Role (#9437)

* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update create.ts

* wip

* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update CHANGELOG.md

* wip

* wip

* Update delete.ts

* Update delete.ts

* wip

* wip

* wip

* Update account-info.vue

* wip

* wip

* Update settings.vue

* Update user-info.vue

* wip

* Update show-file.ts

* Update show-user.ts

* wip

* wip

* Update delete.ts

* wip

* wip

* Update overview.moderators.vue

* Create 1673500412259-Role.js

* wip

* wip

* Update roles.vue

* 色

* Update roles.vue

* integrate silence

* wip

* wip

packages/backend/src/server/api/endpoints/admin/roles/assign.ts

@@ -0,0 +1,96 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RoleAssignmentsRepository, RolesRepository, UsersRepository } from '@/models/index.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+import { IdService } from '@/core/IdService.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { RoleService } from '@/core/RoleService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireModerator: true,
+
+	errors: {
+		noSuchRole: {
+			message: 'No such role.',
+			code: 'NO_SUCH_ROLE',
+			id: '6503c040-6af4-4ed9-bf07-f2dd16678eab',
+		},
+
+		noSuchUser: {
+			message: 'No such user.',
+			code: 'NO_SUCH_USER',
+			id: '558ea170-f653-4700-94d0-5a818371d0df',
+		},
+
+		accessDenied: {
+			message: 'Only administrators can edit members of the role.',
+			code: 'ACCESS_DENIED',
+			id: '25b5bc31-dc79-4ebd-9bd2-c84978fd052c',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		roleId: { type: 'string', format: 'misskey:id' },
+		userId: { type: 'string', format: 'misskey:id' },
+	},
+	required: [
+		'roleId',
+		'userId',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.usersRepository)
+		private usersRepository: UsersRepository,
+
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		@Inject(DI.roleAssignmentsRepository)
+		private roleAssignmentsRepository: RoleAssignmentsRepository,
+
+		private globalEventService: GlobalEventService,
+		private roleService: RoleService,
+		private idService: IdService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
+			if (role == null) {
+				throw new ApiError(meta.errors.noSuchRole);
+			}
+
+			if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
+				throw new ApiError(meta.errors.accessDenied);
+			}
+
+			const user = await this.usersRepository.findOneBy({ id: ps.userId });
+			if (user == null) {
+				throw new ApiError(meta.errors.noSuchUser);
+			}
+
+			const date = new Date();
+			const created = await this.roleAssignmentsRepository.insert({
+				id: this.idService.genId(),
+				createdAt: date,
+				roleId: role.id,
+				userId: user.id,
+			}).then(x => this.roleAssignmentsRepository.findOneByOrFail(x.identifiers[0]));
+
+			this.rolesRepository.update(ps.roleId, {
+				lastUsedAt: new Date(),
+			});
+	
+			this.globalEventService.publishInternalEvent('userRoleAssigned', created);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/create.ts

@@ -0,0 +1,75 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { DI } from '@/di-symbols.js';
+import { IdService } from '@/core/IdService.js';
+import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireAdmin: true,
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		name: { type: 'string' },
+		description: { type: 'string' },
+		color: { type: 'string', nullable: true },
+		isPublic: { type: 'boolean' },
+		isModerator: { type: 'boolean' },
+		isAdministrator: { type: 'boolean' },
+		canEditMembersByModerator: { type: 'boolean' },
+		options: {
+			type: 'object',
+		},
+	},
+	required: [
+		'name',
+		'description',
+		'color',
+		'isPublic',
+		'isModerator',
+		'isAdministrator',
+		'canEditMembersByModerator',
+		'options',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		private globalEventService: GlobalEventService,
+		private idService: IdService,
+		private roleEntityService: RoleEntityService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const date = new Date();
+			const created = await this.rolesRepository.insert({
+				id: this.idService.genId(),
+				createdAt: date,
+				updatedAt: date,
+				lastUsedAt: date,
+				name: ps.name,
+				description: ps.description,
+				color: ps.color,
+				isPublic: ps.isPublic,
+				isAdministrator: ps.isAdministrator,
+				isModerator: ps.isModerator,
+				canEditMembersByModerator: ps.canEditMembersByModerator,
+				options: ps.options,
+			}).then(x => this.rolesRepository.findOneByOrFail(x.identifiers[0]));
+	
+			this.globalEventService.publishInternalEvent('roleCreated', created);
+
+			return await this.roleEntityService.pack(created, me);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/delete.ts

@@ -0,0 +1,53 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireAdmin: true,
+
+	errors: {
+		noSuchRole: {
+			message: 'No such role.',
+			code: 'NO_SUCH_ROLE',
+			id: 'de0d6ecd-8e0a-4253-88ff-74bc89ae3d45',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		roleId: { type: 'string', format: 'misskey:id' },
+	},
+	required: [
+		'roleId',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		private globalEventService: GlobalEventService,
+	) {
+		super(meta, paramDef, async (ps) => {
+			const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
+			if (role == null) {
+				throw new ApiError(meta.errors.noSuchRole);
+			}
+			await this.rolesRepository.delete({
+				id: ps.roleId,
+			});
+			this.globalEventService.publishInternalEvent('roleDeleted', role);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/list.ts

@@ -0,0 +1,39 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireModerator: true,
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+	},
+	required: [
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		private roleEntityService: RoleEntityService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const roles = await this.rolesRepository.find({
+				order: { lastUsedAt: 'DESC' },
+			});
+			return await this.roleEntityService.packMany(roles, me, { detail: false });
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/show.ts

@@ -0,0 +1,50 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireModerator: true,
+
+	errors: {
+		noSuchRole: {
+			message: 'No such role.',
+			code: 'NO_SUCH_ROLE',
+			id: '07dc7d34-c0d8-49b7-96c6-db3ce64ee0b3',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		roleId: { type: 'string', format: 'misskey:id' },
+	},
+	required: [
+		'roleId',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		private roleEntityService: RoleEntityService,
+	) {
+		super(meta, paramDef, async (ps) => {
+			const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
+			if (role == null) {
+				throw new ApiError(meta.errors.noSuchRole);
+			}
+			return await this.roleEntityService.pack(role);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/unassign.ts

@@ -0,0 +1,101 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RoleAssignmentsRepository, RolesRepository, UsersRepository } from '@/models/index.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+import { IdService } from '@/core/IdService.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { RoleService } from '@/core/RoleService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireModerator: true,
+
+	errors: {
+		noSuchRole: {
+			message: 'No such role.',
+			code: 'NO_SUCH_ROLE',
+			id: '6e519036-a70d-4c76-b679-bc8fb18194e2',
+		},
+
+		noSuchUser: {
+			message: 'No such user.',
+			code: 'NO_SUCH_USER',
+			id: '2b730f78-1179-461b-88ad-d24c9af1a5ce',
+		},
+
+		notAssigned: {
+			message: 'Not assigned.',
+			code: 'NOT_ASSIGNED',
+			id: 'b9060ac7-5c94-4da4-9f55-2047c953df44',
+		},
+
+		accessDenied: {
+			message: 'Only administrators can edit members of the role.',
+			code: 'ACCESS_DENIED',
+			id: '24636eee-e8c1-493e-94b2-e16ad401e262',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		roleId: { type: 'string', format: 'misskey:id' },
+		userId: { type: 'string', format: 'misskey:id' },
+	},
+	required: [
+		'roleId',
+		'userId',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.usersRepository)
+		private usersRepository: UsersRepository,
+
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		@Inject(DI.roleAssignmentsRepository)
+		private roleAssignmentsRepository: RoleAssignmentsRepository,
+
+		private globalEventService: GlobalEventService,
+		private roleService: RoleService,
+		private idService: IdService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
+			if (role == null) {
+				throw new ApiError(meta.errors.noSuchRole);
+			}
+
+			if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
+				throw new ApiError(meta.errors.accessDenied);
+			}
+
+			const user = await this.usersRepository.findOneBy({ id: ps.userId });
+			if (user == null) {
+				throw new ApiError(meta.errors.noSuchUser);
+			}
+
+			const roleAssignment = await this.roleAssignmentsRepository.findOneBy({ userId: user.id, roleId: role.id });
+			if (roleAssignment == null) {
+				throw new ApiError(meta.errors.notAssigned);
+			}
+
+			await this.roleAssignmentsRepository.delete(roleAssignment.id);
+
+			this.rolesRepository.update(ps.roleId, {
+				lastUsedAt: new Date(),
+			});
+	
+			this.globalEventService.publishInternalEvent('userRoleUnassigned', roleAssignment);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/update-default-role-override.ts

@@ -0,0 +1,42 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+import { MetaService } from '@/core/MetaService.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireAdmin: true,
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		options: {
+			type: 'object',
+		},
+	},
+	required: [
+		'options',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		private metaService: MetaService,
+		private globalEventService: GlobalEventService,
+	) {
+		super(meta, paramDef, async (ps) => {
+			await this.metaService.update({
+				defaultRoleOverride: ps.options,
+			});
+			this.globalEventService.publishInternalEvent('defaultRoleOverrideUpdated', ps.options);
+		});
+	}
+}

packages/backend/src/server/api/endpoints/admin/roles/update.ts

@@ -0,0 +1,82 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RolesRepository } from '@/models/index.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '@/server/api/error.js';
+
+export const meta = {
+	tags: ['admin', 'role'],
+
+	requireCredential: true,
+	requireAdmin: true,
+
+	errors: {
+		noSuchRole: {
+			message: 'No such role.',
+			code: 'NO_SUCH_ROLE',
+			id: 'cd23ef55-09ad-428a-ac61-95a45e124b32',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		roleId: { type: 'string', format: 'misskey:id' },
+		name: { type: 'string' },
+		description: { type: 'string' },
+		color: { type: 'string', nullable: true },
+		isPublic: { type: 'boolean' },
+		isModerator: { type: 'boolean' },
+		isAdministrator: { type: 'boolean' },
+		canEditMembersByModerator: { type: 'boolean' },
+		options: {
+			type: 'object',
+		},
+	},
+	required: [
+		'roleId',
+		'name',
+		'description',
+		'color',
+		'isPublic',
+		'isModerator',
+		'isAdministrator',
+		'canEditMembersByModerator',
+		'options',
+	],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.rolesRepository)
+		private rolesRepository: RolesRepository,
+
+		private globalEventService: GlobalEventService,
+	) {
+		super(meta, paramDef, async (ps) => {
+			const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
+			if (role == null) {
+				throw new ApiError(meta.errors.noSuchRole);
+			}
+
+			const date = new Date();
+			await this.rolesRepository.update(ps.roleId, {
+				updatedAt: date,
+				name: ps.name,
+				description: ps.description,
+				color: ps.color,
+				isPublic: ps.isPublic,
+				isModerator: ps.isModerator,
+				isAdministrator: ps.isAdministrator,
+				canEditMembersByModerator: ps.canEditMembersByModerator,
+				options: ps.options,
+			});
+			const updated = await this.rolesRepository.findOneByOrFail({ id: ps.roleId });
+			this.globalEventService.publishInternalEvent('roleUpdated', updated);
+		});
+	}
+}