Use Laravel Auth facade. (#1403)

Co-authored-by: Matthias Nagel <matthias.h.nagel@posteo.de>
Co-authored-by: Kamil Iskra <kamil.01482@iskra.name>
Co-authored-by: Martin Stone <1611702+d7415@users.noreply.github.com>

app/Actions/Album/Archive.php

@@ -6,14 +6,17 @@
 use App\Exceptions\ConfigurationKeyMissingException;
 use App\Exceptions\Handler;
 use App\Exceptions\Internal\FrameworkException;
-use App\Facades\AccessControl;
 use App\Models\Album;
 use App\Models\Configs;
 use App\Models\Extensions\BaseAlbum;
 use App\Models\Photo;
 use App\Models\TagAlbum;
+use App\Policies\AlbumPolicy;
+use App\Policies\PhotoPolicy;
 use App\SmartAlbums\BaseSmartAlbum;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Safe\Exceptions\InfoException;
 use function Safe\ini_get;
 use function Safe\set_time_limit;
@@ -188,8 +191,7 @@ private function compressAlbum(AbstractAlbum $album, array &$usedDirNames, ?stri
 				// in smart albums should be owned by the current user...
 				if (
 					($album instanceof BaseSmartAlbum || $album instanceof TagAlbum) &&
-					!AccessControl::is_current_user_or_admin($photo->owner_id) &&
-					!($photo->album_id === null ? $album->is_downloadable : $photo->album->is_downloadable)
+					!Gate::check(PhotoPolicy::CAN_DOWNLOAD, $photo)
 				) {
 					continue;
 				}
@@ -246,7 +248,7 @@ private static function isArchivable(AbstractAlbum $album): bool
 	{
 		return
 			$album->is_downloadable ||
-			($album instanceof BaseSmartAlbum && AccessControl::is_logged_in()) ||
-			($album instanceof BaseAlbum && AccessControl::is_current_user_or_admin($album->owner_id));
+			($album instanceof BaseSmartAlbum && Auth::check()) ||
+			($album instanceof BaseAlbum && Gate::check(AlbumPolicy::IS_OWNER, $album));
 	}
 }

app/Actions/Album/Create.php

@@ -3,8 +3,9 @@
 namespace App\Actions\Album;
 
 use App\Exceptions\ModelDBException;
-use App\Facades\AccessControl;
+use App\Exceptions\UnauthenticatedException;
 use App\Models\Album;
+use Illuminate\Support\Facades\Auth;
 
 class Create extends Action
 {
@@ -15,6 +16,7 @@ class Create extends Action
 	 * @return Album
 	 *
 	 * @throws ModelDBException
+	 * @throws UnauthenticatedException
 	 */
 	public function create(string $title, ?Album $parentAlbum): Album
 	{
@@ -31,6 +33,8 @@ public function create(string $title, ?Album $parentAlbum): Album
 	 *
 	 * @param Album      $album
 	 * @param Album|null $parentAlbum
+	 *
+	 * @throws UnauthenticatedException
 	 */
 	private function set_parent(Album $album, ?Album $parentAlbum): void
 	{
@@ -42,7 +46,9 @@ private function set_parent(Album $album, ?Album $parentAlbum): void
 			// methods of the nested set `NodeTrait`.
 			$album->appendToNode($parentAlbum);
 		} else {
-			$album->owner_id = AccessControl::id();
+			/** @var int */
+			$userId = Auth::id() ?? throw new UnauthenticatedException();
+			$album->owner_id = $userId;
 			$album->makeRoot();
 		}
 	}

app/Actions/Album/CreateTagAlbum.php

@@ -3,8 +3,9 @@
 namespace App\Actions\Album;
 
 use App\Exceptions\ModelDBException;
-use App\Facades\AccessControl;
+use App\Exceptions\UnauthenticatedException;
 use App\Models\TagAlbum;
+use Illuminate\Support\Facades\Auth;
 
 class CreateTagAlbum extends Action
 {
@@ -17,13 +18,17 @@ class CreateTagAlbum extends Action
 	 * @return TagAlbum
 	 *
 	 * @throws ModelDBException
+	 * @throws UnauthenticatedException
 	 */
 	public function create(string $title, array $show_tags): TagAlbum
 	{
+		/** @var int */
+		$userId = Auth::id() ?? throw new UnauthenticatedException();
+
 		$album = new TagAlbum();
 		$album->title = $title;
 		$album->show_tags = $show_tags;
-		$album->owner_id = AccessControl::id();
+		$album->owner_id = $userId;
 		$album->save();
 
 		return $album;

app/Actions/Album/Delete.php

@@ -7,13 +7,17 @@
 use App\Exceptions\Internal\LycheeAssertionError;
 use App\Exceptions\Internal\QueryBuilderException;
 use App\Exceptions\ModelDBException;
-use App\Facades\AccessControl;
+use App\Exceptions\UnauthenticatedException;
 use App\Image\FileDeleter;
 use App\Models\Album;
 use App\Models\BaseAlbumImpl;
 use App\Models\TagAlbum;
+use App\Policies\UserPolicy;
 use App\SmartAlbums\UnsortedAlbum;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Database\Query\Builder as BaseBuilder;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Safe\Exceptions\ArrayException;
 use function Safe\usort;
 
@@ -58,6 +62,8 @@ class Delete extends Action
 	 * @return FileDeleter contains the collected files which became obsolete
 	 *
 	 * @throws ModelDBException
+	 * @throws ModelNotFoundException
+	 * @throws UnauthenticatedException
 	 */
 	public function do(array $albumIDs): FileDeleter
 	{
@@ -69,8 +75,8 @@ public function do(array $albumIDs): FileDeleter
 			// because it provides deletion of photos
 			if (in_array(UnsortedAlbum::ID, $albumIDs, true)) {
 				$query = UnsortedAlbum::getInstance()->photos();
-				if (!AccessControl::is_admin()) {
-					$query->where('owner_id', '=', AccessControl::id());
+				if (!Gate::check(UserPolicy::IS_ADMIN)) {
+					$query->where('owner_id', '=', Auth::id() ?? throw new UnauthenticatedException());
 				}
 				$unsortedPhotoIDs = $query->pluck('id')->all();
 			}

app/Actions/Album/SetProtectionPolicy.php

@@ -8,6 +8,7 @@
 use App\Exceptions\ModelDBException;
 use App\Models\Extensions\BaseAlbum;
 use Illuminate\Contracts\Container\BindingResolutionException;
+use Illuminate\Support\Facades\Hash;
 
 /**
  * Class SetProtectionPolicy.
@@ -41,9 +42,7 @@ public function do(BaseAlbum $album, AlbumProtectionPolicy $protectionPolicy, bo
 			if ($password !== null) {
 				// password is not null => we update the value with the hash
 				try {
-					$album->password = bcrypt($password);
-				} catch (\InvalidArgumentException $e) {
-					throw new InvalidPropertyException('Could not hash password', $e);
+					$album->password = Hash::make($password);
 				} catch (BindingResolutionException $e) {
 					throw new FrameworkException('Laravel\'s hashing component', $e);
 				}

app/Actions/Album/Unlock.php

@@ -2,20 +2,20 @@
 
 namespace App\Actions\Album;
 
-use App\Actions\AlbumAuthorisationProvider;
 use App\Exceptions\UnauthorizedException;
 use App\Models\BaseAlbumImpl;
 use App\Models\Extensions\BaseAlbum;
+use App\Policies\AlbumPolicy;
 use Illuminate\Support\Facades\Hash;
 
 class Unlock extends Action
 {
-	private AlbumAuthorisationProvider $albumAuthorisationProvider;
+	private AlbumPolicy $albumPolicy;
 
 	public function __construct()
 	{
 		parent::__construct();
-		$this->albumAuthorisationProvider = resolve(AlbumAuthorisationProvider::class);
+		$this->albumPolicy = resolve(AlbumPolicy::class);
 	}
 
 	/**
@@ -35,7 +35,7 @@ public function do(BaseAlbum $album, string $password): void
 			if (
 				$album->password === null ||
 				$album->password === '' ||
-				$this->albumAuthorisationProvider->isUnlocked($album)
+				$this->albumPolicy->isUnlocked($album)
 			) {
 				return;
 			}
@@ -67,7 +67,7 @@ private function propagate(string $password): void
 		/** @var BaseAlbumImpl $album */
 		foreach ($albums as $album) {
 			if (Hash::check($password, $album->password)) {
-				$this->albumAuthorisationProvider->unlock($album);
+				$this->albumPolicy->unlock($album);
 			}
 		}
 	}

app/Actions/Albums/PositionData.php

@@ -2,22 +2,22 @@
 
 namespace App\Actions\Albums;
 
-use App\Actions\PhotoAuthorisationProvider;
 use App\Contracts\InternalLycheeException;
 use App\DTO\PositionData as PositionDataDTO;
 use App\Models\Configs;
 use App\Models\Photo;
 use App\Models\SizeVariant;
+use App\Policies\PhotoQueryPolicy;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
 class PositionData
 {
-	protected PhotoAuthorisationProvider $photoAuthorisationProvider;
+	protected PhotoQueryPolicy $photoQueryPolicy;
 
-	public function __construct(PhotoAuthorisationProvider $photoAuthorisationProvider)
+	public function __construct(PhotoQueryPolicy $photoQueryPolicy)
 	{
-		$this->photoAuthorisationProvider = $photoAuthorisationProvider;
+		$this->photoQueryPolicy = $photoQueryPolicy;
 		// caching to avoid further request
 		Configs::get();
 	}
@@ -31,7 +31,7 @@ public function __construct(PhotoAuthorisationProvider $photoAuthorisationProvid
 	 */
 	public function do(): PositionDataDTO
 	{
-		$photoQuery = $this->photoAuthorisationProvider->applySearchabilityFilter(
+		$photoQuery = $this->photoQueryPolicy->applySearchabilityFilter(
 			Photo::query()
 				->with([
 					'album' => function (BelongsTo $b) {

app/Actions/Albums/Top.php

@@ -2,33 +2,37 @@
 
 namespace App\Actions\Albums;
 
-use App\Actions\AlbumAuthorisationProvider;
 use App\Contracts\InternalLycheeException;
 use App\DTO\AlbumSortingCriterion;
 use App\DTO\TopAlbums;
+use App\Exceptions\ConfigurationKeyMissingException;
 use App\Exceptions\Internal\InvalidOrderDirectionException;
-use App\Facades\AccessControl;
 use App\Factories\AlbumFactory;
 use App\Models\Album;
 use App\Models\Extensions\SortingDecorator;
 use App\Models\TagAlbum;
+use App\Policies\AlbumPolicy;
+use App\Policies\AlbumQueryPolicy;
 use App\SmartAlbums\BaseSmartAlbum;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Collection as BaseCollection;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Kalnoy\Nestedset\QueryBuilder as NsQueryBuilder;
 
 class Top
 {
-	private AlbumAuthorisationProvider $albumAuthorisationProvider;
+	private AlbumQueryPolicy $albumQueryPolicy;
 	private AlbumFactory $albumFactory;
 	private AlbumSortingCriterion $sorting;
 
 	/**
 	 * @throws InvalidOrderDirectionException
+	 * @throws ConfigurationKeyMissingException
 	 */
-	public function __construct(AlbumFactory $albumFactory, AlbumAuthorisationProvider $albumAuthorisationProvider)
+	public function __construct(AlbumFactory $albumFactory, AlbumQueryPolicy $albumQueryPolicy)
 	{
-		$this->albumAuthorisationProvider = $albumAuthorisationProvider;
+		$this->albumQueryPolicy = $albumQueryPolicy;
 		$this->albumFactory = $albumFactory;
 		$this->sorting = AlbumSortingCriterion::createDefault();
 	}
@@ -60,33 +64,33 @@ public function get(): TopAlbums
 		$smartAlbums = $this->albumFactory
 			->getAllBuiltInSmartAlbums(false)
 			->map(
-				fn ($smartAlbum) => $this->albumAuthorisationProvider->isVisible($smartAlbum) ? $smartAlbum : null
+				fn ($smartAlbum) => Gate::check(AlbumPolicy::IS_VISIBLE, $smartAlbum) ? $smartAlbum : null
 			);
 
-		$tagAlbumQuery = $this->albumAuthorisationProvider
+		$tagAlbumQuery = $this->albumQueryPolicy
 			->applyVisibilityFilter(TagAlbum::query());
 		/** @var Collection<TagAlbum> $tagAlbums */
 		$tagAlbums = (new SortingDecorator($tagAlbumQuery))
 			->orderBy($this->sorting->column, $this->sorting->order)
 			->get();
 
 		/** @var NsQueryBuilder $query */
-		$query = $this->albumAuthorisationProvider
+		$query = $this->albumQueryPolicy
 			->applyVisibilityFilter(Album::query()->whereIsRoot());
 
-		if (AccessControl::is_logged_in()) {
+		$userID = Auth::id();
+		if ($userID !== null) {
 			// For authenticated users we group albums by ownership.
 			$albums = (new SortingDecorator($query))
 				->orderBy('owner_id')
 				->orderBy($this->sorting->column, $this->sorting->order)
 				->get();
 
-			$id = AccessControl::id();
 			/**
 			 * @var BaseCollection<Album> $a
 			 * @var BaseCollection<Album> $b
 			 */
-			list($a, $b) = $albums->partition(fn ($album) => $album->owner_id === $id);
+			list($a, $b) = $albums->partition(fn ($album) => $album->owner_id === $userID);
 
 			return new TopAlbums($smartAlbums, $tagAlbums, $a->values(), $b->values());
 		} else {