refactor: remove Auth facade dependencies from AlbumQueryPolicy (#3904)

Author: ildyria

app/Actions/Album/ListAlbums.php

@@ -11,8 +11,10 @@
 use App\DTO\AlbumSortingCriterion;
 use App\Models\Album;
 use App\Models\Extensions\SortingDecorator;
+use App\Policies\AlbumPolicy;
 use App\Policies\AlbumQueryPolicy;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\URL;
 use Illuminate\Support\Str;
 use Kalnoy\Nestedset\Contracts\NestedSetCollection;
@@ -34,6 +36,9 @@ public function __construct(
 	 */
 	public function do(Collection $albums_filtering, ?string $parent_id, ?int $owner_id = null): array
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$unfiltered = $this->album_query_policy->applyReachabilityFilter(
 			// We remove all sub albums
 			// Otherwise it would create cyclic dependency
@@ -47,7 +52,9 @@ function ($q) use ($albums_filtering) {
 						);
 
 						return $q;
-					})
+					}),
+			$user,
+			$unlocked_album_ids
 		);
 		$sorting = AlbumSortingCriterion::createDefault();
 		$query = (new SortingDecorator($unfiltered))

app/Actions/Albums/Flow.php

@@ -16,8 +16,10 @@
 use App\Factories\AlbumFactory;
 use App\Models\Album;
 use App\Models\Builders\AlbumBuilder;
+use App\Policies\AlbumPolicy;
 use App\Policies\AlbumQueryPolicy;
 use App\Repositories\ConfigManager;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 
 final class Flow
@@ -36,6 +38,9 @@ public function __construct(
 	 */
 	public function do(): AlbumBuilder
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$flow_base = $this->config_manager->getValueAsString('flow_base');
 		$flow_base = $flow_base === '' ? null : $flow_base;
 
@@ -62,10 +67,10 @@ public function do(): AlbumBuilder
 		$include_sub_albums = $this->config_manager->getValueAsBool('flow_include_sub_albums');
 		if ($include_sub_albums) {
 			// Now we restrict the query to only the browsable albums.
-			$query = $this->album_query_policy->applyBrowsabilityFilter($base_query, $base?->_lft, $base?->_rgt);
+			$query = $this->album_query_policy->applyBrowsabilityFilter($base_query, $user, $unlocked_album_ids, $base?->_lft, $base?->_rgt);
 		} else {
 			// We could also use browsable filter here, but reachability filter is faster.
-			$query = $this->album_query_policy->applyReachabilityFilter($base_query);
+			$query = $this->album_query_policy->applyReachabilityFilter($base_query, $user, $unlocked_album_ids);
 		}
 
 		$flow_strategy = $this->config_manager->getValueAsEnum('flow_strategy', FlowStrategy::class);

app/Actions/Albums/PositionData.php

@@ -12,8 +12,10 @@
 use App\Enum\SizeVariantType;
 use App\Http\Resources\Collections\PositionDataResource;
 use App\Models\Photo;
+use App\Policies\AlbumPolicy;
 use App\Policies\PhotoQueryPolicy;
 use App\Repositories\ConfigManager;
+use Illuminate\Support\Facades\Auth;
 
 class PositionData
 {
@@ -32,6 +34,9 @@ public function __construct(
 	 */
 	public function do(): PositionDataResource
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$photo_query = $this->photo_query_policy->applySearchabilityFilter(
 			query: Photo::query()
 				->with([
@@ -51,6 +56,8 @@ public function do(): PositionDataResource
 				])
 				->whereNotNull('latitude')
 				->whereNotNull('longitude'),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_map')
 		);

app/Actions/Albums/Top.php

@@ -66,6 +66,9 @@ public function __construct(
 	 */
 	public function get(): TopAlbumDTO
 	{
+		$user = Auth::user();
+		$user_id = $user?->id;
+
 		// Do not eagerly load the relation `photos` for each smart album.
 		// On the albums overview, we only need a thumbnail for each album.
 		/** @var BaseCollection<int,BaseSmartAlbum> $smart_albums */
@@ -74,7 +77,7 @@ public function get(): TopAlbumDTO
 			->filter(fn ($smart_album) => Gate::check(AlbumPolicy::CAN_SEE, $smart_album));
 
 		$tag_album_query = $this->album_query_policy
-			->applyVisibilityFilter(TagAlbum::query()->with(['access_permissions', 'owner']));
+			->applyVisibilityFilter(TagAlbum::query()->with(['access_permissions', 'owner']), $user);
 
 		/** @var BaseCollection<int,TagAlbum> $tag_albums */
 		$tag_albums = (new SortingDecorator($tag_album_query))
@@ -83,7 +86,7 @@ public function get(): TopAlbumDTO
 
 		$pinned_album_query = $this->album_query_policy
 			->applyVisibilityFilter(Album::query()->with(['access_permissions', 'owner'])
-			->joinSub(DB::table('base_albums')->select(['id', 'is_pinned'])->where('is_pinned', '=', true), 'pinned', 'pinned.id', '=', 'albums.id'));
+			->joinSub(DB::table('base_albums')->select(['id', 'is_pinned'])->where('is_pinned', '=', true), 'pinned', 'pinned.id', '=', 'albums.id'), $user);
 
 		/** @var BaseCollection<int,Album> $pinned_albums */
 		$pinned_albums = (new SortingDecorator($pinned_album_query))
@@ -100,9 +103,7 @@ public function get(): TopAlbumDTO
 				$this->config_manager->getValueAsBool('deduplicate_pinned_albums'),
 				fn ($q) => $q
 					->joinSub(DB::table('base_albums')->select(['id', 'is_pinned'])->where('is_pinned', '=', false), 'not_pinned', 'not_pinned.id', '=', 'albums.id')
-			));
-
-		$user_id = Auth::id();
+			), $user);
 		if ($user_id !== null) {
 			// For authenticated users we group albums by ownership.
 			$albums = (new SortingDecorator($query))

app/Actions/Photo/Timeline.php

@@ -15,11 +15,13 @@
 use App\Exceptions\Internal\LycheeInvalidArgumentException;
 use App\Exceptions\Internal\TimelineGranularityException;
 use App\Models\Photo;
+use App\Policies\AlbumPolicy;
 use App\Policies\PhotoQueryPolicy;
 use App\Repositories\ConfigManager;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 
 class Timeline
@@ -42,6 +44,9 @@ public function __construct(
 	 */
 	public function do(): Builder
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$order = $this->config_manager->getValueAsEnum('timeline_photos_order', ColumnSortingPhotoType::class);
 
 		// Safe default (should not be needed).
@@ -53,6 +58,8 @@ public function do(): Builder
 
 		return $this->photo_query_policy->applySearchabilityFilter(
 			query: Photo::query()->with(['statistics', 'size_variants', 'statistics', 'palette', 'tags', 'rating']),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_timeline')
 		)->orderBy($order->value, OrderSortingType::DESC->value);
@@ -68,6 +75,9 @@ public function do(): Builder
 	 */
 	public function countYoungerFromDate(Carbon $date): int
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$order = $this->config_manager->getValueAsEnum('timeline_photos_order', ColumnSortingPhotoType::class);
 
 		$granularity = $this->config_manager->getValueAsEnum('timeline_photos_granularity', TimelinePhotoGranularity::class);
@@ -91,6 +101,8 @@ public function countYoungerFromDate(Carbon $date): int
 			query: Photo::query()
 				->where($order->value, '>=', $date_offset)
 				->whereNotNull($order->value),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_timeline')
 		)->count();
@@ -106,6 +118,9 @@ public function countYoungerFromDate(Carbon $date): int
 	 */
 	public function countYoungerFromPhoto(Photo $photo): int
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$order = $this->config_manager->getValueAsEnum('timeline_photos_order', ColumnSortingPhotoType::class);
 
 		// Safe default (should not be needed).
@@ -125,6 +140,8 @@ public function countYoungerFromPhoto(Photo $photo): int
 					second: 'photos.' . $order->value
 				)
 				->whereNotNull('photos.' . $order->value),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_timeline')
 		)->count();
@@ -137,6 +154,9 @@ public function countYoungerFromPhoto(Photo $photo): int
 	 */
 	public function dates(): Collection
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$order = $this->config_manager->getValueAsEnum('timeline_photos_order', ColumnSortingPhotoType::class);
 
 		// Safe default (should not be needed).
@@ -170,6 +190,8 @@ public function dates(): Collection
 
 				->selectRaw(sprintf($formatter, $order->value, $date_format) . ' as date')
 				->whereNotNull($order->value),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_timeline')
 		)->groupBy('date')

app/Actions/RSS/Generate.php

@@ -14,6 +14,7 @@
 use App\Exceptions\Internal\FrameworkException;
 use App\Models\Extensions\UTCBasedTimes;
 use App\Models\Photo;
+use App\Policies\AlbumPolicy;
 use App\Policies\PhotoQueryPolicy;
 use App\Repositories\ConfigManager;
 use App\Services\UrlGenerator;
@@ -22,6 +23,7 @@
 use Illuminate\Contracts\Container\BindingResolutionException;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Spatie\Feed\FeedItem;
 
@@ -72,6 +74,9 @@ private function toFeedItem(object $data): FeedItem
 	 */
 	public function do(): Collection
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$rss_recent = $this->config_manager->getValueAsInt('rss_recent_days');
 		$rss_max = $this->config_manager->getValueAsInt('rss_max_items');
 		try {
@@ -84,6 +89,8 @@ public function do(): Collection
 		$photos = $this->photo_query_policy
 			->applySearchabilityFilter(
 				query: Photo::query(),
+				user: $user,
+				unlocked_album_ids: $unlocked_album_ids,
 				origin: null,
 				include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_rss')
 			)

app/Actions/Search/AlbumSearch.php

@@ -17,8 +17,10 @@
 use App\Models\Builders\TagAlbumBuilder;
 use App\Models\Extensions\SortingDecorator;
 use App\Models\TagAlbum;
+use App\Policies\AlbumPolicy;
 use App\Policies\AlbumQueryPolicy;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Facades\Auth;
 
 class AlbumSearch
 {
@@ -36,10 +38,13 @@ public function __construct(
 	 */
 	public function queryTagAlbums(array $terms): Collection
 	{
+		$user = Auth::user();
+
 		// Note: `applyVisibilityFilter` already adds a JOIN clause with `base_albums`.
 		// No need to add a second JOIN clause.
 		$album_query = $this->album_query_policy->applyVisibilityFilter(
-			TagAlbum::query()
+			TagAlbum::query(),
+			$user
 		);
 		$this->addSearchCondition($terms, $album_query);
 
@@ -60,13 +65,16 @@ public function queryTagAlbums(array $terms): Collection
 	 */
 	public function queryAlbums(array $terms, ?Album $album = null): Collection
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$album_query = Album::query()
 			->select(['albums.*'])
 			->join('base_albums', 'base_albums.id', '=', 'albums.id')
 			->when($album !== null, fn ($q) => $q->where('albums._lft', '>=', $album->_lft)
 				->where('albums._rgt', '<=', $album->_rgt));
 		$this->addSearchCondition($terms, $album_query);
-		$this->album_query_policy->applyBrowsabilityFilter($album_query);
+		$this->album_query_policy->applyBrowsabilityFilter($album_query, $user, $unlocked_album_ids);
 
 		$sorting = AlbumSortingCriterion::createDefault();
 

app/Actions/Search/PhotoSearch.php

@@ -14,10 +14,12 @@
 use App\Models\Album;
 use App\Models\Extensions\SortingDecorator;
 use App\Models\Photo;
+use App\Policies\AlbumPolicy;
 use App\Policies\PhotoQueryPolicy;
 use App\Repositories\ConfigManager;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Facades\Auth;
 
 class PhotoSearch
 {
@@ -55,8 +57,13 @@ public function query(array $terms): Collection
 	 */
 	public function sqlQuery(array $terms, ?Album $album = null): Builder
 	{
+		$user = Auth::user();
+		$unlocked_album_ids = AlbumPolicy::getUnlockedAlbumIDs();
+
 		$query = $this->photo_query_policy->applySearchabilityFilter(
 			query: Photo::query()->with(['albums', 'statistics', 'size_variants', 'palette', 'tags', 'rating']),
+			user: $user,
+			unlocked_album_ids: $unlocked_album_ids,
 			origin: $album,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_search')
 		);

app/Actions/Shop/BasketService.php

@@ -17,7 +17,9 @@
 use App\Models\Order;
 use App\Models\Photo;
 use App\Models\User;
+use App\Policies\AlbumPolicy;
 use App\Policies\AlbumQueryPolicy;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
 /**
@@ -139,7 +141,12 @@ public function addAlbumToBasket(
 		// up with photos that are purchasable but in albums that the user cannot see.
 		// This would lead to inconsistencies in the OrderItems.
 		if ($include_subalbums) {
-			$albums_ids = $this->album_query_policy->applyBrowsabilityFilter(Album::query()->select('id'), $album->_lft, $album->_rgt)->pluck('id')->toArray();
+			$albums_ids = $this->album_query_policy->applyBrowsabilityFilter(
+				query: Album::query()->select('id'),
+				user: Auth::user(),
+				unlocked_album_ids: AlbumPolicy::getUnlockedAlbumIDs(),
+				origin_left: $album->_lft,
+				origin_right: $album->_rgt)->pluck('id')->toArray();
 		} else {
 			$albums_ids = [$album->id];
 		}

app/Actions/Tag/GetTagWithPhotos.php

@@ -54,6 +54,7 @@ public function do(Tag $tag): TagWithPhotosResource
 
 		$photos_query = $this->photo_query_policy->applySensitivityFilter(
 			query: $base_query,
+			user: $user,
 			origin: null,
 			include_nsfw: !$this->config_manager->getValueAsBool('hide_nsfw_in_tag_listing')
 		);