Fix list of shares (#1590)

app/Actions/Sharing/ListShare.php

@@ -12,17 +12,24 @@
 class ListShare
 {
 	/**
-	 * @param User|null      $user
-	 * @param BaseAlbum|null $baseAlbum
+	 * Returns a list of shares optionally filtered by the passed attributes.
+	 *
+	 * @param User|null      $participant the optional user who participates
+	 *                                    in a sharing, i.e. the user with
+	 *                                    whom albums are shared
+	 * @param User|null      $owner       the optional owner of the albums
+	 *                                    which are shared
+	 * @param BaseAlbum|null $baseAlbum   the optional album which is shared
 	 *
 	 * @return Shares
 	 *
 	 * @throws QueryBuilderException
 	 */
-	public function do(?User $user, ?BaseAlbum $baseAlbum): Shares
+	public function do(?User $participant, ?User $owner, ?BaseAlbum $baseAlbum): Shares
 	{
 		try {
-			// prepare query
+			// Active shares, optionally filtered by album ID, participant ID
+			// and or owner ID
 			$shared_query = DB::table('user_base_album')
 				->select([
 					'user_base_album.id',
@@ -33,27 +40,32 @@ public function do(?User $user, ?BaseAlbum $baseAlbum): Shares
 				])
 				->join('users', 'user_id', '=', 'users.id')
 				->join('base_albums', 'base_album_id', '=', 'base_albums.id');
+			if ($participant !== null) {
+				$shared_query->where('user_base_album.user_id', '=', $participant->id);
+			}
+			if ($owner !== null) {
+				$shared_query->where('base_albums.owner_id', '=', $owner->id);
+			}
+			if ($baseAlbum !== null) {
+				$shared_query->where('base_albums.id', '=', $baseAlbum->id);
+			}
+			$shared = $shared_query
+				->orderBy('title', 'ASC')
+				->orderBy('username', 'ASC')
+				->get();
 
+			// Existing albums which can be shared optionally filtered by
+			// album ID and/or owner ID
 			$albums_query = DB::table('base_albums')
 				->leftJoin('albums', 'albums.id', '=', 'base_albums.id')
 				->select(['base_albums.id', 'title', 'parent_id'])
 				->orderBy('title', 'ASC');
-
-			// apply filter
-			if ($user !== null) {
-				$shared_query->where('base_albums.owner_id', '=', $user->id);
-				$albums_query->where('owner_id', '=', $user->id);
+			if ($owner !== null) {
+				$albums_query->where('owner_id', '=', $owner->id);
 			}
 			if ($baseAlbum !== null) {
-				$shared_query->where('base_albums.id', '=', $baseAlbum->id);
 				$albums_query->where('base_albums.id', '=', $baseAlbum->id);
 			}
-
-			// get arrays
-			$shared = $shared_query
-				->orderBy('title', 'ASC')
-				->orderBy('username', 'ASC')
-				->get();
 			$albums = $albums_query->get();
 			$this->linkAlbums($albums);
 			$albums->each(function ($album) {
@@ -64,10 +76,15 @@ public function do(?User $user, ?BaseAlbum $baseAlbum): Shares
 				unset($album->parent);
 			});
 
-			$users = DB::table('users')
-				->select(['id', 'username'])
-				->where('id', '>', 0)
-				->orderBy('username', 'ASC')
+			// Existing users with whom an album can be shared optionally
+			// filtered by participant ID
+			$users_query = DB::table('users')->select(['id', 'username']);
+			if ($participant !== null) {
+				$users_query->where('id', '=', $participant->id);
+			} else {
+				$users_query->where('id', '>', 0);
+			}
+			$users = $users_query->orderBy('username', 'ASC')
 				->get()
 				->each(function ($user) {
 					$user->id = intval($user->id);

app/Http/Controllers/Administration/SharingController.php

@@ -28,7 +28,7 @@ class SharingController extends Controller
 	 */
 	public function list(ListSharingRequest $request, ListShare $listShare): Shares
 	{
-		return $listShare->do($request->user2(), $request->album());
+		return $listShare->do($request->participant(), $request->owner(), $request->album());
 	}
 
 	/**

app/Http/Requests/Sharing/ListSharingRequest.php

@@ -5,9 +5,7 @@
 use App\Http\Requests\BaseApiRequest;
 use App\Http\Requests\Contracts\HasAbstractAlbum;
 use App\Http\Requests\Contracts\HasBaseAlbum;
-use App\Http\Requests\Contracts\HasOptionalUser;
 use App\Http\Requests\Traits\HasBaseAlbumTrait;
-use App\Http\Requests\Traits\HasOptionalUserTrait;
 use App\Models\User;
 use App\Policies\AlbumPolicy;
 use App\Policies\UserPolicy;
@@ -19,19 +17,33 @@
 /**
  * Represents a request for listing shares.
  *
- * The result can be filtered by a specific album or user if the respective
- * ID is included in the request.
+ * The result can be filtered by
+ *  - a specific album via `albumID`
+ *  - a specific user with whom the something is shared via `participantID`, or
+ *  - a specific user who owns the albums which are shared via `ownerID`
+ * if the respective ID is included in the request.
  *
  * Non-admin user must only query for shares of albums they own or for
  * all shares they participate in.
- * In other words, non-admin user must include at least their own user ID or
- * an album ID they own in the request.
+ * In other words, non-admin user must include at least their own user ID as
+ * user ID or owner ID or an album ID they own in the request.
  * Only the admin is allowed to make an unrestricted query.
  */
-class ListSharingRequest extends BaseApiRequest implements HasBaseAlbum, HasOptionalUser
+class ListSharingRequest extends BaseApiRequest implements HasBaseAlbum
 {
 	use HasBaseAlbumTrait;
-	use HasOptionalUserTrait;
+	public const OWNER_ID_ATTRIBUTE = 'ownerID';
+	public const PARTICIPANT_ID_ATTRIBUTE = 'participantID';
+
+	/**
+	 * @var User|null
+	 */
+	protected ?User $owner;
+
+	/**
+	 * @var User|null
+	 */
+	protected ?User $participant;
 
 	/**
 	 * {@inheritDoc}
@@ -50,7 +62,10 @@ public function authorize(): bool
 			return true;
 		}
 
-		if ($this->user2 !== null && $this->user2->id === Auth::id()) {
+		if (
+			($this->owner !== null && $this->owner->id === Auth::id()) ||
+			($this->participant !== null && $this->participant->id === Auth::id())
+		) {
 			return true;
 		}
 
@@ -64,7 +79,8 @@ public function rules(): array
 	{
 		return [
 			HasAbstractAlbum::ALBUM_ID_ATTRIBUTE => ['sometimes', new RandomIDRule(false)],
-			HasOptionalUser::USER_ID_ATTRIBUTE => ['sometimes', new IntegerIDRule(false)],
+			self::OWNER_ID_ATTRIBUTE => ['sometimes', new IntegerIDRule(false)],
+			self::PARTICIPANT_ID_ATTRIBUTE => ['sometimes', new IntegerIDRule(false)],
 		];
 	}
 
@@ -76,8 +92,33 @@ protected function processValidatedValues(array $values, array $files): void
 		$this->album = key_exists(HasAbstractAlbum::ALBUM_ID_ATTRIBUTE, $values) ?
 			$this->albumFactory->findBaseAlbumOrFail($values[HasAbstractAlbum::ALBUM_ID_ATTRIBUTE]) :
 			null;
-		$this->user2 = key_exists(HasOptionalUser::USER_ID_ATTRIBUTE, $values) ?
-			User::query()->find($values[HasOptionalUser::USER_ID_ATTRIBUTE]) :
+		$this->owner = key_exists(self::OWNER_ID_ATTRIBUTE, $values) ?
+			User::query()->findOrFail($values[self::OWNER_ID_ATTRIBUTE]) :
+			null;
+		$this->participant = key_exists(self::PARTICIPANT_ID_ATTRIBUTE, $values) ?
+			User::query()->findOrFail($values[self::PARTICIPANT_ID_ATTRIBUTE]) :
 			null;
 	}
+
+	/**
+	 * Returns the optional album owner to which the list of shares shall be
+	 * restricted.
+	 *
+	 * @return User|null
+	 */
+	public function owner(): ?User
+	{
+		return $this->owner;
+	}
+
+	/**
+	 * Returns the optional share participant to which the list of shares
+	 * shall be restricted.
+	 *
+	 * @return User|null
+	 */
+	public function participant(): ?User
+	{
+		return $this->participant;
+	}
 }