\Policies\PhotoPolicy;
 use App\Policies\SettingsPolicy;
+use App\Policies\UserGroupPolicy;
 use App\Policies\UserPolicy;
 use App\Services\Auth\SessionOrTokenGuard;
 use App\SmartAlbums\BaseSmartAlbum;
@@ -47,6 +49,8 @@ class AuthServiceProvider extends ServiceProvider
 		Configs::class => SettingsPolicy::class,
 
 		LiveMetrics::class => MetricsPolicy::class,
+
+		UserGroup::class => UserGroupPolicy::class,
 	];
 
 	/**