Traewelling · HerrLevin · Aug 2, 2024 · Jun 28, 2024 · Jul 1, 2024 · Jul 1, 2024
diff --git a/app/Console/Commands/DatabaseCleaner/DatabaseCleaner.php b/app/Console/Commands/DatabaseCleaner/DatabaseCleaner.php
@@ -15,6 +15,7 @@ public function handle(): int {
         $this->call(Polylines::class);
         $this->call(PolylinesBrouter::class);
         $this->call(User::class);
+        $this->call(TrustedUser::class);
         $this->call(Trips::class);
 
         $this->call('queue-monitor:purge', ['--beforeDays' => 7]);

diff --git a/app/Console/Commands/DatabaseCleaner/TrustedUser.php b/app/Console/Commands/DatabaseCleaner/TrustedUser.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Console\Commands\DatabaseCleaner;
+
+use App\Models\TrustedUser as TrustedUserModel;
+use Illuminate\Console\Command;
+
+class TrustedUser extends Command
+{
+    protected $signature   = 'app:clean-db:trusted-user';
+    protected $description = 'Find and delete expired trusted users from database';
+
+    public function handle(): int {
+        $affectedRows = TrustedUserModel::where('expires_at', '<', now())->delete();
+        $this->info($affectedRows . ' expired trusted users deleted.');
+        return 0;
+    }
+}
diff --git a/app/Enum/User/FriendCheckinSetting.php b/app/Enum/User/FriendCheckinSetting.php
@@ -0,0 +1,20 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Enum\User;
+
+/**
+ * @OA\Schema(
+ *     title="FriendCheckinSetting",
+ *     type="string",
+ *     enum={"forbidden", "friends", "list"},
+ *     example="forbidden",
+ * )
+ */
+enum FriendCheckinSetting: string
+{
+    case FORBIDDEN = 'forbidden'; // default
+    case FRIENDS   = 'friends';   // user who are following each other
+    case LIST      = 'list';      // specific list of users
+}
+
diff --git a/app/Http/Controllers/API/v1/Controller.php b/app/Http/Controllers/API/v1/Controller.php
@@ -3,6 +3,8 @@
 namespace App\Http\Controllers\API\v1;
 
 use App\Models\OAuthClient;
+use App\Models\User;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Log;
 use Throwable;
@@ -133,4 +135,11 @@ public static function getCurrentOAuthClient(): OAuthClient|null {
             return null;
         }
     }
+
+    protected function getUserOrSelf(string|int $userIdOrSelf): Authenticatable {
+        if ($userIdOrSelf === 'self') {
+            return auth()->user();
+        }
+        return User::findOrFail($userIdOrSelf);
+    }
 }
diff --git a/app/Http/Controllers/API/v1/SettingsController.php b/app/Http/Controllers/API/v1/SettingsController.php
@@ -5,6 +5,7 @@
 use App\Enum\MapProvider;
 use App\Enum\MastodonVisibility;
 use App\Enum\StatusVisibility;
+use App\Enum\User\FriendCheckinSetting;
 use App\Exceptions\RateLimitExceededException;
 use App\Http\Controllers\Backend\SettingsController as BackendSettingsController;
 use App\Http\Resources\UserProfileSettingsResource;
@@ -62,6 +63,67 @@ public function updateMail(Request $request): UserProfileSettingsResource|JsonRe
         }
     }
 
+    /**
+     * @OA\Put(
+     *      path="/settings/profile",
+     *      operationId="putProfileSettings",
+     *      tags={"Settings"},
+     *      summary="Update the current user's profile settings",
+     *      @OA\RequestBody(
+     *          required=true,
+     *          @OA\JsonContent(
+     *              @OA\Property(property="username", type="string", example="Gertrud123", maxLength=25),
+     *              @OA\Property(property="displayName", type="string", example="Gertrud", maxLength=50),
+     *              @OA\Property(property="privateProfile", type="boolean", example=false, nullable=true),
+     *              @OA\Property(property="preventIndex", type="boolean", example=false, nullable=true),
+     *              @OA\Property(property="privacyHideDays", type="integer", example=1, nullable=true),
+     *              @OA\Property(property="defaultStatusVisibility", type="integer", nullable=true, @OA\Schema(ref="#/components/schemas/StatusVisibility")),
+     *              @OA\Property(property="mastodonVisibility", type="integer", nullable=true, @OA\Schema(ref="#/components/schemas/MastodonVisibility")),
+     *              @OA\Property(property="mapProvider", type="string", nullable=true, @OA\Schema(ref="#/components/schemas/MapProvider"), example="cargo"),
+     *              @OA\Property(property="friendCheckin", type="string", nullable=true, @OA\Schema(ref="#/components/schemas/FriendCheckinSetting"), example="forbidden")
+     *          )
+     *      ),
+     *      @OA\Response(
+     *          response=200,
+     *          description="Success",
+     *          @OA\JsonContent(
+     *              @OA\Property(property="data", type="object", ref="#/components/schemas/UserProfileSettings")
+     *          )
+     *      ),
+     *      @OA\Response(response=401, description="Unauthorized"),
+     *      @OA\Response(response=422, description="Unprocessable Entity"),
+     *      @OA\Response(response=400, description="Bad Request"),
+     *      security={{"passport": {"write-settings"}}, {"token": {}}}
+     *  )
+     */
+    public function updateSettings(Request $request): UserProfileSettingsResource|JsonResponse {
+        $validated = $request->validate([
+                                            'username'                => [
+                                                'required', 'string', 'max:25', 'regex:/^[a-zA-Z0-9_]*$/'
+                                            ],
+                                            'displayName'             => ['required', 'string', 'max:50'],
+                                            'privateProfile'          => ['boolean', 'nullable'],
+                                            'preventIndex'            => ['boolean', 'nullable'],
+                                            'privacyHideDays'         => ['integer', 'nullable', 'gte:1'],
+                                            'defaultStatusVisibility' => [
+                                                'nullable',
+                                                new Enum(StatusVisibility::class),
+                                            ],
+                                            'mastodonVisibility'      => [
+                                                'nullable',
+                                                new Enum(MastodonVisibility::class),
+                                            ],
+                                            'mapProvider'             => ['nullable', new Enum(MapProvider::class)],
+                                            'friendCheckin'           => ['nullable', new Enum(FriendCheckinSetting::class)]
+                                        ]);
+
+        try {
+            return new UserProfileSettingsResource(BackendSettingsController::updateSettings($validated));
+        } catch (RateLimitExceededException) {
+            return $this->sendError(error: __('email.verification.too-many-requests'), code: 400);
+        }
+    }
+
     public function resendMail(): void {
         try {
             auth()->user()->sendEmailVerificationNotification();
@@ -95,83 +157,6 @@ public function updatePassword(Request $request): UserProfileSettingsResource|Js
         }
     }
 
-    /**
-     * @OA\Put(
-     *     path="/settings/profile",
-     *     tags={"Settings"},
-     *     summary="Update the current user's profile settings",
-     *     description="Update the current user's profile settings",
-     *     @OA\RequestBody(
-     *         required=true,
-     *         @OA\JsonContent(
-     *             @OA\Property(property="username", type="string", example="gertrud123", maxLength=25),
-     *             @OA\Property(property="displayName", type="string", example="Gertrud", maxLength=50),
-     *             @OA\Property(property="privateProfile", type="boolean", example=false, nullable=true),
-     *             @OA\Property(property="preventIndex", type="boolean", example=false, nullable=true),
-     *             @OA\Property(property="privacyHideDays", type="integer", example=1, nullable=true),
-     *             @OA\Property(
-     *                  property="defaultStatusVisibility",
-     *                  type="integer",
-     *                  nullable=true,
-     *                  @OA\Schema(ref="#/components/schemas/StatusVisibility")
-     *              ),
-     *              @OA\Property(
-     *                   property="mastodonVisibility",
-     *                   type="integer",
-     *                   nullable=true,
-     *                   @OA\Schema(ref="#/components/schemas/MastodonVisibility")
-     *               ),
-     *              @OA\Property(
-     *                   property="mapProvider",
-     *                   type="string",
-     *                   nullable=true,
-     *                   @OA\Schema(ref="#/components/schemas/MapProvider")
-     *               )
-     *         )
-     *    ),
-     *     @OA\Response(
-     *         response=200,
-     *         description="Success",
-     *         @OA\JsonContent(
-     *             @OA\Property(property="data", type="object", ref="#/components/schemas/UserProfileSettings")
-     *         )
-     *     ),
-     *     @OA\Response(response=401, description="Unauthorized"),
-     *     @OA\Response(response=422, description="Unprocessable Entity"),
-     *     @OA\Response(response=400, description="Bad Request"),
-     *     security={
-     *          {"passport": {"write-settings"}}, {"token": {}}
-     *     }
-     *     )
-     */
-    public function updateSettings(Request $request): UserProfileSettingsResource|JsonResponse {
-        $validated = $request->validate([
-                                            'username'                => ['required',
-                                                                          'string',
-                                                                          'max:25',
-                                                                          'regex:/^[a-zA-Z0-9_]*$/'],
-                                            'displayName'             => ['required', 'string', 'max:50'],
-                                            'privateProfile'          => ['boolean', 'nullable'],
-                                            'preventIndex'            => ['boolean', 'nullable'],
-                                            'privacyHideDays'         => ['integer', 'nullable', 'gte:1'],
-                                            'defaultStatusVisibility' => [
-                                                'nullable',
-                                                new Enum(StatusVisibility::class),
-                                            ],
-                                            'mastodonVisibility'      => [
-                                                'nullable',
-                                                new Enum(MastodonVisibility::class),
-                                            ],
-                                            'mapProvider'             => ['nullable', new Enum(MapProvider::class)],
-                                        ]);
-
-        try {
-            return new UserProfileSettingsResource(BackendSettingsController::updateSettings($validated));
-        } catch (RateLimitExceededException) {
-            return $this->sendError(error: __('email.verification.too-many-requests'), code: 400);
-        }
-    }
-
     /**
      * Undocumented and unofficial API Endpoint
      *

diff --git a/app/Http/Controllers/API/v1/TransportController.php b/app/Http/Controllers/API/v1/TransportController.php
@@ -11,7 +11,6 @@
 use App\Exceptions\HafasException;
 use App\Exceptions\NotConnectedException;
 use App\Exceptions\StationNotOnTripException;
-use App\Http\Controllers\Backend\Transport\HomeController;
 use App\Http\Controllers\Backend\Transport\StationController;
 use App\Http\Controllers\Backend\Transport\TrainCheckinController;
 use App\Http\Controllers\HafasController;
@@ -21,6 +20,8 @@
 use App\Http\Resources\TripResource;
 use App\Models\Event;
 use App\Models\Station;
+use App\Models\User;
+use App\Notifications\YouHaveBeenCheckedIn;
 use Carbon\Carbon;
 use Exception;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
@@ -329,9 +330,9 @@ public function getNextStationByCoordinates(Request $request): JsonResponse {
     /**
      * @OA\Post(
      *      path="/trains/checkin",
-     *      operationId="createTrainCheckin",
+     *      operationId="createCheckin",
      *      tags={"Checkin"},
-     *      summary="Create a checkin",
+     *      summary="Check in to a trip.",
      *      @OA\RequestBody(
      *          required=true,
      *          @OA\JsonContent(ref="#/components/schemas/CheckinRequestBody")
@@ -342,11 +343,11 @@ public function getNextStationByCoordinates(Request $request): JsonResponse {
      *          @OA\JsonContent(ref="#/components/schemas/CheckinResponse")
      *       ),
      *       @OA\Response(response=400, description="Bad request"),
-     *       @OA\Response(response=409, description="Checkin collision"),
      *       @OA\Response(response=401, description="Unauthorized"),
+     *       @OA\Response(response=403, description="Forbidden"),
+     *       @OA\Response(response=409, description="Checkin collision"),
      *       security={
      *           {"passport": {"create-statuses"}}, {"token": {}}
-     *
      *       }
      *     )
      *
@@ -370,25 +371,40 @@ public function create(Request $request): JsonResponse {
                                             'destination' => ['required', 'numeric'],
                                             'departure'   => ['required', 'date'],
                                             'arrival'     => ['required', 'date'],
-                                            'force'       => ['nullable', 'boolean']
+                                            'force'       => ['nullable', 'boolean'],
+                                            'with'        => ['nullable', 'array', 'max:10'],
                                         ]);
+        if (isset($validated['with'])) {
+            $withUsers = User::whereIn('id', $validated['with'])->get();
+            foreach ($withUsers as $user) {
+                if (!Auth::user()?->can('checkin', $user)) {
+                    return $this->sendError('You are not allowed to checkin for the given user.', 403);
+                }
+            }
+        }
 
         try {
             $searchKey          = empty($validated['ibnr']) ? 'id' : 'ibnr';
+            $trip               = HafasController::getHafasTrip($validated['tripId'], $validated['lineName']);
             $originStation      = Station::where($searchKey, $validated['start'])->first();
+            $departure          = Carbon::parse($validated['departure']);
             $destinationStation = Station::where($searchKey, $validated['destination'])->first();
+            $arrival            = Carbon::parse($validated['arrival']);
+            $travelReason       = Business::tryFrom($validated['business'] ?? Business::PRIVATE->value);
+            $event              = isset($validated['eventId']) ? Event::find($validated['eventId']) : null;
 
+            // check in the authenticated user
             $checkinResponse           = TrainCheckinController::checkin(
                 user:           Auth::user(),
-                trip:           HafasController::getHafasTrip($validated['tripId'], $validated['lineName']),
+                trip:           $trip,
                 origin:         $originStation,
-                departure:      Carbon::parse($validated['departure']),
+                departure:      $departure,
                 destination:    $destinationStation,
-                arrival:        Carbon::parse($validated['arrival']),
-                travelReason:   Business::tryFrom($validated['business'] ?? Business::PRIVATE->value),
+                arrival:        $arrival,
+                travelReason:   $travelReason,
                 visibility:     StatusVisibility::tryFrom($validated['visibility'] ?? StatusVisibility::PUBLIC->value),
                 body:           $validated['body'] ?? null,
-                event:          isset($validated['eventId']) ? Event::find($validated['eventId']) : null,
+                event:          $event,
                 force:          isset($validated['force']) && $validated['force'],
                 postOnMastodon: isset($validated['toot']) && $validated['toot'],
                 shouldChain:    isset($validated['chainPost']) && $validated['chainPost']
@@ -408,6 +424,22 @@ public function create(Request $request): JsonResponse {
                 'additional'  => null, //unused old attribute (not removed so this isn't breaking)
             ];
 
+            // if isset, check in the other users with their default values
+            foreach ($withUsers ?? [] as $user) {
+                $checkin = TrainCheckinController::checkin(
+                    user:         $user,
+                    trip:         $trip,
+                    origin:       $originStation,
+                    departure:    $departure,
+                    destination:  $destinationStation,
+                    arrival:      $arrival,
+                    travelReason: $travelReason,
+                    visibility:   $user->default_status_visibility,
+                    event:        $event,
+                );
+                $user->notify(new YouHaveBeenCheckedIn($checkin['status'], auth()->user()));
+            }
+
             return $this->sendResponse($checkinResponse, 201); //ToDo: Check if documented structure has changed
         } catch (CheckInCollisionException $exception) {
             return $this->sendError([