Add optional tag edit role (#932)

Author: InfiniteStash

.golangci.yml

@@ -1,10 +1,6 @@
 run:
   timeout: 3m
-  go: 1.23
-
-issues:
-  skip-files:
-    - "pkg/models/generated_.*.go$"
+  go: '1.23'
 
 linters:
   enable:
@@ -35,8 +31,6 @@ linters-settings:
     ignore-generated-header: true
     severity: error
     confidence: 0.8
-    error-code: 1
-    warning-code: 1
     rules:
       - name: blank-imports
         disabled: true
@@ -48,7 +42,7 @@ linters-settings:
       - name: error-naming
       - name: exported
       - name: if-return
-        enabled: true
+        disabled: false
       - name: increment-decrement
       - name: var-naming
         arguments:

README.md

@@ -105,6 +105,7 @@ There are two ways to authenticate a user in Stash-box: a session or an API key.
 | `postgres.max_idle_conns` | (0) | Maximum number of concurrent idle database connections. |
 | `postgres.conn_max_lifetime` | (0) | Maximum lifetime in minutes before a connection is released. |
 | `require_scene_draft` | false | Whether to allow scene creation outside of draft submissions. |
+| `require_tag_role` | false | Whether to require the EditTag role to edit tags. |
 
 ## SSL (HTTPS)
 

frontend/src/graphql/queries/Config.gql

@@ -11,5 +11,6 @@ query Config {
     vote_cron_interval
     guidelines_url
     require_scene_draft
+    require_tag_role
   }
 }

frontend/src/graphql/types.ts

@@ -1495,6 +1495,7 @@ export enum RoleEnum {
   ADMIN = "ADMIN",
   BOT = "BOT",
   EDIT = "EDIT",
+  EDIT_TAGS = "EDIT_TAGS",
   /** May generate invites without tokens */
   INVITE = "INVITE",
   /** May grant and rescind invite tokens and resind invite keys */
@@ -1751,6 +1752,7 @@ export type StashBoxConfig = {
   require_activation: Scalars["Boolean"]["output"];
   require_invite: Scalars["Boolean"]["output"];
   require_scene_draft: Scalars["Boolean"]["output"];
+  require_tag_role: Scalars["Boolean"]["output"];
   vote_application_threshold: Scalars["Int"]["output"];
   vote_cron_interval: Scalars["String"]["output"];
   vote_promotion_threshold?: Maybe<Scalars["Int"]["output"]>;
@@ -14568,6 +14570,7 @@ export type ConfigQuery = {
     vote_cron_interval: string;
     guidelines_url: string;
     require_scene_draft: boolean;
+    require_tag_role: boolean;
   };
 };
 
@@ -54566,6 +54569,10 @@ export const ConfigDocument = {
                   kind: "Field",
                   name: { kind: "Name", value: "require_scene_draft" },
                 },
+                {
+                  kind: "Field",
+                  name: { kind: "Name", value: "require_tag_role" },
+                },
               ],
             },
           },

frontend/src/hooks/useCurrentUser.tsx

@@ -1,14 +1,26 @@
 import { useContext, useMemo, useCallback } from "react";
+import { useConfig } from "src/graphql/queries";
 
 import AuthContext from "src/context";
-import { isAdmin as userIsAdmin, canEdit, canVote } from "src/utils";
+import {
+  isAdmin as userIsAdmin,
+  canEdit,
+  canTagEdit,
+  canVote,
+} from "src/utils";
 
 export const useCurrentUser = () => {
   const auth = useContext(AuthContext);
+  const { data: config } = useConfig();
+  const requireTagRole = config?.getConfig.require_tag_role ?? false;
 
   const isAdmin = useMemo(() => userIsAdmin(auth.user), [auth.user]);
   const isEditor = useMemo(() => canEdit(auth.user), [auth.user]);
   const isVoter = useMemo(() => canVote(auth.user), [auth.user]);
+  const isTagEditor = useMemo(
+    () => (requireTagRole ? canTagEdit(auth.user) : canEdit(auth.user)),
+    [auth.user, requireTagRole],
+  );
   const isSelf = useCallback(
     (user?: (typeof auth)["user"] | string | null) => {
       if (!auth.user?.id || !user) return false;
@@ -22,6 +34,7 @@ export const useCurrentUser = () => {
     isAdmin,
     isSelf,
     isEditor,
+    isTagEditor,
     isVoter,
     isAuthenticated: auth.authenticated,
     user: auth.user,

frontend/src/pages/tags/Tag.tsx

@@ -27,7 +27,7 @@ interface Props {
 }
 
 const TagComponent: FC<Props> = ({ tag }) => {
-  const { isEditor } = useCurrentUser();
+  const { isTagEditor } = useCurrentUser();
   const navigate = useNavigate();
   const location = useLocation();
   const activeTab = location.hash?.slice(1) || DEFAULT_TAB;
@@ -48,7 +48,7 @@ const TagComponent: FC<Props> = ({ tag }) => {
           <span className="me-2">Tag:</span>
           {tag.deleted ? <del>{tag.name}</del> : <em>{tag.name}</em>}
         </h3>
-        {isEditor && !tag.deleted && (
+        {isTagEditor && !tag.deleted && (
           <div className="ms-auto">
             <Link to={tagHref(tag, ROUTE_TAG_EDIT)} className="ms-2">
               <Button>Edit</Button>

frontend/src/pages/tags/Tags.tsx

@@ -8,12 +8,12 @@ import { ROUTE_TAG_ADD } from "src/constants/route";
 import { useCurrentUser } from "src/hooks";
 
 const Tags: FC = () => {
-  const { isEditor } = useCurrentUser();
+  const { isTagEditor } = useCurrentUser();
   return (
     <>
       <div className="d-flex">
         <h3>Tags</h3>
-        {isEditor && (
+        {isTagEditor && (
           <Link to={createHref(ROUTE_TAG_ADD)} className="ms-auto">
             <Button className="ms-auto">Create</Button>
           </Link>

frontend/src/utils/user.ts

@@ -24,5 +24,8 @@ export const isAdmin = (user?: User) =>
 export const canEdit = (user?: User) =>
   (user?.roles ?? []).includes(RoleEnum.EDIT) || isAdmin(user);
 
+export const canTagEdit = (user?: User) =>
+  (user?.roles ?? []).includes(RoleEnum.EDIT_TAGS) || isAdmin(user);
+
 export const canVote = (user?: User) =>
   (user?.roles ?? []).includes(RoleEnum.VOTE) || isAdmin(user);

graphql/schema/types/config.graphql

@@ -10,4 +10,5 @@ type StashBoxConfig {
   guidelines_url: String!
   require_scene_draft: Boolean!
   edit_update_limit: Int!
+  require_tag_role: Boolean!
 }

graphql/schema/types/user.graphql

@@ -12,6 +12,7 @@ enum RoleEnum {
   """May grant and rescind invite tokens and resind invite keys"""
   MANAGE_INVITES
   BOT
+  EDIT_TAGS
 }
 
 type InviteKey {

pkg/api/resolver.go

@@ -130,5 +130,6 @@ func (r *queryResolver) GetConfig(ctx context.Context) (*models.StashBoxConfig,
 		GuidelinesURL:              config.GetGuidelinesURL(),
 		RequireSceneDraft:          config.GetRequireSceneDraft(),
 		EditUpdateLimit:            config.GetEditUpdateLimit(),
+		RequireTagRole:             config.GetRequireTagRole(),
 	}, nil
 }

pkg/api/resolver_model_notification.go

@@ -49,9 +49,8 @@ func (r *notificationResolver) Data(ctx context.Context, obj *models.Notificatio
 
 		if obj.Type == models.NotificationEnumFavoritePerformerScene {
 			return &models.FavoritePerformerScene{Scene: scene}, nil
-		} else {
-			return &models.FavoriteStudioScene{Scene: scene}, nil
 		}
+		return &models.FavoriteStudioScene{Scene: scene}, nil
 
 	case models.NotificationEnumFavoritePerformerEdit:
 		fallthrough

pkg/api/resolver_mutation_edit.go

@@ -192,6 +192,12 @@ func (r *mutationResolver) StudioEditUpdate(ctx context.Context, id uuid.UUID, i
 }
 
 func (r *mutationResolver) TagEdit(ctx context.Context, input models.TagEditInput) (*models.Edit, error) {
+	if config.GetRequireTagRole() {
+		if err := user.ValidateRole(ctx, models.RoleEnumEditTags); err != nil {
+			return nil, err
+		}
+	}
+
 	UUID, err := uuid.NewV4()
 	if err != nil {
 		return nil, err

pkg/manager/config/config.go

@@ -67,6 +67,8 @@ type config struct {
 	EditUpdateLimit int `mapstructure:"edit_update_limit"`
 	// Require all scene create edits to be submitted via drafts
 	RequireSceneDraft bool `mapstructure:"require_scene_draft"`
+	// Require the TagRole or Admin to edit tags
+	RequireTagRole bool `mapstructure:"require_tag_role"`
 
 	// Email settings
 	EmailHost string `mapstructure:"email_host"`
@@ -136,6 +138,7 @@ var C = &config{
 	DraftTimeLimit:             86400,
 	EditUpdateLimit:            1,
 	RequireSceneDraft:          false,
+	RequireTagRole:             false,
 }
 
 func GetDatabasePath() string {
@@ -406,6 +409,10 @@ func GetRequireSceneDraft() bool {
 	return C.RequireSceneDraft
 }
 
+func GetRequireTagRole() bool {
+	return C.RequireTagRole
+}
+
 func GetTitle() string {
 	if C.Title == "" {
 		return "Stash-Box"