refactor: JSON:API (#3971)

* refactor: json:api refactor iteration 1 * chore: delete dead code * fix: regressions * chore: move additions/changes to package * feat: AccessTokenResource * feat: allow dependency injection in resources * feat: `ApiResource` extender * feat: improve * feat: refactor tags extension * feat: refactor flags extension * fix: regressions * fix: drop bc layer * feat: refactor suspend extension * feat: refactor subscriptions extension * feat: refactor approval extension * feat: refactor sticky extension * feat: refactor nicknames extension * feat: refactor mentions extension * feat: refactor lock extension * feat: refactor likes extension * chore: merge conflicts * feat: refactor extension-manager extension * feat: context current endpoint helpers * chore: minor * feat: cleaner sortmap implementation * chore: drop old package * chore: not needed (auto scoping) * fix: actor only fields * refactor: simplify index endpoint * feat: eager loading * test: adapt * test: phpstan * test: adapt * fix: typing * fix: approving content * tet: adapt frontend tests * chore: typings * chore: review * fix: breaking change
2025-08-08 17:36:38 +02:00 · 2024-06-21 09:36:32 +01:00
parent 10514709f1
commit a8777c6198
296 changed files with 7148 additions and 8860 deletions
--- a/extensions/flags/tests/integration/api/flags/ListTest.php
+++ b/extensions/flags/tests/integration/api/flags/ListTest.php
@@ -55,6 +55,7 @@ class ListTest extends TestCase
                ['id' => 1, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
                ['id' => 2, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
                ['id' => 3, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+                ['id' => 4, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>', 'is_private' => true],
            ],
            Flag::class => [
                ['id' => 1, 'post_id' => 1, 'user_id' => 1],
@@ -62,6 +63,7 @@ class ListTest extends TestCase
                ['id' => 3, 'post_id' => 1, 'user_id' => 3],
                ['id' => 4, 'post_id' => 2, 'user_id' => 2],
                ['id' => 5, 'post_id' => 3, 'user_id' => 1],
+                ['id' => 6, 'post_id' => 4, 'user_id' => 1],
            ]
        ]);
    }
@@ -69,7 +71,7 @@ class ListTest extends TestCase
    /**
     * @test
     */
-    public function admin_can_see_one_flag_per_post()
+    public function admin_can_see_one_flag_per_visible_post()
    {
        $response = $this->send(
            $this->request('GET', '/api/flags', [
@@ -77,9 +79,9 @@ class ListTest extends TestCase
            ])
        );

-        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals(200, $response->getStatusCode(), $body = $response->getBody()->getContents());

-        $data = json_decode($response->getBody()->getContents(), true)['data'];
+        $data = json_decode($body, true)['data'];

        $ids = Arr::pluck($data, 'id');
        $this->assertEqualsCanonicalizing(['1', '4', '5'], $ids);
@@ -88,7 +90,7 @@ class ListTest extends TestCase
    /**
     * @test
     */
-    public function regular_user_sees_own_flags()
+    public function regular_user_sees_own_flags_of_visible_posts()
    {
        $response = $this->send(
            $this->request('GET', '/api/flags', [
@@ -107,7 +109,7 @@ class ListTest extends TestCase
    /**
     * @test
     */
-    public function mod_can_see_one_flag_per_post()
+    public function mod_can_see_one_flag_per_visible_post()
    {
        $response = $this->send(
            $this->request('GET', '/api/flags', [
--- a/extensions/flags/tests/integration/api/flags/ListWithTagsTest.php
+++ b/extensions/flags/tests/integration/api/flags/ListWithTagsTest.php
@@ -55,9 +55,9 @@ class ListWithTagsTest extends TestCase
            ],
            'group_permission' => [
                ['group_id' => Group::MODERATOR_ID, 'permission' => 'discussion.viewFlags'],
-                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag2.viewDiscussions'],
+                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag2.viewForum'],
                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag3.discussion.viewFlags'],
-                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag4.viewDiscussions'],
+                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag4.viewForum'],
                ['group_id' => Group::MODERATOR_ID, 'permission' => 'tag4.discussion.viewFlags'],
            ],
            Discussion::class => [
@@ -154,9 +154,7 @@ class ListWithTagsTest extends TestCase
        $data = json_decode($response->getBody()->getContents(), true)['data'];

        $ids = Arr::pluck($data, 'id');
-        // 7 is included, even though mods can't view discussions.
-        // This is because the UI doesnt allow discussions.viewFlags without viewDiscussions.
-        $this->assertEqualsCanonicalizing(['1', '4', '5', '7', '8', '9'], $ids);
+        $this->assertEqualsCanonicalizing(['1', '4', '5', '8', '9'], $ids);
    }

    /**
--- a/extensions/flags/tests/integration/api/posts/IncludeFlagsVisibilityTest.php
+++ b/extensions/flags/tests/integration/api/posts/IncludeFlagsVisibilityTest.php
@@ -0,0 +1,145 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Flags\Tests\integration\api\posts;
+
+use Flarum\Group\Group;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class IncludeFlagsVisibilityTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setup(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-tags', 'flarum-flags');
+
+        $this->prepareDatabase([
+            'users' => [
+                $this->normalUser(),
+                [
+                    'id' => 3,
+                    'username' => 'mod',
+                    'password' => '$2y$10$LO59tiT7uggl6Oe23o/O6.utnF6ipngYjvMvaxo1TciKqBttDNKim', // BCrypt hash for "too-obscure"
+                    'email' => 'normal2@machine.local',
+                    'is_email_confirmed' => 1,
+                ],
+                [
+                    'id' => 4,
+                    'username' => 'tod',
+                    'password' => '$2y$10$LO59tiT7uggl6Oe23o/O6.utnF6ipngYjvMvaxo1TciKqBttDNKim', // BCrypt hash for "too-obscure"
+                    'email' => 'tod@machine.local',
+                    'is_email_confirmed' => 1,
+                ],
+                [
+                    'id' => 5,
+                    'username' => 'ted',
+                    'password' => '$2y$10$LO59tiT7uggl6Oe23o/O6.utnF6ipngYjvMvaxo1TciKqBttDNKim', // BCrypt hash for "too-obscure"
+                    'email' => 'ted@machine.local',
+                    'is_email_confirmed' => 1,
+                ],
+            ],
+            'group_user' => [
+                ['group_id' => 5, 'user_id' => 2],
+                ['group_id' => 6, 'user_id' => 3],
+            ],
+            'groups' => [
+                ['id' => 5, 'name_singular' => 'group5', 'name_plural' => 'group5', 'color' => null, 'icon' => 'fas fa-crown', 'is_hidden' => false],
+                ['id' => 6, 'name_singular' => 'group1', 'name_plural' => 'group1', 'color' => null, 'icon' => 'fas fa-cog', 'is_hidden' => false],
+            ],
+            'group_permission' => [
+                ['group_id' => Group::MEMBER_ID, 'permission' => 'tag1.viewForum'],
+                ['group_id' => 5, 'permission' => 'tag1.viewForum'],
+                ['group_id' => 5, 'permission' => 'discussion.viewFlags'],
+                ['group_id' => 6, 'permission' => 'tag1.discussion.viewFlags'],
+                ['group_id' => 6, 'permission' => 'tag1.viewForum'],
+            ],
+            'tags' => [
+                ['id' => 1, 'name' => 'Tag 1', 'slug' => 'tag-1', 'is_primary' => false, 'position' => null, 'parent_id' => null, 'is_restricted' => true],
+                ['id' => 2, 'name' => 'Tag 2', 'slug' => 'tag-2', 'is_primary' => true, 'position' => 2, 'parent_id' => null, 'is_restricted' => false],
+            ],
+            'discussions' => [
+                ['id' => 1, 'title' => 'Test1', 'user_id' => 1, 'comment_count' => 1],
+                ['id' => 2, 'title' => 'Test2', 'user_id' => 1, 'comment_count' => 1],
+            ],
+            'discussion_tag' => [
+                ['discussion_id' => 1, 'tag_id' => 1],
+                ['discussion_id' => 2, 'tag_id' => 2],
+            ],
+            'posts' => [
+                ['id' => 1, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+                ['id' => 2, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+                ['id' => 3, 'discussion_id' => 1, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+
+                ['id' => 4, 'discussion_id' => 2, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+                ['id' => 5, 'discussion_id' => 2, 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p></p></t>'],
+            ],
+            'flags' => [
+                ['id' => 1, 'post_id' => 1, 'user_id' => 1],
+                ['id' => 2, 'post_id' => 1, 'user_id' => 5],
+                ['id' => 3, 'post_id' => 1, 'user_id' => 3],
+                ['id' => 4, 'post_id' => 2, 'user_id' => 5],
+                ['id' => 5, 'post_id' => 3, 'user_id' => 1],
+
+                ['id' => 6, 'post_id' => 4, 'user_id' => 1],
+                ['id' => 7, 'post_id' => 5, 'user_id' => 5],
+                ['id' => 8, 'post_id' => 5, 'user_id' => 5],
+            ],
+        ]);
+    }
+
+    /**
+     * @dataProvider listFlagsIncludesDataProvider
+     * @test
+     */
+    public function user_sees_where_allowed_with_included_tags(int $actorId, array $expectedIncludes)
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/posts', [
+                'authenticatedAs' => $actorId,
+            ])->withQueryParams([
+                'include' => 'flags'
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+
+        $responseBody = json_decode($response->getBody()->getContents(), true);
+
+        $data = $responseBody['data'];
+
+        $this->assertEquals(['1', '2', '3', '4', '5'], Arr::pluck($data, 'id'));
+        $this->assertEqualsCanonicalizing(
+            $expectedIncludes,
+            collect($responseBody['included'] ?? [])
+            ->filter(fn ($include) => $include['type'] === 'flags')
+            ->pluck('id')
+            ->map(strval(...))
+            ->all()
+        );
+    }
+
+    public function listFlagsIncludesDataProvider(): array
+    {
+        return [
+            'admin_sees_all' => [1, [1, 2, 3, 4, 5, 6, 7, 8]],
+            'user_with_general_permission_sees_where_unrestricted_tag' => [2, [6, 7, 8]],
+            'user_with_tag1_permission_sees_tag1_flags' => [3, [1, 2, 3, 4, 5]],
+            'normal_user_sees_none' => [4, []],
+            'normal_user_sees_own' => [5, [2, 7, 4, 8]],
+        ];
+    }
+}