RetroAchievements · wescopeland · Nov 23, 2024 · Nov 24, 2024 · Nov 24, 2024 · Nov 29, 2024
diff --git a/app/Filament/Resources/UserResource/Pages/Roles.php b/app/Filament/Resources/UserResource/Pages/Roles.php
@@ -53,6 +53,15 @@ public function table(Table $table): Table
 
                         $attachedRole = Role::findById((int) $data['recordId']);
 
+                        if (!in_array($attachedRole->name, [
+                            Role::DEVELOPER_JUNIOR,
+                            Role::DEVELOPER,
+                            Role::DEVELOPER_STAFF,
+                            Role::DEVELOPER_RETIRED,
+                        ])) {
+                            return;
+                        }
+
                         $newPermissions = Permissions::Registered;
                         if ($attachedRole->name === Role::DEVELOPER_JUNIOR) {
                             $targetUser->removeRole(Role::DEVELOPER);
@@ -91,13 +100,28 @@ public function table(Table $table): Table
                 Tables\Actions\DetachAction::make()
                     ->label(__('Remove'))
                     ->authorize(fn (SpatieRole $record) => $user->can('detachRole', [$this->getRecord(), $record]))
-                    ->after(function () {
+                    ->after(function (SpatieRole $record) {
                         /** @var User $targetUser */
                         $targetUser = $this->getRecord();
 
+                        // Only reset permissions if it's a developer role being removed.
+                        // Users can only have a single kind of developer role attached.
+                        if (!in_array($record->name, [
+                            Role::DEVELOPER_JUNIOR,
+                            Role::DEVELOPER,
+                            Role::DEVELOPER_STAFF,
+                            Role::DEVELOPER_RETIRED,
+                        ])) {
+                            return;
+                        }
+
                         // Keep legacy permissions in sync.
-                        $targetUser->setAttribute('Permissions', Permissions::Registered);
-                        $targetUser->save();
+                        $currentPermissions = (int) $targetUser->getAttribute('Permissions');
+                        // Don't strip moderation power away if the user already has it.
+                        if ($currentPermissions < Permissions::Moderator) {
+                            $targetUser->setAttribute('Permissions', Permissions::Registered);
+                            $targetUser->save();
+                        }
                     }),
             ])
             ->bulkActions([