Merge pull request #4862 from pixelfed/staging

Add Parental Controls feature
This commit is contained in:
daniel 2024-01-11 07:08:38 -07:00 committed by GitHub
commit 187d1e1af9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 3869 additions and 2673 deletions

View file

@ -13,6 +13,7 @@
- Added `app:hashtag-related-generate` command to generate related hashtags ([176b4ed7](https://github.com/pixelfed/pixelfed/commit/176b4ed7))
- Added Mutual Followers API endpoint ([33dbbe46](https://github.com/pixelfed/pixelfed/commit/33dbbe46))
- Added User Domain Blocks ([#4834](https://github.com/pixelfed/pixelfed/pull/4834)) ([fa0380ac](https://github.com/pixelfed/pixelfed/commit/fa0380ac))
- Added Parental Controls ([#4862](https://github.com/pixelfed/pixelfed/pull/4862)) ([c91f1c59](https://github.com/pixelfed/pixelfed/commit/c91f1c59))
### Federation
- Update Privacy Settings, add support for Mastodon `indexable` search flag ([fc24630e](https://github.com/pixelfed/pixelfed/commit/fc24630e))

View file

@ -758,6 +758,8 @@ class ApiV1Controller extends Controller
abort_if(!$request->user(), 403);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-follow', $user->id), 403, 'Invalid permissions for this action');
AccountService::setLastActive($user->id);
$target = Profile::where('id', '!=', $user->profile_id)
@ -843,6 +845,7 @@ class ApiV1Controller extends Controller
abort_if(!$request->user(), 403);
$user = $request->user();
AccountService::setLastActive($user->id);
$target = Profile::where('id', '!=', $user->profile_id)
@ -947,6 +950,8 @@ class ApiV1Controller extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-view-discover', $user->id), 403, 'Invalid permissions for this action');
AccountService::setLastActive($user->id);
$query = $request->input('q');
$limit = $request->input('limit') ?? 20;
@ -1750,6 +1755,8 @@ class ApiV1Controller extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
AccountService::setLastActive($user->id);
$media = Media::whereUserId($user->id)
@ -2568,7 +2575,11 @@ class ApiV1Controller extends Controller
$limit = $request->input('limit', 20);
$scope = $request->input('scope', 'inbox');
$pid = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$pid = $user->profile_id;
if(config('database.default') == 'pgsql') {
$dms = DirectMessage::when($scope === 'inbox', function($q, $scope) use($pid) {
@ -2983,6 +2994,15 @@ class ApiV1Controller extends Controller
$in_reply_to_id = $request->input('in_reply_to_id');
$user = $request->user();
if($user->has_roles) {
if($in_reply_to_id != null) {
abort_if(!UserRoleService::can('can-comment', $user->id), 403, 'Invalid permissions for this action');
} else {
abort_if(!UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
}
}
$profile = $user->profile;
$limitKey = 'compose:rate-limit:store:' . $user->id;
@ -3438,6 +3458,7 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id);
$pid = $request->user()->profile_id;
abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
@ -3477,6 +3498,7 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id);
$pid = $request->user()->profile_id;
abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);

View file

@ -35,6 +35,7 @@ use App\Transformer\Api\{
RelationshipTransformer,
};
use App\Util\Site\Nodeinfo;
use App\Services\UserRoleService;
class ApiV2Controller extends Controller
{
@ -159,6 +160,14 @@ class ApiV2Controller extends Controller
'following' => 'nullable'
]);
if($request->user()->has_roles && !UserRoleService::can('can-view-discover', $request->user()->id)) {
return [
'accounts' => [],
'hashtags' => [],
'statuses' => []
];
}
$mastodonMode = !$request->has('_pe');
return $this->json(SearchApiV2Service::query($request, $mastodonMode));
}

View file

@ -60,7 +60,7 @@ class RegisterController extends Controller
*
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
public function validator(array $data)
{
if(config('database.default') == 'pgsql') {
$data['username'] = strtolower($data['username']);
@ -151,7 +151,7 @@ class RegisterController extends Controller
*
* @return \App\User
*/
protected function create(array $data)
public function create(array $data)
{
if(config('database.default') == 'pgsql') {
$data['username'] = strtolower($data['username']);

View file

@ -8,6 +8,7 @@ use Auth;
use Illuminate\Http\Request;
use App\Services\BookmarkService;
use App\Services\FollowerService;
use App\Services\UserRoleService;
class BookmarkController extends Controller
{
@ -22,17 +23,18 @@ class BookmarkController extends Controller
'item' => 'required|integer|min:1',
]);
$profile = Auth::user()->profile;
$user = $request->user();
$status = Status::findOrFail($request->input('item'));
abort_if($user->has_roles && !UserRoleService::can('can-bookmark', $user->id), 403, 'Invalid permissions for this action');
abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
if($status->scope == 'private') {
if($profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id)) {
if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($profile->id)->first()) {
BookmarkService::del($profile->id, $status->id);
if($user->profile_id !== $status->profile_id && !FollowerService::follows($user->profile_id, $status->profile_id)) {
if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($user->profile_id)->first()) {
BookmarkService::del($user->profile_id, $status->id);
$exists->delete();
if ($request->ajax()) {
@ -46,22 +48,16 @@ class BookmarkController extends Controller
}
$bookmark = Bookmark::firstOrCreate(
['status_id' => $status->id], ['profile_id' => $profile->id]
['status_id' => $status->id], ['profile_id' => $user->profile_id]
);
if (!$bookmark->wasRecentlyCreated) {
BookmarkService::del($profile->id, $status->id);
BookmarkService::del($user->profile_id, $status->id);
$bookmark->delete();
} else {
BookmarkService::add($profile->id, $status->id);
BookmarkService::add($user->profile_id, $status->id);
}
if ($request->ajax()) {
$response = ['code' => 200, 'msg' => 'Bookmark saved!'];
} else {
$response = redirect()->back();
}
return $response;
return $request->expectsJson() ? ['code' => 200, 'msg' => 'Bookmark saved!'] : redirect()->back();
}
}

View file

@ -229,6 +229,8 @@ class ComposeController extends Controller
'id' => 'required|integer|min:1|exists:media,id'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$media = Media::whereNull('status_id')
->whereUserId(Auth::id())
->findOrFail($request->input('id'));
@ -258,6 +260,8 @@ class ComposeController extends Controller
$q = mb_substr($q, 1);
}
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$blocked = UserFilter::whereFilterableType('App\Profile')
->whereFilterType('block')
->whereFilterableId($request->user()->profile_id)
@ -292,6 +296,8 @@ class ComposeController extends Controller
'profile_id' => 'required'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$user = $request->user();
$status_id = $request->input('status_id');
$profile_id = (int) $request->input('profile_id');
@ -322,6 +328,7 @@ class ComposeController extends Controller
$this->validate($request, [
'q' => 'required|string|max:100'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
abort_if(!$pid, 400);
$q = e($request->input('q'));
@ -400,6 +407,8 @@ class ComposeController extends Controller
'q' => 'required|string|min:2|max:50'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$q = $request->input('q');
if(Str::of($q)->startsWith('@')) {
@ -440,6 +449,8 @@ class ComposeController extends Controller
'q' => 'required|string|min:2|max:50'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$q = $request->input('q');
$results = Hashtag::select('slug')
@ -478,6 +489,8 @@ class ComposeController extends Controller
// 'optimize_media' => 'nullable'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
if(config('costar.enabled') == true) {
$blockedKeywords = config('costar.keyword.block');
if($blockedKeywords !== null && $request->caption) {
@ -490,7 +503,7 @@ class ComposeController extends Controller
}
}
$user = Auth::user();
$user = $request->user();
$profile = $user->profile;
$limitKey = 'compose:rate-limit:store:' . $user->id;
@ -646,6 +659,8 @@ class ComposeController extends Controller
'tagged' => 'nullable',
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
if(config('costar.enabled') == true) {
$blockedKeywords = config('costar.keyword.block');
if($blockedKeywords !== null && $request->caption) {
@ -658,7 +673,7 @@ class ComposeController extends Controller
}
}
$user = Auth::user();
$user = $request->user();
$profile = $user->profile;
$visibility = $request->input('visibility');
$status = new Status;
@ -723,6 +738,8 @@ class ComposeController extends Controller
'id' => 'required|integer|min:1'
]);
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$media = Media::whereUserId($request->user()->id)
->whereNull('status_id')
->findOrFail($request->input('id'));
@ -755,6 +772,8 @@ class ComposeController extends Controller
public function composeSettings(Request $request)
{
$uid = $request->user()->id;
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
$default = [
'default_license' => 1,
'media_descriptions' => false,
@ -780,8 +799,9 @@ class ComposeController extends Controller
'expiry' => 'required|in:60,360,1440,10080',
'pollOptions' => 'required|array|min:1|max:4'
]);
abort(404);
abort_if(config('instance.polls.enabled') == false, 404, 'Polls not enabled');
abort_if($request->user()->has_roles && !UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
abort_if(Status::whereType('poll')
->whereProfileId($request->user()->profile_id)

View file

@ -26,6 +26,7 @@ use App\Services\WebfingerService;
use App\Models\Conversation;
use App\Jobs\DirectPipeline\DirectDeletePipeline;
use App\Jobs\DirectPipeline\DirectDeliverPipeline;
use App\Services\UserRoleService;
class DirectMessageController extends Controller
{
@ -41,7 +42,11 @@ class DirectMessageController extends Controller
'page' => 'nullable|integer|min:1|max:99'
]);
$profile = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$profile = $user->profile_id;
$action = $request->input('a', 'inbox');
$page = $request->input('page');
@ -302,7 +307,9 @@ class DirectMessageController extends Controller
'type' => 'required|in:text,emoji'
]);
$profile = $request->user()->profile;
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -401,7 +408,10 @@ class DirectMessageController extends Controller
$this->validate($request, [
'pid' => 'required'
]);
$uid = $request->user()->profile_id;
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$uid = $user->profile_id;
$pid = $request->input('pid');
$max_id = $request->input('max_id');
$min_id = $request->input('min_id');
@ -552,6 +562,9 @@ class DirectMessageController extends Controller
public function get(Request $request, $id)
{
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
$dm = DirectMessage::whereStatusId($id)->firstOrFail();
abort_if($pid !== $dm->to_id && $pid !== $dm->from_id, 404);
@ -572,6 +585,7 @@ class DirectMessageController extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$profile = $user->profile;
$recipient = Profile::where('id', '!=', $profile->id)->findOrFail($request->input('to_id'));
abort_if(in_array($profile->id, $recipient->blockedIds()->toArray()), 403);
@ -670,6 +684,11 @@ class DirectMessageController extends Controller
'remote' => 'nullable',
]);
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id)) {
return [];
}
$q = $request->input('q');
$r = $request->input('remote', false);
@ -728,6 +747,8 @@ class DirectMessageController extends Controller
$pid = $request->input('pid');
$sid = $request->input('sid');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$dms = DirectMessage::whereToId($request->user()->profile_id)
->whereFromId($pid)
@ -749,6 +770,8 @@ class DirectMessageController extends Controller
'id' => 'required'
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id');
$pid = $request->user()->profile_id;
@ -770,6 +793,9 @@ class DirectMessageController extends Controller
'id' => 'required'
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-direct-message', $user->id), 403, 'Invalid permissions for this action');
$fid = $request->input('id');
$pid = $request->user()->profile_id;

View file

@ -0,0 +1,231 @@
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\ParentalControls;
use App\Models\UserRoles;
use App\Profile;
use App\User;
use App\Http\Controllers\Auth\RegisterController;
use Illuminate\Auth\Events\Registered;
use Illuminate\Support\Facades\Auth;
use App\Services\UserRoleService;
use App\Jobs\ParentalControlsPipeline\DispatchChildInvitePipeline;
class ParentalControlsController extends Controller
{
public function authPreflight($request, $maxUserCheck = false, $authCheck = true)
{
if($authCheck) {
abort_unless($request->user(), 404);
abort_unless($request->user()->has_roles === 0, 404);
}
abort_unless(config('instance.parental_controls.enabled'), 404);
if(config_cache('pixelfed.open_registration') == false) {
abort_if(config('instance.parental_controls.limits.respect_open_registration'), 404);
}
if($maxUserCheck == true) {
$hasLimit = config('pixelfed.enforce_max_users');
if($hasLimit) {
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
$limit = (int) config('pixelfed.max_users');
abort_if($limit && $limit <= $count, 404);
}
}
}
public function index(Request $request)
{
$this->authPreflight($request);
$children = ParentalControls::whereParentId($request->user()->id)->latest()->paginate(5);
return view('settings.parental-controls.index', compact('children'));
}
public function add(Request $request)
{
$this->authPreflight($request, true);
return view('settings.parental-controls.add');
}
public function view(Request $request, $id)
{
$this->authPreflight($request);
$uid = $request->user()->id;
$pc = ParentalControls::whereParentId($uid)->findOrFail($id);
return view('settings.parental-controls.manage', compact('pc'));
}
public function update(Request $request, $id)
{
$this->authPreflight($request);
$uid = $request->user()->id;
$ff = $this->requestFormFields($request);
$pc = ParentalControls::whereParentId($uid)->findOrFail($id);
$pc->permissions = $ff;
$pc->save();
$roles = UserRoleService::mapActions($pc->child_id, $ff);
if(isset($roles['account-force-private'])) {
$c = Profile::whereUserId($pc->child_id)->first();
$c->is_private = $roles['account-force-private'];
$c->save();
}
UserRoles::whereUserId($pc->child_id)->update(['roles' => $roles]);
return redirect($pc->manageUrl() . '?permissions');
}
public function store(Request $request)
{
$this->authPreflight($request, true);
$this->validate($request, [
'email' => 'required|email|unique:parental_controls,email|unique:users,email',
]);
$state = $this->requestFormFields($request);
$pc = new ParentalControls;
$pc->parent_id = $request->user()->id;
$pc->email = $request->input('email');
$pc->verify_code = str_random(32);
$pc->permissions = $state;
$pc->save();
DispatchChildInvitePipeline::dispatch($pc);
return redirect($pc->manageUrl());
}
public function inviteRegister(Request $request, $id, $code)
{
if($request->user()) {
$title = 'You cannot complete this action on this device.';
$body = 'Please log out or use a different device or browser to complete the invitation registration.';
return view('errors.custom', compact('title', 'body'));
}
$this->authPreflight($request, true, false);
$pc = ParentalControls::whereRaw('verify_code = BINARY ?', $code)->whereNull(['email_verified_at', 'child_id'])->findOrFail($id);
abort_unless(User::whereId($pc->parent_id)->exists(), 404);
return view('settings.parental-controls.invite-register-form', compact('pc'));
}
public function inviteRegisterStore(Request $request, $id, $code)
{
if($request->user()) {
$title = 'You cannot complete this action on this device.';
$body = 'Please log out or use a different device or browser to complete the invitation registration.';
return view('errors.custom', compact('title', 'body'));
}
$this->authPreflight($request, true, false);
$pc = ParentalControls::whereRaw('verify_code = BINARY ?', $code)->whereNull('email_verified_at')->findOrFail($id);
$fields = $request->all();
$fields['email'] = $pc->email;
$defaults = UserRoleService::defaultRoles();
$validator = (new RegisterController)->validator($fields);
$valid = $validator->validate();
abort_if(!$valid, 404);
event(new Registered($user = (new RegisterController)->create($fields)));
sleep(5);
$user->has_roles = true;
$user->parent_id = $pc->parent_id;
if(config('instance.parental_controls.limits.auto_verify_email')) {
$user->email_verified_at = now();
$user->save();
sleep(3);
} else {
$user->save();
sleep(3);
}
$ur = UserRoles::updateOrCreate([
'user_id' => $user->id,
],[
'roles' => UserRoleService::mapInvite($user->id, $pc->permissions)
]);
$pc->email_verified_at = now();
$pc->child_id = $user->id;
$pc->save();
sleep(2);
Auth::guard()->login($user);
return redirect('/i/web');
}
public function cancelInvite(Request $request, $id)
{
$this->authPreflight($request);
$pc = ParentalControls::whereParentId($request->user()->id)
->whereNull(['email_verified_at', 'child_id'])
->findOrFail($id);
return view('settings.parental-controls.delete-invite', compact('pc'));
}
public function cancelInviteHandle(Request $request, $id)
{
$this->authPreflight($request);
$pc = ParentalControls::whereParentId($request->user()->id)
->whereNull(['email_verified_at', 'child_id'])
->findOrFail($id);
$pc->delete();
return redirect('/settings/parental-controls');
}
public function stopManaging(Request $request, $id)
{
$this->authPreflight($request);
$pc = ParentalControls::whereParentId($request->user()->id)
->whereNotNull(['email_verified_at', 'child_id'])
->findOrFail($id);
return view('settings.parental-controls.stop-managing', compact('pc'));
}
public function stopManagingHandle(Request $request, $id)
{
$this->authPreflight($request);
$pc = ParentalControls::whereParentId($request->user()->id)
->whereNotNull(['email_verified_at', 'child_id'])
->findOrFail($id);
$pc->child()->update([
'has_roles' => false,
'parent_id' => null,
]);
$pc->delete();
return redirect('/settings/parental-controls');
}
protected function requestFormFields($request)
{
$state = [];
$fields = [
'post',
'comment',
'like',
'share',
'follow',
'bookmark',
'story',
'collection',
'discovery_feeds',
'dms',
'federation',
'hide_network',
'private',
'hide_cw'
];
foreach ($fields as $field) {
$state[$field] = $request->input($field) == 'on';
}
return $state;
}
}

View file

@ -173,7 +173,8 @@ trait HomeSettings
$user->email = $email;
if ($validate) {
$user->email_verified_at = null;
// auto verify admin email addresses
$user->email_verified_at = $user->is_admin == true ? now() : null;
// Prevent old verifications from working
EmailVerification::whereUserId($user->id)->delete();
}
@ -195,7 +196,7 @@ trait HomeSettings
$user->save();
$profile->save();
return redirect('/settings/home')->with('status', 'Email successfully updated!');
return redirect('/settings/email')->with('status', 'Email successfully updated!');
} else {
return redirect('/settings/email');
}
@ -206,5 +207,4 @@ trait HomeSettings
{
return view('settings.avatar');
}
}

View file

@ -29,6 +29,7 @@ use App\Jobs\StoryPipeline\StoryFanout;
use App\Jobs\StoryPipeline\StoryDelete;
use ImageOptimizer;
use App\Models\Conversation;
use App\Services\UserRoleService;
class StoryComposeController extends Controller
{
@ -47,7 +48,7 @@ class StoryComposeController extends Controller
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$count = Story::whereProfileId($user->profile_id)
->whereActive(true)
->where('expires_at', '>', now())
@ -177,6 +178,7 @@ class StoryComposeController extends Controller
$id = $request->input('media_id');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$story = Story::whereProfileId($user->profile_id)
->findOrFail($id);
@ -218,6 +220,8 @@ class StoryComposeController extends Controller
public function compose(Request $request)
{
abort_if(!config_cache('instance.stories.enabled') || !$request->user(), 404);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
return view('stories.compose');
}
@ -241,6 +245,8 @@ class StoryComposeController extends Controller
'can_react' => 'required|boolean'
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
$count = Story::whereProfileId($pid)
@ -329,6 +335,9 @@ class StoryComposeController extends Controller
'id' => 'required|integer|min:1',
]);
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$pid = $request->user()->profile_id;
$sid = $request->input('id');
$type = $request->input('type');
@ -387,7 +396,8 @@ class StoryComposeController extends Controller
]);
$pid = $request->user()->profile_id;
$text = $request->input('reaction');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$story = Story::findOrFail($request->input('sid'));
abort_if(!$story->can_react, 422);
@ -461,7 +471,8 @@ class StoryComposeController extends Controller
]);
$pid = $request->user()->profile_id;
$text = $request->input('caption');
$user = $request->user();
abort_if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id), 403, 'Invalid permissions for this action');
$story = Story::findOrFail($request->input('sid'));
abort_if(!$story->can_reply, 422);

View file

@ -28,13 +28,18 @@ use League\Fractal\Serializer\ArraySerializer;
use League\Fractal\Resource\Item;
use App\Transformer\ActivityPub\Verb\StoryVerb;
use App\Jobs\StoryPipeline\StoryViewDeliver;
use App\Services\UserRoleService;
class StoryController extends StoryComposeController
{
public function recent(Request $request)
{
abort_if(!config_cache('instance.stories.enabled') || !$request->user(), 404);
$pid = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id)) {
return [];
}
$pid = $user->profile_id;
if(config('database.default') == 'pgsql') {
$s = Cache::remember('pf:stories:recent-by-id:' . $pid, 900, function() use($pid) {
@ -114,7 +119,11 @@ class StoryController extends StoryComposeController
{
abort_if(!config_cache('instance.stories.enabled') || !$request->user(), 404);
$authed = $request->user()->profile_id;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id)) {
return [];
}
$authed = $user->profile_id;
$profile = Profile::findOrFail($id);
if($authed != $profile->id && !FollowerService::follows($authed, $profile->id)) {
@ -173,8 +182,11 @@ class StoryController extends StoryComposeController
'id' => 'required|min:1',
]);
$id = $request->input('id');
$authed = $request->user()->profile;
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id)) {
return [];
}
$authed = $user->profile;
$story = Story::with('profile')
->findOrFail($id);
@ -210,7 +222,10 @@ class StoryController extends StoryComposeController
public function exists(Request $request, $id)
{
abort_if(!config_cache('instance.stories.enabled') || !$request->user(), 404);
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id)) {
return response()->json(false);
}
return response()->json(Story::whereProfileId($id)
->whereActive(true)
->exists());
@ -234,6 +249,11 @@ class StoryController extends StoryComposeController
'sid' => 'required|string'
]);
$user = $request->user();
if($user->has_roles && !UserRoleService::can('can-use-stories', $user->id)) {
return response()->json([]);
}
$pid = $request->user()->profile_id;
$sid = $request->input('sid');

View file

@ -0,0 +1,38 @@
<?php
namespace App\Jobs\ParentalControlsPipeline;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldBeUnique;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
use App\Models\ParentalControls;
use App\Mail\ParentChildInvite;
use Illuminate\Support\Facades\Mail;
class DispatchChildInvitePipeline implements ShouldQueue
{
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
public $pc;
/**
* Create a new job instance.
*/
public function __construct(ParentalControls $pc)
{
$this->pc = $pc;
}
/**
* Execute the job.
*/
public function handle(): void
{
$pc = $this->pc;
Mail::to($pc->email)->send(new ParentChildInvite($pc));
}
}

View file

@ -0,0 +1,49 @@
<?php
namespace App\Mail;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
class ParentChildInvite extends Mailable
{
use Queueable, SerializesModels;
public function __construct(
public $verify,
) {}
/**
* Get the message envelope.
*/
public function envelope(): Envelope
{
return new Envelope(
subject: 'You\'ve been invited to join Pixelfed!',
);
}
/**
* Get the message content definition.
*/
public function content(): Content
{
return new Content(
markdown: 'emails.parental-controls.invite',
);
}
/**
* Get the attachments for the message.
*
* @return array<int, \Illuminate\Mail\Mailables\Attachment>
*/
public function attachments(): array
{
return [];
}
}

View file

@ -0,0 +1,55 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\SoftDeletes;
use App\User;
use App\Services\AccountService;
class ParentalControls extends Model
{
use HasFactory, SoftDeletes;
protected $casts = [
'permissions' => 'array',
'email_sent_at' => 'datetime',
'email_verified_at' => 'datetime'
];
protected $guarded = [];
public function parent()
{
return $this->belongsTo(User::class, 'parent_id');
}
public function child()
{
return $this->belongsTo(User::class, 'child_id');
}
public function childAccount()
{
if($u = $this->child) {
if($u->profile_id) {
return AccountService::get($u->profile_id, true);
} else {
return [];
}
} else {
return [];
}
}
public function manageUrl()
{
return url('/settings/parental-controls/manage/' . $this->id);
}
public function inviteUrl()
{
return url('/auth/pci/' . $this->id . '/' . $this->verify_code);
}
}

View file

@ -52,6 +52,13 @@ class UserRoleService
'can-follow' => false,
'can-make-public' => false,
'can-direct-message' => false,
'can-use-stories' => false,
'can-view-sensitive' => false,
'can-bookmark' => false,
'can-collections' => false,
'can-federation' => false,
];
}
@ -114,6 +121,110 @@ class UserRoleService
'title' => 'Can make account public',
'action' => 'Allows the ability to make account public'
],
'can-direct-message' => [
'title' => '',
'action' => ''
],
'can-use-stories' => [
'title' => '',
'action' => ''
],
'can-view-sensitive' => [
'title' => '',
'action' => ''
],
'can-bookmark' => [
'title' => '',
'action' => ''
],
'can-collections' => [
'title' => '',
'action' => ''
],
'can-federation' => [
'title' => '',
'action' => ''
],
];
}
public static function mapInvite($id, $data = [])
{
$roles = self::get($id);
$map = [
'account-force-private' => 'private',
'account-ignore-follow-requests' => 'private',
'can-view-public-feed' => 'discovery_feeds',
'can-view-network-feed' => 'discovery_feeds',
'can-view-discover' => 'discovery_feeds',
'can-view-hashtag-feed' => 'discovery_feeds',
'can-post' => 'post',
'can-comment' => 'comment',
'can-like' => 'like',
'can-share' => 'share',
'can-follow' => 'follow',
'can-make-public' => '!private',
'can-direct-message' => 'dms',
'can-use-stories' => 'story',
'can-view-sensitive' => '!hide_cw',
'can-bookmark' => 'bookmark',
'can-collections' => 'collection',
'can-federation' => 'federation',
];
foreach ($map as $key => $value) {
if(!isset($data[$value]) && !isset($data[substr($value, 1)])) {
$map[$key] = false;
continue;
}
$map[$key] = str_starts_with($value, '!') ? !$data[substr($value, 1)] : $data[$value];
}
return $map;
}
public static function mapActions($id, $data = [])
{
$res = [];
$map = [
'account-force-private' => 'private',
'account-ignore-follow-requests' => 'private',
'can-view-public-feed' => 'discovery_feeds',
'can-view-network-feed' => 'discovery_feeds',
'can-view-discover' => 'discovery_feeds',
'can-view-hashtag-feed' => 'discovery_feeds',
'can-post' => 'post',
'can-comment' => 'comment',
'can-like' => 'like',
'can-share' => 'share',
'can-follow' => 'follow',
'can-make-public' => '!private',
'can-direct-message' => 'dms',
'can-use-stories' => 'story',
'can-view-sensitive' => '!hide_cw',
'can-bookmark' => 'bookmark',
'can-collections' => 'collection',
'can-federation' => 'federation',
];
foreach ($map as $key => $value) {
if(!isset($data[$value]) && !isset($data[substr($value, 1)])) {
$res[$key] = false;
continue;
}
$res[$key] = str_starts_with($value, '!') ? !$data[substr($value, 1)] : $data[$value];
}
return $res;
}
}

View file

@ -129,5 +129,15 @@ return [
'banner' => [
'blurhash' => env('INSTANCE_BANNER_BLURHASH', 'UzJR]l{wHZRjM}R%XRkCH?X9xaWEjZj]kAjt')
],
'parental_controls' => [
'enabled' => env('INSTANCE_PARENTAL_CONTROLS', false),
'limits' => [
'respect_open_registration' => env('INSTANCE_PARENTAL_CONTROLS_RESPECT_OPENREG', true),
'max_children' => env('INSTANCE_PARENTAL_CONTROLS_MAX_CHILDREN', 1),
'auto_verify_email' => true,
],
]
];

View file

@ -24,9 +24,17 @@ return new class extends Migration
public function down(): void
{
Schema::table('users', function (Blueprint $table) {
if (Schema::hasColumn('users', 'has_roles')) {
$table->dropColumn('has_roles');
$table->dropColumn('parent_id');
}
if (Schema::hasColumn('users', 'role_id')) {
$table->dropColumn('role_id');
}
if (Schema::hasColumn('users', 'parent_id')) {
$table->dropColumn('parent_id');
}
});
}
};

View file

@ -0,0 +1,45 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('parental_controls', function (Blueprint $table) {
$table->id();
$table->unsignedInteger('parent_id')->index();
$table->unsignedInteger('child_id')->unique()->index()->nullable();
$table->string('email')->unique()->nullable();
$table->string('verify_code')->nullable();
$table->timestamp('email_sent_at')->nullable();
$table->timestamp('email_verified_at')->nullable();
$table->json('permissions')->nullable();
$table->softDeletes();
$table->timestamps();
});
Schema::table('user_roles', function (Blueprint $table) {
$table->dropIndex('user_roles_profile_id_unique');
$table->unsignedBigInteger('profile_id')->unique()->nullable()->index()->change();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('parental_controls');
Schema::table('user_roles', function (Blueprint $table) {
$table->dropIndex('user_roles_profile_id_unique');
$table->unsignedBigInteger('profile_id')->unique()->index()->change();
});
}
};

View file

@ -0,0 +1,12 @@
@php
$cid = 'col' . str_random(6);
@endphp
<p>
<a class="text-dark font-weight-bold" data-toggle="collapse" href="#{{$cid}}" role="button" aria-expanded="false" aria-controls="{{$cid}}">
<i class="fas fa-chevron-down mr-2"></i>
{{ $title }}
</a>
<div class="collapse" id="{{$cid}}">
{{ $slot }}
</div>
</p>

View file

@ -0,0 +1,18 @@
<x-mail::message>
# You've been invited to join Pixelfed!
<x-mail::panel>
A parent account with the username **{{ $verify->parent->username }}** has invited you to join Pixelfed with a special youth account managed by them.
If you do not recognize this account as your parents or a trusted guardian, please check with them first.
</x-mail::panel>
<x-mail::button :url="$verify->inviteUrl()">
Accept Invite
</x-mail::button>
Thanks,<br>
Pixelfed
<small>This email is automatically generated. Please do not reply to this message.</small>
</x-mail::message>

View file

@ -0,0 +1,10 @@
@extends('layouts.app')
@section('content')
<div class="container">
<div class="error-page py-5 my-5 text-center">
<h3 class="font-weight-bold">{!! $title ?? config('instance.page.404.header')!!}</h3>
<p class="lead">{!! $body ?? config('instance.page.404.body')!!}</p>
</div>
</div>
@endsection

View file

@ -1,33 +1,14 @@
@extends('layouts.app')
@extends('settings.template')
@section('content')
@if (session('status'))
<div class="alert alert-primary px-3 h6 text-center">
{{ session('status') }}
</div>
@endif
@if ($errors->any())
<div class="alert alert-danger px-3 h6 text-center">
@foreach($errors->all() as $error)
<p class="font-weight-bold mb-1">{{ $error }}</p>
@endforeach
</div>
@endif
@if (session('error'))
<div class="alert alert-danger px-3 h6 text-center">
{{ session('error') }}
</div>
@endif
@section('section')
<div class="container">
<div class="col-12">
<div class="card shadow-none border mt-5">
<div class="card-body">
<div class="row">
<div class="col-12 p-3 p-md-5">
<div class="title">
<h3 class="font-weight-bold">Email Settings</h3>
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="/settings/home"><i class="far fa-chevron-left fa-lg"></i></a></p>
<h3 class="font-weight-bold mb-0">Email Settings</h3>
</div>
</div>
<hr>
<form method="post" action="{{route('settings.email')}}">
@csrf
@ -52,12 +33,4 @@
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
@endsection

View file

@ -0,0 +1,59 @@
@extends('settings.template-vue')
@section('section')
<form class="d-flex h-100 flex-column" method="post">
@csrf
<div class="d-flex h-100 flex-column">
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="/settings/parental-controls"><i class="far fa-chevron-left fa-lg"></i></a></p>
<h3 class="font-weight-bold mb-0">Add child</h3>
</div>
</div>
<hr />
<div class="d-flex flex-column flex-grow-1">
<h4>Choose your child's policies</h4>
<div class="mb-4">
<p class="font-weight-bold mb-1">Allowed Actions</p>
@include('settings.parental-controls.checkbox', ['name' => 'post', 'title' => 'Post', 'checked' => true])
@include('settings.parental-controls.checkbox', ['name' => 'comment', 'title' => 'Comment', 'checked' => true])
@include('settings.parental-controls.checkbox', ['name' => 'like', 'title' => 'Like', 'checked' => true])
@include('settings.parental-controls.checkbox', ['name' => 'share', 'title' => 'Share', 'checked' => true])
@include('settings.parental-controls.checkbox', ['name' => 'follow', 'title' => 'Follow'])
@include('settings.parental-controls.checkbox', ['name' => 'bookmark', 'title' => 'Bookmark'])
@include('settings.parental-controls.checkbox', ['name' => 'story', 'title' => 'Add to story'])
@include('settings.parental-controls.checkbox', ['name' => 'collection', 'title' => 'Add to collection'])
</div>
<div class="mb-4">
<p class="font-weight-bold mb-1">Enabled features</p>
@include('settings.parental-controls.checkbox', ['name' => 'discovery_feeds', 'title' => 'Discovery Feeds'])
@include('settings.parental-controls.checkbox', ['name' => 'dms', 'title' => 'Direct Messages'])
@include('settings.parental-controls.checkbox', ['name' => 'federation', 'title' => 'Federation'])
</div>
<div class="mb-4">
<p class="font-weight-bold mb-1">Preferences</p>
@include('settings.parental-controls.checkbox', ['name' => 'hide_network', 'title' => 'Hide my child\'s connections'])
@include('settings.parental-controls.checkbox', ['name' => 'private', 'title' => 'Make my child\'s account private'])
@include('settings.parental-controls.checkbox', ['name' => 'hide_cw', 'title' => 'Hide sensitive media'])
</div>
</div>
<div>
<div class="form-group">
<label class="font-weight-bold mb-0">Email address</label>
<p class="help-text lh-1 small">Where should we send this invite?</p>
<input class="form-control" placeholder="Enter your childs email address" name="email" required>
</div>
<button class="btn btn-dark btn-block font-weight-bold">Add Child</button>
</div>
</div>
</form>
@endsection

View file

@ -0,0 +1,7 @@
@php
$id = str_random(6) . '_' . str_slug($name);
$defaultChecked = isset($checked) && $checked ? 'checked=""' : '';
@endphp<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="{{$id}}" name="{{$name}}" {!!$defaultChecked!!}>
<label class="custom-control-label pl-2" for="{{$id}}">{{ $title }}</label>
</div>

View file

@ -0,0 +1,44 @@
@if($state)
<div class="card shadow-none border">
@if($state === 'sent_invite')
<div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
<i class="far fa-envelope fa-3x"></i>
<p class="lead mb-0 font-weight-bold">Child Invite Sent!</p>
<div class="list-group">
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
<div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child joined via invite</div>
<div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child account is active</div>
</div>
</div>
@elseif($state === 'awaiting_email_confirmation')
<div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
<i class="far fa-envelope fa-3x"></i>
<p class="lead mb-0 font-weight-bold">Child Invite Sent!</p>
<div class="list-group">
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child joined via invite</div>
<div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child account is active</div>
</div>
</div>
@elseif($state === 'active')
<div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
<i class="far fa-check-circle fa-3x text-success"></i>
<p class="lead mb-0 font-weight-bold">Child Account Active</p>
<div class="list-group">
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child joined via invite</div>
<div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child account is active</div>
</div>
<a class="btn btn-dark font-weight-bold px-5" href="{{ $pc->childAccount()['url'] }}">View Account</a>
</div>
@endif
</div>
@else
@endif

View file

@ -0,0 +1,32 @@
@extends('settings.template-vue')
@section('section')
<form class="d-flex h-100 flex-column" method="post">
@csrf
<div class="d-flex h-100 flex-column" style="gap: 1rem;">
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="{{ $pc->manageUrl() }}?actions"><i class="far fa-chevron-left fa-lg"></i></a></p>
<div>
<h3 class="font-weight-bold mb-0">Cancel child invite</h3>
<p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
</div>
</div>
</div>
<div>
<hr />
</div>
<div class="d-flex bg-light align-items-center justify-content-center flex-grow-1 flex-column">
<p>
<i class="far fa-exclamation-triangle fa-3x"></i>
</p>
<h4>Are you sure you want to cancel this invite?</h4>
<p>The child you invited will not be able to join if you cancel the invite.</p>
</div>
<button type="submit" class="btn btn-danger btn-block font-weight-bold">Cancel invite</button>
</div>
</form>
@endsection

View file

@ -0,0 +1,62 @@
@extends('settings.template-vue')
@section('section')
<div class="d-flex h-100 flex-column">
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="/settings/home"><i class="far fa-chevron-left fa-lg"></i></a></p>
<h3 class="font-weight-bold mb-0">Parental Controls</h3>
</div>
</div>
<hr />
@if($children->count())
<div class="d-flex flex-column flex-grow-1 w-100">
<div class="list-group w-100">
@foreach($children as $child)
<a class="list-group-item d-flex align-items-center text-decoration-none text-dark" href="{{ $child->manageUrl() }}" style="gap: 1rem;">
<img src="/storage/avatars/default.png" width="40" height="40" class="rounded-circle" />
<div class="flex-grow-1">
@if($child->child_id && $child->email_verified_at)
<p class="font-weight-bold mb-0" style="line-height: 1.5;">&commat;{{ $child->childAccount()['username'] }}</p>
<p class="small text-muted mb-0" style="line-height: 1;">{{ $child->childAccount()['display_name'] }}</p>
@else
<p class="font-weight-light mb-0 text-danger" style="line-height: 1.5;">Invite Pending</p>
<p class="mb-0 small" style="line-height: 1;">{{ $child->email }}</p>
@endif
</div>
<div class="font-weight-bold small text-lighter" style="line-height:1;">
<i class="far fa-clock mr-1"></i>
{{ $child->updated_at->diffForHumans() }}
</div>
</a>
@endforeach
</div>
<div class="mt-3">
{{ $children->links() }}
</div>
</div>
@else
<div class="d-flex flex-grow-1 bg-light mb-3 rounded p-4">
<p>You are not managing any children accounts.</p>
</div>
@endif
<div class="d-flex justify-content-between align-items-center">
<a class="btn btn-outline-dark font-weight-bold py-2 px-4" href="{{ route('settings.pc.add') }}">
<i class="far fa-plus mr-2"></i> Add Child
</a>
<div class="font-weight-bold">
<span>{{ $children->total() }}/{{ config('instance.parental_controls.limits.max_children') }}</span>
<span>children added</span>
</div>
</div>
</div>
@endsection

View file

@ -0,0 +1,115 @@
@extends('layouts.app')
@section('content')
<div class="container mt-4">
<div class="row justify-content-center">
<div class="col-lg-5">
<div class="card shadow-none border mb-3">
<a
class="card-body d-flex flex-column justify-content-center align-items-center text-decoration-none"
href="{{ $pc->parent->url() }}"
target="_blank">
<p class="text-center font-weight-bold text-muted">You've been invited by:</p>
<div class="media align-items-center">
<img
src="{{ $pc->parent->avatarUrl() }}"
width="30"
height="30"
class="rounded-circle mr-2"
draggable="false"
onerror="this.onerror=null;this.src='/storage/avatars/default.png?v=0';">
<div class="media-body">
<p class="lead font-weight-bold mb-0 text-dark" style="line-height: 1;">&commat;{{ $pc->parent->username }}</p>
</div>
</div>
</a>
</div>
<div class="card shadow-none border">
<div class="card-header bg-white p-3 text-center font-weight-bold">Create your Account</div>
<div class="card-body">
<form method="POST" class="px-md-3">
@csrf
<input type="hidden" name="rt" value="{{ (new \App\Http\Controllers\Auth\RegisterController())->getRegisterToken() }}">
<div class="form-group row">
<div class="col-md-12">
<label class="small font-weight-bold text-lighter">Name</label>
<input id="name" type="text" class="form-control{{ $errors->has('name') ? ' is-invalid' : '' }}" name="name" value="{{ old('name') }}" placeholder="{{ __('Name') }}" required autofocus>
@if ($errors->has('name'))
<span class="invalid-feedback">
<strong>{{ $errors->first('name') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group row">
<div class="col-md-12">
<label class="small font-weight-bold text-lighter">Username</label>
<input id="username" type="text" class="form-control{{ $errors->has('username') ? ' is-invalid' : '' }}" name="username" value="{{ old('username') }}" placeholder="{{ __('Username') }}" required>
@if ($errors->has('username'))
<span class="invalid-feedback">
<strong>{{ $errors->first('username') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group row">
<div class="col-md-12">
<label class="small font-weight-bold text-lighter">Password</label>
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{ __('Password') }}" required>
@if ($errors->has('password'))
<span class="invalid-feedback">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group row">
<div class="col-md-12">
<label class="small font-weight-bold text-lighter">Confirm Password</label>
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" placeholder="{{ __('Confirm Password') }}" required>
</div>
</div>
<div class="form-group row">
<div class="col-md-12">
<div class="form-check">
<input class="form-check-input" name="agecheck" type="checkbox" value="true" id="ageCheck" required>
<label class="form-check-label" for="ageCheck">
I am at least 16 years old
</label>
</div>
</div>
</div>
@if(config('captcha.enabled') || config('captcha.active.register'))
<div class="d-flex justify-content-center my-3">
{!! Captcha::display() !!}
</div>
@endif
<p class="small">By signing up, you agree to our <a href="{{route('site.terms')}}" class="font-weight-bold text-dark">Terms of Use</a> and <a href="{{route('site.privacy')}}" class="font-weight-bold text-dark">Privacy Policy</a>, in addition, you understand that your account is managed by <span class="font-weight-bold">{{ $pc->parent->username }}</span> and they can limit your account without your permission. For more details, view the <a href="/site/kb/parental-controls" class="text-dark font-weight-bold">Parental Controls</a> help center page.</p>
<div class="form-group row">
<div class="col-md-12">
<button type="submit" class="btn btn-primary btn-block py-0 font-weight-bold">
{{ __('Register') }}
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
@endsection

View file

@ -0,0 +1,119 @@
@extends('settings.template-vue')
@section('section')
<form class="d-flex h-100 flex-column" method="post">
@csrf
<div class="d-flex h-100 flex-column">
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="/settings/parental-controls"><i class="far fa-chevron-left fa-lg"></i></a></p>
<div>
<h3 class="font-weight-bold mb-0">Manage child</h3>
<p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
</div>
</div>
<button class="btn btn-dark font-weight-bold">Update</button>
</div>
<hr />
<div class="d-flex flex-column flex-grow-1">
<ul class="nav nav-pills mb-0" id="pills-tab" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active font-weight-bold" id="pills-status-tab" data-toggle="pill" data-target="#pills-status" type="button" role="tab" aria-controls="pills-status" aria-selected="true">Status</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link font-weight-bold" id="pills-permissions-tab" data-toggle="pill" data-target="#pills-permissions" type="button" role="tab" aria-controls="pills-permissions" aria-selected="false">Permissions</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link font-weight-bold" id="pills-details-tab" data-toggle="pill" data-target="#pills-details" type="button" role="tab" aria-controls="pills-details" aria-selected="false">Account Details</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link font-weight-bold" id="pills-actions-tab" data-toggle="pill" data-target="#pills-actions" type="button" role="tab" aria-controls="pills-actions" aria-selected="false">Actions</button>
</li>
</ul>
<div>
<hr>
</div>
<div class="tab-content" id="pills-tabContent">
<div class="tab-pane fade show active" id="pills-status" role="tabpanel" aria-labelledby="pills-status-tab">
@if(!$pc->child_id && !$pc->email_verified_at)
@include('settings.parental-controls.child-status', ['state' => 'sent_invite'])
@elseif($pc->child_id && !$pc->email_verified_at)
@include('settings.parental-controls.child-status', ['state' => 'awaiting_email_confirmation'])
@elseif($pc->child_id && $pc->email_verified_at)
@include('settings.parental-controls.child-status', ['state' => 'active'])
@else
@include('settings.parental-controls.child-status', ['state' => 'sent_invite'])
@endif
</div>
<div class="tab-pane fade" id="pills-permissions" role="tabpanel" aria-labelledby="pills-permissions-tab">
<div class="mb-4">
<p class="font-weight-bold mb-1">Allowed Actions</p>
@include('settings.parental-controls.checkbox', ['name' => 'post', 'title' => 'Post', 'checked' => $pc->permissions['post']])
@include('settings.parental-controls.checkbox', ['name' => 'comment', 'title' => 'Comment', 'checked' => $pc->permissions['comment']])
@include('settings.parental-controls.checkbox', ['name' => 'like', 'title' => 'Like', 'checked' => $pc->permissions['like']])
@include('settings.parental-controls.checkbox', ['name' => 'share', 'title' => 'Share', 'checked' => $pc->permissions['share']])
@include('settings.parental-controls.checkbox', ['name' => 'follow', 'title' => 'Follow', 'checked' => $pc->permissions['follow']])
@include('settings.parental-controls.checkbox', ['name' => 'bookmark', 'title' => 'Bookmark', 'checked' => $pc->permissions['bookmark']])
@include('settings.parental-controls.checkbox', ['name' => 'story', 'title' => 'Add to story', 'checked' => $pc->permissions['story']])
@include('settings.parental-controls.checkbox', ['name' => 'collection', 'title' => 'Add to collection', 'checked' => $pc->permissions['collection']])
</div>
<div class="mb-4">
<p class="font-weight-bold mb-1">Enabled features</p>
@include('settings.parental-controls.checkbox', ['name' => 'discovery_feeds', 'title' => 'Discovery Feeds', 'checked' => $pc->permissions['discovery_feeds']])
@include('settings.parental-controls.checkbox', ['name' => 'dms', 'title' => 'Direct Messages', 'checked' => $pc->permissions['dms']])
@include('settings.parental-controls.checkbox', ['name' => 'federation', 'title' => 'Federation', 'checked' => $pc->permissions['federation']])
</div>
<div class="mb-4">
<p class="font-weight-bold mb-1">Preferences</p>
@include('settings.parental-controls.checkbox', ['name' => 'hide_network', 'title' => 'Hide my child\'s connections', 'checked' => $pc->permissions['hide_network']])
@include('settings.parental-controls.checkbox', ['name' => 'private', 'title' => 'Make my child\'s account private', 'checked' => $pc->permissions['private']])
@include('settings.parental-controls.checkbox', ['name' => 'hide_cw', 'title' => 'Hide sensitive media', 'checked' => $pc->permissions['hide_cw']])
</div>
</div>
<div class="tab-pane fade" id="pills-details" role="tabpanel" aria-labelledby="pills-details-tab">
<div>
<div class="form-group">
<label class="font-weight-bold mb-0">Email address</label>
<input class="form-control" name="email" value="{{ $pc->email }}" disabled>
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-actions" role="tabpanel" aria-labelledby="pills-actions-tab">
<div class="d-flex flex-column" style="gap: 2rem;">
@if(!$pc->child_id && !$pc->email_verified_at)
<div>
<p class="lead font-weight-bold mb-0">Cancel Invite</p>
<p class="small text-muted">Cancel the child invite and prevent it from being used.</p>
<a class="btn btn-outline-dark px-5" href="{{ route('settings.pc.cancel-invite', ['id' => $pc->id]) }}"><i class="fas fa-user-minus mr-1"></i> Cancel Invite</a>
</div>
@else
<div>
<p class="lead font-weight-bold mb-0">Stop Managing</p>
<p class="small text-muted">Transition account to a regular account without parental controls.</p>
<a class="btn btn-outline-dark px-5" href="{{ route('settings.pc.stop-managing', ['id' => $pc->id]) }}"><i class="fas fa-user-minus mr-1"></i> Stop Managing Child</a>
</div>
@endif
</div>
</div>
</div>
</div>
</div>
</form>
@endsection
@push('scripts')
<script type="text/javascript">
@if(request()->has('permissions'))
$('#pills-tab button[data-target="#pills-permissions"]').tab('show')
@elseif(request()->has('actions'))
$('#pills-tab button[data-target="#pills-actions"]').tab('show')
@endif
</script>
@endpush

View file

@ -0,0 +1,32 @@
@extends('settings.template-vue')
@section('section')
<form class="d-flex h-100 flex-column" method="post">
@csrf
<div class="d-flex h-100 flex-column" style="gap: 1rem;">
<div class="d-flex justify-content-between align-items-center">
<div class="title d-flex align-items-center" style="gap: 1rem;">
<p class="mb-0"><a href="{{ $pc->manageUrl() }}?actions"><i class="far fa-chevron-left fa-lg"></i></a></p>
<div>
<h3 class="font-weight-bold mb-0">Stop Managing Child</h3>
<p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
</div>
</div>
</div>
<div>
<hr />
</div>
<div class="d-flex bg-light align-items-center justify-content-center flex-grow-1 flex-column">
<p>
<i class="far fa-exclamation-triangle fa-3x"></i>
</p>
<h4>Confirm Stop Managing this Account?</h4>
<p>This child account will be transitioned to a regular account without any limitations.</p>
</div>
<button type="submit" class="btn btn-danger btn-block font-weight-bold">Stop Managing</button>
</div>
</form>
@endsection

View file

@ -9,17 +9,17 @@
<li class="nav-item pl-3 {{request()->is('settings/email')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.email')}}">Email</a>
</li>
@if(config('pixelfed.user_invites.enabled'))
{{-- @if(config('pixelfed.user_invites.enabled'))
<li class="nav-item pl-3 {{request()->is('settings/invites*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.invites')}}">Invites</a>
</li>
@endif
@endif --}}
<li class="nav-item pl-3 {{request()->is('settings/media*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.media')}}">Media</a>
</li>
<li class="nav-item pl-3 {{request()->is('settings/notifications')?'active':''}}">
{{-- <li class="nav-item pl-3 {{request()->is('settings/notifications')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.notifications')}}">Notifications</a>
</li>
</li> --}}
<li class="nav-item pl-3 {{request()->is('settings/password')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.password')}}">Password</a>
</li>
@ -38,17 +38,8 @@
<li class="nav-item">
<hr>
</li>
<li class="nav-item pl-3 {{request()->is('*import*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.import')}}">Import</a>
</li>
<li class="nav-item pl-3 {{request()->is('settings/data-export')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.dataexport')}}">Export</a>
</li>
@if(config_cache('pixelfed.oauth_enabled') == true)
<li class="nav-item">
<hr>
</li>
<li class="nav-item pl-3 {{request()->is('settings/applications')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.applications')}}">Applications</a>
</li>
@ -57,12 +48,22 @@
</li>
@endif
<li class="nav-item">
<hr>
<li class="nav-item pl-3 {{request()->is('*import*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.import')}}">Import</a>
</li>
<li class="nav-item pl-3 {{request()->is('settings/data-export')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.dataexport')}}">Export</a>
</li>
<li class="nav-item pl-3 {{request()->is('settings/labs*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.labs')}}">Labs</a>
</li>
@if(config('instance.parental_controls.enabled'))
<li class="nav-item pl-3 {{request()->is('settings/parental-controls*')?'active':''}}">
<a class="nav-link font-weight-light text-muted" href="{{route('settings.parental-controls')}}">Parental Controls</a>
</li>
@endif
</ul>
</div>

View file

@ -0,0 +1,47 @@
@extends('site.help.partial.template', ['breadcrumb'=>'Parental Controls'])
@section('section')
<div class="title">
<h3 class="font-weight-bold">Parental Controls</h3>
</div>
<hr>
<p>In the digital age, ensuring your children's online safety is paramount. Designed with both fun and safety in mind, this feature allows parents to create child accounts, tailor-made for a worry-free social media experience.</p>
<p class="font-weight-bold text-center">Key Features:</p>
<ul>
<li><strong>Child Account Creation</strong>: Easily set up a child account with just a few clicks. This account is linked to your own, giving you complete oversight.</li>
<li><strong>Post Control</strong>: Decide if your child can post content. This allows you to ensure they're only sharing what's appropriate and safe.</li>
<li><strong>Comment Management</strong>: Control whether your child can comment on posts. This helps in safeguarding them from unwanted interactions and maintaining a positive online environment.</li>
<li><strong>Like & Share Restrictions</strong>: You have the power to enable or disable the ability to like and share posts. This feature helps in controlling the extent of your child's social media engagement.</li>
<li><strong>Disable Federation</strong>: For added safety, you can choose to disable federation for your child's account, limiting their interaction to a more controlled environment.</li>
</ul>
<hr>
<x-collapse title="How do I create a child account?">
<div>
@if(config('instance.parental_controls.enabled'))
<ol>
<li>Click <a href="/settings/parental-controls">here</a> and tap on the <strong>Add Child</strong> button in the bottom left corner</li>
<li>Select the Allowed Actions, Enabled features and Preferences</li>
<li>Enter your childs email address</li>
<li>Press the <strong>Add Child</strong> buttton</li>
<li>Open your childs email and tap on the <strong>Accept Invite</strong> button in the email, ensure your parent username is present in the email</li>
<li>Fill out the child display name, username and password</li>
<li>Press <strong>Register</strong> and your child account will be active!</li>
</ol>
@else
<p>This feature has been disabled by server admins.</p>
@endif
</div>
</x-collapse>
@if(config('instance.parental_controls.enabled'))
<x-collapse title="How many child accounts can I create/manage?">
<div>
You can create and manage up to <strong>{{ config('instance.parental_controls.limits.max_children') }}</strong> child accounts.
</div>
</x-collapse>
@endif
@endsection

View file

@ -200,6 +200,8 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
Route::post('auth/raw/mastodon/s/account-to-id', 'RemoteAuthController@accountToId');
Route::post('auth/raw/mastodon/s/finish-up', 'RemoteAuthController@finishUp');
Route::post('auth/raw/mastodon/s/login', 'RemoteAuthController@handleLogin');
Route::get('auth/pci/{id}/{code}', 'ParentalControlsController@inviteRegister');
Route::post('auth/pci/{id}/{code}', 'ParentalControlsController@inviteRegisterStore');
Route::get('discover', 'DiscoverController@home')->name('discover');
@ -534,6 +536,16 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
});
Route::get('parental-controls', 'ParentalControlsController@index')->name('settings.parental-controls')->middleware('dangerzone');
Route::get('parental-controls/add', 'ParentalControlsController@add')->name('settings.pc.add')->middleware('dangerzone');
Route::post('parental-controls/add', 'ParentalControlsController@store')->middleware('dangerzone');
Route::get('parental-controls/manage/{id}', 'ParentalControlsController@view')->middleware('dangerzone');
Route::post('parental-controls/manage/{id}', 'ParentalControlsController@update')->middleware('dangerzone');
Route::get('parental-controls/manage/{id}/cancel-invite', 'ParentalControlsController@cancelInvite')->name('settings.pc.cancel-invite')->middleware('dangerzone');
Route::post('parental-controls/manage/{id}/cancel-invite', 'ParentalControlsController@cancelInviteHandle')->middleware('dangerzone');
Route::get('parental-controls/manage/{id}/stop-managing', 'ParentalControlsController@stopManaging')->name('settings.pc.stop-managing')->middleware('dangerzone');
Route::post('parental-controls/manage/{id}/stop-managing', 'ParentalControlsController@stopManagingHandle')->middleware('dangerzone');
Route::get('applications', 'SettingsController@applications')->name('settings.applications')->middleware('dangerzone');
Route::get('data-export', 'SettingsController@dataExport')->name('settings.dataexport')->middleware('dangerzone');
Route::post('data-export/following', 'SettingsController@exportFollowing')->middleware('dangerzone');
@ -618,6 +630,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
Route::view('licenses', 'site.help.licenses')->name('help.licenses');
Route::view('instance-max-users-limit', 'site.help.instance-max-users')->name('help.instance-max-users-limit');
Route::view('import', 'site.help.import')->name('help.import');
Route::view('parental-controls', 'site.help.parental-controls');
});
Route::get('newsroom/{year}/{month}/{slug}', 'NewsroomController@show');
Route::get('newsroom/archive', 'NewsroomController@archive');