UTRS 3

.env.example

@@ -63,3 +63,6 @@ DEVELOPER_USER_GRANT_ADMIN=""
 DEVELOPER_USER_GRANT_TOOLADMIN=""
 DEVELOPER_USER_GRANT_DEVELOPER=""
 
+DEEPL_AUTH_KEY=""
+
+PROHIBITED_EMAIL_DOMAINS=""

.github/workflows/laravel-tests.yml

@@ -10,8 +10,7 @@ jobs:
     strategy:
       matrix:
         php-versions:
-          - 7.3 # current production
-          - 8.3 # target, https://github.com/UTRS2/utrs/issues/375
+          - 8.3
     services:
       mysql:
         image: mariadb:10.5
@@ -28,7 +27,7 @@ jobs:
         with:
           extensions: zip, mbstring, dom, fileinfo, mysql
           php-version: ${{ matrix.php-versions }}
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
       - name: Copy env file
         run: cp .env.ci .env
       - name: Cache Composer dependencies
@@ -66,23 +65,6 @@ jobs:
       - name: Build assets
         run: npm run production
       - name: Run tests
-        run: composer test
+        run: composer test --verbose
         env:
-          DB_PORT: ${{ job.services.mysql.ports['3306'] }}
-      - name: Start chromedriver
-        run: chromedriver &
-      - name: Start Laravel Server
-        run: php artisan serve &
-        env:
-          DB_PORT: ${{ job.services.mysql.ports['3306'] }}
-      - name: Run Browser Tests
-        run: php artisan dusk
-        continue-on-error: true  # Tests need to be fixed
-        env:
-          DB_PORT: ${{ job.services.mysql.ports['3306'] }}
-      - uses: actions/upload-artifact@v4
-        name: Save Dusk screenshots
-        if: failure()
-        with:
-          name: dusk-screenshots
-          path: tests/Browser/screenshots/*.png
+          DB_PORT: ${{ job.services.mysql.ports['3306'] }}

.gitignore

@@ -26,3 +26,6 @@ _ide_helper_models.php
 
 resources/lang/vendor/*
 !resources/lang/vendor/torblock
+python/config.py
+resources/lang/en/utrs.code-workspace
+.phpunit.cache/test-results

app/Console/Commands/Jobs/UpdateAppealTableOnWikiCommand.php

@@ -22,5 +22,6 @@ public function handle()
             $this->line("Scheduling for $wiki");
             UpdateWikiAppealListJob::dispatchNow($wiki);
         }
+        return 0;
     }
 }

app/Http/Controllers/Admin/BanController.php

@@ -5,6 +5,7 @@
 use App\Models\Ban;
 use App\Models\LogEntry;
 use App\Models\User;
+use App\Models\EmailBan;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Admin\Bans\CreateBanRequest;
 use App\Http\Requests\Admin\Bans\UpdateBanRequest;
@@ -16,6 +17,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Validation\ValidationException;
+use Illuminate\Support\Facades\Auth;
 
 class BanController extends Controller
 {
@@ -41,75 +43,50 @@ public function index(Request $request)
             return '';
         }
 
-        $allbans = Ban::where(function (Builder $query) use ($wikis, $canSeeGlobal) {
-            return $query
-                ->whereIn('wiki_id', $wikis)
-                ->when($canSeeGlobal, function (Builder $query) {
-                    return $query->orWhereNull('wiki_id');
-                });
-        })
-            ->with('wiki')
-            ->get();
+        $allbans = Ban::paginate(50);
 
         /** @var User $user */
         $user = $request->user();
 
         $protectedBansVisible = false;
 
-        $tableheaders = [ 'ID', 'Target', 'Expires', 'Reason' ];
-        if ($wikis->count() > ($canSeeGlobal ? 0 : 1)) {
-            $tableheaders[] = 'Wiki';
+        $tableheaders = [ 
+            __('admin.bans.id'), 
+            __('admin.bans.target'), 
+            __('admin.bans.expires'), 
+            __('admin.bans.reason'),
+            "Wiki"
+        ];
+
+        $admin = $user->hasAnySpecifiedPermsOnAnyWiki(['steward', 'staff', 'developer']);
+
+        //dependent on if the user is a checkuser on any wiki, mark the $checkuser variable
+        $checkuser = false;
+        //for each wiki the user has permissions on, check if they have checkuser
+        foreach ($user->permissions as $permission) {
+            if ($permission->hasAnySpecifiedPerms(['checkuser']) || $user->hasAnySpecifiedPermsOnAnyWiki(['steward', 'staff', 'developer'])) {
+                $checkuser = true;
+            }
         }
 
-        $rowcontents = [];
-
-        foreach ($allbans as $ban) {
-            $idbutton = '<a href="' . route('admin.bans.view', $ban) . '" class="btn ' . ($ban->is_protected ? 'btn-danger' : 'btn-primary') . '">' . $ban->id . '</a>';
-            $targetName = htmlspecialchars($ban->target);
-
-            if ($ban->is_protected) {
-                $canSee = $user->can('viewName', $ban);
-
-                if (!$protectedBansVisible && $canSee) {
-                    $protectedBansVisible = true;
+        //if the user has tooladmin, steward, staff, or developer globally, then add all wikis to the allowed wikis array
+        $allowedwikis = [];
+        if ($admin) {
+            $allowedwikis = Wiki::get()->pluck('id')->toArray();
+        } else {
+            //otherwise, add the wikis that the user has permissions on to the allowed wikis array
+            foreach ($user->permissions as $permission) {
+                if ($permission->hasAnySpecifiedPerms(['tooladmin'])) {
+                    $allowedwikis[] = Wiki::where('database_name',$permission->wiki)->first()->id;
+                    $admin = true;
                 }
-
-                $targetName = $canSee ? '<i class="text-danger">' . $targetName . '</i>'
-                    : '<i class="text-muted">(ban target removed)</i>';
-            }
-
-            $expiry = Carbon::createFromFormat('Y-m-d H:i:s', $ban->expiry);
-            $formattedExpiry = $expiry->year >= 2000 ? $ban->expiry : 'indefinite';
-
-            if (!$ban->is_active) {
-                $formattedExpiry .= ' <i class="text-muted">(unbanned)</i>';
-            }
-
-            if ($expiry->isPast() && $expiry->year >= 2000) {
-                $formattedExpiry .= ' <i class="text-danger">(expired)</i>';
-            }
-
-            $rowcontents[$ban->id] = [ $idbutton, $targetName, $formattedExpiry, htmlspecialchars($ban->reason) ];
-
-            if ($wikis->count() > 1) {
-                $wikiName = $ban->wiki ? $ban->wiki->display_name . ' (' . $ban->wiki->database_name . ')' : 'All UTRS wikis';
-                $rowcontents[$ban->id][] = $wikiName;
             }
         }
 
-        $caption = null;
-        if ($protectedBansVisible) {
-            $caption = "Any ban showing in red has been oversighted and should not be shared to others who do not have access to it.";
-        }
+        // define createlink as the route to create a new ban
+        $createlink = route('admin.bans.new');
 
-        return view('admin.tables', [
-            'title'        => 'All Bans',
-            'tableheaders' => $tableheaders,
-            'rowcontents'  => $rowcontents,
-            'caption'      => $caption,
-            'createlink'   => $user->can('create', Ban::class) ? route('admin.bans.new') : null,
-            'createtext'   => 'Add ban',
-        ]);
+        return view('admin.bans', ['title' => __('admin.bans.all'), 'tableheaders' => $tableheaders, 'bans' => $allbans, 'allowed' => $allowedwikis, 'admin' => $admin, 'checkuser' => $checkuser, 'createlink' => $createlink]);
     }
 
     public function new(Request $request)
@@ -162,23 +139,23 @@ public function create(CreateBanRequest $request)
 
     public function show(Request $request, Ban $ban)
     {
-        $this->authorize('view', $ban);
+        $this->authorize('view', [Auth::user(),$ban]);
 
-        $target = $request->user()->can('viewName', $ban) ? $ban->target : '(ban target removed)';
+        $target = $request->user()->can('viewName', $ban) ? $ban->target : __('admin.bans.ban-target-removed');
         $targetHtml = $request->user()->can('viewName', $ban)
             ? ($ban->is_protected ? '<span class="text-danger">' : '') . htmlspecialchars($ban->target) . ($ban->is_protected ? '</span>' : '')
-            : '<i class="text-muted">(ban target removed)</i>';
+            : '<i class="text-muted">'.__('admin.bans.ban-target-removed').'</i>';
 
         $expiry = Carbon::createFromFormat('Y-m-d H:i:s', $ban->expiry);
-        $formattedExpiry = $expiry->year >= 2000 ? $ban->expiry : 'indefinite';
-        $formOldExpiry = $expiry->year >= 2000 ? $ban->expiry : 'indefinite';
+        $formattedExpiry = $expiry->year >= 2000 ? $ban->expiry : __('admin.bans.indefinite');
+        $formOldExpiry = $expiry->year >= 2000 ? $ban->expiry : __('admin.bans.indefinite');
 
         if (!$ban->is_active) {
-            $formattedExpiry .= ' <i class="text-muted">(unbanned)</i>';
+            $formattedExpiry .= ' <i class="text-muted">'.__('admin.bans.unbanned').'</i>';
         }
 
         if ($expiry->isPast() && $expiry->year >= 2000) {
-            $formattedExpiry .= ' <i class="text-muted">(expired)</i>';
+            $formattedExpiry .= ' <i class="text-muted">'.__('admin.bans.expired').'</i>';
         }
 
         $wikis = $this->constructWikiDropdown($request->user());
@@ -264,4 +241,35 @@ private function constructWikiDropdown(User $user): array
 
         return $wikis;
     }
+
+    public function banEmail(string $code)
+    {
+        return view('admin.bans.emailban', [
+            'code' => $code,
+        ]);
+    }
+
+    public function banEmailSubmit(Request $request)
+    {
+        //validate that 
+        $this->validate($request, [
+            'uid' => 'required|string',
+        ]);
+
+        //find the email and set the ban
+        $email = EmailBan::where('email', $address)->firstOrFail();
+        //set the appealban to match the value from the request
+        $email->appealbanned = $request->input('appealbanned', false);
+        //set the accountban to match the value from the request
+        $email->accountbanned = $request->input('accountbanned', false);
+
+
+        $ban->addLog(
+            new RequestLogContext($request),
+            'email ban modified',
+            'Appeal: '.$request->input('appealbanned', false) . ' Account: ' . $request->input('accountbanned', false)
+        );
+
+        return redirect()->route('admin.bans.view', [ 'ban' => $ban ]);
+    }
 }

app/Http/Controllers/Admin/EmailBanController.php

@@ -0,0 +1,100 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Models\LogEntry;
+use App\Models\User;
+use App\Models\EmailBan;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Admin\Bans\CreateBanRequest;
+use App\Http\Requests\Admin\Bans\UpdateBanRequest;
+use App\Policies\Admin\BanPolicy;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
+
+class EmailBanController extends Controller
+{
+    public function __construct()
+    {
+        $this->middleware('auth');
+    }
+
+    public function index()
+    {
+        $banlist = EmailBan::paginate(50);
+
+        return view('admin.emailbans', [
+            'emailBans' => $banlist,
+        ]);
+
+    }
+
+    public function appeal(Request $request, $id) {
+        $reason = $request->input('reason');
+        // if reason is blank or less than 5 characters, return to the form with an error
+        if (strlen($reason) < 5) {
+            return redirect()->back()->with('error', 'Reason must be at least 5 characters');
+        }
+        $user = Auth::user();
+        $ban = EmailBan::findOrFail($id);
+        //check the status of appeal ban, and then reverse it and log it
+        if ($ban->appealbanned == 0) {
+            $ban->appealbanned = 1;
+            $ban->save();
+            $ban->logEmailBan($user, $ban, ' has been prohibited from appealing', $reason);
+            // return to the email ban list with a success message
+            return redirect()->route('admin.emailban.list')->with('success', 'Email Ban Appeal Status Updated');
+        } else {
+            $ban->appealbanned = 0;
+            $ban->save();
+            $ban->logEmailBan($user, $ban, ' has been allowed to appeal again', $reason);
+            // return to the email ban list with a success message
+            return redirect()->route('admin.emailban.list')->with('success', 'Email Ban Appeal Status Updated');
+        }
+    }
+
+    public function account(Request $request, $id) {
+        $reason = $request->input('reason');
+        // if reason is blank or less than 5 characters, return to the form with an error
+        if (strlen($reason) < 5) {
+            return redirect()->back()->with('error', 'Reason must be at least 5 characters');
+        }
+        $ban = EmailBan::findOrFail($id);
+        $user = Auth::user();
+        //check the status of emailban account field, and then reverse it and log it
+        if ($ban->accountbanned == 0) {
+            $ban->accountbanned = 1;
+            $ban->save();
+            $ban->logEmailBan($user, $ban, ' has been prohibited from adding this email to an account', $reason);
+            // return to the email ban list with a success message
+            return redirect()->route('admin.emailban.list')->with('success', 'Email Ban Account Status Updated');
+        } else {
+            $ban->accountbanned = 0;
+            $ban->save();
+            $ban->logEmailBan($user, $ban, ' has been allowed to add this email to an account again', $reason);
+            // return to the email ban list with a success message
+            return redirect()->route('admin.emailban.list')->with('success', 'Email Ban Account Status Updated');
+        }
+    }
+
+    public function appealreason($ban) {
+        $type = 'appeal';
+        $ban = EmailBan::findOrFail($ban);
+
+        return view('admin.emailbanreason', [
+            'emailBan' => $ban,
+            'type' => $type,
+
+        ]);
+    }
+
+    public function accountreason($ban) {
+        $type = 'account';
+        $ban = EmailBan::findOrFail($ban);
+
+        return view('admin.emailbanreason', [
+            'emailBan' => $ban,
+            'type' => $type,
+        ]);
+    }
+}

app/Http/Controllers/Admin/LogListController.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+use App\Models\LogEntry;
+use App\Models\User;
+use Illuminate\Support\Facades\Auth;
+
+class LogListController extends Controller
+{
+    public function index() {
+        // check if the user is a developer, if not, throw a 403
+        $user = Auth::user();
+        $isDeveloper = $user->hasAnySpecifiedLocalOrGlobalPerms([], 'developer');
+        if (!$isDeveloper) {
+            return abort(403);
+        }
+        $logs = LogEntry::orderBy('id','desc')->paginate(100);
+
+        return view('admin.logs', [
+            'logs' => $logs,
+            'users' => \App\Models\User::all(),
+        ]);
+    }
+}