From 8357d0f57907d0fe568db1b51defece6d65b4ad0 Mon Sep 17 00:00:00 2001
From: Alexis Saettler <alexis@saettler.org>
Date: Thu, 17 Jun 2021 23:10:07 +0200
Subject: [PATCH] fix: fix unarchive on limited account (#5256)

---
 app/Http/Controllers/ContactsController.php   | 52 +++++++++++++++----
 .../Contact/Contact/UpdateContact.php         | 12 +++++
 resources/lang/en/people.php                  |  1 +
 .../Contact/ContactsControllerTest.php        | 36 +++++++++++++
 tests/Unit/Services/BaseServiceTest.php       |  4 ++
 5 files changed, 96 insertions(+), 9 deletions(-)
 create mode 100644 tests/Unit/Controllers/Contact/ContactsControllerTest.php

diff --git a/app/Http/Controllers/ContactsController.php b/app/Http/Controllers/ContactsController.php
index 23811191a27..d15ada5c1ed 100644
--- a/app/Http/Controllers/ContactsController.php
+++ b/app/Http/Controllers/ContactsController.php
@@ -19,7 +19,6 @@
 use App\Jobs\UpdateLastConsultedDate;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Contracts\View\Factory;
-use App\Models\Relationship\Relationship;
 use Barryvdh\Debugbar\Facade as Debugbar;
 use App\Services\User\UpdateViewPreference;
 use Illuminate\Validation\ValidationException;
@@ -176,14 +175,14 @@ public function missing(Request $request)
      */
     private function createForm(Request $request, bool $isContactMissing = false)
     {
-        if (AccountHelper::hasReachedContactLimit(auth()->user()->account)
-            && AccountHelper::hasLimitations(auth()->user()->account)
+        $accountHasLimitations = AccountHelper::hasLimitations(auth()->user()->account);
+
+        if ($accountHasLimitations
+            && AccountHelper::hasReachedContactLimit(auth()->user()->account)
             && ! auth()->user()->account->legacy_free_plan_unlimited_contacts) {
             return redirect()->route('settings.subscriptions.index');
         }
 
-        $accountHasLimitations = AccountHelper::hasLimitations(auth()->user()->account);
-
         return view('people.create')
             ->withAccountHasLimitations($accountHasLimitations)
             ->withIsContactMissing($isContactMissing)
@@ -341,10 +340,14 @@ public function show(Contact $contact)
      *
      * @param Contact $contact
      *
-     * @return View
+     * @return View|RedirectResponse
      */
     public function edit(Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         $now = now();
         $age = (string) (! is_null($contact->birthdate) ? $contact->birthdate->getAge() : 0);
         $birthdate = ! is_null($contact->birthdate) ? $contact->birthdate->date->toDateString() : $now->toDateString();
@@ -384,6 +387,10 @@ public function edit(Contact $contact)
      */
     public function update(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         // process birthday dates
         // TODO: remove this part entirely when we redo this whole SpecialDate
         // thing
@@ -494,10 +501,14 @@ public function destroy(Request $request, Contact $contact)
      * @param Request $request
      * @param Contact $contact
      *
-     * @return View
+     * @return View|RedirectResponse
      */
     public function editWork(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         return view('people.work.edit')
             ->withContact($contact);
     }
@@ -512,6 +523,10 @@ public function editWork(Request $request, Contact $contact)
      */
     public function updateWork(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         $contact = app(UpdateWorkInformation::class)->execute([
             'account_id' => auth()->user()->account_id,
             'author_id' => auth()->user()->id,
@@ -530,10 +545,14 @@ public function updateWork(Request $request, Contact $contact)
      * @param Request $request
      * @param Contact $contact
      *
-     * @return View
+     * @return View|RedirectResponse
      */
     public function editFoodPreferences(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         $accountHasLimitations = AccountHelper::hasLimitations(auth()->user()->account);
 
         return view('people.food-preferences.edit')
@@ -551,6 +570,10 @@ public function editFoodPreferences(Request $request, Contact $contact)
      */
     public function updateFoodPreferences(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         $contact = app(UpdateContactFoodPreferences::class)->execute([
             'account_id' => auth()->user()->account_id,
             'contact_id' => $contact->id,
@@ -610,10 +633,14 @@ public function vCard(Contact $contact)
      *
      * @param  Request $request
      * @param  Contact $contact
-     * @return int
+     * @return int|RedirectResponse
      */
     public function stayInTouch(Request $request, Contact $contact)
     {
+        if (! $contact->is_active) {
+            return back()->withErrors(trans('people.archived_contact_readonly'));
+        }
+
         $frequency = intval($request->input('frequency'));
         $state = $request->input('state');
 
@@ -663,6 +690,13 @@ public function favorite(Request $request, Contact $contact)
      */
     public function archive(Request $request, Contact $contact)
     {
+        if (! $contact->is_active
+            && AccountHelper::hasReachedContactLimit(auth()->user()->account)
+            && AccountHelper::hasLimitations(auth()->user()->account)
+            && ! auth()->user()->account->legacy_free_plan_unlimited_contacts) {
+            abort(402);
+        }
+
         $contact->is_active = ! $contact->is_active;
         $contact->save();
 
diff --git a/app/Services/Contact/Contact/UpdateContact.php b/app/Services/Contact/Contact/UpdateContact.php
index e81ac3ad872..591788aabb6 100644
--- a/app/Services/Contact/Contact/UpdateContact.php
+++ b/app/Services/Contact/Contact/UpdateContact.php
@@ -4,6 +4,8 @@
 
 use Illuminate\Support\Arr;
 use App\Services\BaseService;
+use App\Helpers\AccountHelper;
+use App\Models\Account\Account;
 use App\Models\Contact\Contact;
 use App\Jobs\Avatars\GenerateDefaultAvatar;
 use App\Services\Contact\Description\SetPersonalDescription;
@@ -63,6 +65,16 @@ public function execute(array $data): Contact
         $this->contact = Contact::where('account_id', $data['account_id'])
             ->findOrFail($data['contact_id']);
 
+        // Test is the account is limited and the contact should be updated as real contact
+        $account = Account::find($data['account_id']);
+        if ($this->contact->is_partial
+            && ! $this->valueOrFalse($this->data, 'is_partial')
+            && AccountHelper::hasReachedContactLimit($account)
+            && AccountHelper::hasLimitations($account)
+            && ! $account->legacy_free_plan_unlimited_contacts) {
+            abort(402);
+        }
+
         $this->updateGeneralInformation();
         $this->updateDescription();
         $this->updateBirthDayInformation();
diff --git a/resources/lang/en/people.php b/resources/lang/en/people.php
index ce5337242ac..485b9e61045 100644
--- a/resources/lang/en/people.php
+++ b/resources/lang/en/people.php
@@ -42,6 +42,7 @@
     'people_list_account_upgrade_cta' => 'Upgrade now',
     'people_list_untagged' => 'View untagged contacts',
     'people_list_filter_untag' => 'Showing all untagged contacts',
+    'archived_contact_readonly' => 'Archived contact can’t be edited, please unarchive it first.',
 
     // people add
     'people_add_title' => 'Add a new person',
diff --git a/tests/Unit/Controllers/Contact/ContactsControllerTest.php b/tests/Unit/Controllers/Contact/ContactsControllerTest.php
new file mode 100644
index 00000000000..599ea1ea733
--- /dev/null
+++ b/tests/Unit/Controllers/Contact/ContactsControllerTest.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Tests\Unit\Controllers\Contact;
+
+use Tests\FeatureTestCase;
+use App\Helpers\AccountHelper;
+use App\Models\Contact\Contact;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+
+class ContactsControllerTest extends FeatureTestCase
+{
+    use DatabaseTransactions;
+
+    /** @test */
+    public function it_cant_unarchive_contact_if_limited_account()
+    {
+        config(['monica.requires_subscription' => true]);
+        $user = $this->signin();
+
+        $contact = factory(Contact::class)->create([
+            'account_id' => $user->account_id,
+            'is_active' => false,
+        ]);
+
+        factory(Contact::class, 10)->create([
+            'account_id' => $user->account_id,
+        ]);
+
+        $this->assertTrue(AccountHelper::hasReachedContactLimit($user->account));
+        $this->assertTrue(AccountHelper::hasLimitations($user->account));
+
+        $response = $this->put("/people/{$contact->hashID()}/archive");
+
+        $response->assertStatus(402);
+    }
+}
diff --git a/tests/Unit/Services/BaseServiceTest.php b/tests/Unit/Services/BaseServiceTest.php
index 16a7f97f4ec..f08ba1efcbb 100644
--- a/tests/Unit/Services/BaseServiceTest.php
+++ b/tests/Unit/Services/BaseServiceTest.php
@@ -113,5 +113,9 @@ public function it_returns_the_default_value_or_the_given_value(): void
         $this->assertFalse(
             $stub->valueOrFalse($array, 'value')
         );
+
+        $this->assertFalse(
+            $stub->valueOrFalse([], 'value')
+        );
     }
 }