Create admin during installation, allow multiple admins (LycheeOrg#1602)

app/Actions/Diagnostics/Pipes/Checks/AdminUserExistsCheck.php

@@ -9,11 +9,11 @@ class AdminUserExistsCheck implements DiagnosticPipe
 {
 	public function handle(array &$data, \Closure $next): array
 	{
-		$admin = User::query()->find(0);
-		if ($admin === null) {
-			$data[] = 'Error: User Admin not found in database. Please run: "php artisan lychee:reset_admin"';
+		$numberOfAdmin = User::query()->where('may_administrate', '=', true)->count();
+		if ($numberOfAdmin === 0) {
+			$data[] = 'Error: User Admin not found in database. Please run: "php lychee:create_user {username} {password}"';
 		}
 
 		return $next($data);
 	}
-}
+}

app/Actions/User/Notify.php

@@ -10,7 +10,6 @@
 use App\Notifications\PhotoAdded;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Database\MultipleRecordsFoundException;
-use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Notification;
 
@@ -35,7 +34,7 @@ public function do(Photo $photo): void
 		}
 
 		// Admin user is always notified
-		$users = new Collection([User::find(0)]);
+		$users = User::query()->where('may_administrate', '=', true)->get();
 
 		$album = $photo->album;
 		if ($album !== null) {

app/Console/Commands/CreateUser.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Actions\User\Create;
+use App\Contracts\Exceptions\ExternalLycheeException;
+use App\Models\User;
+use Illuminate\Console\Command;
+
+class CreateUser extends Command
+{
+	private Create $create;
+
+	/**
+	 * The name and signature of the console command.
+	 *
+	 * @var string
+	 */
+	protected $signature =
+		'lychee:create_user' .
+		'{username : username of the new user} ' .
+		'{password : password of the new user} ' .
+		'{--may-edit-own-settings : user can edit own settings}  ' .
+		'{--may-upload : user may upload} ' .
+		'{--may-administrate : user is an admin} ';
+
+	/**
+	 * The console command description.
+	 *
+	 * @var string
+	 */
+	protected $description = 'Create a new user with the given username and password. If no user exists yet, this user will be an admin.';
+
+	/**
+	 * Create a new command instance.
+	 */
+	public function __construct(Create $create)
+	{
+		parent::__construct();
+		$this->create = $create;
+	}
+
+	/**
+	 * Execute the console command.
+	 *
+	 * @return int
+	 *
+	 * @throws ExternalLycheeException
+	 */
+	public function handle(): int
+	{
+		$username = strval($this->argument('username'));
+		$password = strval($this->argument('password'));
+
+		$count = User::query()->count();
+
+		$mayAdministrate = $count < 1 || $this->option('may-administrate') === true;
+		$mayEditOwnSettings = $mayAdministrate || $this->option('may-edit-own-settings') === true;
+		$mayUpload = $mayAdministrate || $this->option('may-upload') === true;
+
+		$user = $this->create->do($username, $password, $mayUpload, $mayEditOwnSettings);
+		$user->may_administrate = $mayAdministrate;
+		$user->save();
+
+		$this->line(sprintf('Successfully created%s user %s ', $mayAdministrate ? ' admin' : '', $username));
+
+		return 0;
+	}
+}

app/Console/Commands/ResetAdmin.php

@@ -2,21 +2,10 @@
 
 namespace App\Console\Commands;
 
-use App\Actions\User\ResetAdmin as UserResetAdmin;
-use App\Console\Commands\Utilities\Colorize;
-use App\Contracts\Exceptions\ExternalLycheeException;
-use App\Exceptions\Internal\QueryBuilderException;
-use App\Exceptions\UnexpectedException;
 use Illuminate\Console\Command;
-use Symfony\Component\Console\Exception\ExceptionInterface as SymfonyConsoleException;
 
 class ResetAdmin extends Command
 {
-	/**
-	 * Add color to the command line output.
-	 */
-	private Colorize $col;
-
 	/**
 	 * The name and signature of the console command.
 	 *
@@ -29,44 +18,17 @@ class ResetAdmin extends Command
 	 *
 	 * @var string
 	 */
-	protected $description = 'Reset Login and Password of the admin user.';
-
-	/**
-	 * Access to the reset admin function.
-	 *
-	 * @var UserResetAdmin
-	 */
-	protected UserResetAdmin $userResetAdmin;
-
-	/**
-	 * Create a new command instance.
-	 *
-	 * @throws SymfonyConsoleException
-	 */
-	public function __construct(Colorize $colorize, UserResetAdmin $userResetAdmin)
-	{
-		parent::__construct();
-		$this->col = $colorize;
-		$this->userResetAdmin = $userResetAdmin;
-	}
+	protected $description = 'Reset Login and Password of the admin user (deprecated).';
 
 	/**
 	 * Execute the console command.
 	 *
 	 * @return int
-	 *
-	 * @throws ExternalLycheeException
 	 */
 	public function handle(): int
 	{
-		try {
-			$this->userResetAdmin->do();
-
-			$this->line($this->col->yellow('Admin username and password reset.'));
+		$this->line('Command deprecated. Instead, use php artisan lychee:update_user or lychee:create_user {username} {password} --may_administrate.');
 
-			return 0;
-		} catch (QueryBuilderException $e) {
-			throw new UnexpectedException($e);
-		}
+		return 1;
 	}
-}
+}

app/Console/Commands/UpdateUser.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Contracts\Exceptions\ExternalLycheeException;
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Hash;
+
+class UpdateUser extends Command
+{
+	/**
+	 * The name and signature of the console command.
+	 *
+	 * @var string
+	 */
+	protected $signature =
+		'lychee:update_user' .
+		'{username : username of the user} ' .
+		'{password : password of the user} ';
+
+	/**
+	 * The console command description.
+	 *
+	 * @var string
+	 */
+	protected $description = 'Update the user with the given username.';
+
+	/**
+	 * Execute the console command.
+	 *
+	 * @return int
+	 *
+	 * @throws ExternalLycheeException
+	 */
+	public function handle(): int
+	{
+		$username = strval($this->argument('username'));
+
+		/** @var User|null $user */
+		$user = User::query()->where('username', '=', $username)->first();
+
+		if ($user === null) {
+			$this->error('user not found');
+
+			return 1;
+		}
+
+		$password = strval($this->argument('password'));
+
+		if ($password !== '') {
+			$user->password = Hash::make($password);
+			$user->save();
+
+			$this->line('Successfully updated user ' . $username);
+
+			return 0;
+		}
+
+		$this->error('wrong password');
+
+		return 1;
+	}
+}

app/DTO/Rights/GlobalRightsDTO.php

@@ -31,19 +31,4 @@ public static function ofCurrentUser(): self
 			user: UserRightsDTO::ofCurrentUser(),
 		);
 	}
-
-	/**
-	 * Create from no admin registerd.
-	 *
-	 * @return self
-	 */
-	public static function ofUnregisteredAdmin(): self
-	{
-		return new self(
-			root_album: RootAlbumRightsDTO::ofUnregisteredAdmin(),
-			settings: SettingsRightsDTO::ofUnregisteredAdmin(),
-			user_management: UserManagementRightsDTO::ofUnregisteredAdmin(),
-			user: UserRightsDTO::ofUnregisteredAdmin(),
-		);
-	}
 }

app/DTO/Rights/RootAlbumRightsDTO.php

@@ -32,12 +32,4 @@ public static function ofCurrentUser(): self
 			can_import_from_server: Gate::check(AlbumPolicy::CAN_IMPORT_FROM_SERVER, [AbstractAlbum::class]),
 		);
 	}
-
-	/**
-	 * @return self
-	 */
-	public static function ofUnregisteredAdmin(): self
-	{
-		return new self(true, true, true);
-	}
 }

app/DTO/Rights/SettingsRightsDTO.php

@@ -37,12 +37,4 @@ public static function ofCurrentUser(): self
 			can_update: Gate::check(SettingsPolicy::CAN_UPDATE, [Configs::class]),
 		);
 	}
-
-	/**
-	 * @return self
-	 */
-	public static function ofUnregisteredAdmin(): self
-	{
-		return new self(true, true, true, true, true);
-	}
 }

app/DTO/Rights/UserManagementRightsDTO.php

@@ -34,12 +34,4 @@ public static function ofCurrentUser(): self
 			can_delete: Gate::check(UserPolicy::CAN_CREATE_OR_EDIT_OR_DELETE, [User::class])
 		);
 	}
-
-	/**
-	 * @return self
-	 */
-	public static function ofUnregisteredAdmin(): self
-	{
-		return new self(true, true, true, true);
-	}
 }

app/DTO/Rights/UserRightsDTO.php

@@ -30,12 +30,4 @@ public static function ofCurrentUser(): self
 			can_use_2fa: Gate::check(UserPolicy::CAN_USE_2FA, [User::class]),
 		);
 	}
-
-	/**
-	 * @return self
-	 */
-	public static function ofUnregisteredAdmin(): self
-	{
-		return new self(true, true);
-	}
 }