Merge branch 'release/v3.0.0' of https://github.com/corowne/lorekeeper …

…into v3/world-expansion

.github/workflows/Lint.yml

@@ -1,6 +1,9 @@
 name: Lint
 
 on:
+  push:
+    branches:
+      - '**'
   pull_request:
     branches:
       - '**'
@@ -16,9 +19,9 @@ jobs:
     with:
       php-version: '8.1'
     concurrency:
-      group: ci-${{ github.head_ref }}
+      group: ci-${{ github.head_ref || github.ref_name }}
 
   blade-formatter:
     uses: itinerare/github-actions/.github/workflows/blade_formatter.yml@main
     concurrency:
-      group: ci-${{ github.head_ref }}
+      group: ci-${{ github.head_ref || github.ref_name }}

app/Helpers/Helpers.php

@@ -117,7 +117,6 @@ function parse($text, &$pings = null) {
     $config->set('Attr.EnableID', true);
     $config->set('HTML.DefinitionID', 'include');
     $config->set('HTML.DefinitionRev', 2);
-    $config->set('Cache.DefinitionImpl', null); // TODO: remove this later!
     if ($def = $config->maybeGetRawHTMLDefinition()) {
         $def->addElement('include', 'Block', 'Empty', 'Common', ['file*' => 'URI', 'height' => 'Text', 'width' => 'Text']);
         $def->addAttribute('a', 'data-toggle', 'Enum#collapse,tab');

app/Http/Controllers/Admin/Characters/CharacterImageController.php

@@ -249,6 +249,7 @@ public function getImageReupload($id) {
      * @return \Illuminate\Http\RedirectResponse
      */
     public function postImageReupload(Request $request, CharacterManager $service, $id) {
+        $request->validate(['image' => CharacterImage::$createRules['image'], 'thumbnail' => CharacterImage::$createRules['thumbnail']]);
         $data = $request->only(['image', 'thumbnail', 'x0', 'x1', 'y0', 'y1', 'use_cropper']);
         $image = CharacterImage::find($id);
         if (!$image) {

app/Http/Controllers/PermalinkController.php

@@ -16,7 +16,7 @@ class PermalinkController extends Controller {
      * @return \Illuminate\Contracts\Support\Renderable
      */
     public function getComment($id) {
-        $comments = Comment::withTrashed()->get();
+        $comments = Comment::withTrashed();
         //$comments = $comments->sortByDesc('created_at');
         $comment = $comments->find($id);
 
@@ -61,6 +61,7 @@ public function getComment($id) {
                         }
                         break;
                 }
+                break;
             case 'Staff-Staff':
                 if (!Auth::check()) {
                     abort(404);

app/Http/Controllers/Users/UserController.php

@@ -228,7 +228,7 @@ public function getUserInventory($name) {
     }
 
     /**
-     * Shows a user's profile.
+     * Shows a user's Bank.
      *
      * @param string $name
      *

app/Http/Controllers/WorldController.php

@@ -50,7 +50,7 @@ public function getCurrencies(Request $request) {
         }
 
         return view('world.currencies', [
-            'currencies' => $query->orderBy('name')->paginate(20)->appends($request->query()),
+            'currencies' => $query->orderBy('name')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -67,7 +67,7 @@ public function getRarities(Request $request) {
         }
 
         return view('world.rarities', [
-            'rarities' => $query->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            'rarities' => $query->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -86,7 +86,7 @@ public function getSpecieses(Request $request) {
         return view('world.specieses', [
             'specieses' => $query->with(['subtypes' => function ($query) {
                 $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC');
-            }])->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            }])->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -103,7 +103,7 @@ public function getSubtypes(Request $request) {
         }
 
         return view('world.subtypes', [
-            'subtypes' => $query->with('species')->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            'subtypes' => $query->with('species')->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -120,7 +120,7 @@ public function getItemCategories(Request $request) {
         }
 
         return view('world.item_categories', [
-            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -137,7 +137,7 @@ public function getFeatureCategories(Request $request) {
         }
 
         return view('world.feature_categories', [
-            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 
@@ -212,7 +212,7 @@ public function getFeatures(Request $request) {
         }
 
         return view('world.features', [
-            'features'   => $query->paginate(20)->appends($request->query()),
+            'features'   => $query->orderBy('id')->paginate(20)->appends($request->query()),
             'rarities'   => ['none' => 'Any Rarity'] + Rarity::orderBy('sort', 'DESC')->pluck('name', 'id')->toArray(),
             'specieses'  => ['none' => 'Any Species'] + ['withoutOption' => 'Without Species'] + Species::visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->pluck('name', 'id')->toArray(),
             'subtypes'   => ['none' => 'Any Subtype'] + ['withoutOption' => 'Without Subtype'] + Subtype::visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->pluck('name', 'id')->toArray(),
@@ -306,11 +306,7 @@ public function getSpeciesFeatureDetail($speciesId, $id) {
      * @return \Illuminate\Contracts\Support\Renderable
      */
     public function getItems(Request $request) {
-        $query = Item::with('category');
-
-        if (!Auth::check() || !Auth::user()->isStaff) {
-            $query->released();
-        }
+        $query = Item::with('category')->released(Auth::user() ?? null);
 
         $categoryVisibleCheck = ItemCategory::visible(Auth::check() ? Auth::user() : null)->pluck('id', 'name')->toArray();
         // query where category is visible, or, no category and released
@@ -355,7 +351,7 @@ public function getItems(Request $request) {
         }
 
         return view('world.items', [
-            'items'      => $query->paginate(20)->appends($request->query()),
+            'items'      => $query->orderBy('id')->paginate(20)->appends($request->query()),
             'categories' => ['none' => 'Any Category'] + ['withoutOption' => 'Without Category'] + ItemCategory::visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->pluck('name', 'id')->toArray(),
             'shops'      => Shop::orderBy('sort', 'DESC')->get(),
             'artists'    => ['none' => 'Any Artist'] + User::whereIn('id', Item::whereNotNull('artist_id')->pluck('artist_id')->toArray())->pluck('name', 'id')->toArray(),
@@ -372,11 +368,8 @@ public function getItems(Request $request) {
     public function getItem($id) {
         $categories = ItemCategory::orderBy('sort', 'DESC')->get();
 
-        if (!Auth::check() || !Auth::user()->isStaff) {
-            $item = Item::where('id', $id)->released()->first();
-        } else {
-            $item = Item::where('id', $id)->first();
-        }
+        $item = Item::where('id', $id)->released(Auth::user() ?? null)->first();
+
         if (!$item) {
             abort(404);
         }
@@ -409,7 +402,7 @@ public function getCharacterCategories(Request $request) {
         }
 
         return view('world.character_categories', [
-            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->paginate(20)->appends($request->query()),
+            'categories' => $query->visible(Auth::check() ? Auth::user() : null)->orderBy('sort', 'DESC')->orderBy('id')->paginate(20)->appends($request->query()),
         ]);
     }
 }

app/Http/Kernel.php

@@ -18,6 +18,7 @@ class Kernel extends HttpKernel {
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\TrustProxies::class,
+        \App\Http\Middleware\ParsePostRequestFields::class,
     ];
 
     /**

app/Http/Middleware/ParsePostRequestFields.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class ParsePostRequestFields {
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\RedirectResponse|\Illuminate\Http\Response) $next
+     *
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
+     */
+    public function handle(Request $request, Closure $next) {
+        if ($request->isMethod('post')) {
+            $excludedFields = ['_token', 'password', 'email', 'description', 'text'];
+            $strippedFields = ['name', 'title'];
+
+            $parsedFields = [];
+            foreach ($request->except($excludedFields) as $key => $value) {
+                if (is_array($value)) {
+                    $parsedFields[$key] = $this->parseArray($value, $strippedFields);
+                } else {
+                    if (is_numeric($value)) {
+                        continue;
+                    }
+
+                    if (in_array($key, $strippedFields)) { // we strip these since parse() doesn't remove HTML tags
+                        $parsedFields[$key] = parse(strip_tags($value));
+                    } else {
+                        $parsedFields[$key] = parse($value);
+                    }
+                }
+            }
+
+            $request->merge($parsedFields);
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Recursively parse array values.
+     */
+    private function parseArray(array $array, array $strippedFields): array {
+        foreach ($array as $key => $value) {
+            if (is_numeric($value)) {
+                continue;
+            }
+
+            if (is_array($value)) {
+                $array[$key] = $this->parseArray($value, $strippedFields);
+            } else {
+                if (in_array($key, $strippedFields)) {
+                    $array[$key] = parse(strip_tags($value));
+                } else {
+                    $array[$key] = parse($value);
+                }
+            }
+        }
+
+        return $array;
+    }
+}

app/Models/Character/Character.php

@@ -92,8 +92,8 @@ class Character extends Model {
         'slug'                  => 'required|alpha_dash',
         'description'           => 'nullable',
         'sale_value'            => 'nullable',
-        'image'                 => 'required|mimes:jpeg,jpg,gif,png|max:20000',
-        'thumbnail'             => 'nullable|mimes:jpeg,jpg,gif,png|max:20000',
+        'image'                 => 'required|mimes:jpeg,jpg,gif,png|max:2048',
+        'thumbnail'             => 'nullable|mimes:jpeg,jpg,gif,png|max:2048',
         'owner_url'             => 'url|nullable',
     ];
 
@@ -108,6 +108,8 @@ class Character extends Model {
         'slug'                  => 'required',
         'description'           => 'nullable',
         'sale_value'            => 'nullable',
+        'image'                 => 'nullable|mimes:jpeg,jpg,gif,png|max:2048',
+        'thumbnail'             => 'nullable|mimes:jpeg,jpg,gif,png|max:2048',
     ];
 
     /**
@@ -123,8 +125,8 @@ class Character extends Model {
         'description' => 'nullable',
         'sale_value'  => 'nullable',
         'name'        => 'required',
-        'image'       => 'nullable|mimes:jpeg,gif,png|max:20000',
-        'thumbnail'   => 'nullable|mimes:jpeg,gif,png|max:20000',
+        'image'       => 'nullable|mimes:jpeg,gif,png|max:2048',
+        'thumbnail'   => 'nullable|mimes:jpeg,gif,png|max:2048',
     ];
 
     /**********************************************************************************************
@@ -243,10 +245,15 @@ public function scopeMyo($query, $isMyo = false) {
      * Scope a query to only include visible characters.
      *
      * @param \Illuminate\Database\Eloquent\Builder $query
+     * @param mixed|null                            $user
      *
      * @return \Illuminate\Database\Eloquent\Builder
      */
-    public function scopeVisible($query) {
+    public function scopeVisible($query, $user = null) {
+        if ($user && $user->hasPower('manage_characters')) {
+            return $query;
+        }
+
         return $query->where('is_visible', 1);
     }
 

app/Models/Character/CharacterImage.php

@@ -47,8 +47,8 @@ class CharacterImage extends Model {
     public static $createRules = [
         'species_id' => 'required',
         'rarity_id'  => 'required',
-        'image'      => 'required|mimes:jpeg,jpg,gif,png,webp|max:20000',
-        'thumbnail'  => 'nullable|mimes:jpeg,jpg,gif,png,webp|max:20000',
+        'image'      => 'required|mimes:jpeg,jpg,gif,png,webp|max:2048',
+        'thumbnail'  => 'nullable|mimes:jpeg,jpg,gif,png,webp|max:2048',
     ];
 
     /**
@@ -62,6 +62,8 @@ class CharacterImage extends Model {
         'species_id'   => 'required',
         'rarity_id'    => 'required',
         'description'  => 'nullable',
+        'image'        => 'mimes:jpeg,jpg,gif,png,webp|max:2048',
+        'thumbnail'    => 'nullable|mimes:jpeg,jpg,gif,png,webp|max:2048',
     ];
 
     /**********************************************************************************************
@@ -225,7 +227,7 @@ public function getFullsizeUrlAttribute() {
     /**
      * Gets the file name of the model's fullsize image.
      *
-     * @param  user
+     * @param  User
      * @param mixed|null $user
      *
      * @return string

app/Models/Item/Item.php

@@ -145,10 +145,15 @@ public function scopeSortOldest($query) {
      * Scope a query to show only released or "released" (at least one user-owned stack has ever existed) items.
      *
      * @param \Illuminate\Database\Eloquent\Builder $query
+     * @param mixed|null                            $user
      *
      * @return \Illuminate\Database\Eloquent\Builder
      */
-    public function scopeReleased($query) {
+    public function scopeReleased($query, $user = null) {
+        if ($user && $user->hasPower('edit_data')) {
+            return $query;
+        }
+
         return $query->where('is_released', 1);
     }
 

config/lorekeeper/admin_sidebar.php

@@ -40,17 +40,27 @@
             ],
         ],
     ],
-    'Site'       => [
-        'power' => 'edit_pages',
+    'News' => [
+        'power' => 'manage_news',
         'links' => [
             [
                 'name' => 'News',
                 'url'  => 'admin/news',
             ],
+        ],
+    ],
+    'Sales' => [
+        'power' => 'manage_sales',
+        'links' => [
             [
                 'name' => 'Sales',
                 'url'  => 'admin/sales',
             ],
+        ],
+    ],
+    'Pages'       => [
+        'power' => 'edit_pages',
+        'links' => [
             [
                 'name' => 'Pages',
                 'url'  => 'admin/pages',

config/lorekeeper/notifications.php

@@ -386,7 +386,7 @@
     508 => [
         'name'    => 'Gallery Submission Rejected',
         'message' => 'Your submission <strong>{submission_title}</strong> (#{submission_id}) was rejected. (<a href="{url}">View Submission</a>)',
-        'url'     => 'submissions/queue/{submission_id}',
+        'url'     => 'gallery/queue/{submission_id}',
     ],
 
     // GALLERY_SUBMISSION_VALUED