Check whether users can view responsibilities (by ability or because they are marked as public)

patrickrobrecht · patrickrobrecht · commit f40fd4c6fee6 · 2024-05-04T18:38:06.000+02:00
diff --git a/app/Http/Requests/Traits/ValidatesResponsibleUsers.php b/app/Http/Requests/Traits/ValidatesResponsibleUsers.php
@@ -17,6 +17,10 @@ protected function rulesForResponsibleUsers(): array
             'responsible_user_id.*' => [
                 Rule::exists('users', 'id'),
             ],
+            'responsible_user_data.*.publicly_visible' => [
+                'nullable',
+                'boolean',
+            ],
             'responsible_user_data.*.position' => [
                 'nullable',
                 'string',
@@ -34,6 +38,7 @@ protected function rulesForResponsibleUsers(): array
     protected function attributesForResponsibleUsers(): array
     {
         return [
+            'responsible_user_data.*.publicly_visible' => __('publicly visible'),
             'responsible_user_data.*.position' => __('Position'),
             'responsible_user_data.*.sort' => __('Sort'),
         ];
diff --git a/app/Models/Event.php b/app/Models/Event.php
@@ -10,6 +10,7 @@
 use App\Models\Traits\HasResponsibleUsers;
 use App\Models\Traits\HasSlugForRouting;
 use App\Models\Traits\HasWebsite;
+use App\Options\Ability;
 use App\Options\EventType;
 use App\Options\Visibility;
 use Carbon\Carbon;
@@ -171,6 +172,11 @@ public function fillAndSave(array $validatedData): bool
             && $this->saveResponsibleUsers($validatedData);
     }
 
+    public function getAbilityToViewResponsibilities(): Ability
+    {
+        return Ability::ViewResponsibilitiesOfEvents;
+    }
+
     public function getBookingOptions(): Collection
     {
         if (isset($this->parentEvent)) {
diff --git a/app/Models/EventSeries.php b/app/Models/EventSeries.php
@@ -7,6 +7,7 @@
 use App\Models\Traits\HasDocuments;
 use App\Models\Traits\HasResponsibleUsers;
 use App\Models\Traits\HasSlugForRouting;
+use App\Options\Ability;
 use App\Options\EventSeriesType;
 use App\Options\Visibility;
 use Illuminate\Database\Eloquent\Builder;
@@ -101,6 +102,11 @@ public function fillAndSave(array $validatedData): bool
             && $this->saveResponsibleUsers($validatedData);
     }
 
+    public function getAbilityToViewResponsibilities(): Ability
+    {
+        return Ability::ViewResponsibilitiesOfEventSeries;
+    }
+
     public function getRoute(): string
     {
         return route('event-series.show', $this);
diff --git a/app/Models/Organization.php b/app/Models/Organization.php
@@ -8,6 +8,7 @@
 use App\Models\Traits\HasLocation;
 use App\Models\Traits\HasResponsibleUsers;
 use App\Models\Traits\HasWebsite;
+use App\Options\Ability;
 use App\Options\ActiveStatus;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
@@ -80,6 +81,11 @@ public function fillAndSave(array $validatedData): bool
             && $this->saveResponsibleUsers($validatedData);
     }
 
+    public function getAbilityToViewResponsibilities(): Ability
+    {
+        return Ability::ViewResponsibilitiesOfOrganizations;
+    }
+
     public function getRoute(): string
     {
         return route('organizations.show', $this);
diff --git a/app/Models/Traits/HasResponsibleUsers.php b/app/Models/Traits/HasResponsibleUsers.php
@@ -3,8 +3,11 @@
 namespace App\Models\Traits;
 
 use App\Models\User;
+use App\Options\Ability;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\MorphToMany;
+use Illuminate\Support\Facades\Auth;
 
 /**
  * @property-read $responsibleUsers {@see self::responsibleUsers()}
@@ -17,6 +20,7 @@ public function responsibleUsers(): MorphToMany
     {
         return $this->morphToMany(User::class, 'responsible_for', 'user_responsibilities')
             ->withPivot([
+                'publicly_visible',
                 'position',
                 'sort',
             ])
@@ -26,16 +30,47 @@ public function responsibleUsers(): MorphToMany
             ->orderBy('first_name');
     }
 
-    public function saveResponsibleUsers(array $validatedData): bool
+    abstract public function getAbilityToViewResponsibilities(): Ability;
+
+    public function getResponsibleUsersVisibleForCurrentUser(): Collection
     {
-        $this->responsibleUsers()->sync($validatedData['responsible_user_id'] ?? []);
+        $currentUser = Auth::user();
 
-        foreach ($validatedData['responsible_user_data'] ?? [] as $userId => $pivotData) {
-            if ($this->responsibleUsers()->updateExistingPivot($userId, $pivotData) !== 1) {
-                return false;
-            }
+        if (isset($currentUser) && $currentUser->hasAbility($this->getAbilityToViewResponsibilities())) {
+            return $this->responsibleUsers;
         }
 
-        return true;
+        return $this->getPubliclyVisibleResponsibleUsers();
+    }
+
+    /**
+     * @return Collection<User>
+     */
+    public function getPubliclyVisibleResponsibleUsers(): Collection
+    {
+        return $this->responsibleUsers->filter(fn (User $responsibleUser) => self::isPubliclyVisible($responsibleUser));
+    }
+
+    public function hasPubliclyVisibleResponsibleUsers(): bool
+    {
+        return $this->responsibleUsers->first(fn (User $responsibleUser) => self::isPubliclyVisible($responsibleUser)) !== null;
+    }
+
+    public function saveResponsibleUsers(array $validatedData): array
+    {
+        $responsibleUsers = [];
+        foreach ($validatedData['responsible_user_id'] ?? [] as $responsibleUserId) {
+            $pivotData = $validatedData['responsible_user_data'][$responsibleUserId] ?? [];
+            $pivotData['publicly_visible'] ??= false;
+            $responsibleUsers[$responsibleUserId] = $pivotData;
+        }
+
+        return $this->responsibleUsers()->sync($responsibleUsers);
+    }
+
+    private static function isPubliclyVisible(User $responsibleUser): bool
+    {
+        return isset($responsibleUser->pivot->publicly_visible)
+            && $responsibleUser->pivot->publicly_visible;
     }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -132,6 +132,7 @@ private function responsibleFor(string $class): MorphToMany
     {
         return $this->morphedByMany($class, 'responsible_for', 'user_responsibilities')
             ->withPivot([
+                'publicly_visible',
                 'position',
                 'sort',
             ]);
diff --git a/app/Options/Ability.php b/app/Options/Ability.php
@@ -30,6 +30,7 @@ enum Ability: string
     case AddDocumentsToEvents = 'events.documents.create';
     case EditDocumentsOfEvents = 'events.documents.edit';
     case DeleteDocumentsOfEvents = 'events.documents.delete';
+    case ViewResponsibilitiesOfEvents = 'events.responsibilities.view';
 
     case ViewEventSeries = 'event_series.view';
     case ViewPrivateEventSeries = 'event_series.view_private';
@@ -39,6 +40,7 @@ enum Ability: string
     case AddDocumentsToEventSeries = 'event_series.documents.create';
     case EditDocumentsOfEventSeries = 'event_series.documents.edit';
     case DeleteDocumentsOfEventSeries = 'event_series.documents.delete';
+    case ViewResponsibilitiesOfEventSeries = 'event_series.responsibilities.view';
 
     case ViewLocations = 'locations.view';
     case CreateLocations = 'locations.create';
@@ -51,6 +53,7 @@ enum Ability: string
     case AddDocumentsToOrganizations = 'organizations.documents.create';
     case EditDocumentsOfOrganizations = 'organizations.documents.edit';
     case DeleteDocumentsOfOrganizations = 'organizations.documents.delete';
+    case ViewResponsibilitiesOfOrganizations = 'organizations.responsibilities.view';
 
     case ViewDocuments = 'documents.view';
 
@@ -87,6 +90,7 @@ public function getTranslatedName(): string
             self::AddDocumentsToEvents => __('Add documents to events'),
             self::EditDocumentsOfEvents => __('Update documents of events'),
             self::DeleteDocumentsOfEvents => __('Delete documents of events'),
+            self::ViewResponsibilitiesOfEvents => __('View responsibilities of events'),
 
             self::ViewEventSeries => __('View event series'),
             self::ViewPrivateEventSeries => __('View private event series'),
@@ -96,6 +100,7 @@ public function getTranslatedName(): string
             self::AddDocumentsToEventSeries => __('Add documents to event series'),
             self::EditDocumentsOfEventSeries => __('Update documents of event series'),
             self::DeleteDocumentsOfEventSeries => __('Delete documents of event series'),
+            self::ViewResponsibilitiesOfEventSeries => __('View responsibilities of event series'),
 
             self::ViewLocations => __('View locations'),
             self::CreateLocations => __('Create locations'),
@@ -108,6 +113,7 @@ public function getTranslatedName(): string
             self::AddDocumentsToOrganizations => __('Add documents to organizations'),
             self::EditDocumentsOfOrganizations => __('Update documents of organizations'),
             self::DeleteDocumentsOfOrganizations => __('Delete documents of organizations'),
+            self::ViewResponsibilitiesOfOrganizations => __('View responsibilities of organizations'),
 
             self::ViewDocuments => __('View documents'),
 
diff --git a/app/Policies/EventPolicy.php b/app/Policies/EventPolicy.php
@@ -44,6 +44,20 @@ public function viewGroups(User $user, Event $event): Response
         return $this->requireAbility($user, Ability::ViewBookingsOfEvent);
     }
 
+    public function viewResponsibilities(?User $user, Event $event): Response
+    {
+        $viewResponse = $this->view($user, $event);
+        if ($viewResponse->denied()) {
+            return $viewResponse;
+        }
+
+        return $this->requireAbilityOrCheck(
+            $user,
+            Ability::ViewResponsibilitiesOfEvents,
+            fn () => $this->response($event->hasPubliclyVisibleResponsibleUsers())
+        );
+    }
+
     /**
      * Determine whether the user can create models.
      */
diff --git a/app/Policies/EventSeriesPolicy.php b/app/Policies/EventSeriesPolicy.php
@@ -38,6 +38,20 @@ public function view(?User $user, EventSeries $eventSeries): Response
         return $this->requireAbility($user, Ability::ViewPrivateEventSeries);
     }
 
+    public function viewResponsibilities(?User $user, EventSeries $eventSeries): Response
+    {
+        $viewResponse = $this->view($user, $eventSeries);
+        if ($viewResponse->denied()) {
+            return $viewResponse;
+        }
+
+        return $this->requireAbilityOrCheck(
+            $user,
+            Ability::ViewResponsibilitiesOfEventSeries,
+            fn () => $this->response($eventSeries->hasPubliclyVisibleResponsibleUsers())
+        );
+    }
+
     /**
      * Determine whether the user can create models.
      */
diff --git a/app/Policies/OrganizationPolicy.php b/app/Policies/OrganizationPolicy.php
@@ -28,6 +28,20 @@ public function view(User $user, Organization $organization): Response
         return $this->viewAny($user);
     }
 
+    public function viewResponsibilities(?User $user, Organization $organization): Response
+    {
+        $viewResponse = $this->view($user, $organization);
+        if ($viewResponse->denied()) {
+            return $viewResponse;
+        }
+
+        return $this->requireAbilityOrCheck(
+            $user,
+            Ability::ViewResponsibilitiesOfOrganizations,
+            fn () => $this->response($organization->hasPubliclyVisibleResponsibleUsers())
+        );
+    }
+
     /**
      * Determine whether the user can create models.
      */
diff --git a/app/Policies/Traits/ChecksAbilities.php b/app/Policies/Traits/ChecksAbilities.php
@@ -4,6 +4,7 @@
 
 use App\Models\User;
 use App\Options\Ability;
+use Closure;
 use Illuminate\Auth\Access\HandlesAuthorization;
 use Illuminate\Auth\Access\Response;
 
@@ -24,4 +25,16 @@ public function requireAbility(?User $user, Ability $ability): Response
 
         return $this->response($user->hasAbility($ability));
     }
+
+    /**
+     * @param Closure(): Response $closure
+     */
+    public function requireAbilityOrCheck(?User $user, Ability $ability, Closure $closure): Response
+    {
+        $abilityResponse = $this->requireAbility($user, $ability);
+
+        return $abilityResponse->allowed()
+            ? $abilityResponse
+            : $closure();
+    }
 }
diff --git a/database/migrations/2024_05_03_104055_create_user_responsibilities_table.php.php b/database/migrations/2024_05_03_104055_create_user_responsibilities_table.php.php
@@ -16,6 +16,7 @@ public function up(): void
             $table->id();
             $table->foreignId('user_id')->constrained('users');
             $table->numericMorphs('responsible_for', 'user_responsibilities_responsible_for_index');
+            $table->boolean('publicly_visible');
             $table->string('position')->nullable();
             $table->unsignedInteger('sort')->nullable();
             $table->timestamps();
diff --git a/lang/de.json b/lang/de.json
@@ -231,6 +231,7 @@
     "Privacy": "Datenschutz",
     "private": "privat",
     "public": "öffentlich",
+    "publicly visible": "öffentlich sichtbar",
     "radio buttons": "Radio-Buttons",
     "randomized": "zufallsbasiert",
     "randomized and age-based": "zufalls- und altersbasiert",
@@ -314,6 +315,9 @@
     "View payment status": "Zahlungsstatus ansehen",
     "View private event series": "Private Veranstaltungsreihen ansehen",
     "View private events": "Private Veranstaltungen ansehen",
+    "View responsibilities of event series": "Verantwortlichkeiten von Verânstaltungsreihen ansehen",
+    "View responsibilities of events": "Verantwortlichkeiten von Verânstaltungen ansehen",
+    "View responsibilities of organizations": "Verantwortlichkeiten von Organisationen ansehen",
     "View user roles": "Benutzerrollen ansehen",
     "View users": "Benutzer ansehen",
     "Visibility": "Sichtbarkeit",
diff --git a/lang/de/validation.php b/lang/de/validation.php
@@ -203,8 +203,10 @@
         'password' => 'Passwort',
         'password_confirmation' => 'Passwort Bestätigung',
         'phone' => 'Telefonnummer',
+        'position' => 'Position',
         'postal_code' => 'Postleitzahl',
         'price' => 'Preis',
+        'publicly_visible' => 'öffentlich sichtbar',
         'register_entry' => 'Registereintrag',
         'representatives' => 'Vertreter',
         'restrictions' => 'Einschränkungen',
diff --git a/resources/views/event_series/event_series_index.blade.php b/resources/views/event_series/event_series_index.blade.php
@@ -89,15 +89,17 @@
                                 <x-bs::badge>{{ formatInt($eventSeriesItem->events_count) }}</x-bs::badge>
                             </x-slot:end>
                         </x-bs::list.item>
-                        <x-bs::list.item>
-                            <span class="text-nowrap"><i class="fa fa-fw fa-list-check"></i> {{ __('Responsibilities') }}</span>
-                            <x-slot:end>
-                                @include('users.shared.responsible_user_span', [
-                                    'class' => 'text-end ms-2',
-                                    'users' => $eventSeriesItem->responsibleUsers,
-                                ])
-                            </x-slot:end>
-                        </x-bs::list.item>
+                        @can('viewResponsibilities', $eventSeriesItem)
+                            <x-bs::list.item>
+                                <span class="text-nowrap"><i class="fa fa-fw fa-list-check"></i> {{ __('Responsibilities') }}</span>
+                                <x-slot:end>
+                                    @include('users.shared.responsible_user_span', [
+                                        'class' => 'text-end ms-2',
+                                        'users' => $eventSeriesItem->getResponsibleUsersVisibleForCurrentUser(),
+                                    ])
+                                </x-slot:end>
+                            </x-bs::list.item>
+                        @endcan
                         <x-bs::list.item>
                             <span class="text-nowrap">
                                 <i class="fa fa-fw fa-file"></i>
diff --git a/resources/views/event_series/event_series_show.blade.php b/resources/views/event_series/event_series_show.blade.php
@@ -76,14 +76,24 @@
             'col-12 col-xl-6 col-xxl-4',
             'mt-4 mt-xxl-0' => $hasSubEventSeriesToShow,
         ])>
-            <section id="responsibilities">
-                <h2>{{ __('Responsibilities') }}</h2>
-                @include('users.shared.responsible_user_list', [
-                    'users' => $eventSeries->responsibleUsers,
-                ])
-            </section>
+            @php
+                $responsibilitySectionEmpty = true;
+            @endphp
+            @can('viewResponsibilities', $eventSeries)
+                @php
+                    $responsibilitySectionEmpty = false;
+                @endphp
+                <section id="responsibilities">
+                    <h2>{{ __('Responsibilities') }}</h2>
+                    @include('users.shared.responsible_user_list', [
+                        'users' => $eventSeries->getResponsibleUsersVisibleForCurrentUser(),
+                    ])
+                </section>
+            @endcan
             @canany(['viewAny', 'create'], [\App\Models\Document::class, $eventSeries])
-                <section id="documents" class="mt-4">
+                <section id="documents" @class([
+                    'mt-4' => !$responsibilitySectionEmpty,
+                ])>
                     <h2>{{ __('Documents') }}</h2>
                     @can('viewAny', [\App\Models\Document::class, $eventSeries])
                         @include('documents.shared.document_list', [
diff --git a/resources/views/event_series/shared/event_series_list.blade.php b/resources/views/event_series/shared/event_series_list.blade.php
diff --git a/resources/views/events/event_index.blade.php b/resources/views/events/event_index.blade.php
diff --git a/resources/views/events/event_show.blade.php b/resources/views/events/event_show.blade.php
diff --git a/resources/views/events/shared/event_list.blade.php b/resources/views/events/shared/event_list.blade.php
diff --git a/resources/views/livewire/users/search-users.blade.php b/resources/views/livewire/users/search-users.blade.php
diff --git a/resources/views/organizations/organization_index.blade.php b/resources/views/organizations/organization_index.blade.php
diff --git a/resources/views/organizations/organization_show.blade.php b/resources/views/organizations/organization_show.blade.php
diff --git a/resources/views/organizations/shared/organization_list.blade.php b/resources/views/organizations/shared/organization_list.blade.php

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ private function responsibleFor(string $class): MorphToMany`
`132`	`132`	`{`
`133`	`133`	`return $this->morphedByMany($class, 'responsible_for', 'user_responsibilities')`
`134`	`134`	`->withPivot([`
	`135`	`+ 'publicly_visible',`
`135`	`136`	`'position',`
`136`	`137`	`'sort',`
`137`	`138`	`]);`