diff --git a/app/Console/Commands/Cleanup/CleanupTrashedCampaigns.php b/app/Console/Commands/Cleanup/CleanupTrashedCampaigns.php index e0d0fec79b..5467137329 100644 --- a/app/Console/Commands/Cleanup/CleanupTrashedCampaigns.php +++ b/app/Console/Commands/Cleanup/CleanupTrashedCampaigns.php @@ -52,7 +52,7 @@ public function handle() Campaign::observe(CampaignObserver::class); $count = $this->service->purgeDeleted(); - $log = 'Deleted ' . $count . ' trashed campaigns.'; + $log = 'Deleted ' . $count . ' trashed campaigns.'; $this->info($log); $this->log($log); diff --git a/app/Http/Controllers/Entity/MoveController.php b/app/Http/Controllers/Entity/MoveController.php index c58fa4c574..5a18331859 100644 --- a/app/Http/Controllers/Entity/MoveController.php +++ b/app/Http/Controllers/Entity/MoveController.php @@ -54,24 +54,24 @@ public function move(MoveEntityRequest $request, Campaign $campaign, Entity $ent } $copied = $request->filled('copy'); -// try { - $this->service - ->entity($entity) - ->campaign($campaign) - ->user($request->user()) - ->to($request->get('campaign')) - ->copy($copied) - ->validate() - ->process() - ; + // try { + $this->service + ->entity($entity) + ->campaign($campaign) + ->user($request->user()) + ->to($request->get('campaign')) + ->copy($copied) + ->validate() + ->process() + ; - return redirect() - ->route($entity->pluralType() . '.index', $campaign) - ->with('success_raw', __('entities/move.success' . ($copied ? '_copy' : null), ['name' => $entity->name, 'campaign' => $this->service->target()->name])); -// } catch (TranslatableException $ex) { -// return redirect() -// ->to($entity->url()) -// ->with('error', __($ex->getMessage(), ['name' => $entity->name])); -// } + return redirect() + ->route($entity->pluralType() . '.index', $campaign) + ->with('success_raw', __('entities/move.success' . ($copied ? '_copy' : null), ['name' => $entity->name, 'campaign' => $this->service->target()->name])); + // } catch (TranslatableException $ex) { + // return redirect() + // ->to($entity->url()) + // ->with('error', __($ex->getMessage(), ['name' => $entity->name])); + // } } } diff --git a/app/Http/Requests/StoreCalendar.php b/app/Http/Requests/StoreCalendar.php index 5ccaf7e0b6..e703f51648 100644 --- a/app/Http/Requests/StoreCalendar.php +++ b/app/Http/Requests/StoreCalendar.php @@ -48,9 +48,9 @@ public function rules() 'show_birthdays' => 'boolean', 'template_id' => 'nullable', 'format' => ['nullable', new CalendarFormat(), 'string', 'max:20'], -// 'moon_offset' => [ -// '*' => new CalendarMoonOffset() -// ], + // 'moon_offset' => [ + // '*' => new CalendarMoonOffset() + // ], ]; if (request()->has('quick-creator')) { diff --git a/app/Models/Character.php b/app/Models/Character.php index 658f78aa90..1f10ecc85b 100644 --- a/app/Models/Character.php +++ b/app/Models/Character.php @@ -179,16 +179,22 @@ public function scopeMember(Builder $query, string|null $value, FilterOption $fi if (!empty($value)) { return $query; } - return $query + $query ->select($this->getTable() . '.*') ->leftJoin('organisation_member as memb', function ($join) { $join->on('memb.character_id', '=', $this->getTable() . '.id'); }) ->where('memb.organisation_id', null); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query; } elseif ($filter === FilterOption::EXCLUDE) { return $query ->whereRaw('(select count(*) from organisation_member as memb where memb.character_id = ' . - $this->getTable() . '.id and memb.organisation_id in (' . (int) $value . ')) = 0'); + $this->getTable() . '.id and memb.character_id = ' . ((int) $value) . ' and ' . $this->subPrivacy('memb.is_private') . ') = 0'); } $ids = [$value]; @@ -199,12 +205,18 @@ public function scopeMember(Builder $query, string|null $value, FilterOption $fi $ids = [...$model->descendants->pluck('id')->toArray(), $model->id]; } } - return $query + $query ->select($this->getTable() . '.*') ->leftJoin('organisation_member as memb', function ($join) { $join->on('memb.character_id', '=', $this->getTable() . '.id'); }) - ->whereIn('memb.organisation_id', $ids)->distinct(); + ->whereIn('memb.organisation_id', $ids); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query->distinct(); } /** diff --git a/app/Models/Concerns/HasFilters.php b/app/Models/Concerns/HasFilters.php index 40b2eebb36..6a161d38a3 100644 --- a/app/Models/Concerns/HasFilters.php +++ b/app/Models/Concerns/HasFilters.php @@ -489,9 +489,15 @@ protected function filterRace(Builder $query, string $value = null): void { $ids = [$value]; if ($this->filterOption('exclude')) { - $query->whereRaw('(select count(*) from character_race as cr where cr.character_id = ' . - $this->getTable() . '.id and cr.race_id = ' . ((int) $value) . ') = 0'); + if (auth()->check() && auth()->user()->isAdmin()) { + $query->whereRaw('(select count(*) from character_race as cr where cr.character_id = ' . + $this->getTable() . '.id and cr.race_id = ' . ((int) $value) . ') = 0'); + } else { + $query->whereRaw('(select count(*) from character_race as cr where cr.character_id = ' . + $this->getTable() . '.id and cr.race_id = ' . ((int) $value) . ' and cr.is_private = 0) = 0'); + } return; + } elseif ($this->filterOption('children')) { /** @var Race|null $race */ $race = Race::find($value); @@ -505,7 +511,12 @@ protected function filterRace(Builder $query, string $value = null): void ->select($this->getTable() . '.*') ->leftJoin('character_race as cr', function ($join) { $join->on('cr.character_id', '=', $this->getTable() . '.id'); - })->whereIn('cr.race_id', $ids)->distinct(); + })->whereIn('cr.race_id', $ids); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('cr.is_private', false); + } + $query->distinct(); } /** @@ -516,8 +527,10 @@ protected function filterFamily(Builder $query, string $value = null): void $ids = [$value]; if ($this->filterOption('exclude')) { $query->whereRaw('(select count(*) from character_family as cf where cf.character_id = ' . - $this->getTable() . '.id and cf.family_id = ' . ((int) $value) . ') = 0'); + $this->getTable() . '.id and cf.family_id = ' . ((int) $value) + . ' and ' . $this->subPrivacy('cf.is_private') . ') = 0'); return; + } elseif ($this->filterOption('children')) { /** @var Family|null $family */ $family = Family::find($value); @@ -531,7 +544,13 @@ protected function filterFamily(Builder $query, string $value = null): void ->select($this->getTable() . '.*') ->leftJoin('character_family as cf', function ($join) { $join->on('cf.character_id', '=', $this->getTable() . '.id'); - })->whereIn('cf.family_id', $ids)->distinct(); + })->whereIn('cf.family_id', $ids); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('cf.is_private', false); + } + + $query->distinct(); } /** @@ -677,4 +696,14 @@ protected function explicitFilters(): array } return []; } + + protected function subPrivacy(string $field): string|null + { + // Campaign admins don't have private data hidden from them + if (auth()->check() && auth()->user()->isAdmin()) { + return null; + } + + return $field . ' = 0'; + } } diff --git a/app/Models/Family.php b/app/Models/Family.php index 155fc0f69b..bbe8cd913a 100644 --- a/app/Models/Family.php +++ b/app/Models/Family.php @@ -146,25 +146,38 @@ public function scopeMember(Builder $query, string|null $value, FilterOption $fi if (!empty($value)) { return $query; } - return $query + $query ->select($this->getTable() . '.*') ->leftJoin('character_family as memb', function ($join) { $join->on('memb.family_id', '=', $this->getTable() . '.id'); }) ->where('memb.character_id', null); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query; } elseif ($filter === FilterOption::EXCLUDE) { return $query ->whereRaw('(select count(*) from character_family as memb where memb.family_id = ' . - $this->getTable() . '.id and memb.character_id in (' . (int) $value . ')) = 0'); + $this->getTable() . '.id and memb.family_id = ' . ((int) $value) . ' and ' . $this->subPrivacy('memb.is_private') . ') = 0'); } $ids = [$value]; - return $query + $query ->select($this->getTable() . '.*') ->leftJoin('character_family as memb', function ($join) { $join->on('memb.family_id', '=', $this->getTable() . '.id'); }) - ->whereIn('memb.character_id', $ids)->distinct(); + ->whereIn('memb.character_id', $ids); + + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query->distinct(); } /** @@ -176,7 +189,7 @@ public function datagridSelectFields(): array } /** - * @return \Illuminate\Database\Eloquent\Relations\BelongsTo + * @return BelongsTo */ public function location() { diff --git a/app/Models/Organisation.php b/app/Models/Organisation.php index a478121747..4e3f53550c 100644 --- a/app/Models/Organisation.php +++ b/app/Models/Organisation.php @@ -168,24 +168,37 @@ public function scopeMember(Builder $query, string|null $value, FilterOption $fi if (!empty($value)) { return $query; } - return $query + $query ->select($this->getTable() . '.*') ->leftJoin('organisation_member as memb', function ($join) { $join->on('memb.organisation_id', '=', $this->getTable() . '.id'); }) ->where('memb.character_id', null); + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query; + } elseif ($filter === FilterOption::EXCLUDE) { return $query ->whereRaw('(select count(*) from organisation_member as memb where memb.organisation_id = ' . - $this->getTable() . '.id and memb.character_id in (' . (int) $value . ')) = 0'); + $this->getTable() . '.id and memb.character_id = ' . ((int) $value) . ' and ' . $this->subPrivacy('memb.is_private') . ') = 0'); } $ids = [$value]; - return $query + + $query ->select($this->getTable() . '.*') ->leftJoin('organisation_member as memb', function ($join) { $join->on('memb.organisation_id', '=', $this->getTable() . '.id'); }) - ->whereIn('memb.character_id', $ids)->distinct(); + ->whereIn('memb.character_id', $ids); + + if (auth()->guest() || !auth()->user()->isAdmin()) { + $query->where('memb.is_private', 0); + } + + return $query->distinct(); } /**