feat: read own tickets

app/Data/Discord/GuildData.php

@@ -11,9 +11,7 @@
 class GuildData extends Data
 {
     public function __construct(
-        public readonly ?string $identity_guild_id,
-        public readonly ?string $identity_enabled,
-        public readonly ?string $tag,
-        public readonly ?string $badge,
+        public readonly string $id,
+        public readonly string $owner_id,
     ) {}
 }

app/Data/Discord/RoleData.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Data\Discord;
+
+use Spatie\LaravelData\Data;
+use Spatie\TypeScriptTransformer\Attributes\TypeScript;
+
+#[TypeScript('DiscordRoleData')]
+class RoleData extends Data
+{
+    public function __construct(
+        public readonly string $id,
+        public readonly string $name,
+    ) {}
+}

app/Data/Discord/UserData.php

@@ -20,7 +20,7 @@ public function __construct(
         public readonly ?string $banner,
         public readonly ?int $accent_color,
         public readonly ?string $global_name,
-        public readonly ?GuildData $clan,
-        public readonly ?GuildData $primary_guild,
+        public readonly ?UserGuildData $clan,
+        public readonly ?UserGuildData $primary_guild,
     ) {}
 }

app/Data/Discord/UserGuildData.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Data\Discord;
+
+use Spatie\LaravelData\Data;
+use Spatie\TypeScriptTransformer\Attributes\TypeScript;
+
+#[TypeScript('DiscordUserGuildData')]
+class UserGuildData extends Data
+{
+    public function __construct(
+        public readonly ?string $identity_guild_id,
+        public readonly ?string $identity_enabled,
+        public readonly ?string $tag,
+        public readonly ?string $badge,
+    ) {}
+}

app/Data/ReactionRoleData.php

@@ -30,7 +30,7 @@ public static function fromFaq(ReactionRole $reactionRole): self
     {
         $discordRepository = new DiscordRepository;
 
-        $role = $discordRepository->roles()->first(fn ($role) => $role['id'] === $reactionRole->role_id);
+        $role = $discordRepository->roles()?->first(fn ($role) => $role->id === $reactionRole->role_id);
 
         return new self(
             $reactionRole->id,
@@ -40,7 +40,7 @@ public static function fromFaq(ReactionRole $reactionRole): self
             $reactionRole->role_id,
             $reactionRole->created_at,
             $reactionRole->updated_at,
-            $role ? $role['name'] : 'role-not-found',
+            $role->name ?? 'role-not-found',
             DiscordMessageRule::$discordChannelLinkBase.config('services.discord.server_id').'/'.$reactionRole->channel_id.'/'.$reactionRole->message_id,
         );
     }

app/Data/Requests/CreateApplicationQuestionAnswerRequest.php

@@ -23,6 +23,6 @@ public function __construct(
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('applicationQuestionAnswer.create');
+        return $user->can('applicationAnswerQuestion.create');
     }
 }

app/Data/Requests/CreatePermissionRequest.php

@@ -48,6 +48,12 @@ class CreatePermissionRequest extends Data
         'serverContent' => [
             'resend',
         ],
+        'ticket' => [
+            'read-own',
+        ],
+        'ticketTranscript' => [
+            'read-own',
+        ],
     ];
 
     public function __construct(
@@ -60,7 +66,7 @@ public function __construct(
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('permission.read');
+        return $user->can('permission.create');
     }
 
     /**

app/Data/Requests/DeleteApplicationQuestionAnswerRequest.php

@@ -13,6 +13,6 @@ public function __construct() {}
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('applicationQuestionAnswer.delete');
+        return $user->can('applicationAnswerQuestion.delete');
     }
 }

app/Data/Requests/ReadApplicationQuestionAnswerRequest.php

@@ -13,6 +13,6 @@ public function __construct() {}
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('applicationQuestionAnswer.read');
+        return $user->can('applicationAnswerQuestion.read');
     }
 }

app/Data/Requests/ReadTicketRequest.php

@@ -13,6 +13,6 @@ public function __construct() {}
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('ticket.read');
+        return $user->canany(['ticket.read', 'ticket.read-own']);
     }
 }

app/Data/Requests/SetupTicketConfigRequest.php

@@ -24,6 +24,6 @@ public function __construct(
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('ticketConfig.setup');
+        return $user->can('ticketConfig.create');
     }
 }

app/Data/Requests/UpdateApplicationQuestionAnswerRequest.php

@@ -24,6 +24,6 @@ public function __construct(
     public static function authorize(
         #[CurrentUser] User $user,
     ): bool {
-        return $user->can('applicationQuestionAnswer.update');
+        return $user->can('applicationAnswerQuestion.update');
     }
 }

app/Data/Requests/UpdateReactionRoleRequest.php

@@ -7,9 +7,11 @@
 use App\Rules\EmojiRule;
 use App\Rules\RoleRule;
 use Illuminate\Container\Attributes\CurrentUser;
+use Spatie\LaravelData\Attributes\MergeValidationRules;
 use Spatie\LaravelData\Data;
 use Spatie\LaravelData\Optional;
 
+#[MergeValidationRules]
 class UpdateReactionRoleRequest extends Data
 {
     public function __construct(
@@ -30,9 +32,9 @@ public static function authorize(
     public static function rules(): array
     {
         return [
-            'message_link' => ['required', 'string', new DiscordMessageRule],
-            'emoji' => ['required', 'string', new EmojiRule],
-            'role_id' => ['required', 'string', new RoleRule],
+            'message_link' => [new DiscordMessageRule],
+            'emoji' => [new EmojiRule],
+            'role_id' => [new RoleRule],
         ];
     }
 }

app/Data/TicketButtonPingRoleData.php

@@ -25,13 +25,13 @@ public function __construct(
     public static function fromTicketButtonPingRole(TicketButtonPingRole $ticketButtonPingRole): self
     {
         $discordRepository = new DiscordRepository;
-        $role = $discordRepository->roles()->first(fn ($role) => $role['id'] === $ticketButtonPingRole->role_id);
+        $role = $discordRepository->roles()?->first(fn ($role) => $role->id === $ticketButtonPingRole->role_id);
 
         return new self(
             $ticketButtonPingRole->id,
             $ticketButtonPingRole->ticket_button_id,
             $ticketButtonPingRole->role_id,
-            $role ? $role['name'] : 'role-not-found',
+            $role->name ?? 'role-not-found',
             $ticketButtonPingRole->created_at,
             $ticketButtonPingRole->updated_at,
         );

app/Data/TicketTeamRoleData.php

@@ -26,13 +26,13 @@ public static function fromTicketTeamRole(TicketTeamRole $ticketTeamRole): self
     {
         $discordRepository = new DiscordRepository;
 
-        $role = $discordRepository->roles()->first(fn ($role) => $role['id'] === $ticketTeamRole->role_id);
+        $role = $discordRepository->roles()?->first(fn ($role) => $role->id === $ticketTeamRole->role_id);
 
         return new self(
             $ticketTeamRole->id,
             $ticketTeamRole->ticket_team_id,
             $ticketTeamRole->role_id,
-            $role ? $role['name'] : 'role-not-found',
+            $role->name ?? 'role-not-found',
             $ticketTeamRole->created_at,
             $ticketTeamRole->updated_at,
         );

app/Data/UserData.php

@@ -5,6 +5,7 @@
 namespace App\Data;
 
 use App\Models\User;
+use App\Repositories\DiscordRepository;
 use Illuminate\Support\Collection;
 use Spatie\LaravelData\Data;
 use Spatie\TypeScriptTransformer\Attributes\LiteralTypeScriptType;
@@ -25,15 +26,17 @@ public function __construct(
         public readonly Collection $permissions,
     ) {}
 
-    public static function fromUser(User $user, bool $isOwner = false): self
+    public static function fromUser(User $user): self
     {
+        $guild = new DiscordRepository()->guild();
+
         return new self(
             $user->id,
             $user->discord_id,
             $user->nickname,
             $user->name,
             $user->avatar,
-            $isOwner,
+            $guild && $guild->owner_id === $user->discord_id,
             $user->getPermissionsViaRoles()->pluck('name'),
         );
     }

app/Http/Controllers/ApplicationController.php

@@ -313,10 +313,6 @@ public function update(UpdateApplicationRequest $request, Application $applicati
      */
     public function destroy(DeleteApplicationRequest $request, Application $application): bool
     {
-        if (! request()->user()?->can('application.delete')) {
-            abort(403);
-        }
-
         return $application->delete() ?? false;
     }
 

app/Http/Controllers/ApplicationQuestionAnswerController.php

@@ -93,10 +93,6 @@ public function update(UpdateApplicationQuestionAnswerRequest $request, Applicat
      */
     public function destroy(DeleteApplicationQuestionAnswerRequest $request, ApplicationQuestionAnswer $applicationQuestionAnswer): bool
     {
-        if (! request()->user()?->can('applicationQuestionAnswer.delete')) {
-            abort(403);
-        }
-
         return $applicationQuestionAnswer->delete() ?? false;
     }
 }

app/Http/Controllers/DiscordController.php

@@ -34,9 +34,9 @@ public function callback(Request $request): JsonResponse
             abort(404);
         }
 
-        if (! in_array(config('services.discord.required_role'), $json['roles'])) {
-            abort(404);
-        }
+        // if (! in_array(config('services.discord.required_role'), $json['roles'])) {
+        //     abort(404);
+        // }
 
         $user = User::updateOrCreate([
             'discord_id' => $user->id,

app/Http/Controllers/MeController.php

@@ -28,30 +28,29 @@ public function __invoke(Request $request): JsonResponse
 
         $discordGuildUser = $this->discordRepository->currentUser();
 
-        $guild = $this->discordRepository->guild();
-
-        if (! isset($discordGuildUser['roles'])) {
+        if (! $discordGuildUser?->roles) {
             Cache::forget('user-'.$user->id);
             Auth::guard('web')->logout();
 
             abort(403, 'You oauth2 token expired. Please login with Discord');
         }
 
-        if (! in_array(config('services.discord.required_role'), $discordGuildUser['roles'])) {
-            Cache::forget('user-'.$user->id);
-            Auth::guard('web')->logout();
+        $userRoles = collect($discordGuildUser->roles);
 
-            abort(403, 'You do not have the required permissions.');
+        $everyoneRole = $this->discordRepository->everyoneRole();
+        if ($everyoneRole) {
+            $userRoles->push($everyoneRole->id);
         }
 
-        $roles = Role::whereIn('name', $discordGuildUser['roles'])->get()->pluck('name');
+        $roles = Role::whereIn('name', $userRoles)->get()->pluck('name');
+        $userData = UserData::from($user);
 
-        if ($guild['owner_id'] === $user->discord_id) {
+        if ($userData->is_owner) {
             $roles->push('Owner');
         }
 
         $user->syncRoles($roles);
 
-        return response()->json(UserData::from($user, $guild['owner_id'] === $user->discord_id));
+        return response()->json($userData);
     }
 }

app/Http/Controllers/ServerContentMessageController.php

@@ -11,10 +11,6 @@ class ServerContentMessageController extends Controller
 {
     public function index(ReadServerContentMessageRequest $request): ?ServerContentMessageData
     {
-        if (! request()->user()?->can('serverContentMessage.read')) {
-            abort(403);
-        }
-
         $messages = ServerContentMessage::where('server_id', config('services.discord.server_id'))->first();
 
         return $messages ? ServerContentMessageData::from($messages) : null;

app/Http/Controllers/TicketController.php

@@ -9,7 +9,9 @@
 use App\Enums\TicketState;
 use App\Models\Ticket;
 use App\Models\TicketButton;
+use App\Models\User;
 use App\Repositories\TicketRepository;
+use Illuminate\Container\Attributes\CurrentUser;
 use Illuminate\Support\Facades\Http;
 use Spatie\LaravelData\DataCollection;
 use Spatie\LaravelData\PaginatedDataCollection;
@@ -27,16 +29,23 @@ public function __construct(
      *
      * @return PaginatedDataCollection<array-key, TicketData>|DataCollection<array-key, TicketData>
      */
-    public function index(ReadTicketRequest $request): PaginatedDataCollection|DataCollection
-    {
-        $tickets = QueryBuilder::for(Ticket::class)
+    public function index(
+        #[CurrentUser] User $user,
+        ReadTicketRequest $request
+    ): PaginatedDataCollection|DataCollection {
+        $ticketsQuery = QueryBuilder::for(Ticket::class)
             ->allowedIncludes(['ticketButton.ticketTeam.ticketTeamRoles', 'ticketTranscripts'])
             ->allowedSorts('created_at')
             ->allowedFilters([
                 AllowedFilter::exact('id'),
                 AllowedFilter::exact('state'),
-            ])
-            ->getOrPaginate();
+            ]);
+
+        if ($user->cannot('ticket.read')) {
+            $ticketsQuery->where('created_by_discord_user_id', $user->discord_id);
+        }
+
+        $tickets = $ticketsQuery->getOrPaginate();
 
         if (request()->has('full')) {
             return TicketData::collect($tickets, DataCollection::class)->wrap('data');

app/Repositories/ApplicationSubmissionRepository.php

@@ -434,12 +434,13 @@ private function chunkTextBySpace(int $limit, string $text): array
 
     private function getAcceptActionRow(ApplicationSubmission $applicationSubmission): ?ActionRowData
     {
-        if ($applicationSubmission->state !== ApplicationSubmissionState::Pending) {
+        if ($applicationSubmission->state !== ApplicationSubmissionState::Pending ||
+            ! $applicationSubmission->application) {
             return null;
         }
 
         /** @var Collection<int, StringCollectorOptionData> $options */
-        $options = StringCollectorOptionData::collect($applicationSubmission->application?->acceptedResponses()->limit(25)->get() ?? []);
+        $options = StringCollectorOptionData::collect($applicationSubmission->application->acceptedResponses()->limit(25)->get());
 
         if ($options->isEmpty()) {
             return null;
@@ -457,12 +458,13 @@ private function getAcceptActionRow(ApplicationSubmission $applicationSubmission
 
     private function getDenyActionRow(ApplicationSubmission $applicationSubmission): ?ActionRowData
     {
-        if ($applicationSubmission->state !== ApplicationSubmissionState::Pending) {
+        if ($applicationSubmission->state !== ApplicationSubmissionState::Pending ||
+            ! $applicationSubmission->application) {
             return null;
         }
 
         /** @var Collection<int, StringCollectorOptionData> $options */
-        $options = StringCollectorOptionData::collect($applicationSubmission->application?->deniedResponses()->limit(25)->get() ?? []);
+        $options = StringCollectorOptionData::collect($applicationSubmission->application->deniedResponses()->limit(25)->get());
 
         if ($options->isEmpty()) {
             return null;