From 2c7d33ee2044b2cc768b5b7d23b3a8ae77b6e3c8 Mon Sep 17 00:00:00 2001 From: Angel de la Torre Date: Thu, 3 Jul 2025 09:29:56 -0700 Subject: [PATCH 1/2] feat: add auto-approve groups and events feature flags This adds two new feature flags to auto-approve groups and events. We already had an auto-approve flag for events, but it was tied to the Networks table. Instead of adding a new column to the Networks table for groups, we will extracct both as env variables. --- .env.base | 2 ++ .env.template | 2 ++ app/Http/Controllers/API/GroupController.php | 30 ++++++++++++++++---- app/Models/Group.php | 17 ++--------- charts/restarters/values.yaml | 2 ++ 5 files changed, 32 insertions(+), 21 deletions(-) diff --git a/.env.base b/.env.base index 38504067a9..483a796d63 100644 --- a/.env.base +++ b/.env.base @@ -26,6 +26,8 @@ FEATURE__MATOMO_INTEGRATION=false FEATURE__WORDPRESS_INTEGRATION=false FEATURE__WIKI_INTEGRATION=false FEATURE__DISCOURSE_INTEGRATION=false +FEATURE__AUTO_APPROVE_GROUPS=false +FEATURE__AUTO_APPROVE_EVENTS=false # ============================================================================= # LOGGING CONFIGURATION diff --git a/.env.template b/.env.template index 41f8a35131..ffe9907314 100644 --- a/.env.template +++ b/.env.template @@ -26,6 +26,8 @@ FEATURE__MATOMO_INTEGRATION="$FEATURE__MATOMO_INTEGRATION" FEATURE__WORDPRESS_INTEGRATION="$FEATURE__WORDPRESS_INTEGRATION" FEATURE__WIKI_INTEGRATION="$FEATURE__WIKI_INTEGRATION" FEATURE__DISCOURSE_INTEGRATION="$FEATURE__DISCOURSE_INTEGRATION" +FEATURE__AUTO_APPROVE_GROUPS="$FEATURE__AUTO_APPROVE_GROUPS" +FEATURE__AUTO_APPROVE_EVENTS="$FEATURE__AUTO_APPROVE_EVENTS" # ============================================================================= # LOGGING CONFIGURATION diff --git a/app/Http/Controllers/API/GroupController.php b/app/Http/Controllers/API/GroupController.php index 03a9aa44d9..224abd107e 100644 --- a/app/Http/Controllers/API/GroupController.php +++ b/app/Http/Controllers/API/GroupController.php @@ -27,6 +27,7 @@ use Illuminate\Auth\AuthenticationException; use Illuminate\Database\QueryException; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Log; use Notification; use Illuminate\Validation\ValidationException; @@ -867,12 +868,29 @@ public function createGroupv2(Request $request): JsonResponse { $file->upload('image', 'image', $idGroup, env('TBL_GROUPS'), false, true, true); } - // Notify relevant admins. - $notify_admins = Fixometer::usersWhoHavePreference('admin-moderate-group'); - Notification::send($notify_admins, new AdminModerationGroup([ - 'group_name' => $name, - 'group_url' => url('/group/edit/'.$idGroup), - ])); + // Check if groups should be auto-approved + if (env('FEATURE__AUTO_APPROVE_GROUPS', false)) { + // Auto-approve the group + $group->update(['approved' => true]); + + // Fire the approval event + event(new \App\Events\ApproveGroup($group, $data)); + + // Notify the creator that their group was approved + Notification::send($user, new \App\Notifications\GroupConfirmed([ + 'group_name' => $name, + 'group_url' => url('/group/view/'.$idGroup), + ])); + + Log::info("Auto-approved group: $idGroup"); + } else { + // Notify relevant admins for moderation. + $notify_admins = Fixometer::usersWhoHavePreference('admin-moderate-group'); + Notification::send($notify_admins, new AdminModerationGroup([ + 'group_name' => $name, + 'group_url' => url('/group/edit/'.$idGroup), + ])); + } return response()->json([ 'id' => $idGroup, diff --git a/app/Models/Group.php b/app/Models/Group.php index f98b558084..71caf81ecf 100644 --- a/app/Models/Group.php +++ b/app/Models/Group.php @@ -427,21 +427,8 @@ public function getMaxUpdatedAtDevicesUpdatedAtAttribute() public function getAutoApproveAttribute() { - // A group's events are auto-approved iff all the networks that the group belongs to are set to auto-approve - // events. - $autoapprove = false; - - $networks = $this->networks; - - if ($networks && count($networks)) { - $autoapprove = true; - - foreach ($networks as $network) { - $autoapprove &= $network->auto_approve_events; - } - } - - return $autoapprove; + // Events are auto-approved based on environment configuration + return env('FEATURE__AUTO_APPROVE_EVENTS', false); } public function getDistanceAttribute() diff --git a/charts/restarters/values.yaml b/charts/restarters/values.yaml index 0de524e348..6d573c2c8d 100644 --- a/charts/restarters/values.yaml +++ b/charts/restarters/values.yaml @@ -233,6 +233,8 @@ envGroups: FEATURE__WORDPRESS_INTEGRATION: "false" FEATURE__WIKI_INTEGRATION: "false" FEATURE__DISCOURSE_INTEGRATION: "false" + FEATURE__AUTO_APPROVE_GROUPS: "false" + FEATURE__AUTO_APPROVE_EVENTS: "false" # Logging configuration logging: From dd2aedab5f802d594444ccc8534c7be083dc2440 Mon Sep 17 00:00:00 2001 From: Angel de la Torre Date: Thu, 3 Jul 2025 09:50:20 -0700 Subject: [PATCH 2/2] feat(auto-approve): add permissions check for auto-approve groups and events This adds some security to the auto-approve feature. Only Restarter users and higher will be auto-approved for creating groups. I should note a Restarter user will automatically be elevated to a Host user once they create a group; however, their Host role is only tied to the group they created. Therefore, they will still not be able to create or auto-approve events for other groups. --- app/Http/Controllers/API/EventController.php | 5 +++-- app/Http/Controllers/API/GroupController.php | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/API/EventController.php b/app/Http/Controllers/API/EventController.php index 9acb35a75e..e3eae326b2 100644 --- a/app/Http/Controllers/API/EventController.php +++ b/app/Http/Controllers/API/EventController.php @@ -543,8 +543,9 @@ public function createEventv2(Request $request): JsonResponse } } - if ($autoapprove) { - Log::info("Auto-approve event $idParty"); + // Only auto-approve if the feature is enabled AND the user has privileged role (Root, Admin, Host) + if ($autoapprove && $user->role <= ROLE::HOST) { + Log::info("Auto-approve event $idParty for user {$user->id} (role {$user->role})"); Party::find($idParty)->approve(); } diff --git a/app/Http/Controllers/API/GroupController.php b/app/Http/Controllers/API/GroupController.php index 224abd107e..4ea66944d2 100644 --- a/app/Http/Controllers/API/GroupController.php +++ b/app/Http/Controllers/API/GroupController.php @@ -869,7 +869,7 @@ public function createGroupv2(Request $request): JsonResponse { } // Check if groups should be auto-approved - if (env('FEATURE__AUTO_APPROVE_GROUPS', false)) { + if (env('FEATURE__AUTO_APPROVE_GROUPS', false) && $user->role <= ROLE::RESTARTER) { // Auto-approve the group $group->update(['approved' => true]); @@ -882,7 +882,7 @@ public function createGroupv2(Request $request): JsonResponse { 'group_url' => url('/group/view/'.$idGroup), ])); - Log::info("Auto-approved group: $idGroup"); + Log::info("Auto-approved group: $idGroup for user {$user->id} (role {$user->role})"); } else { // Notify relevant admins for moderation. $notify_admins = Fixometer::usersWhoHavePreference('admin-moderate-group');