Skip to content

[pull] 2.x from Kovah:2.x #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 5 commits into from
Sep 20, 2025
Merged

[pull] 2.x from Kovah:2.x #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d1117e8
System tokens are now able to properly delete entities via the API
Kovah Sep 20, 2025
ebeda89
System tokens don't fail while updating links via the API anymore (#1…
Kovah Sep 20, 2025
dc53d9a
Adjust dev dockerfile to properly install dependencies
Kovah Sep 20, 2025
954fd1f
Refactor the handling of lists, tags and notes API requests with corr…
Kovah Sep 20, 2025
b057866
Correct parsing of lists and tags starting with numbers (#1017)
Kovah Sep 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion app/Helper/functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ function setupCompleted(): ?bool
*/
function usersettings(string $key = '', ?int $userId = null): mixed
{
if (is_null($userId) && !auth()->user()) {
// return null if no user id is passed, no user is authenticated, or the system user is being used via the API
if ((is_null($userId) && !auth()->user()) || auth()->id() === 0) {
return null;
}

Expand Down
4 changes: 2 additions & 2 deletions app/Http/Controllers/API/LinkNotesController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Models\Link;
use App\Models\Api\ApiLink;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;

class LinkNotesController extends Controller
{
public function __invoke(Request $request, Link $link): JsonResponse
public function __invoke(Request $request, ApiLink $link): JsonResponse
{
if ($request->user()->cannot('view', $link)) {
return response()->json(status: 403);
Expand Down
9 changes: 4 additions & 5 deletions app/Http/Controllers/API/ListController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
use App\Http\Requests\Models\ListStoreRequest;
use App\Http\Requests\Models\ListUpdateRequest;
use App\Models\Api\ApiLinkList;
use App\Models\LinkList;
use App\Repositories\ListRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
Expand All @@ -29,7 +28,7 @@ public function index(Request $request): JsonResponse

$this->checkOrdering();

$lists = LinkList::query()
$lists = ApiLinkList::query()
->visibleForUser()
->orderBy($this->orderBy, $this->orderDir)
->paginate(getPaginationLimit());
Expand All @@ -44,22 +43,22 @@ public function store(ListStoreRequest $request): JsonResponse
return response()->json($link);
}

public function show(LinkList $list): JsonResponse
public function show(ApiLinkList $list): JsonResponse
{
// Instead of displaying all links for that list, show the URL to directly fetch all links for that list
$list->setAttribute('links', route('api.lists.links', ['list' => $list], true));

return response()->json($list);
}

public function update(ListUpdateRequest $request, LinkList $list): JsonResponse
public function update(ListUpdateRequest $request, ApiLinkList $list): JsonResponse
{
$updatedList = ListRepository::update($list, $request->all());

return response()->json($updatedList);
}

public function destroy(LinkList $list): JsonResponse
public function destroy(ApiLinkList $list): JsonResponse
{
$deletionSuccessful = ListRepository::delete($list);

Expand Down
4 changes: 2 additions & 2 deletions app/Http/Controllers/API/ListLinksController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Models\LinkList;
use App\Models\Api\ApiLinkList;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;

class ListLinksController extends Controller
{
public function __invoke(Request $request, LinkList $list): JsonResponse
public function __invoke(Request $request, ApiLinkList $list): JsonResponse
{
if ($request->user()->cannot('view', $list)) {
return response()->json(status: 403);
Expand Down
5 changes: 2 additions & 3 deletions app/Http/Controllers/API/NoteController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
use App\Http\Requests\Models\NoteStoreRequest;
use App\Http\Requests\Models\NoteUpdateRequest;
use App\Models\Api\ApiNote;
use App\Models\Note;
use App\Repositories\NoteRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response;
Expand All @@ -25,14 +24,14 @@ public function store(NoteStoreRequest $request): JsonResponse
return response()->json($note);
}

public function update(NoteUpdateRequest $request, Note $note): JsonResponse
public function update(NoteUpdateRequest $request, ApiNote $note): JsonResponse
{
$updatedNote = NoteRepository::update($note, $request->validated());

return response()->json($updatedNote);
}

public function destroy(Note $note): JsonResponse
public function destroy(ApiNote $note): JsonResponse
{
$deletionSuccessful = NoteRepository::delete($note);

Expand Down
9 changes: 4 additions & 5 deletions app/Http/Controllers/API/TagController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
use App\Http\Requests\Models\TagStoreRequest;
use App\Http\Requests\Models\TagUpdateRequest;
use App\Models\Api\ApiTag;
use App\Models\Tag;
use App\Repositories\TagRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
Expand All @@ -29,7 +28,7 @@ public function index(Request $request): JsonResponse

$this->checkOrdering();

$tags = Tag::query()
$tags = ApiTag::query()
->visibleForUser()
->orderBy($this->orderBy, $this->orderDir)
->paginate(getPaginationLimit());
Expand All @@ -44,19 +43,19 @@ public function store(TagStoreRequest $request): JsonResponse
return response()->json($tag);
}

public function show(Tag $tag): JsonResponse
public function show(ApiTag $tag): JsonResponse
{
return response()->json($tag);
}

public function update(TagUpdateRequest $request, Tag $tag): JsonResponse
public function update(TagUpdateRequest $request, ApiTag $tag): JsonResponse
{
$updatedTag = TagRepository::update($tag, $request->all());

return response()->json($updatedTag);
}

public function destroy(Tag $tag): JsonResponse
public function destroy(ApiTag $tag): JsonResponse
{
$deletionSuccessful = TagRepository::delete($tag);

Expand Down
4 changes: 2 additions & 2 deletions app/Http/Controllers/API/TagLinksController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Models\Tag;
use App\Models\Api\ApiTag;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;

class TagLinksController extends Controller
{
public function __invoke(Request $request, Tag $tag): JsonResponse
public function __invoke(Request $request, ApiTag $tag): JsonResponse
{
if ($request->user()->cannot('view', $tag)) {
return response()->json(status: 403);
Expand Down
16 changes: 8 additions & 8 deletions app/Http/Controllers/API/TrashController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
use App\Http\Controllers\Controller;
use App\Http\Requests\TrashClearRequest;
use App\Http\Requests\TrashRestoreRequest;
use App\Models\Link;
use App\Models\LinkList;
use App\Models\Note;
use App\Models\Tag;
use App\Models\Api\ApiLink;
use App\Models\Api\ApiLinkList;
use App\Models\Api\ApiNote;
use App\Models\Api\ApiTag;
use App\Repositories\TrashRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
Expand All @@ -17,7 +17,7 @@ class TrashController extends Controller
{
public function getLinks(Request $request): JsonResponse
{
$links = Link::onlyTrashed()
$links = ApiLink::onlyTrashed()
->byUser($request->user()->id)
->get();

Expand All @@ -26,7 +26,7 @@ public function getLinks(Request $request): JsonResponse

public function getLists(Request $request): JsonResponse
{
$lists = LinkList::onlyTrashed()
$lists = ApiLinkList::onlyTrashed()
->byUser($request->user()->id)
->get();

Expand All @@ -35,7 +35,7 @@ public function getLists(Request $request): JsonResponse

public function getTags(Request $request): JsonResponse
{
$tags = Tag::onlyTrashed()
$tags = ApiTag::onlyTrashed()
->byUser($request->user()->id)
->get();

Expand All @@ -44,7 +44,7 @@ public function getTags(Request $request): JsonResponse

public function getNotes(Request $request): JsonResponse
{
$notes = Note::onlyTrashed()
$notes = ApiNote::onlyTrashed()
->byUser($request->user()->id)
->get();

Expand Down
6 changes: 3 additions & 3 deletions app/Policies/Api/ApiLinkPolicy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,16 +41,16 @@ public function update(User $user, ApiLink $link): bool

public function delete(User $user, ApiLink $link): bool
{
return $link->user->is($user);
return $this->userCanDeleteModel($user, $link);
}

public function restore(User $user, ApiLink $link): bool
{
return $link->user->is($user);
return $this->userCanUpdateModel($user, $link);
}

public function forceDelete(User $user, ApiLink $link): bool
{
return $link->user->is($user);
return $this->userCanDeleteModel($user, $link);
}
}
14 changes: 14 additions & 0 deletions app/Policies/Api/AuthorizesUserApiActions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,18 @@ protected function userCanUpdateModel(User $user, Model $model): bool
}
return $model->visibility !== ModelAttribute::VISIBILITY_PRIVATE;
}

protected function userCanDeleteModel(User $user, Model $model): bool
{
if ($model->user_id === $user->id) {
return true;
}
if ($user->isSystemUser()) {
if ($model->visibility === ModelAttribute::VISIBILITY_PRIVATE) {
return $user->tokenCan($this->deleteAbility) && $user->tokenCan(ApiToken::ABILITY_SYSTEM_ACCESS_PRIVATE);
}
return $user->tokenCan($this->deleteAbility);
}
return false;
}
}
9 changes: 6 additions & 3 deletions app/Policies/Api/LinkListApiPolicy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ class LinkListApiPolicy

public function viewAny(User $user): bool
{
if ($user->isSystemUser()) {
return $user->tokenCan(ApiToken::ABILITY_LISTS_READ);
}
return true;
}

Expand All @@ -38,16 +41,16 @@ public function update(User $user, ApiLinkList $list): bool

public function delete(User $user, ApiLinkList $list): bool
{
return $list->user->is($user);
return $this->userCanDeleteModel($user, $list);
}

public function restore(User $user, ApiLinkList $list): bool
{
return $list->user->is($user);
return $this->userCanUpdateModel($user, $list);
}

public function forceDelete(User $user, ApiLinkList $list): bool
{
return $list->user->is($user);
return $this->userCanDeleteModel($user, $list);
}
}
13 changes: 8 additions & 5 deletions app/Policies/Api/NoteApiPolicy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,15 @@ class NoteApiPolicy

public function viewAny(User $user): bool
{
if ($user->isSystemUser()) {
return $user->tokenCan(ApiToken::ABILITY_NOTES_READ);
}
return true;
}

public function view(User $user, Note $note): bool
{
return $this->userCanAccessNote($user, $note);
return $this->userCanAccessModel($user, $note);
}

public function create(User $user): bool
Expand All @@ -33,21 +36,21 @@ public function create(User $user): bool

public function update(User $user, Note $note): bool
{
return $this->userCanAccessNote($user, $note);
return $this->userCanUpdateModel($user, $note);
}

public function delete(User $user, Note $note): bool
{
return $note->user->is($user);
return $this->userCanDeleteModel($user, $note);
}

public function restore(User $user, Note $note): bool
{
return $note->user->is($user);
return $this->userCanUpdateModel($user, $note);
}

public function forceDelete(User $user, Note $note): bool
{
return $note->user->is($user);
return $this->userCanDeleteModel($user, $note);
}
}
9 changes: 6 additions & 3 deletions app/Policies/Api/TagApiPolicy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ class TagApiPolicy

public function viewAny(User $user): bool
{
if ($user->isSystemUser()) {
return $user->tokenCan(ApiToken::ABILITY_TAGS_READ);
}
return true;
}

Expand All @@ -38,16 +41,16 @@ public function update(User $user, Tag $tag): bool

public function delete(User $user, Tag $tag): bool
{
return $tag->user->is($user);
return $this->userCanDeleteModel($user, $tag);
}

public function restore(User $user, Tag $tag): bool
{
return $tag->user->is($user);
return $this->userCanUpdateModel($user, $tag);
}

public function forceDelete(User $user, Tag $tag): bool
{
return $tag->user->is($user);
return $this->userCanDeleteModel($user, $tag);
}
}
5 changes: 3 additions & 2 deletions app/Repositories/LinkRepository.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace App\Repositories;

use App\Enums\ModelAttribute;
use App\Helper\HtmlMeta;
use App\Helper\LinkIconMapper;
use App\Models\Link;
Expand Down Expand Up @@ -223,8 +224,8 @@ protected static function processTaxonomy(string $model, array $entries): Collec
$newEntries = collect();

$visibilitySetting = match ($model) {
Tag::class => usersettings('tags_default_visibility'),
LinkList::class => usersettings('lists_default_visibility'),
Tag::class => usersettings('tags_default_visibility') ?? ModelAttribute::VISIBILITY_INTERNAL,
LinkList::class => usersettings('lists_default_visibility') ?? ModelAttribute::VISIBILITY_INTERNAL,
};

foreach ($entries as $entry) {
Expand Down
2 changes: 1 addition & 1 deletion app/Repositories/NoteRepository.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ class NoteRepository
{
public static function create(array $data): Note
{
$data['user_id'] = auth()->user()->id;
$data['user_id'] = auth()->id();

return Note::create($data);
}
Expand Down
3 changes: 2 additions & 1 deletion resources/assets/js/components/TagsSelect.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ export default class TagsSelect {
},
onChange: function () {
const items = this.items.map((item) => {
const option = Object.values(this.options).find((option) => option.id === parseInt(item));
item = (typeof item === 'string' && /^\d+$/.test(item)) ? Number(item) : item;
const option = Object.values(this.options).find((option) => option.id === item);
return option !== undefined ? option.id : item;
});
selectObject.$el.value = items.length > 0 ? JSON.stringify(items) : null;
Expand Down
Loading
Loading