✨ add more moderation tools to backend (#3157)

Author: MrKrisKrisu

app/Http/Controllers/API/v1/StatusController.php

@@ -445,6 +445,11 @@ public function update(Request $request, int $statusId): JsonResponse {
                 'visibility' => StatusVisibility::from($validated['visibility']),
             ];
 
+            if($status->lock_visibility) {
+                // If moderation has locked the visibility, prevent the user from changing it
+                unset($updatePayload['visibility']);
+            }
+
             if (array_key_exists('eventId', $validated)) { // don't use isset here as it would return false if eventId is null
                 $updatePayload['event_id'] = $validated['eventId'];
             }

app/Http/Controllers/Frontend/Admin/StatusEditController.php

@@ -50,13 +50,16 @@ public function renderEdit(Request $request): View {
 
     public function edit(Request $request): RedirectResponse {
         $validated = $request->validate([
-                                            'statusId'    => ['required', 'exists:statuses,id'],
-                                            'origin'      => ['required', 'exists:train_stations,id'],
-                                            'destination' => ['required', 'exists:train_stations,id'],
-                                            'body'        => ['nullable', 'string'],
-                                            'visibility'  => ['required', new Enum(StatusVisibility::class)],
-                                            'event_id'    => ['nullable', 'integer', 'exists:events,id'],
-                                            'points'      => ['nullable', 'integer', 'gte:0'], //if null, points will be recalculated
+                                            'statusId'         => ['required', 'exists:statuses,id'],
+                                            'origin'           => ['required', 'exists:train_stations,id'],
+                                            'destination'      => ['required', 'exists:train_stations,id'],
+                                            'body'             => ['nullable', 'string'],
+                                            'visibility'       => ['required', new Enum(StatusVisibility::class)],
+                                            'event_id'         => ['nullable', 'integer', 'exists:events,id'],
+                                            'points'           => ['nullable', 'integer', 'gte:0'], //if null, points will be recalculated
+                                            'moderation_notes' => ['nullable', 'string', 'max:255'],
+                                            'lock_visibility'  => ['nullable', 'boolean'],
+                                            'hide_body'        => ['nullable', 'boolean'],
                                         ]);
 
         $status = Status::find($validated['statusId']);
@@ -102,16 +105,28 @@ public function edit(Request $request): RedirectResponse {
 
         StatusUpdateEvent::dispatch($status->refresh());
 
-        $status->update([
-                            'visibility' => $validated['visibility'],
-                            'event_id'   => $validated['event_id'],
-                        ]);
+        $payload = [
+            'visibility' => $validated['visibility'],
+            'event_id'   => $validated['event_id'],
+        ];
 
         if ($status->body !== $validated['body']) {
-            $status->update(['body' => $validated['body']]);
+            $payload['body'] = $validated['body'];
         }
+        if (isset($validated['moderation_notes'])) {
+            $payload['moderation_notes'] = $validated['moderation_notes'];
+        }
+        if (isset($validated['lock_visibility'])) {
+            $payload['lock_visibility'] = $validated['lock_visibility'];
+        }
+        if (isset($validated['hide_body'])) {
+            $payload['hide_body'] = $validated['hide_body'];
+        }
+
+        $status->update($payload);
 
-        return redirect()->route('admin.status')->with('alert-success', 'Der Status wurde bearbeitet.');
+        return redirect()->route('admin.status.edit', ['statusId' => $status->id])
+                         ->with('alert-success', 'Status successfully updated');
     }
 
 }

app/Http/Controllers/Frontend/Transport/StatusController.php

@@ -22,6 +22,9 @@
 class StatusController extends Controller
 {
 
+    /**
+     * @deprecated Use API endpoint instead
+     */
     public function updateStatus(Request $request): JsonResponse|RedirectResponse {
         $validated = $request->validate([
                                             'statusId'              => ['required', 'exists:statuses,id'],
@@ -44,11 +47,18 @@ public function updateStatus(Request $request): JsonResponse|RedirectResponse {
                 return back()->with('error', 'You are not allowed to update non-private statuses. Please set the status to private.');
             }
 
-            $status->update([
-                                'body'       => $validated['body'] ?? null,
-                                'business'   => Business::from($validated['business_check']),
-                                'visibility' => $newVisibility,
-                            ]);
+            $statusPayload = [
+                'body'       => $validated['body'] ?? null,
+                'business'   => Business::from($validated['business_check']),
+                'visibility' => $newVisibility,
+            ];
+
+            if($status->lock_visibility) {
+                // If moderation has locked the visibility, prevent the user from changing it
+                unset($statusPayload['visibility']);
+            }
+
+            $status->update($statusPayload);
 
             $status->checkin->update([
                                          'manual_departure' => isset($validated['manualDeparture']) ?

app/Models/Status.php

@@ -21,6 +21,10 @@
  * @property StatusVisibility      visibility
  * @property int                   event_id
  * @property string                mastodon_post_id
+ * @property int                   client_id
+ * @property string                moderation_notes       Notes from the moderation team - visible to the user
+ * @property bool                  lock_visibility        Prevent the user from changing the visibility of the status?
+ * @property bool                  hide_body              Hide the body of the status from other users?
  *
  * //relations
  * @property User                  $user
@@ -39,7 +43,10 @@ class Status extends Model
 
     use HasFactory;
 
-    protected $fillable = ['user_id', 'body', 'business', 'visibility', 'event_id', 'mastodon_post_id', 'client_id'];
+    protected $fillable = [
+        'user_id', 'body', 'business', 'visibility', 'event_id', 'mastodon_post_id', 'client_id',
+        'moderation_notes', 'lock_visibility', 'hide_body',
+    ];
     protected $hidden   = ['user_id', 'business'];
     protected $appends  = ['favorited', 'statusInvisibleToMe', 'description'];
     protected $casts    = [
@@ -49,7 +56,10 @@ class Status extends Model
         'visibility'       => StatusVisibility::class,
         'event_id'         => 'integer',
         'mastodon_post_id' => 'string',
-        'client_id'        => 'integer'
+        'client_id'        => 'integer',
+        'moderation_notes' => 'string',
+        'lock_visibility'  => 'boolean',
+        'hide_body'        => 'boolean'
     ];
 
     public function user(): BelongsTo {

app/Policies/StatusPolicy.php

@@ -73,6 +73,13 @@ public function view(?User $user, Status $status): Response|bool {
         return Response::deny('Congratulations! You\'ve found an edge-case!');
     }
 
+    public function viewBody(?User $user, Status $status): Response|bool {
+        if($user?->id === $status->user_id) {
+            return Response::allow();
+        }
+        return !$status->hide_body && $this->view($user, $status);
+    }
+
     public function create(User $user): bool {
         return $user->cannot('disallow-status-creation');
     }

database/migrations/2025_01_16_000000_add_moderation_notes_to_statuses.php

@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+
+    public function up(): void {
+        Schema::table('statuses', function(Blueprint $table) {
+            $table->string('moderation_notes')->nullable()
+                  ->after('client_id')
+                  ->comment('Notes from the moderation team - visible to the user');
+
+            $table->boolean('lock_visibility')
+                  ->default(false)
+                  ->after('moderation_notes')
+                  ->comment('Prevent the user from changing the visibility of the status?');
+
+            $table->boolean('hide_body')
+                  ->default(false)
+                  ->after('lock_visibility')
+                  ->comment('Hide the body of the status from other users?');
+        });
+    }
+
+    public function down(): void {
+        Schema::table('statuses', function(Blueprint $table) {
+            $table->dropColumn(['moderation_notes', 'lock_visibility', 'hide_body']);
+        });
+    }
+};

lang/de.json

@@ -744,8 +744,7 @@
   "missing-journey": "Ist deine Fahrt nicht dabei?",
   "create-journey": "Fahrt erstellen",
   "trip_creation.no-valid-times": "Die Zeiten der Stationen sind nicht in einer zeitlich korrekten Reihenfolge.",
-  "trip_creation.title": "Reise manuell erstellen",
-  "trip_creation.form.trip_data": "Fahrtinformationen",
+  "trip_creation.title": "Reise manuell erstellen","trip_creation.form.trip_data": "Fahrtinformationen",
   "trip_creation.form.map": "Karte",
   "trip_creation.form.origin": "Abfahrtsbahnhof",
   "trip_creation.form.destination": "Zielbahnhof",
@@ -828,5 +827,7 @@
   "trip-info.user": "User",
   "trip-info.origin": "Abfahrtsort",
   "trip-info.destination": "Zielort",
-  "requested-timestamp": "Abfragezeitpunkt"
+  "requested-timestamp": "Abfragezeitpunkt",
+  "status.locked-visibility": "Du kannst die Sichtbarkeit dieses Status nicht ändern.",
+  "status.hidden-body": "Der Statustext ist für andere User nicht sichtbar."
 }

lang/en.json

@@ -828,5 +828,7 @@
   "trip-info.user": "User",
   "trip-info.origin": "Origin",
   "trip-info.destination": "Destination",
-  "requested-timestamp": "Requested timestamp"
+  "requested-timestamp": "Requested timestamp",
+  "status.locked-visibility": "You cannot change the visibility of this status.",
+  "status.hidden-body": "The status text is not visible to other users."
 }

resources/js/admin.js

@@ -5,17 +5,9 @@ import "./components/maps";
 import * as Popper from "@popperjs/core";
 import "bootstrap";
 import "leaflet";
-import {createApp} from "vue";
-import TripCreationForm from "../vue/components/TripCreation/TripCreationForm.vue";
 
 window.addEventListener("load", () => {
     import("./components/station-autocomplete");
 });
 
 window.Popper = Popper;
-
-document.addEventListener("DOMContentLoaded", function () {
-    const admin = createApp({});
-    admin.component("TripCreationForm", TripCreationForm);
-    admin.mount("#trip-creation-form");
-});