Auto commit for release 'develop' on 2024-04-25

Signed-off-by: James Cole <james@firefly-iii.org>

.ci/php-cs-fixer/composer.json

@@ -1,5 +1,5 @@
 {
-  "require": {
-    "friendsofphp/php-cs-fixer": "^3.12"
-  }
+    "require": {
+        "friendsofphp/php-cs-fixer": "^3.12"
+    }
 }

.ci/php-cs-fixer/composer.lock

@@ -226,16 +226,16 @@
         },
         {
             "name": "friendsofphp/php-cs-fixer",
-            "version": "v3.52.1",
+            "version": "v3.54.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git",
-                "reference": "6e77207f0d851862ceeb6da63e6e22c01b1587bc"
+                "reference": "2aecbc8640d7906c38777b3dcab6f4ca79004d08"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/6e77207f0d851862ceeb6da63e6e22c01b1587bc",
-                "reference": "6e77207f0d851862ceeb6da63e6e22c01b1587bc",
+                "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/2aecbc8640d7906c38777b3dcab6f4ca79004d08",
+                "reference": "2aecbc8640d7906c38777b3dcab6f4ca79004d08",
                 "shasum": ""
             },
             "require": {
@@ -259,6 +259,7 @@
             },
             "require-dev": {
                 "facile-it/paraunit": "^1.3 || ^2.0",
+                "infection/infection": "^0.27.11",
                 "justinrainbow/json-schema": "^5.2",
                 "keradus/cli-executor": "^2.1",
                 "mikey179/vfsstream": "^1.6.11",
@@ -306,7 +307,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues",
-                "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.52.1"
+                "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.54.0"
             },
             "funding": [
                 {
@@ -314,7 +315,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-03-19T21:02:43+00:00"
+            "time": "2024-04-17T08:12:13+00:00"
         },
         {
             "name": "psr/container",
@@ -538,16 +539,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v7.0.4",
+            "version": "v7.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "6b099f3306f7c9c2d2786ed736d0026b2903205f"
+                "reference": "fde915cd8e7eb99b3d531d3d5c09531429c3f9e5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/6b099f3306f7c9c2d2786ed736d0026b2903205f",
-                "reference": "6b099f3306f7c9c2d2786ed736d0026b2903205f",
+                "url": "https://api.github.com/repos/symfony/console/zipball/fde915cd8e7eb99b3d531d3d5c09531429c3f9e5",
+                "reference": "fde915cd8e7eb99b3d531d3d5c09531429c3f9e5",
                 "shasum": ""
             },
             "require": {
@@ -611,7 +612,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v7.0.4"
+                "source": "https://github.com/symfony/console/tree/v7.0.6"
             },
             "funding": [
                 {
@@ -627,7 +628,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-02-22T20:27:20+00:00"
+            "time": "2024-04-01T11:04:53+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",
@@ -778,16 +779,16 @@
         },
         {
             "name": "symfony/event-dispatcher-contracts",
-            "version": "v3.4.0",
+            "version": "v3.4.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/event-dispatcher-contracts.git",
-                "reference": "a76aed96a42d2b521153fb382d418e30d18b59df"
+                "reference": "4e64b49bf370ade88e567de29465762e316e4224"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/a76aed96a42d2b521153fb382d418e30d18b59df",
-                "reference": "a76aed96a42d2b521153fb382d418e30d18b59df",
+                "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/4e64b49bf370ade88e567de29465762e316e4224",
+                "reference": "4e64b49bf370ade88e567de29465762e316e4224",
                 "shasum": ""
             },
             "require": {
@@ -834,7 +835,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.4.0"
+                "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.4.2"
             },
             "funding": [
                 {
@@ -850,20 +851,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-23T14:45:45+00:00"
+            "time": "2024-01-23T14:51:35+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.0.3",
+            "version": "v7.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "2890e3a825bc0c0558526c04499c13f83e1b6b12"
+                "reference": "408105dff4c104454100730bdfd1a9cdd993f04d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/2890e3a825bc0c0558526c04499c13f83e1b6b12",
-                "reference": "2890e3a825bc0c0558526c04499c13f83e1b6b12",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/408105dff4c104454100730bdfd1a9cdd993f04d",
+                "reference": "408105dff4c104454100730bdfd1a9cdd993f04d",
                 "shasum": ""
             },
             "require": {
@@ -897,7 +898,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.0.3"
+                "source": "https://github.com/symfony/filesystem/tree/v7.0.6"
             },
             "funding": [
                 {
@@ -913,7 +914,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-23T15:02:46+00:00"
+            "time": "2024-03-21T19:37:36+00:00"
         },
         {
             "name": "symfony/finder",
@@ -1583,16 +1584,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.4.1",
+            "version": "v3.4.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "fe07cbc8d837f60caf7018068e350cc5163681a0"
+                "reference": "11bbf19a0fb7b36345861e85c5768844c552906e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/fe07cbc8d837f60caf7018068e350cc5163681a0",
-                "reference": "fe07cbc8d837f60caf7018068e350cc5163681a0",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/11bbf19a0fb7b36345861e85c5768844c552906e",
+                "reference": "11bbf19a0fb7b36345861e85c5768844c552906e",
                 "shasum": ""
             },
             "require": {
@@ -1645,7 +1646,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.4.1"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.4.2"
             },
             "funding": [
                 {
@@ -1661,7 +1662,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-12-26T14:02:43+00:00"
+            "time": "2023-12-19T21:51:00+00:00"
         },
         {
             "name": "symfony/stopwatch",

.ci/phpcs.sh

@@ -20,23 +20,8 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-# Install composer packages
-#composer install --no-scripts --no-ansi
-
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
-# enable test .env file.
-# cp .ci/.env.ci .env
-
-OUTPUT_FORMAT=txt
-EXTRA_PARAMS=""
-
-if [[ $GITHUB_ACTIONS = "true" ]]
-then
-    OUTPUT_FORMAT=txt
-    EXTRA_PARAMS=""
-fi
-
 # clean up php code
 cd $SCRIPT_DIR/php-cs-fixer
 composer update --quiet
@@ -44,8 +29,8 @@ rm -f .php-cs-fixer.cache
 PHP_CS_FIXER_IGNORE_ENV=true
 ./vendor/bin/php-cs-fixer fix \
     --config $SCRIPT_DIR/php-cs-fixer/.php-cs-fixer.php \
-    --format=$OUTPUT_FORMAT \
-    --allow-risky=yes $EXTRA_PARAMS
+    --format=txt \
+    --allow-risky=yes
 
 EXIT_CODE=$?
 

.ci/phpmd/composer.lock

@@ -9,16 +9,16 @@
     "packages-dev": [
         {
             "name": "composer/pcre",
-            "version": "3.1.2",
+            "version": "3.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "4775f35b2d70865807c89d32c8e7385b86eb0ace"
+                "reference": "5b16e25a5355f1f3afdfc2f954a0a80aec4826a8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/4775f35b2d70865807c89d32c8e7385b86eb0ace",
-                "reference": "4775f35b2d70865807c89d32c8e7385b86eb0ace",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/5b16e25a5355f1f3afdfc2f954a0a80aec4826a8",
+                "reference": "5b16e25a5355f1f3afdfc2f954a0a80aec4826a8",
                 "shasum": ""
             },
             "require": {
@@ -60,7 +60,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.1.2"
+                "source": "https://github.com/composer/pcre/tree/3.1.3"
             },
             "funding": [
                 {
@@ -76,20 +76,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-03-07T15:38:35+00:00"
+            "time": "2024-03-19T10:26:25+00:00"
         },
         {
             "name": "composer/xdebug-handler",
-            "version": "3.0.3",
+            "version": "3.0.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/xdebug-handler.git",
-                "reference": "ced299686f41dce890debac69273b47ffe98a40c"
+                "reference": "4f988f8fdf580d53bdb2d1278fe93d1ed5462255"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/xdebug-handler/zipball/ced299686f41dce890debac69273b47ffe98a40c",
-                "reference": "ced299686f41dce890debac69273b47ffe98a40c",
+                "url": "https://api.github.com/repos/composer/xdebug-handler/zipball/4f988f8fdf580d53bdb2d1278fe93d1ed5462255",
+                "reference": "4f988f8fdf580d53bdb2d1278fe93d1ed5462255",
                 "shasum": ""
             },
             "require": {
@@ -100,7 +100,7 @@
             "require-dev": {
                 "phpstan/phpstan": "^1.0",
                 "phpstan/phpstan-strict-rules": "^1.1",
-                "symfony/phpunit-bridge": "^6.0"
+                "phpunit/phpunit": "^8.5 || ^9.6 || ^10.5"
             },
             "type": "library",
             "autoload": {
@@ -124,9 +124,9 @@
                 "performance"
             ],
             "support": {
-                "irc": "irc://irc.freenode.org/composer",
+                "irc": "ircs://irc.libera.chat:6697/composer",
                 "issues": "https://github.com/composer/xdebug-handler/issues",
-                "source": "https://github.com/composer/xdebug-handler/tree/3.0.3"
+                "source": "https://github.com/composer/xdebug-handler/tree/3.0.4"
             },
             "funding": [
                 {
@@ -142,7 +142,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-02-25T21:32:43+00:00"
+            "time": "2024-03-26T18:29:49+00:00"
         },
         {
             "name": "pdepend/pdepend",

.ci/phpmd/phpmd.xml

@@ -19,9 +19,9 @@
   ~ along with this program.  If not, see <https://www.gnu.org/licenses/>.
   -->
 
-<ruleset name="pcsg-generated-ruleset"
+<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         name="pcsg-generated-ruleset"
          xmlns="http://pmd.sf.net/ruleset/1.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0 http://pmd.sf.net/ruleset_xml_schema.xsd"
          xsi:noNamespaceSchemaLocation="http://pmd.sf.net/ruleset_xml_schema.xsd">
     <description>Firefly III ruleset.</description>

.github/pull_request_template.md

@@ -1,13 +1,19 @@
 <!--
-Before you create a new PR, please consider:
+Thank you for submitting new code to Firefly III, or any of the related projects. Please read the following rules carefully.
 
-1) Pull requests for the MAIN branch will be closed.
-2) DO NOT include translations in your PR. Only English US sentences.
+- Please do not submit solutions for problems that are not already reported in an issue.
+- Unfortunately, Firefly III can't be your learning experience. If you're new to all of this, please open an issue first.
+- Please do not open PRs to "discuss" possible solutions or to "get feedback" on your code. I simply don't have time for that.
+- Pull requests for the MAIN branch will be closed.
+- DO NOT include translated strings in your PR.
+
+If it feels necessary to open an issue first, please do so, before you open a PR.
+
+See also: https://docs.firefly-iii.org/explanation/support/#contributing-code
 
-Thanks.
 -->
-
-Fixes issue # (if relevant)
+    
+This PR fixes issue # (if relevant).
 
 Changes in this pull request:
 

.github/stale.yml

@@ -1,58 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 14
-
-# Number of days of inactivity before a stale Issue or Pull Request is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-# - "[Status] Maybe Later"
-exemptLabels:
-  - enhancement
-  - feature
-  - bug
-  - announcement
-  - "layout-v3"
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-
-# Comment to post when removing the stale label.
-# unmarkComment: >
-#   Your comment here.
-
-# Comment to post when closing a stale Issue or Pull Request.
-# closeComment: >
-#   Your comment here.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-# Limit to only `issues` or `pulls`
-# only: issues
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-# pulls:
-#   daysUntilStale: 30
-#   markComment: >
-#     This pull request has been automatically marked as stale because it has not had
-#     recent activity. It will be closed if no further activity occurs. Thank you
-#     for your contributions.
-
-# issues:
-#   exemptLabels:
-#     - confirmed

.github/workflows/close-duplicates.yml

@@ -3,7 +3,7 @@ name: "Issues - Command to close duplicate issues"
 # the workflow to execute on is comments that are newly created
 on:
   issue_comment:
-    types: [created]
+    types: [ created ]
 
 permissions:
   issues: write
@@ -13,7 +13,7 @@ jobs:
   close_duplicates:
     runs-on: ubuntu-latest
     steps:
-      - uses: github/command@v1.1.0
+      - uses: github/command@v1.1.1
         id: command
         with:
           allowed_contexts: "issue"

.github/workflows/debug-info-actions.yml

@@ -3,9 +3,9 @@ name: 'Issues - Respond to hidden commands'
 # the workflow to execute on is comments that are newly created
 on:
   issues:
-    types: [opened, edited]
+    types: [ opened, edited ]
   issue_comment:
-    types: [created]
+    types: [ created ]
 
 # permissions needed for reacting to IssueOps commands on issues and PRs
 permissions:

.github/workflows/label-actions.yml

@@ -2,11 +2,11 @@ name: 'Issues - Reply to specific labels'
 
 on:
   issues:
-    types: [labeled, unlabeled]
+    types: [ labeled, unlabeled ]
   pull_request_target:
-    types: [labeled, unlabeled]
+    types: [ labeled, unlabeled ]
   discussion:
-    types: [labeled, unlabeled]
+    types: [ labeled, unlabeled ]
 
 permissions:
   contents: read

.github/workflows/release.yml

@@ -8,7 +8,7 @@ on:
         required: true
         default: 'develop'
   schedule:
-    - cron:  '0 3 * * MON,THU'
+    - cron: '0 3 * * MON,THU'
 
 jobs:
   build:
@@ -51,7 +51,7 @@ jobs:
           CROWDIN_TOKEN: ${{ secrets.CROWDIN_TOKEN }}
       - name: Cleanup translations
         id: cleanup-transactions
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:crowdin-warning'
           output: ''
@@ -60,7 +60,7 @@ jobs:
           GH_TOKEN: ''
       - name: Cleanup changelog
         id: cleanup-changelog
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:changelog'
           output: ''
@@ -69,7 +69,7 @@ jobs:
           GH_TOKEN: ${{ secrets.CHANGELOG_TOKEN }}
       - name: Extract changelog
         id: extract-changelog
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:extract-changelog'
           output: 'output'
@@ -78,7 +78,7 @@ jobs:
           GH_TOKEN: ""
       - name: Replace version
         id: replace-version
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:version'
           output: ''
@@ -88,7 +88,7 @@ jobs:
           FF_III_VERSION: ${{ github.event_name == 'schedule' && 'develop' || github.event.inputs.version }}
       - name: Generate JSON v1
         id: json-v1
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:json-translations v1'
           output: ''
@@ -97,7 +97,7 @@ jobs:
           GH_TOKEN: ''
       - name: Generate JSON v2
         id: json-v2
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:json-translations v2'
           output: ''
@@ -106,34 +106,30 @@ jobs:
           GH_TOKEN: ''
       - name: Code cleanup
         id: code-cleanup
-        uses: JC5/firefly-iii-dev@v36
+        uses: JC5/firefly-iii-dev@main
         with:
           action: 'ff3:code'
           output: ''
         env:
           FIREFLY_III_ROOT: /github/workspace
           GH_TOKEN: ''
-      - name: Build new JS
+      - name: Build JS
         run: |
           npm install
           npm update
-          npm run build
-      - name: Build old JS
-        id: old-js
-        uses: JC5/firefly-iii-dev@v36
-        with:
-          action: 'ff3:old-js'
-          output: ''
-        env:
-          FIREFLY_III_ROOT: /github/workspace
-          GH_TOKEN: ''
+          npm run prod  --workspace=v1
+          npm run build --workspace=v2
       - name: Run CI
         run: |
           rm -rf vendor composer.lock
-          composer validate --strict
           composer update --no-dev --no-scripts --no-plugins -q
           sudo chown -R runner:docker resources/lang
           .ci/phpcs.sh
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
       - name: Release
         run: |
           # do some configuration
@@ -149,7 +145,6 @@ jobs:
           tarName=FireflyIII-$version.tar.gz
 
           # update composer (again)
-          composer validate --strict
           composer update --no-dev --no-scripts --no-plugins
           composer dump-autoload
 
@@ -192,13 +187,17 @@ jobs:
           echo 'Zip and tar...'
           zip -rq $zipName . -x "*.git*" "*.ci*" "*.github*" "*node_modules*" "*output.txt*"
           touch $tarName
-          tar --exclude=$tarName --exclude='./.git' --exclude='./.ci' --exclude='./.github' --exclude='./node_modules' --exclude='./output.txt' -czf $tarName .
+          tar --exclude=$tarName --exclude=$zipName --exclude='./.git' --exclude='./.ci' --exclude='./.github' --exclude='./node_modules' --exclude='./output.txt' -czf $tarName .
 
           # add sha256 sum
           echo 'Sha sum ...'
           sha256sum -b $zipName > $zipName.sha256
           sha256sum -b $tarName > $tarName.sha256
 
+          # add signatures:
+          gpg --armor --detach-sign $zipName
+          gpg --armor --detach-sign $tarName
+
           # create a development (nightly) release:
           if [[ "develop" == "$version" ]]; then
             echo 'Develop release.'
@@ -206,12 +205,12 @@ jobs:
             rm output.txt
             echo "Bi-weekly development release of Firefly III with the latest fixes, translations and features. Docker users can find this release under the \`develop\` tag." >> output.txt
             echo "" >> output.txt
-            echo "This release was created on **$(date +'%Y-%m-%d')** and may contain unexpected bugs. Data loss is rare but is not impossible." >> output.txt
+            echo "This release was created on **$(date +'%Y-%m-%d')** and may contain unexpected bugs. Data loss is rare but is not impossible. The releases are signed, and you can verify them using the [Firefly III releases PGP key](https://docs.firefly-iii.org/explanation/more-information/signatures/)." >> output.txt
             echo "" >> output.txt
             echo "* Please read the installation instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/), [Portainer](https://docs.firefly-iii.org/how-to/firefly-iii/installation/portainer/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/installation/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/installation/self-managed/)" >> output.txt
             echo "* Or read the upgrade instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/docker/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/self-managed/)" >> output.txt
             echo "" >> output.txt
-            echo ":warning: Please be careful with this pre-release, as is may not work as expected." >> output.txt
+            echo ":warning: Please be careful with this pre-release, as it may not work as expected." >> output.txt
 
             # create the release:
             echo "Create nightly release."
@@ -229,6 +228,10 @@ jobs:
             gh release upload $releaseName $zipName.sha256
             gh release upload $releaseName $tarName.sha256
 
+            # add signatures to release
+            gh release upload $releaseName $zipName.asc
+            gh release upload $releaseName $tarName.asc
+
             # get current HEAD and add as file to the release
             HEAD=$(git rev-parse HEAD)
             echo $HEAD > HEAD.txt
@@ -242,6 +245,7 @@ jobs:
             echo '' >> output.txt
             echo "* Installation instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/), [Portainer](https://docs.firefly-iii.org/how-to/firefly-iii/installation/portainer/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/installation/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/installation/self-managed/)" >> output.txt
             echo "* Or read the upgrade instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/docker/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/self-managed/)" >> output.txt
+            echo "* The releases are signed, and you can verify them using the [Firefly III releases PGP key](https://docs.firefly-iii.org/explanation/more-information/signatures/)."
 
             echo "Create default release."
             git tag -a $releaseName -m "Here be changelog"
@@ -256,6 +260,10 @@ jobs:
             gh release upload $releaseName $zipName.sha256
             gh release upload $releaseName $tarName.sha256
 
+            # add signatures to release
+            gh release upload $releaseName $zipName.asc
+            gh release upload $releaseName $tarName.asc
+
             # get current HEAD and add as file to the release
             HEAD=$(git rev-parse HEAD)
             echo $HEAD > HEAD.txt

.github/workflows/stale.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions/stale@v9
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: >
+          stale-issue-message: |
             Hi there!
 
             This is an automatic reply. `Share and enjoy`
@@ -25,7 +25,7 @@ jobs:
             This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
 
             Thank you for your contributions.
-          stale-pr-message: >
+          stale-pr-message: |
             Hi there!
 
             This is an automatic reply. `Share and enjoy`

.gitignore

@@ -10,3 +10,11 @@ coverage.xml
 
 # ignore generated files.
 public/build
+
+# ignore v1 build files
+resources/assets/v1/node_modules
+resources/assets/v1/build
+
+# ignore v2 build files
+resources/assets/v2/node_modules
+resources/assets/v2/build

app/Api/V1/Controllers/Chart/AccountController.php

@@ -83,17 +83,17 @@ class AccountController extends Controller
         // user's preferences
         $defaultSet = $this->repository->getAccountsByType([AccountType::ASSET])->pluck('id')->toArray();
 
-        /** @var Preference $frontPage */
-        $frontPage  = app('preferences')->get('frontPageAccounts', $defaultSet);
+        /** @var Preference $frontpage */
+        $frontpage  = app('preferences')->get('frontpageAccounts', $defaultSet);
         $default    = app('amount')->getDefaultCurrency();
 
-        if (!(is_array($frontPage->data) && count($frontPage->data) > 0)) {
-            $frontPage->data = $defaultSet;
-            $frontPage->save();
+        if (!(is_array($frontpage->data) && count($frontpage->data) > 0)) {
+            $frontpage->data = $defaultSet;
+            $frontpage->save();
         }
 
         // get accounts:
-        $accounts   = $this->repository->getAccountsById($frontPage->data);
+        $accounts   = $this->repository->getAccountsById($frontpage->data);
         $chartData  = [];
 
         /** @var Account $account */

app/Api/V1/Controllers/Models/Transaction/UpdateController.php

@@ -72,6 +72,12 @@ class UpdateController extends Controller
         app('log')->debug('Now in update routine for transaction group!');
         $data             = $request->getAll();
 
+        // Fixes 8750.
+        $transactions     = $data['transactions'] ?? [];
+        foreach ($transactions as $index => $info) {
+            unset($data['transactions'][$index]['type']);
+        }
+
         $transactionGroup = $this->groupRepository->update($transactionGroup, $data);
         $manager          = $this->getManager();
 

app/Api/V1/Controllers/User/PreferencesController.php

@@ -84,6 +84,10 @@ class PreferencesController extends Controller
     {
         $manager     = $this->getManager();
 
+        if ('currencyPreference' === $preference->name) {
+            throw new FireflyException('Please use api/v1/currencies/default instead.');
+        }
+
         /** @var PreferenceTransformer $transformer */
         $transformer = app(PreferenceTransformer::class);
         $transformer->setParameters($this->parameters);
@@ -103,6 +107,11 @@ class PreferencesController extends Controller
     {
         $manager     = $this->getManager();
         $data        = $request->getAll();
+
+        if ('currencyPreference' === $data['name']) {
+            throw new FireflyException('Please use api/v1/currencies/default instead.');
+        }
+
         $pref        = app('preferences')->set($data['name'], $data['data']);
 
         /** @var PreferenceTransformer $transformer */
@@ -122,6 +131,10 @@ class PreferencesController extends Controller
      */
     public function update(PreferenceUpdateRequest $request, Preference $preference): JsonResponse
     {
+        if ('currencyPreference' === $preference->name) {
+            throw new FireflyException('Please use api/v1/currencies/default instead.');
+        }
+
         $manager     = $this->getManager();
         $data        = $request->getAll();
         $pref        = app('preferences')->set($preference->name, $data['data']);

app/Api/V1/Requests/Models/Rule/StoreRequest.php

@@ -71,8 +71,9 @@ class StoreRequest extends FormRequest
         if (is_array($triggers)) {
             foreach ($triggers as $trigger) {
                 $return[] = [
-                    'type'            => $trigger['type'],
-                    'value'           => $trigger['value'],
+                    'type'            => $trigger['type'] ?? '',
+                    'value'           => $trigger['value'] ?? null,
+                    'prohibited'      => $this->convertBoolean((string)($trigger['prohibited'] ?? 'false')),
                     'active'          => $this->convertBoolean((string)($trigger['active'] ?? 'true')),
                     'stop_processing' => $this->convertBoolean((string)($trigger['stop_processing'] ?? 'false')),
                 ];

app/Api/V1/Requests/Models/Rule/TestRequest.php

@@ -54,17 +54,13 @@ class TestRequest extends FormRequest
 
     private function getDate(string $field): ?Carbon
     {
-        $value  = $this->query($field);
+        $value = $this->query($field);
         if (is_array($value)) {
             return null;
         }
-        $value  = (string)$value;
-        $result = null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
-        if (false === $result) {
-            return null;
-        }
+        $value = (string)$value;
 
-        return $result;
+        return null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
     }
 
     private function getAccounts(): array

app/Api/V1/Requests/Models/Rule/TriggerRequest.php

@@ -48,17 +48,13 @@ class TriggerRequest extends FormRequest
 
     private function getDate(string $field): ?Carbon
     {
-        $value  = $this->query($field);
+        $value = $this->query($field);
         if (is_array($value)) {
             return null;
         }
-        $value  = (string)$value;
-        $result = null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
-        if (false === $result) {
-            return null;
-        }
+        $value = (string)$value;
 
-        return $result;
+        return null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
     }
 
     private function getAccounts(): array

app/Api/V1/Requests/Models/Rule/UpdateRequest.php

@@ -81,10 +81,12 @@ class UpdateRequest extends FormRequest
         if (is_array($triggers)) {
             foreach ($triggers as $trigger) {
                 $active         = array_key_exists('active', $trigger) ? $trigger['active'] : true;
+                $prohibited     = array_key_exists('prohibited', $trigger) ? $trigger['prohibited'] : false;
                 $stopProcessing = array_key_exists('stop_processing', $trigger) ? $trigger['stop_processing'] : false;
                 $return[]       = [
                     'type'            => $trigger['type'],
                     'value'           => $trigger['value'],
+                    'prohibited'      => $prohibited,
                     'active'          => $active,
                     'stop_processing' => $stopProcessing,
                 ];

app/Api/V1/Requests/Models/RuleGroup/TestRequest.php

@@ -48,17 +48,13 @@ class TestRequest extends FormRequest
 
     private function getDate(string $field): ?Carbon
     {
-        $value  = $this->query($field);
+        $value = $this->query($field);
         if (is_array($value)) {
             return null;
         }
-        $value  = (string)$value;
-        $result = null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
-        if (false === $result) {
-            return null;
-        }
+        $value = (string)$value;
 
-        return $result;
+        return null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
     }
 
     private function getAccounts(): array

app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php

@@ -48,17 +48,13 @@ class TriggerRequest extends FormRequest
 
     private function getDate(string $field): ?Carbon
     {
-        $value  = $this->query($field);
+        $value = $this->query($field);
         if (is_array($value)) {
             return null;
         }
-        $value  = (string)$value;
-        $result = null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
-        if (false === $result) {
-            return null;
-        }
+        $value = (string)$value;
 
-        return $result;
+        return null === $this->query($field) ? null : Carbon::createFromFormat('Y-m-d', substr($value, 0, 10));
     }
 
     private function getAccounts(): array

app/Api/V2/Controllers/Autocomplete/AccountController.php

@@ -55,11 +55,7 @@ class AccountController extends Controller
             function ($request, $next) {
                 $this->repository      = app(AccountRepositoryInterface::class);
                 $this->adminRepository = app(AdminAccountRepositoryInterface::class);
-
-                $userGroup             = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->adminRepository->setUserGroup($userGroup);
-                }
+                $this->adminRepository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }
@@ -85,7 +81,7 @@ class AccountController extends Controller
         $types           = $data['types'];
         $query           = $data['query'];
         $date            = $this->parameters->get('date') ?? today(config('app.timezone'));
-        $result          = $this->adminRepository->searchAccount((string)$query, $types, $data['limit']);
+        $result          = $this->adminRepository->searchAccount((string) $query, $types, $data['limit']);
         $defaultCurrency = app('amount')->getDefaultCurrency();
         $groupedResult   = [];
         $allItems        = [];
@@ -99,19 +95,19 @@ class AccountController extends Controller
                 $balance         = app('steam')->balance($account, $date);
                 $nameWithBalance = sprintf('%s (%s)', $account->name, app('amount')->formatAnything($currency, $balance, false));
             }
-            $type            = (string)trans(sprintf('firefly.%s', $account->accountType->type));
+            $type            = (string) trans(sprintf('firefly.%s', $account->accountType->type));
             $groupedResult[$type] ??= [
                 'group ' => $type,
                 'items'  => [],
             ];
             $allItems[]      = [
-                'id'                      => (string)$account->id,
-                'value'                   => (string)$account->id,
+                'id'                      => (string) $account->id,
+                'value'                   => (string) $account->id,
                 'name'                    => $account->name,
                 'name_with_balance'       => $nameWithBalance,
                 'label'                   => $nameWithBalance,
                 'type'                    => $account->accountType->type,
-                'currency_id'             => (string)$currency->id,
+                'currency_id'             => (string) $currency->id,
                 'currency_name'           => $currency->name,
                 'currency_code'           => $currency->code,
                 'currency_symbol'         => $currency->symbol,
@@ -123,8 +119,8 @@ class AccountController extends Controller
             $allItems,
             static function (array $left, array $right): int {
                 $order    = [AccountType::ASSET, AccountType::REVENUE, AccountType::EXPENSE];
-                $posLeft  = (int)array_search($left['type'], $order, true);
-                $posRight = (int)array_search($right['type'], $order, true);
+                $posLeft  = (int) array_search($left['type'], $order, true);
+                $posRight = (int) array_search($right['type'], $order, true);
 
                 return $posLeft - $posRight;
             }

app/Api/V2/Controllers/Autocomplete/CategoryController.php

@@ -45,11 +45,7 @@ class CategoryController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(CategoryRepositoryInterface::class);
-
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Autocomplete/TagController.php

@@ -45,11 +45,7 @@ class TagController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(TagRepositoryInterface::class);
-
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Autocomplete/TransactionController.php

@@ -45,11 +45,7 @@ class TransactionController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(JournalRepositoryInterface::class);
-
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Chart/AccountController.php

@@ -27,6 +27,7 @@ namespace FireflyIII\Api\V2\Controllers\Chart;
 use Carbon\Carbon;
 use FireflyIII\Api\V2\Controllers\Controller;
 use FireflyIII\Api\V2\Request\Chart\DashboardChartRequest;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Models\Account;
 use FireflyIII\Models\AccountType;
@@ -46,6 +47,7 @@ class AccountController extends Controller
     use ValidatesUserGroupTrait;
 
     private AccountRepositoryInterface $repository;
+    protected array                    $acceptedRoles = [UserRoleEnum::READ_ONLY];
 
     public function __construct()
     {
@@ -53,10 +55,7 @@ class AccountController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(AccountRepositoryInterface::class);
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }
@@ -98,14 +97,14 @@ class AccountController extends Controller
         // user's preferences
         if (0 === $accounts->count()) {
             $defaultSet = $this->repository->getAccountsByType([AccountType::ASSET, AccountType::DEFAULT])->pluck('id')->toArray();
-            $frontPage  = app('preferences')->get('frontPageAccounts', $defaultSet);
+            $frontpage  = app('preferences')->get('frontpageAccounts', $defaultSet);
 
-            if (!(is_array($frontPage->data) && count($frontPage->data) > 0)) {
-                $frontPage->data = $defaultSet;
-                $frontPage->save();
+            if (!(is_array($frontpage->data) && count($frontpage->data) > 0)) {
+                $frontpage->data = $defaultSet;
+                $frontpage->save();
             }
 
-            $accounts   = $this->repository->getAccountsById($frontPage->data);
+            $accounts   = $this->repository->getAccountsById($frontpage->data);
         }
 
         // both options are overruled by "preselected"

app/Api/V2/Controllers/Chart/BalanceController.php

@@ -27,6 +27,7 @@ namespace FireflyIII\Api\V2\Controllers\Chart;
 use Carbon\Carbon;
 use FireflyIII\Api\V2\Controllers\Controller;
 use FireflyIII\Api\V2\Request\Chart\BalanceChartRequest;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Helpers\Collector\GroupCollectorInterface;
 use FireflyIII\Models\TransactionCurrency;
@@ -42,6 +43,7 @@ use Illuminate\Support\Collection;
 class BalanceController extends Controller
 {
     use CleansChartData;
+    protected array                    $acceptedRoles = [UserRoleEnum::READ_ONLY];
 
     /**
      * The code is practically a duplicate of ReportController::operations.

app/Api/V2/Controllers/Chart/BudgetController.php

@@ -64,12 +64,9 @@ class BudgetController extends Controller
                 $this->blRepository  = app(BudgetLimitRepositoryInterface::class);
                 $this->opsRepository = app(OperationsRepositoryInterface::class);
                 $this->currency      = app('amount')->getDefaultCurrency();
-
                 $userGroup           = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                    $this->opsRepository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($userGroup);
+                $this->opsRepository->setUserGroup($userGroup);
 
                 return $next($request);
             }
@@ -124,11 +121,11 @@ class BudgetController extends Controller
         foreach ($rows as $row) {
             $current  = [
                 'label'                          => $budget->name,
-                'currency_id'                    => (string)$row['currency_id'],
+                'currency_id'                    => (string) $row['currency_id'],
                 'currency_code'                  => $row['currency_code'],
                 'currency_name'                  => $row['currency_name'],
                 'currency_decimal_places'        => $row['currency_decimal_places'],
-                'native_currency_id'             => (string)$row['native_currency_id'],
+                'native_currency_id'             => (string) $row['native_currency_id'],
                 'native_currency_code'           => $row['native_currency_code'],
                 'native_currency_name'           => $row['native_currency_name'],
                 'native_currency_decimal_places' => $row['native_currency_decimal_places'],
@@ -189,12 +186,12 @@ class BudgetController extends Controller
         foreach ($array as $currencyId => $block) {
             $this->currencies[$currencyId] ??= TransactionCurrency::find($currencyId);
             $return[$currencyId]           ??= [
-                'currency_id'                    => (string)$currencyId,
+                'currency_id'                    => (string) $currencyId,
                 'currency_code'                  => $block['currency_code'],
                 'currency_name'                  => $block['currency_name'],
                 'currency_symbol'                => $block['currency_symbol'],
-                'currency_decimal_places'        => (int)$block['currency_decimal_places'],
-                'native_currency_id'             => (string)$this->currency->id,
+                'currency_decimal_places'        => (int) $block['currency_decimal_places'],
+                'native_currency_id'             => (string) $this->currency->id,
                 'native_currency_code'           => $this->currency->code,
                 'native_currency_name'           => $this->currency->name,
                 'native_currency_symbol'         => $this->currency->symbol,

app/Api/V2/Controllers/Chart/CategoryController.php

@@ -57,10 +57,7 @@ class CategoryController extends Controller
             function ($request, $next) {
                 $this->accountRepos  = app(AccountRepositoryInterface::class);
                 $this->currencyRepos = app(CurrencyRepositoryInterface::class);
-                $userGroup           = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->accountRepos->setUserGroup($userGroup);
-                }
+                $this->accountRepos->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }
@@ -100,25 +97,25 @@ class CategoryController extends Controller
 
         /** @var array $journal */
         foreach ($journals as $journal) {
-            $currencyId                    = (int)$journal['currency_id'];
+            $currencyId                    = (int) $journal['currency_id'];
             $currency                      = $currencies[$currencyId] ?? $this->currencyRepos->find($currencyId);
             $currencies[$currencyId]       = $currency;
-            $categoryName                  = null === $journal['category_name'] ? (string)trans('firefly.no_category') : $journal['category_name'];
+            $categoryName                  = null === $journal['category_name'] ? (string) trans('firefly.no_category') : $journal['category_name'];
             $amount                        = app('steam')->positive($journal['amount']);
             $nativeAmount                  = $converter->convert($default, $currency, $journal['date'], $amount);
             $key                           = sprintf('%s-%s', $categoryName, $currency->code);
-            if ((int)$journal['foreign_currency_id'] === $default->id) {
+            if ((int) $journal['foreign_currency_id'] === $default->id) {
                 $nativeAmount = app('steam')->positive($journal['foreign_amount']);
             }
             // create arrays
             $return[$key] ??= [
                 'label'                          => $categoryName,
-                'currency_id'                    => (string)$currency->id,
+                'currency_id'                    => (string) $currency->id,
                 'currency_code'                  => $currency->code,
                 'currency_name'                  => $currency->name,
                 'currency_symbol'                => $currency->symbol,
                 'currency_decimal_places'        => $currency->decimal_places,
-                'native_currency_id'             => (string)$default->id,
+                'native_currency_id'             => (string) $default->id,
                 'native_currency_code'           => $default->code,
                 'native_currency_name'           => $default->name,
                 'native_currency_symbol'         => $default->symbol,
@@ -138,7 +135,7 @@ class CategoryController extends Controller
 
         // order by native amount
         usort($return, static function (array $a, array $b) {
-            return (float)$a['native_amount'] < (float)$b['native_amount'] ? 1 : -1;
+            return (float) $a['native_amount'] < (float) $b['native_amount'] ? 1 : -1;
         });
         $converter->summarize();
 

app/Api/V2/Controllers/Controller.php

@@ -27,6 +27,7 @@ namespace FireflyIII\Api\V2\Controllers;
 use Carbon\Carbon;
 use Carbon\Exceptions\InvalidDateException;
 use Carbon\Exceptions\InvalidFormatException;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait;
 use FireflyIII\Transformers\V2\AbstractTransformer;
 use Illuminate\Database\Eloquent\Model;
@@ -55,6 +56,7 @@ class Controller extends BaseController
 
     protected const string CONTENT_TYPE = 'application/vnd.api+json';
     protected ParameterBag $parameters;
+    protected array $acceptedRoles      = [UserRoleEnum::READ_ONLY];
 
     public function __construct()
     {
@@ -120,6 +122,9 @@ class Controller extends BaseController
                     $obj = null;
                 }
             }
+            if (null !== $date && 'end' === $field) {
+                $obj->endOfDay();
+            }
             $bag->set($field, $obj);
         }
 

app/Api/V2/Controllers/Model/Account/IndexController.php

@@ -25,7 +25,7 @@ namespace FireflyIII\Api\V2\Controllers\Model\Account;
 
 use FireflyIII\Api\V2\Controllers\Controller;
 use FireflyIII\Api\V2\Request\Model\Account\IndexRequest;
-use FireflyIII\Api\V2\Request\Model\Transaction\InfiniteListRequest;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Repositories\UserGroups\Account\AccountRepositoryInterface;
 use FireflyIII\Transformers\V2\AccountTransformer;
 use Illuminate\Http\JsonResponse;
@@ -33,9 +33,10 @@ use Illuminate\Pagination\LengthAwarePaginator;
 
 class IndexController extends Controller
 {
-    public const string RESOURCE_KEY = 'accounts';
+    public const string RESOURCE_KEY                  = 'accounts';
 
     private AccountRepositoryInterface $repository;
+    protected array                    $acceptedRoles = [UserRoleEnum::READ_ONLY, UserRoleEnum::MANAGE_TRANSACTIONS];
 
     /**
      * AccountController constructor.
@@ -48,9 +49,7 @@ class IndexController extends Controller
                 $this->repository = app(AccountRepositoryInterface::class);
                 // new way of user group validation
                 $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($userGroup);
 
                 return $next($request);
             }
@@ -58,7 +57,7 @@ class IndexController extends Controller
     }
 
     /**
-     * TODO see autocomplete/accountcontroller for list.
+     * TODO see autocomplete/account controller for list.
      */
     public function index(IndexRequest $request): JsonResponse
     {
@@ -80,25 +79,4 @@ class IndexController extends Controller
             ->header('Content-Type', self::CONTENT_TYPE)
         ;
     }
-
-    public function infiniteList(InfiniteListRequest $request): JsonResponse
-    {
-        $this->repository->resetAccountOrder();
-
-        // get accounts of the specified type, and return.
-        $types       = $request->getAccountTypes();
-
-        // get from repository
-        $accounts    = $this->repository->getAccountsInOrder($types, $request->getSortInstructions('accounts'), $request->getStartRow(), $request->getEndRow());
-        $total       = $this->repository->countAccounts($types);
-        $count       = $request->getEndRow() - $request->getStartRow();
-        $paginator   = new LengthAwarePaginator($accounts, $total, $count, $this->parameters->get('page'));
-        $transformer = new AccountTransformer();
-        $transformer->setParameters($this->parameters); // give params to transformer
-
-        return response()
-            ->json($this->jsonApiList(self::RESOURCE_KEY, $paginator, $transformer))
-            ->header('Content-Type', self::CONTENT_TYPE)
-        ;
-    }
 }

app/Api/V2/Controllers/Model/Account/ShowController.php

@@ -25,7 +25,9 @@ declare(strict_types=1);
 namespace FireflyIII\Api\V2\Controllers\Model\Account;
 
 use FireflyIII\Api\V2\Controllers\Controller;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Models\Account;
+use FireflyIII\Repositories\UserGroups\Account\AccountRepositoryInterface;
 use FireflyIII\Transformers\V2\AccountTransformer;
 use Illuminate\Http\JsonResponse;
 
@@ -36,6 +38,29 @@ use Illuminate\Http\JsonResponse;
  */
 class ShowController extends Controller
 {
+    public const string RESOURCE_KEY                  = 'accounts';
+
+    private AccountRepositoryInterface $repository;
+    protected array                    $acceptedRoles = [UserRoleEnum::READ_ONLY, UserRoleEnum::MANAGE_TRANSACTIONS];
+
+    /**
+     * AccountController constructor.
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $this->middleware(
+            function ($request, $next) {
+                $this->repository = app(AccountRepositoryInterface::class);
+                // new way of user group validation
+                $userGroup        = $this->validateUserGroup($request);
+                $this->repository->setUserGroup($userGroup);
+
+                return $next($request);
+            }
+        );
+    }
+
     /**
      * TODO this endpoint is not yet reachable.
      */

app/Api/V2/Controllers/Model/Account/UpdateController.php

@@ -45,11 +45,7 @@ class UpdateController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(AccountRepositoryInterface::class);
-                // new way of user group validation
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Model/Bill/IndexController.php

@@ -46,12 +46,7 @@ class IndexController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(BillRepositoryInterface::class);
-
-                // new way of user group validation
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Model/Bill/ShowController.php

@@ -46,12 +46,7 @@ class ShowController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(BillRepositoryInterface::class);
-
-                // new way of user group validation
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Model/Bill/SumController.php

@@ -45,11 +45,7 @@ class SumController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(BillRepositoryInterface::class);
-
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Model/PiggyBank/IndexController.php

@@ -46,11 +46,7 @@ class IndexController extends Controller
         $this->middleware(
             function ($request, $next) {
                 $this->repository = app(PiggyBankRepositoryInterface::class);
-
-                $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->repository->setUserGroup($this->validateUserGroup($request));
 
                 return $next($request);
             }

app/Api/V2/Controllers/Summary/BasicController.php

@@ -77,13 +77,11 @@ class BasicController extends Controller
                 $this->opsRepository     = app(OperationsRepositoryInterface::class);
 
                 $userGroup               = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->abRepository->setUserGroup($userGroup);
-                    $this->accountRepository->setUserGroup($userGroup);
-                    $this->billRepository->setUserGroup($userGroup);
-                    $this->budgetRepository->setUserGroup($userGroup);
-                    $this->opsRepository->setUserGroup($userGroup);
-                }
+                $this->abRepository->setUserGroup($userGroup);
+                $this->accountRepository->setUserGroup($userGroup);
+                $this->billRepository->setUserGroup($userGroup);
+                $this->budgetRepository->setUserGroup($userGroup);
+                $this->opsRepository->setUserGroup($userGroup);
 
                 return $next($request);
             }
@@ -298,7 +296,7 @@ class BasicController extends Controller
             app('log')->debug(sprintf('Amount left is %s', $left));
 
             // how much left per day?
-            $days                    = (int) $today->diffInDays($end, true) + 1;
+            $days                    = (int)$today->diffInDays($end, true) + 1;
             $perDay                  = '0';
             $perDayNative            = '0';
             if (0 !== $days && bccomp($left, '0') > -1) {

app/Api/V2/Controllers/Summary/NetWorthController.php

@@ -52,10 +52,8 @@ class NetWorthController extends Controller
                 $this->repository = app(AccountRepositoryInterface::class);
                 // new way of user group validation
                 $userGroup        = $this->validateUserGroup($request);
-                if (null !== $userGroup) {
-                    $this->netWorth->setUserGroup($userGroup);
-                    $this->repository->setUserGroup($userGroup);
-                }
+                $this->netWorth->setUserGroup($userGroup);
+                $this->repository->setUserGroup($userGroup);
 
                 return $next($request);
             }

app/Api/V2/Controllers/UserGroup/UpdateController.php

@@ -79,4 +79,12 @@ class UpdateController extends Controller
             ->header('Content-Type', self::CONTENT_TYPE)
         ;
     }
+
+    public function useUserGroup(UserGroup $userGroup): JsonResponse
+    {
+        // group validation is already in place, so can just update the user.
+        $this->repository->useUserGroup($userGroup);
+
+        return response()->json([], 204);
+    }
 }

app/Api/V2/Request/Chart/BalanceChartRequest.php

@@ -24,6 +24,7 @@ declare(strict_types=1);
 
 namespace FireflyIII\Api\V2\Request\Chart;
 
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait;
 use FireflyIII\Support\Request\ChecksLogin;
 use FireflyIII\Support\Request\ConvertsDataTypes;
@@ -39,6 +40,7 @@ class BalanceChartRequest extends FormRequest
     use ChecksLogin;
     use ConvertsDataTypes;
     use ValidatesUserGroupTrait;
+    protected array                    $acceptedRoles = [UserRoleEnum::READ_ONLY];
 
     /**
      * Get all data from the request.

app/Api/V2/Request/Chart/DashboardChartRequest.php

@@ -23,6 +23,7 @@ declare(strict_types=1);
 
 namespace FireflyIII\Api\V2\Request\Chart;
 
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait;
 use FireflyIII\Support\Request\ChecksLogin;
 use FireflyIII\Support\Request\ConvertsDataTypes;
@@ -39,6 +40,8 @@ class DashboardChartRequest extends FormRequest
     use ConvertsDataTypes;
     use ValidatesUserGroupTrait;
 
+    protected array $acceptedRoles = [UserRoleEnum::READ_ONLY];
+
     /**
      * Get all data from the request.
      */

app/Api/V2/Request/Model/Account/IndexRequest.php

@@ -44,14 +44,11 @@ class IndexRequest extends FormRequest
 
     public function getAccountTypes(): array
     {
-        $type = (string)$this->get('type', 'default');
+        $type = (string) $this->get('type', 'default');
 
         return $this->mapAccountTypes($type);
     }
 
-    /**
-     * Get all data from the request.
-     */
     public function getDate(): Carbon
     {
         return $this->getCarbonDate('date');
@@ -63,7 +60,9 @@ class IndexRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'date' => 'date|after:1900-01-01|before:2099-12-31',
+            'date'  => 'date|after:1900-01-01|before:2099-12-31',
+            'start' => 'date|after:1900-01-01|before:2099-12-31|before:end|required_with:end',
+            'end'   => 'date|after:1900-01-01|before:2099-12-31|after:start|required_with:start',
         ];
     }
 }

app/Api/V2/Request/UserGroup/UpdateRequest.php

@@ -26,6 +26,7 @@ namespace FireflyIII\Api\V2\Request\UserGroup;
 
 use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Models\UserGroup;
+use FireflyIII\Rules\IsDefaultUserGroupName;
 use FireflyIII\Support\Request\ChecksLogin;
 use FireflyIII\Support\Request\ConvertsDataTypes;
 use Illuminate\Foundation\Http\FormRequest;
@@ -53,7 +54,7 @@ class UpdateRequest extends FormRequest
         $userGroup = $this->route()->parameter('userGroup');
 
         return [
-            'title' => sprintf('required|min:1|max:255|unique:user_groups,title,%d', $userGroup->id),
+            'title' => ['required', 'min:1', 'max:255', sprintf('unique:user_groups,title,%d', $userGroup->id), new IsDefaultUserGroupName($userGroup)],
         ];
     }
 }

app/Console/Commands/Correction/CorrectDatabase.php

@@ -73,6 +73,7 @@ class CorrectDatabase extends Command
             // new!
             'firefly-iii:unify-group-accounts',
             'firefly-iii:trigger-credit-recalculation',
+            'firefly-iii:migrate-preferences',
         ];
         foreach ($commands as $command) {
             $this->friendlyLine(sprintf('Now executing command "%s"', $command));

app/Console/Commands/Correction/FixFrontpageAccounts.php

@@ -50,7 +50,7 @@ class FixFrontpageAccounts extends Command
 
         /** @var User $user */
         foreach ($users as $user) {
-            $preference = app('preferences')->getForUser($user, 'frontPageAccounts');
+            $preference = app('preferences')->getForUser($user, 'frontpageAccounts');
             if (null !== $preference) {
                 $this->fixPreference($preference);
             }
@@ -83,6 +83,6 @@ class FixFrontpageAccounts extends Command
                 }
             }
         }
-        app('preferences')->setForUser($preference->user, 'frontPageAccounts', $fixed);
+        app('preferences')->setForUser($preference->user, 'frontpageAccounts', $fixed);
     }
 }

app/Console/Commands/Correction/MigratePreferences.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+/*
+ * MigratePreferences.php
+ * Copyright (c) 2024 james@firefly-iii.org.
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see https://www.gnu.org/licenses/.
+ */
+
+namespace FireflyIII\Console\Commands\Correction;
+
+use FireflyIII\Models\Preference;
+use FireflyIII\User;
+use Illuminate\Console\Command;
+use Symfony\Component\Console\Command\Command as CommandAlias;
+
+class MigratePreferences extends Command
+{
+    protected $description = 'Give Firefly III preferences a user group ID so they can be made administration specific.';
+
+    protected $signature   = 'firefly-iii:migrate-preferences';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $items = config('firefly.admin_specific_prefs');
+        $users = User::get();
+
+        /** @var User $user */
+        foreach ($users as $user) {
+            $count = 0;
+            foreach ($items as $item) {
+                $preference = Preference::where('name', $item)->where('user_id', $user->id)->first();
+                if (null === $preference) {
+                    continue;
+                }
+                if (null !== $preference->user_group_id) {
+                    $preference->user_group_id = $user->user_group_id;
+                    $preference->save();
+                    ++$count;
+                }
+            }
+            if ($count > 0) {
+                $this->info(sprintf('Migrated %d preference(s) for user #%d ("%s").', $count, $user->id, $user->email));
+            }
+        }
+
+        return CommandAlias::SUCCESS;
+    }
+}

app/Console/Commands/Export/ExportData.php

@@ -191,7 +191,7 @@ class ExportData extends Command
                 $this->friendlyError(sprintf('%s date "%s" must be formatted YYYY-MM-DD. Field will be ignored.', $field, $this->option('start')));
                 $error = true;
             }
-            if (false === $date) {
+            if (null === $date) {
                 $this->friendlyError(sprintf('%s date "%s" must be formatted YYYY-MM-DD.', $field, $this->option('start')));
 
                 throw new FireflyException(sprintf('%s date "%s" must be formatted YYYY-MM-DD.', $field, $this->option('start')));

app/Console/Commands/System/LaravelPassportKeys.php

@@ -32,24 +32,13 @@ class LaravelPassportKeys extends Command
 {
     use ShowsFriendlyMessages;
 
-    /**
-     * The name and signature of the console command.
-     *
-     * @var string
-     */
-    protected $signature   = 'firefly-iii:laravel-passport-keys';
-
-    /**
-     * The console command description.
-     *
-     * @var string
-     */
     protected $description = 'Calls the Laravel "passport:keys" but doesn\'t exit 1.';
+    protected $signature   = 'firefly-iii:laravel-passport-keys';
 
     /**
      * Execute the console command.
      */
-    public function handle()
+    public function handle(): int
     {
         Artisan::call('passport:keys --no-interaction', []);
         $result = Artisan::output();

app/Console/Commands/Tools/ApplyRules.php

@@ -285,7 +285,7 @@ class ApplyRules extends Command
         if (null !== $endString && '' !== $endString) {
             $inputEnd = Carbon::createFromFormat('Y-m-d', $endString);
         }
-        if (false === $inputEnd || false === $inputStart) {
+        if (null === $inputEnd || null === $inputStart) {
             Log::error('Could not parse start or end date in verifyInputDate().');
 
             return;

app/Console/Commands/Upgrade/UpgradeDatabase.php

@@ -69,6 +69,7 @@ class UpgradeDatabase extends Command
             'firefly-iii:create-group-memberships',
             'firefly-iii:upgrade-group-information',
             'firefly-iii:upgrade-currency-preferences',
+            'firefly-iii:correct-database',
         ];
         $args     = [];
         if ($this->option('force')) {

app/Exceptions/Handler.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace FireflyIII\Exceptions;
 
 use FireflyIII\Jobs\MailError;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Database\QueryException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
@@ -98,6 +99,13 @@ class Handler extends ExceptionHandler
             return response()->json(['message' => 'Resource not found', 'exception' => 'NotFoundHttpException'], 404);
         }
 
+        if ($e instanceof AuthorizationException && $expectsJson) {
+            // somehow Laravel handler does not catch this:
+            app('log')->debug('Return JSON unauthorized error.');
+
+            return response()->json(['message' => $e->getMessage(), 'exception' => 'AuthorizationException'], 401);
+        }
+
         if ($e instanceof AuthenticationException && $expectsJson) {
             // somehow Laravel handler does not catch this:
             app('log')->debug('Return JSON unauthenticated error.');

app/Handlers/Events/UserEventHandler.php

@@ -405,7 +405,7 @@ class UserEventHandler
             }
             // clean up old entries (6 months)
             $carbon = Carbon::createFromFormat('Y-m-d H:i:s', $preference[$index]['time']);
-            if (false !== $carbon && $carbon->diffInMonths(today(), true) > 6) {
+            if (null !== $carbon && $carbon->diffInMonths(today(), true) > 6) {
                 app('log')->debug(sprintf('Entry for %s is very old, remove it.', $row['ip']));
                 unset($preference[$index]);
             }

app/Http/Controllers/Account/CreateController.php

@@ -145,13 +145,13 @@ class CreateController extends Controller
         Log::channel('audit')->info('Stored new account.', $data);
 
         // update preferences if necessary:
-        $frontPage = app('preferences')->get('frontPageAccounts', [])->data;
-        if (!is_array($frontPage)) {
-            $frontPage = [];
+        $frontpage = app('preferences')->get('frontpageAccounts', [])->data;
+        if (!is_array($frontpage)) {
+            $frontpage = [];
         }
         if (AccountType::ASSET === $account->accountType->type) {
-            $frontPage[] = $account->id;
-            app('preferences')->set('frontPageAccounts', $frontPage);
+            $frontpage[] = $account->id;
+            app('preferences')->set('frontpageAccounts', $frontpage);
         }
 
         // store attachment(s):

app/Http/Controllers/Account/ShowController.php

@@ -106,7 +106,7 @@ class ShowController extends Controller
         $periods          = $this->getAccountPeriodOverview($account, $firstTransaction, $end);
 
         // if layout = v2, overrule the page title.
-        if ('v1' !== config('firefly.layout')) {
+        if ('v1' !== config('view.layout')) {
             $subTitle = (string)trans('firefly.all_journals_for_account', ['name' => $account->name]);
         }
 

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -31,6 +31,7 @@ use Illuminate\Contracts\View\Factory;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
 use Illuminate\View\View;
 
 /**
@@ -106,6 +107,8 @@ class ForgotPasswordController extends Controller
         }
         $host           = request()->host();
         if ($configuredHost !== $host) {
+            Log::error(sprintf('Host header is "%s", APP_URL is "%s".', $host, $configuredHost));
+
             throw new FireflyException('The Host-header does not match the host in the APP_URL environment variable. Please make sure these match. See also: https://bit.ly/FF3-host-header');
         }
     }

app/Http/Controllers/Budget/BudgetLimitController.php

@@ -128,7 +128,7 @@ class BudgetLimitController extends Controller
         $start    = Carbon::createFromFormat('Y-m-d', $request->get('start'));
         $end      = Carbon::createFromFormat('Y-m-d', $request->get('end'));
 
-        if (false === $start || false === $end) {
+        if (null === $start || null === $end) {
             return response()->json([]);
         }
 

app/Http/Controllers/Chart/AccountController.php

@@ -301,14 +301,14 @@ class AccountController extends Controller
         $end            = clone session('end', today(config('app.timezone'))->endOfMonth());
         $defaultSet     = $repository->getAccountsByType([AccountType::DEFAULT, AccountType::ASSET])->pluck('id')->toArray();
         app('log')->debug('Default set is ', $defaultSet);
-        $frontPage      = app('preferences')->get('frontPageAccounts', $defaultSet);
-        $frontPageArray = !is_array($frontPage->data) ? [] : $frontPage->data;
-        app('log')->debug('Frontpage preference set is ', $frontPageArray);
-        if (0 === count($frontPageArray)) {
-            app('preferences')->set('frontPageAccounts', $defaultSet);
+        $frontpage      = app('preferences')->get('frontpageAccounts', $defaultSet);
+        $frontpageArray = !is_array($frontpage->data) ? [] : $frontpage->data;
+        app('log')->debug('Frontpage preference set is ', $frontpageArray);
+        if (0 === count($frontpageArray)) {
+            app('preferences')->set('frontpageAccounts', $defaultSet);
             app('log')->debug('frontpage set is empty!');
         }
-        $accounts       = $repository->getAccountsById($frontPageArray);
+        $accounts       = $repository->getAccountsById($frontpageArray);
 
         return response()->json($this->accountBalanceChart($accounts, $start, $end));
     }

app/Http/Controllers/Chart/CategoryController.php

@@ -116,8 +116,8 @@ class CategoryController extends Controller
             return response()->json($cache->get());
         }
 
-        $frontPageGenerator = new FrontpageChartGenerator($start, $end);
-        $chartData          = $frontPageGenerator->generate();
+        $frontpageGenerator = new FrontpageChartGenerator($start, $end);
+        $chartData          = $frontpageGenerator->generate();
         $data               = $this->generator->multiSet($chartData);
         $cache->store($data);
 

app/Http/Controllers/Controller.php

@@ -70,7 +70,7 @@ abstract class Controller extends BaseController
         $logoutUrl        = config('firefly.custom_logout_url');
 
         // overrule v2 layout back to v1.
-        if ('true' === request()->get('force_default_layout') && 'v2' === config('firefly.layout')) {
+        if ('true' === request()->get('force_default_layout') && 'v2' === config('view.layout')) {
             app('view')->getFinder()->setPaths([realpath(base_path('resources/views'))]); // @phpstan-ignore-line
         }
 

app/Http/Controllers/HomeController.php

@@ -79,10 +79,10 @@ class HomeController extends Controller
             app('log')->error(sprintf('End could not parse date string "%s" so ignore it.', $stringEnd));
             $end = Carbon::now()->endOfMonth();
         }
-        if (false === $start) {
+        if (null === $start) {
             $start = Carbon::now()->startOfMonth();
         }
-        if (false === $end) {
+        if (null === $end) {
             $end = Carbon::now()->endOfMonth();
         }
 
@@ -120,19 +120,34 @@ class HomeController extends Controller
      */
     public function index(AccountRepositoryInterface $repository): mixed
     {
-        $types          = config('firefly.accountTypesByIdentifier.asset');
-        $count          = $repository->count($types);
+        $types = config('firefly.accountTypesByIdentifier.asset');
+        $count = $repository->count($types);
         Log::channel('audit')->info('User visits homepage.');
 
         if (0 === $count) {
             return redirect(route('new-user.index'));
         }
+
+        if ('v1' === (string)config('view.layout')) {
+            return $this->indexV1($repository);
+        }
+        if ('v2' === (string)config('view.layout')) {
+            return $this->indexV2();
+        }
+
+        throw new FireflyException('Invalid layout configuration');
+    }
+
+    private function indexV1(AccountRepositoryInterface $repository): mixed
+    {
+        $types          = config('firefly.accountTypesByIdentifier.asset');
+        $count          = $repository->count($types);
         $subTitle       = (string)trans('firefly.welcome_back');
         $transactions   = [];
-        $frontPage      = app('preferences')->getFresh('frontPageAccounts', $repository->getAccountsByType([AccountType::ASSET])->pluck('id')->toArray());
-        $frontPageArray = $frontPage->data;
-        if (!is_array($frontPageArray)) {
-            $frontPageArray = [];
+        $frontpage      = app('preferences')->getFresh('frontpageAccounts', $repository->getAccountsByType([AccountType::ASSET])->pluck('id')->toArray());
+        $frontpageArray = $frontpage->data;
+        if (!is_array($frontpageArray)) {
+            $frontpageArray = [];
         }
 
         /** @var Carbon $start */
@@ -140,13 +155,11 @@ class HomeController extends Controller
 
         /** @var Carbon $end */
         $end            = session('end', today(config('app.timezone'))->endOfMonth());
-        $accounts       = $repository->getAccountsById($frontPageArray);
+        $accounts       = $repository->getAccountsById($frontpageArray);
         $today          = today(config('app.timezone'));
+        $accounts       = $accounts->sortBy('order'); // sort frontpage accounts by order
 
-        // sort frontpage accounts by order
-        $accounts       = $accounts->sortBy('order');
-
-        app('log')->debug('Frontpage accounts are ', $frontPageArray);
+        app('log')->debug('Frontpage accounts are ', $frontpageArray);
 
         /** @var BillRepositoryInterface $billRepository */
         $billRepository = app(BillRepositoryInterface::class);
@@ -166,4 +179,18 @@ class HomeController extends Controller
 
         return view('index', compact('count', 'subTitle', 'transactions', 'billCount', 'start', 'end', 'today'));
     }
+
+    private function indexV2(): mixed
+    {
+        $subTitle = (string)trans('firefly.welcome_back');
+
+        $start    = session('start', today(config('app.timezone'))->startOfMonth());
+        $end      = session('end', today(config('app.timezone'))->endOfMonth());
+
+        /** @var User $user */
+        $user     = auth()->user();
+        event(new RequestedVersionCheckStatus($user));
+
+        return view('index', compact('subTitle', 'start', 'end'));
+    }
 }

app/Http/Controllers/Json/BoxController.php

@@ -130,7 +130,7 @@ class BoxController extends Controller
                 $boxTitle         = (string)trans('firefly.left_to_spend');
                 $activeDaysLeft   = $this->activeDaysLeft($start, $end);   // see method description.
                 $display          = 1;                                     // not overspent
-                $leftPerDayAmount = 0 === (int) $activeDaysLeft ? $leftToSpendAmount : bcdiv($leftToSpendAmount, (string)$activeDaysLeft);
+                $leftPerDayAmount = 0 === $activeDaysLeft ? $leftToSpendAmount : bcdiv($leftToSpendAmount, (string)$activeDaysLeft);
                 app('log')->debug(sprintf('Left to spend per day is %s', $leftPerDayAmount));
             }
         }

app/Http/Controllers/Json/RecurrenceController.php

@@ -81,7 +81,7 @@ class RecurrenceController extends Controller
         $skip                          = $skip < 0 || $skip > 31 ? 0 : $skip;
         $weekend                       = $weekend < 1 || $weekend > 4 ? 1 : $weekend;
 
-        if (false === $start || false === $end || false === $firstDate || false === $endDate) {
+        if (null === $start || null === $end || null === $firstDate || null === $endDate) {
             return response()->json();
         }
 
@@ -112,7 +112,7 @@ class RecurrenceController extends Controller
         $actualEnd                     = clone $end;
 
         if ('until_date' === $endsAt) {
-            $actualEnd   = $endDate ?? clone $end;
+            $actualEnd   = $endDate;
             $occurrences = $this->recurring->getOccurrencesInRange($repetition, $actualStart, $actualEnd);
         }
         if ('times' === $endsAt) {
@@ -155,7 +155,7 @@ class RecurrenceController extends Controller
         } catch (InvalidFormatException $e) {
             $date = Carbon::today(config('app.timezone'));
         }
-        if (false === $date) {
+        if (null === $date) {
             return response()->json();
         }
         $date->startOfDay();

app/Http/Controllers/NewUserController.php

@@ -115,7 +115,7 @@ class NewUserController extends Controller
 
         // store frontpage preferences:
         $accounts      = $this->repository->getAccountsByType([AccountType::ASSET])->pluck('id')->toArray();
-        app('preferences')->set('frontPageAccounts', $accounts);
+        app('preferences')->set('frontpageAccounts', $accounts);
 
         // mark.
         app('preferences')->mark();

app/Http/Controllers/PreferencesController.php

@@ -89,10 +89,10 @@ class PreferencesController extends Controller
         /** @var array<int, int> $accountIds */
         $accountIds            = $accounts->pluck('id')->toArray();
         $viewRange             = app('navigation')->getViewRange(false);
-        $frontPageAccountsPref = app('preferences')->get('frontPageAccounts', $accountIds);
-        $frontPageAccounts     = $frontPageAccountsPref->data;
-        if (!is_array($frontPageAccounts)) {
-            $frontPageAccounts = $accountIds;
+        $frontpageAccountsPref = app('preferences')->get('frontpageAccounts', $accountIds);
+        $frontpageAccounts     = $frontpageAccountsPref->data;
+        if (!is_array($frontpageAccounts)) {
+            $frontpageAccounts = $accountIds;
         }
         $language              = app('steam')->getLanguage();
         $languages             = config('firefly.languages');
@@ -128,8 +128,8 @@ class PreferencesController extends Controller
         $locales               = ['equal' => (string)trans('firefly.equal_to_language')] + $locales;
         // an important fallback is that the frontPageAccount array gets refilled automatically
         // when it turns up empty.
-        if (0 === count($frontPageAccounts)) {
-            $frontPageAccounts = $accountIds;
+        if (0 === count($frontpageAccounts)) {
+            $frontpageAccounts = $accountIds;
         }
 
         // for the demo user, the slackUrl is automatically emptied.
@@ -139,7 +139,7 @@ class PreferencesController extends Controller
             $slackUrl = '';
         }
 
-        return view('preferences.index', compact('language', 'groupedAccounts', 'isDocker', 'frontPageAccounts', 'languages', 'darkMode', 'availableDarkModes', 'notifications', 'slackUrl', 'locales', 'locale', 'tjOptionalFields', 'viewRange', 'customFiscalYear', 'listPageSize', 'fiscalYearStart'));
+        return view('preferences.index', compact('language', 'groupedAccounts', 'isDocker', 'frontpageAccounts', 'languages', 'darkMode', 'availableDarkModes', 'notifications', 'slackUrl', 'locales', 'locale', 'tjOptionalFields', 'viewRange', 'customFiscalYear', 'listPageSize', 'fiscalYearStart'));
     }
 
     /**
@@ -155,12 +155,12 @@ class PreferencesController extends Controller
     public function postIndex(Request $request)
     {
         // front page accounts
-        $frontPageAccounts = [];
-        if (is_array($request->get('frontPageAccounts')) && count($request->get('frontPageAccounts')) > 0) {
-            foreach ($request->get('frontPageAccounts') as $id) {
-                $frontPageAccounts[] = (int)$id;
+        $frontpageAccounts = [];
+        if (is_array($request->get('frontpageAccounts')) && count($request->get('frontpageAccounts')) > 0) {
+            foreach ($request->get('frontpageAccounts') as $id) {
+                $frontpageAccounts[] = (int)$id;
             }
-            app('preferences')->set('frontPageAccounts', $frontPageAccounts);
+            app('preferences')->set('frontpageAccounts', $frontpageAccounts);
         }
 
         // extract notifications:
@@ -223,8 +223,8 @@ class PreferencesController extends Controller
 
         // same for locale:
         if (!auth()->user()->hasRole('demo')) {
-            /** @var Preference $locale */
-            $locale = $request->get('locale');
+            $locale = (string) $request->get('locale');
+            $locale = '' === $locale ? null : $locale;
             app('preferences')->set('locale', $locale);
         }
 

app/Http/Controllers/ProfileController.php

@@ -23,7 +23,6 @@ declare(strict_types=1);
 
 namespace FireflyIII\Http\Controllers;
 
-use Auth;
 use FireflyIII\Events\UserChangedEmail;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Exceptions\ValidationException;
@@ -467,9 +466,7 @@ class ProfileController extends Controller
         if (is_array($secret)) {
             $secret = null;
         }
-        if (is_int($secret)) {
-            $secret = (string)$secret;
-        }
+        $secret     = (string)$secret;
 
         $repository->setMFACode($user, $secret);
 

app/Http/Controllers/UserGroup/CreateController.php

@@ -36,7 +36,7 @@ class CreateController extends Controller
     public function create()
     {
         $title         = (string)trans('firefly.administrations_page_title');
-        $subTitle      = (string)trans('firefly.administrations_page_sub_title');
+        $subTitle      = (string)trans('firefly.administrations_page_create_sub_title');
         $mainTitleIcon = 'fa-book';
         app('log')->debug(sprintf('Now at %s', __METHOD__));
 

app/Http/Controllers/UserGroup/EditController.php

@@ -0,0 +1,46 @@
+<?php
+/*
+ * CreateController.php
+ * Copyright (c) 2024 james@firefly-iii.org.
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see https://www.gnu.org/licenses/.
+ */
+
+declare(strict_types=1);
+
+namespace FireflyIII\Http\Controllers\UserGroup;
+
+use FireflyIII\Http\Controllers\Controller;
+use FireflyIII\Models\UserGroup;
+use Illuminate\Contracts\View\Factory;
+use Illuminate\Contracts\View\View;
+use Illuminate\Foundation\Application;
+
+class EditController extends Controller
+{
+    /**
+     * @return Application|Factory|\Illuminate\Contracts\Foundation\Application|View
+     */
+    public function edit(UserGroup $userGroup)
+    {
+        $title         = (string)trans('firefly.administrations_page_title');
+        $subTitle      = (string)trans('firefly.administrations_page_edit_sub_title', ['title' => $userGroup->title]);
+        $mainTitleIcon = 'fa-book';
+        app('log')->debug(sprintf('Now at %s', __METHOD__));
+
+        return view('administrations.edit')->with(compact('title', 'subTitle', 'mainTitleIcon'));
+    }
+}

app/Http/Middleware/SecureHeaders.php

@@ -25,6 +25,7 @@ namespace FireflyIII\Http\Middleware;
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Vite;
+use Barryvdh\Debugbar\Facades\Debugbar;
 
 /**
  * Class SecureHeaders
@@ -43,6 +44,9 @@ class SecureHeaders
         // generate and share nonce.
         $nonce              = base64_encode(random_bytes(16));
         Vite::useCspNonce($nonce);
+        if (class_exists('Barryvdh\Debugbar\Facades\Debugbar')) {
+            Debugbar::getJavascriptRenderer()->setCspNonce($nonce);
+        }
         app('view')->share('JS_NONCE', $nonce);
 
         $response           = $next($request);
@@ -55,14 +59,29 @@ class SecureHeaders
             "base-uri 'self'",
             "font-src 'self' data:",
             sprintf("connect-src 'self' %s", $trackingScriptSrc),
-            sprintf("img-src 'self' 'nonce-%1s'", $nonce),
+            sprintf("img-src 'self' data: 'nonce-%1s' ", $nonce),
             "manifest-src 'self'",
         ];
 
+        // overrule in development mode
+        if (true === env('IS_LOCAL_DEV')) {
+            $csp = [
+                "default-src 'none'",
+                "object-src 'none'",
+                sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'nonce-%1s' https://firefly.sd.internal/_debugbar/assets", $nonce),
+                "style-src 'unsafe-inline' 'self' https://10.0.0.15:5173/",
+                "base-uri 'self'",
+                "font-src 'self' data: https://10.0.0.15:5173/",
+                sprintf("connect-src 'self' %s https://10.0.0.15:5173/ wss://10.0.0.15:5173/", $trackingScriptSrc),
+                sprintf("img-src 'self' data: 'nonce-%1s'", $nonce),
+                "manifest-src 'self'",
+            ];
+        }
+
         $route              = $request->route();
         $customUrl          = '';
-        $authGuard          = (string)config('firefly.authentication_guard');
-        $logoutUrl          = (string)config('firefly.custom_logout_url');
+        $authGuard          = (string) config('firefly.authentication_guard');
+        $logoutUrl          = (string) config('firefly.custom_logout_url');
         if ('remote_user_guard' === $authGuard && '' !== $logoutUrl) {
             $customUrl = $logoutUrl;
         }
@@ -110,8 +129,8 @@ class SecureHeaders
      */
     private function getTrackingScriptSource(): string
     {
-        if ('' !== (string)config('firefly.tracker_site_id') && '' !== (string)config('firefly.tracker_url')) {
-            return (string)config('firefly.tracker_url');
+        if ('' !== (string) config('firefly.tracker_site_id') && '' !== (string) config('firefly.tracker_url')) {
+            return (string) config('firefly.tracker_url');
         }
 
         return '';

app/Jobs/DownloadExchangeRates.php

@@ -119,7 +119,7 @@ class DownloadExchangeRates implements ShouldQueue
             return;
         }
         $date       = Carbon::createFromFormat('Y-m-d', $json['date'], config('app.timezone'));
-        if (false === $date) {
+        if (null === $date) {
             return;
         }
         $this->saveRates($currency, $date, $json['rates']);

app/Jobs/MailError.php

@@ -27,6 +27,7 @@ use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Mail\Message;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\Log;
 use Symfony\Component\Mailer\Exception\TransportException;
 
 /**
@@ -68,6 +69,14 @@ class MailError extends Job implements ShouldQueue
         $args['user']     = $this->userData;
         $args['ip']       = $this->ipAddress;
         $args['token']    = config('firefly.ipinfo_token');
+
+        // limit number of error mails that can be sent.
+        if ($this->reachedLimit()) {
+            Log::info('MailError: reached limit, not sending email.');
+
+            return;
+        }
+
         if ($this->attempts() < 3 && '' !== $email) {
             try {
                 \Mail::send(
@@ -96,4 +105,62 @@ class MailError extends Job implements ShouldQueue
             }
         }
     }
+
+    private function reachedLimit(): bool
+    {
+        Log::debug('reachedLimit()');
+        $types     = [
+            '5m'  => ['limit' => 5, 'reset' => 5 * 60],
+            '1h'  => ['limit' => 15, 'reset' => 60 * 60],
+            '24h' => ['limit' => 15, 'reset' => 24 * 60 * 60],
+        ];
+        $file      = storage_path('framework/cache/error-count.json');
+        $directory = storage_path('framework/cache');
+        $limits    = [];
+
+        if (!is_writable($directory)) {
+            Log::error(sprintf('MailError: cannot write to "%s", cannot rate limit errors!', $directory));
+
+            return false;
+        }
+
+        if (!file_exists($file)) {
+            Log::debug(sprintf('Wrote new file in "%s"', $file));
+            file_put_contents($file, json_encode($limits, JSON_PRETTY_PRINT));
+        }
+        if (file_exists($file)) {
+            Log::debug(sprintf('Read file in "%s"', $file));
+            $limits = json_decode((string)file_get_contents($file), true);
+        }
+        // limit reached?
+        foreach ($types as $type => $info) {
+            Log::debug(sprintf('Now checking limit "%s"', $type), $info);
+            if (!array_key_exists($type, $limits)) {
+                Log::debug(sprintf('Limit "%s" reset to zero, did not exist yet.', $type));
+                $limits[$type] = [
+                    'time' => time(),
+                    'sent' => 0,
+                ];
+            }
+
+            if (time() - $limits[$type]['time'] > $info['reset']) {
+                Log::debug(sprintf('Time past for this limit is %d seconds, exceeding %d seconds. Reset to zero.', time() - $limits[$type]['time'], $info['reset']));
+                $limits[$type] = [
+                    'time' => time(),
+                    'sent' => 0,
+                ];
+            }
+
+            if ($limits[$type]['sent'] > $info['limit']) {
+                Log::warning(sprintf('Sent %d emails in %s, return true.', $limits[$type]['sent'], $type));
+
+                return true;
+            }
+            ++$limits[$type]['sent'];
+        }
+        file_put_contents($file, json_encode($limits, JSON_PRETTY_PRINT));
+        Log::debug('No limits reached, return FALSE.');
+
+        return false;
+    }
 }

app/Jobs/WarnAboutBills.php

@@ -128,7 +128,7 @@ class WarnAboutBills implements ShouldQueue
         $today  = clone $this->date;
         $carbon = clone $bill->{$field};
 
-        return (int) $today->diffInDays($carbon);
+        return (int)$today->diffInDays($carbon);
     }
 
     private function sendWarning(Bill $bill, string $field): void

app/Models/Account.php

@@ -110,6 +110,7 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  * @method static EloquentBuilder|Account whereUserGroupId($value)
  *
  * @property null|UserGroup $userGroup
+ * @property mixed          $account_id
  *
  * @mixin Eloquent
  */

app/Models/InvitedUser.php

@@ -61,6 +61,8 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  * @method static Builder|InvitedUser whereUpdatedAt($value)
  * @method static Builder|InvitedUser whereUserId($value)
  *
+ * @property mixed $user_group_id
+ *
  * @mixin Eloquent
  */
 class InvitedUser extends Model

app/Models/Preference.php

@@ -36,13 +36,13 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 /**
  * FireflyIII\Models\Preference
  *
- * @property int                   $id
- * @property null|Carbon           $created_at
- * @property null|Carbon           $updated_at
- * @property int                   $user_id
- * @property string                $name
- * @property null|array|int|string $data
- * @property User                  $user
+ * @property int                        $id
+ * @property null|Carbon                $created_at
+ * @property null|Carbon                $updated_at
+ * @property int                        $user_id
+ * @property string                     $name
+ * @property null|array|bool|int|string $data
+ * @property User                       $user
  *
  * @method static Builder|Preference newModelQuery()
  * @method static Builder|Preference newQuery()
@@ -54,6 +54,8 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  * @method static Builder|Preference whereUpdatedAt($value)
  * @method static Builder|Preference whereUserId($value)
  *
+ * @property mixed $user_group_id
+ *
  * @mixin Eloquent
  */
 class Preference extends Model
@@ -79,22 +81,39 @@ class Preference extends Model
     {
         if (auth()->check()) {
             /** @var User $user */
-            $user       = auth()->user();
+            $user        = auth()->user();
+
+            // some preferences do not have an administration ID.
+            // some need it, to make sure the correct one is selected.
+            $userGroupId = (int)$user->user_group_id;
+            $userGroupId = 0 === $userGroupId ? null : $userGroupId;
 
             /** @var null|Preference $preference */
-            $preference = $user->preferences()->where('name', $value)->first();
+            $preference  = null;
+            $items       = config('firefly.admin_specific_prefs');
+            if (null !== $userGroupId && in_array($value, $items, true)) {
+                // find a preference with a specific user_group_id
+                $preference = $user->preferences()->where('user_group_id', $userGroupId)->where('name', $value)->first();
+            }
+            if (!in_array($value, $items, true)) {
+                // find any one.
+                $preference = $user->preferences()->where('name', $value)->first();
+            }
+
+            // try again with ID, but this time don't care about the preferred user_group_id
             if (null === $preference) {
                 $preference = $user->preferences()->where('id', (int)$value)->first();
             }
             if (null !== $preference) {
                 return $preference;
             }
-            $default    = config('firefly.default_preferences');
+            $default     = config('firefly.default_preferences');
             if (array_key_exists($value, $default)) {
-                $preference          = new self();
-                $preference->name    = $value;
-                $preference->data    = $default[$value];
-                $preference->user_id = (int)$user->id;
+                $preference                = new self();
+                $preference->name          = $value;
+                $preference->data          = $default[$value];
+                $preference->user_id       = (int)$user->id;
+                $preference->user_group_id = in_array($value, $items, true) ? $userGroupId : null;
                 $preference->save();
 
                 return $preference;

app/Models/RecurrenceTransaction.php

@@ -81,6 +81,7 @@ use Illuminate\Database\Query\Builder;
  * @method static \Illuminate\Database\Eloquent\Builder|RecurrenceTransaction whereTransactionTypeId($value)
  *
  * @property null|TransactionType $transactionType
+ * @property mixed                $user_id
  *
  * @mixin Eloquent
  */

app/Providers/AppServiceProvider.php

@@ -69,7 +69,10 @@ class AppServiceProvider extends ServiceProvider
             if ('' === $firstParam && str_contains($name, $route)) {
                 return true;
             }
-            $params     = Route::getCurrentRoute()->parameters() ?? [];
+
+            /** @var null|array $params */
+            $params     = Route::getCurrentRoute()->parameters();
+            $params ??= [];
             $objectType = $params['objectType'] ?? '';
             if ($objectType === $firstParam && str_contains($name, $route)) {
                 return true;

app/Repositories/Budget/BudgetRepository.php

@@ -183,21 +183,21 @@ class BudgetRepository implements BudgetRepositoryInterface
         //    |-----------|
         //  |----------------|
         if ($start->gte($limit->start_date) && $end->lte($limit->end_date)) {
-            return (int) $start->diffInDays($end, true) + 1; // add one day
+            return (int)$start->diffInDays($end, true) + 1; // add one day
         }
         // limit starts earlier and limit ends first:
         //    |-----------|
         // |-------|
         if ($limit->start_date->lte($start) && $limit->end_date->lte($end)) {
             // return days in the range $start-$limit_end
-            return (int) $start->diffInDays($limit->end_date, true) + 1; // add one day, the day itself
+            return (int)$start->diffInDays($limit->end_date, true) + 1; // add one day, the day itself
         }
         // limit starts later and limit ends earlier
         //    |-----------|
         //           |-------|
         if ($limit->start_date->gte($start) && $limit->end_date->gte($end)) {
             // return days in the range $limit_start - $end
-            return (int) $limit->start_date->diffInDays($end, true) + 1; // add one day, the day itself
+            return (int)$limit->start_date->diffInDays($end, true) + 1; // add one day, the day itself
         }
 
         return 0;

app/Repositories/Budget/OperationsRepository.php

@@ -51,7 +51,7 @@ class OperationsRepository implements OperationsRepositoryInterface
         $total = '0';
         $count = 0;
         foreach ($budget->budgetlimits as $limit) {
-            $diff   = (int) $limit->start_date->diffInDays($limit->end_date, true);
+            $diff   = (int)$limit->start_date->diffInDays($limit->end_date, true);
             $diff   = 0 === $diff ? 1 : $diff;
             $amount = $limit->amount;
             $perDay = bcdiv($amount, (string)$diff);

app/Repositories/PiggyBank/PiggyBankRepository.php

@@ -301,7 +301,7 @@ class PiggyBankRepository implements PiggyBankRepositoryInterface
         if (null !== $piggyBank->targetdate && $repetition->currentamount < $piggyBank->targetamount) {
             $now             = today(config('app.timezone'));
             $startDate       = null !== $piggyBank->startdate && $piggyBank->startdate->gte($now) ? $piggyBank->startdate : $now;
-            $diffInMonths    = (int) $startDate->diffInMonths($piggyBank->targetdate);
+            $diffInMonths    = (int)$startDate->diffInMonths($piggyBank->targetdate);
             $remainingAmount = bcsub($piggyBank->targetamount, $repetition->currentamount);
 
             // more than 1 month to go and still need money to save:

app/Repositories/Recurring/RecurringRepository.php

@@ -473,10 +473,10 @@ class RecurringRepository implements RecurringRepositoryInterface
         if ('yearly' === $repetition->repetition_type) {
             $today       = today(config('app.timezone'))->endOfYear();
             $repDate     = Carbon::createFromFormat('Y-m-d', $repetition->repetition_moment);
-            if (false === $repDate) {
+            if (null === $repDate) {
                 $repDate = clone $today;
             }
-            $diffInYears = (int) $today->diffInYears($repDate, true);
+            $diffInYears = (int)$today->diffInYears($repDate, true);
             $repDate->addYears($diffInYears); // technically not necessary.
             $string      = $repDate->isoFormat((string)trans('config.month_and_day_no_year_js'));
 

app/Repositories/User/UserRepository.php

@@ -242,6 +242,30 @@ class UserRepository implements UserRepositoryInterface
         return false;
     }
 
+    #[\Override]
+    public function getUserGroups(User $user): Collection
+    {
+        $memberships = $user->groupMemberships()->get();
+        $set         = [];
+        $collection  = new Collection();
+
+        /** @var GroupMembership $membership */
+        foreach ($memberships as $membership) {
+            /** @var null|UserGroup $group */
+            $group = $membership->userGroup()->first();
+            if (null !== $group) {
+                $groupId       = $group->id;
+                if (in_array($groupId, array_keys($set), true)) {
+                    continue;
+                }
+                $set[$groupId] = $group;
+            }
+        }
+        $collection->push(...$set);
+
+        return $collection;
+    }
+
     public function inviteUser(null|Authenticatable|User $user, string $email): InvitedUser
     {
         $now                  = today(config('app.timezone'));

app/Repositories/User/UserRepositoryInterface.php

@@ -94,6 +94,8 @@ interface UserRepositoryInterface
      */
     public function getUserData(User $user): array;
 
+    public function getUserGroups(User $user): Collection;
+
     public function hasRole(null|Authenticatable|User $user, string $role): bool;
 
     public function inviteUser(null|Authenticatable|User $user, string $email): InvitedUser;

app/Repositories/UserGroup/UserGroupRepository.php

@@ -106,8 +106,8 @@ class UserGroupRepository implements UserGroupRepositoryInterface
             /** @var null|UserGroup $group */
             $group = $membership->userGroup()->first();
             if (null !== $group) {
-                $groupId       = (int)$group->id;
-                if (in_array($groupId, $set, true)) {
+                $groupId       = $group->id;
+                if (in_array($groupId, array_keys($set), true)) {
                     continue;
                 }
                 $set[$groupId] = $group;
@@ -288,4 +288,23 @@ class UserGroupRepository implements UserGroupRepositoryInterface
 
         return $roles;
     }
+
+    #[\Override]
+    public function useUserGroup(UserGroup $userGroup): void
+    {
+        $this->user->user_group_id = $userGroup->id;
+        $this->user->save();
+    }
+
+    #[\Override]
+    public function getMembershipsFromGroupId(int $groupId): Collection
+    {
+        return $this->user->groupMemberships()->where('user_group_id', $groupId)->get();
+    }
+
+    #[\Override]
+    public function getById(int $id): ?UserGroup
+    {
+        return UserGroup::find($id);
+    }
 }

app/Repositories/UserGroup/UserGroupRepositoryInterface.php

@@ -36,8 +36,12 @@ interface UserGroupRepositoryInterface
 {
     public function destroy(UserGroup $userGroup): void;
 
+    public function getMembershipsFromGroupId(int $groupId): Collection;
+
     public function get(): Collection;
 
+    public function getById(int $id): ?UserGroup;
+
     public function getAll(): Collection;
 
     public function setUser(null|Authenticatable|User $user): void;
@@ -47,4 +51,6 @@ interface UserGroupRepositoryInterface
     public function update(UserGroup $userGroup, array $data): UserGroup;
 
     public function updateMembership(UserGroup $userGroup, array $data): UserGroup;
+
+    public function useUserGroup(UserGroup $userGroup): void;
 }

app/Repositories/UserGroups/Account/AccountRepository.php

@@ -27,11 +27,13 @@ namespace FireflyIII\Repositories\UserGroups\Account;
 use FireflyIII\Models\Account;
 use FireflyIII\Models\AccountMeta;
 use FireflyIII\Models\AccountType;
+use FireflyIII\Models\Transaction;
 use FireflyIII\Models\TransactionCurrency;
 use FireflyIII\Services\Internal\Update\AccountUpdateService;
 use FireflyIII\Support\Repositories\UserGroup\UserGroupTrait;
 use Illuminate\Database\Eloquent\Builder as EloquentBuilder;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 
 /**
  * Class AccountRepository
@@ -121,7 +123,7 @@ class AccountRepository implements AccountRepositoryInterface
         if (!in_array($type, $list, true)) {
             return null;
         }
-        $currencyId = (int)$this->getMetaValue($account, 'currency_id');
+        $currencyId = (int) $this->getMetaValue($account, 'currency_id');
         if ($currencyId > 0) {
             return TransactionCurrency::find($currencyId);
         }
@@ -143,7 +145,7 @@ class AccountRepository implements AccountRepositoryInterface
             return null;
         }
         if (1 === $result->count()) {
-            return (string)$result->first()->data;
+            return (string) $result->first()->data;
         }
 
         return null;
@@ -228,7 +230,7 @@ class AccountRepository implements AccountRepositoryInterface
 
                     continue;
                 }
-                if ($index !== (int)$account->order) {
+                if ($index !== (int) $account->order) {
                     app('log')->debug(sprintf('Account #%d ("%s"): order should %d be but is %d.', $account->id, $account->name, $index, $account->order));
                     $account->order = $index;
                     $account->save();
@@ -305,4 +307,34 @@ class AccountRepository implements AccountRepositoryInterface
 
         return $service->update($account, $data);
     }
+
+    #[\Override]
+    public function getMetaValues(Collection $accounts, array $fields): Collection
+    {
+        $query = AccountMeta::whereIn('account_id', $accounts->pluck('id')->toArray());
+        if (count($fields) > 0) {
+            $query->whereIn('name', $fields);
+        }
+
+        return $query->get(['account_meta.id', 'account_meta.account_id', 'account_meta.name', 'account_meta.data']);
+    }
+
+    #[\Override]
+    public function getAccountTypes(Collection $accounts): Collection
+    {
+        return AccountType::leftJoin('accounts', 'accounts.account_type_id', '=', 'account_types.id')
+            ->whereIn('accounts.id', $accounts->pluck('id')->toArray())
+            ->get(['accounts.id', 'account_types.type'])
+        ;
+    }
+
+    #[\Override]
+    public function getLastActivity(Collection $accounts): array
+    {
+        return Transaction::whereIn('account_id', $accounts->pluck('id')->toArray())
+            ->leftJoin('transaction_journals', 'transaction_journals.id', 'transactions.transaction_journal_id')
+            ->groupBy('transactions.account_id')
+            ->get(['transactions.account_id', DB::raw('MAX(transaction_journals.date) as date_max')])->toArray() // @phpstan-ignore-line
+        ;
+    }
 }

app/Repositories/UserGroups/Account/AccountRepositoryInterface.php

@@ -37,6 +37,12 @@ interface AccountRepositoryInterface
 {
     public function countAccounts(array $types): int;
 
+    public function getAccountTypes(Collection $accounts): Collection;
+
+    public function getLastActivity(Collection $accounts): array;
+
+    public function getMetaValues(Collection $accounts, array $fields): Collection;
+
     public function find(int $accountId): ?Account;
 
     public function findByAccountNumber(string $number, array $types): ?Account;
@@ -63,6 +69,8 @@ interface AccountRepositoryInterface
      */
     public function getMetaValue(Account $account, string $field): ?string;
 
+    public function getUserGroup(): UserGroup;
+
     /**
      * Reset order types of the mentioned accounts.
      */

app/Rules/IsDefaultUserGroupName.php

@@ -0,0 +1,63 @@
+<?php
+
+/**
+ * IsTransferAccount.php
+ * Copyright (c) 2020 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+namespace FireflyIII\Rules;
+
+use FireflyIII\Models\UserGroup;
+use FireflyIII\Repositories\User\UserRepositoryInterface;
+use FireflyIII\User;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+/**
+ * Class IsDefaultUserGroupName
+ */
+class IsDefaultUserGroupName implements ValidationRule
+{
+    private UserGroup $userGroup;
+
+    public function __construct(UserGroup $userGroup)
+    {
+        $this->userGroup = $userGroup;
+    }
+
+    /**
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function validate(string $attribute, mixed $value, \Closure $fail): void
+    {
+        app('log')->debug(sprintf('Now in %s(%s)', __METHOD__, $value));
+
+        // are you owner of this group and the name is the same? fail.
+        /** @var User $user */
+        $user      = auth()->user();
+
+        /** @var UserRepositoryInterface $userRepos */
+        $userRepos = app(UserRepositoryInterface::class);
+
+        $roles     = $userRepos->getRolesInGroup($user, $this->userGroup->id);
+        if ($this->userGroup->title === $user->email && in_array('owner', $roles, true)) {
+            $fail('validation.administration_owner_rename')->translate();
+        }
+    }
+}

app/Services/FireflyIIIOrg/Update/UpdateRequest.php

@@ -117,7 +117,7 @@ class UpdateRequest implements UpdateRequestInterface
         // parse response a bit. No message yet.
         $response          = $json['firefly_iii'][$channel];
         $date              = Carbon::createFromFormat('Y-m-d', $response['date']);
-        if (false === $date) {
+        if (null === $date) {
             $date = today(config('app.timezone'));
         }
         $return['version'] = $response['version'];

app/Services/Internal/Update/GroupCloneService.php

@@ -54,7 +54,7 @@ class GroupCloneService
     {
         $newJournal                       = $journal->replicate();
         $newJournal->transaction_group_id = $newGroup->id;
-        $newJournal->date                 = today(config('app.timezone'));
+        $newJournal->date                 = now();
         $newJournal->save();
 
         foreach ($journal->transactions as $transaction) {

app/Services/Internal/Update/JournalUpdateService.php

@@ -187,7 +187,7 @@ class JournalUpdateService
 
         // make new account validator.
         $expectedType = $this->getExpectedType();
-        app('log')->debug(sprintf('Expected type (new or unchanged) is %s', $expectedType));
+        app('log')->debug(sprintf('(a) Expected type (new or unchanged) is %s', $expectedType));
 
         // make a new validator.
         /** @var AccountValidator $validator */
@@ -273,7 +273,7 @@ class JournalUpdateService
 
         // make new account validator.
         $expectedType      = $this->getExpectedType();
-        app('log')->debug(sprintf('Expected type (new or unchanged) is %s', $expectedType));
+        app('log')->debug(sprintf('(b) Expected type (new or unchanged) is %s', $expectedType));
 
         // make a new validator.
         /** @var AccountValidator $validator */
@@ -404,7 +404,7 @@ class JournalUpdateService
 
         // make new account validator.
         $expectedType = $this->getExpectedType();
-        app('log')->debug(sprintf('Expected type (new or unchanged) is %s', $expectedType));
+        app('log')->debug(sprintf('(c) Expected type (new or unchanged) is %s', $expectedType));
 
         try {
             $result = $this->getAccount($expectedType, 'destination', $destInfo);

app/Support/Authentication/RemoteUserGuard.php

@@ -146,7 +146,7 @@ class RemoteUserGuard implements Guard
         return $this->user?->id;
     }
 
-    public function setUser(null|Authenticatable|User $user): void
+    public function setUser(null|Authenticatable|User $user): void // @phpstan-ignore-line
     {
         app('log')->debug(sprintf('Now at %s', __METHOD__));
         if ($user instanceof User) {

app/Support/Authentication/RemoteUserProvider.php

@@ -36,6 +36,14 @@ use Illuminate\Contracts\Auth\UserProvider;
  */
 class RemoteUserProvider implements UserProvider
 {
+    #[\Override]
+    public function rehashPasswordIfRequired(Authenticatable $user, array $credentials, bool $force = false): void
+    {
+        app('log')->debug(sprintf('Now at %s', __METHOD__));
+
+        throw new FireflyException(sprintf('Did not implement %s', __METHOD__));
+    }
+
     /**
      * @throws FireflyException
      *
@@ -72,9 +80,10 @@ class RemoteUserProvider implements UserProvider
                 $roleObject = Role::where('name', 'owner')->first();
                 $user->roles()->attach($roleObject);
             }
-            // make sure the user gets an administration as well.
-            CreateGroupMemberships::createGroupMembership($user);
         }
+        // make sure the user gets an administration as well.
+        CreateGroupMemberships::createGroupMembership($user);
+
         app('log')->debug(sprintf('Going to return user #%d (%s)', $user->id, $user->email));
 
         return $user;
@@ -120,12 +129,4 @@ class RemoteUserProvider implements UserProvider
 
         throw new FireflyException(sprintf('C) Did not implement %s', __METHOD__));
     }
-
-    #[\Override]
-    public function rehashPasswordIfRequired(Authenticatable $user, array $credentials, bool $force = false): void
-    {
-        app('log')->debug(sprintf('Now at %s', __METHOD__));
-
-        throw new FireflyException(sprintf('Did not implement %s', __METHOD__));
-    }
 }

app/Support/Http/Api/ValidatesUserGroupTrait.php

@@ -23,11 +23,14 @@ declare(strict_types=1);
 
 namespace FireflyIII\Support\Http\Api;
 
-use FireflyIII\Exceptions\FireflyException;
-use FireflyIII\Models\GroupMembership;
+use FireflyIII\Enums\UserRoleEnum;
 use FireflyIII\Models\UserGroup;
+use FireflyIII\Repositories\UserGroup\UserGroupRepositoryInterface;
 use FireflyIII\User;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
 
 /**
  * Trait ValidatesUserGroupTrait
@@ -35,37 +38,69 @@ use Illuminate\Http\Request;
 trait ValidatesUserGroupTrait
 {
     /**
-     * This check does not validate which rights the user has, that comes later.
-     *
-     * @throws FireflyException
+     * @throws AuthorizationException
+     * @throws AuthenticationException
      */
-    protected function validateUserGroup(Request $request): ?UserGroup
+    protected function validateUserGroup(Request $request): UserGroup
     {
+        Log::debug(sprintf('validateUserGroup: %s', static::class));
         if (!auth()->check()) {
-            app('log')->debug('validateUserGroup: user is not logged in, return NULL.');
+            Log::debug('validateUserGroup: user is not logged in, return NULL.');
 
-            return null;
+            throw new AuthenticationException();
         }
 
         /** @var User $user */
-        $user       = auth()->user();
+        $user        = auth()->user();
+        $groupId     = 0;
         if (!$request->has('user_group_id')) {
-            $group = $user->userGroup;
-            app('log')->debug(sprintf('validateUserGroup: no user group submitted, return default group #%d.', $group?->id));
-
-            return $group;
+            $groupId = $user->user_group_id;
+            Log::debug(sprintf('validateUserGroup: no user group submitted, use default group #%d.', $groupId));
         }
-        $groupId    = (int)$request->get('user_group_id');
-
-        /** @var null|GroupMembership $membership */
-        $membership = $user->groupMemberships()->where('user_group_id', $groupId)->first();
-        if (null === $membership) {
-            app('log')->debug('validateUserGroup: user has no access to this group.');
-
-            throw new FireflyException((string)trans('validation.belongs_user_or_user_group'));
+        if ($request->has('user_group_id')) {
+            $groupId = (int) $request->get('user_group_id');
+            Log::debug(sprintf('validateUserGroup: user group submitted, search for memberships in group #%d.', $groupId));
         }
-        app('log')->debug(sprintf('validateUserGroup: user has role "%s" in group #%d.', $membership->userRole->title, $membership->userGroup->id));
 
-        return $membership->userGroup;
+        /** @var UserGroupRepositoryInterface $repository */
+        $repository  = app(UserGroupRepositoryInterface::class);
+        $repository->setUser($user);
+        $memberships = $repository->getMembershipsFromGroupId($groupId);
+
+        if (0 === $memberships->count()) {
+            Log::debug(sprintf('validateUserGroup: user has no access to group #%d.', $groupId));
+
+            throw new AuthorizationException((string) trans('validation.no_access_group'));
+        }
+
+        // need to get the group from the membership:
+        $group       = $repository->getById($groupId);
+        if (null === $group) {
+            Log::debug(sprintf('validateUserGroup: group #%d does not exist.', $groupId));
+
+            throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));
+        }
+        Log::debug(sprintf('validateUserGroup: validate access of user to group #%d ("%s").', $groupId, $group->title));
+        $roles       = property_exists($this, 'acceptedRoles') ? $this->acceptedRoles : []; // @phpstan-ignore-line
+        if (0 === count($roles)) {
+            Log::debug('validateUserGroup: no roles defined, so no access.');
+
+            throw new AuthorizationException((string) trans('validation.no_accepted_roles_defined'));
+        }
+        Log::debug(sprintf('validateUserGroup: have %d roles to check.', count($roles)), $roles);
+
+        /** @var UserRoleEnum $role */
+        foreach ($roles as $role) {
+            if ($user->hasRoleInGroupOrOwner($group, $role)) {
+                Log::debug(sprintf('validateUserGroup: User has role "%s" in group #%d, return the group.', $role->value, $groupId));
+
+                return $group;
+            }
+            Log::debug(sprintf('validateUserGroup: User does NOT have role "%s" in group #%d, continue searching.', $role->value, $groupId));
+        }
+
+        Log::debug('validateUserGroup: User does NOT have enough rights to access endpoint.');
+
+        throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));
     }
 }

app/Support/Http/Controllers/DateCalculation.php

@@ -46,7 +46,7 @@ trait DateCalculation
             $difference = $today->diffInDays($end);
         }
 
-        return (int) (0 === $difference ? 1 : $difference);
+        return (int)(0 === $difference ? 1 : $difference);
     }
 
     /**
@@ -63,7 +63,7 @@ trait DateCalculation
             $difference = $start->diffInDays($today, true) + 1;
         }
 
-        return (int) $difference;
+        return (int)$difference;
     }
 
     protected function calculateStep(Carbon $start, Carbon $end): string

app/Support/Http/Controllers/RequestInformation.php

@@ -145,14 +145,14 @@ trait RequestInformation
         $attributes['location'] ??= '';
         $attributes['accounts']  = AccountList::routeBinder($attributes['accounts'] ?? '', new Route('get', '', []));
         $date                    = Carbon::createFromFormat('Ymd', $attributes['startDate']);
-        if (false === $date) {
+        if (null === $date) {
             $date = today(config('app.timezone'));
         }
         $date->startOfMonth();
         $attributes['startDate'] = $date;
 
         $date2                   = Carbon::createFromFormat('Ymd', $attributes['endDate']);
-        if (false === $date2) {
+        if (null === $date2) {
             $date2 = today(config('app.timezone'));
         }
         $date2->endOfDay();

app/Support/Navigation.php

@@ -188,7 +188,7 @@ class Navigation
             Log::debug(sprintf('Function is ->%s()', $function));
             if (array_key_exists($function, $parameterMap)) {
                 Log::debug(sprintf('Parameter map, function becomes ->%s(%s)', $function, implode(', ', $parameterMap[$function])));
-                $date->{$function}($parameterMap[$function][0]);
+                $date->{$function}($parameterMap[$function][0]); // @phpstan-ignore-line
                 Log::debug(sprintf('Result is "%s"', $date->toIso8601String()));
 
                 return $date;
@@ -274,7 +274,7 @@ class Navigation
 
                 /** @var Carbon $tEnd */
                 $tEnd       = session('end', today(config('app.timezone'))->endOfMonth());
-                $diffInDays = (int) $tStart->diffInDays($tEnd, true);
+                $diffInDays = (int)$tStart->diffInDays($tEnd, true);
             }
             Log::debug(sprintf('Diff in days is %d', $diffInDays));
             $currentEnd->addDays($diffInDays);
@@ -327,7 +327,7 @@ class Navigation
     {
         $endOfMonth = $date->copy()->endOfMonth();
 
-        return (int) $date->diffInDays($endOfMonth, true);
+        return (int)$date->diffInDays($endOfMonth, true);
     }
 
     public function diffInPeriods(string $period, int $skip, Carbon $beginning, Carbon $end): int
@@ -464,14 +464,15 @@ class Navigation
         $increment     = 'addDay';
         $format        = $this->preferredCarbonFormat($start, $end);
         $displayFormat = (string)trans('config.month_and_day_js', [], $locale);
+        $diff          = $start->diffInMonths($end, true);
         // increment by month (for year)
-        if ($start->diffInMonths($end, true) > 1) {
+        if ($diff >= 1.0001) {
             $increment     = 'addMonth';
             $displayFormat = (string)trans('config.month_js');
         }
 
         // increment by year (for multi-year)
-        if ($start->diffInMonths($end, true) > 12) {
+        if ($diff >= 12.0001) {
             $increment     = 'addYear';
             $displayFormat = (string)trans('config.year_js');
         }
@@ -494,11 +495,15 @@ class Navigation
     public function preferredCarbonFormat(Carbon $start, Carbon $end): string
     {
         $format = 'Y-m-d';
-        if ((int)$start->diffInMonths($end, true) > 1) {
+        $diff   = $start->diffInMonths($end, true);
+        Log::debug(sprintf('preferredCarbonFormat(%s, %s) = %f', $start->format('Y-m-d'), $end->format('Y-m-d'), $diff));
+        if ($diff >= 1.001) {
+            Log::debug(sprintf('Return Y-m because %s', $diff));
             $format = 'Y-m';
         }
 
-        if ((int)$start->diffInMonths($end, true) > 12) {
+        if ($diff >= 12.001) {
+            Log::debug(sprintf('Return Y because %s', $diff));
             $format = 'Y';
         }
 
@@ -677,7 +682,7 @@ class Navigation
 
             /** @var Carbon $tEnd */
             $tEnd       = session('end', today(config('app.timezone'))->endOfMonth());
-            $diffInDays = (int) $tStart->diffInDays($tEnd, true);
+            $diffInDays = (int)$tStart->diffInDays($tEnd, true);
             $date->subDays($diffInDays * $subtract);
 
             return $date;

app/Support/ParseDateString.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace FireflyIII\Support;
 
 use Carbon\Carbon;
+use Carbon\CarbonInterface;
 use Carbon\Exceptions\InvalidFormatException;
 use FireflyIII\Exceptions\FireflyException;
 use Illuminate\Support\Facades\Log;
@@ -122,12 +123,12 @@ class ParseDateString
     {
         $today = today(config('app.timezone'))->startOfDay();
 
-        return match ($keyword) {
+        return match ($keyword) { // @phpstan-ignore-line
             default                 => $today,
             'yesterday'             => $today->subDay(),
             'tomorrow'              => $today->addDay(),
-            'start of this week'    => $today->startOfWeek(Carbon::MONDAY),
-            'end of this week'      => $today->endOfWeek(Carbon::SUNDAY),
+            'start of this week'    => $today->startOfWeek(CarbonInterface::MONDAY),
+            'end of this week'      => $today->endOfWeek(CarbonInterface::SUNDAY),
             'start of this month'   => $today->startOfMonth(),
             'end of this month'     => $today->endOfMonth(),
             'start of this quarter' => $today->startOfQuarter(),

app/Support/Preferences.php

@@ -26,7 +26,10 @@ namespace FireflyIII\Support;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Models\Preference;
 use FireflyIII\User;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Session;
 
 /**
  * Class Preferences.
@@ -40,20 +43,18 @@ class Preferences
             return new Collection();
         }
 
-        return Preference::where('user_id', $user->id)->get();
+        return Preference::where('user_id', $user->id)
+            ->where('name', '!=', 'currencyPreference')
+            ->where(function (Builder $q) use ($user): void {
+                $q->whereNull('user_group_id');
+                $q->orWhere('user_group_id', $user->user_group_id);
+            })
+            ->get()
+        ;
     }
 
-    /**
-     * @param mixed $default
-     *
-     * @throws FireflyException
-     */
-    public function get(string $name, $default = null): ?Preference
+    public function get(string $name, null|array|bool|int|string $default = null): ?Preference
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
-
         /** @var null|User $user */
         $user = auth()->user();
         if (null === $user) {
@@ -66,15 +67,12 @@ class Preferences
         return $this->getForUser($user, $name, $default);
     }
 
-    /**
-     * @throws FireflyException
-     */
     public function getForUser(User $user, string $name, null|array|bool|int|string $default = null): ?Preference
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
-        $preference = Preference::where('user_id', $user->id)->where('name', $name)->first(['id', 'user_id', 'name', 'data', 'updated_at', 'created_at']);
+        // don't care about user group ID, except for some specific preferences.
+        $userGroupId = $this->getUserGroupId($user, $name);
+        $preference  = Preference::where('user_group_id', $userGroupId)->where('user_id', $user->id)->where('name', $name)->first(['id', 'user_id', 'name', 'data', 'updated_at', 'created_at']);
+
         if (null !== $preference && null === $preference->data) {
             $preference->delete();
             $preference = null;
@@ -92,17 +90,22 @@ class Preferences
         return $this->setForUser($user, $name, $default);
     }
 
-    /**
-     * @throws FireflyException
-     */
+    private function getUserGroupId(User $user, string $preferenceName): ?int
+    {
+        $groupId = null;
+        $items   = config('firefly.admin_specific_prefs') ?? [];
+        if (in_array($preferenceName, $items, true)) {
+            $groupId = (int)$user->user_group_id;
+        }
+
+        return $groupId;
+    }
+
     public function delete(string $name): bool
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
         $fullName = sprintf('preference%s%s', auth()->user()->id, $name);
-        if (\Cache::has($fullName)) {
-            \Cache::forget($fullName);
+        if (Cache::has($fullName)) {
+            Cache::forget($fullName);
         }
         Preference::where('user_id', auth()->user()->id)->where('name', $name)->delete();
 
@@ -111,29 +114,19 @@ class Preferences
 
     public function forget(User $user, string $name): void
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
         $key = sprintf('preference%s%s', $user->id, $name);
-        \Cache::forget($key);
-        \Cache::put($key, '', 5);
+        Cache::forget($key);
+        Cache::put($key, '', 5);
     }
 
-    /**
-     * @param mixed $value
-     *
-     * @throws FireflyException
-     */
-    public function setForUser(User $user, string $name, $value): Preference
+    public function setForUser(User $user, string $name, null|array|bool|int|string $value): Preference
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
         $fullName   = sprintf('preference%s%s', $user->id, $name);
-        \Cache::forget($fullName);
+        $groupId    = $this->getUserGroupId($user, $name);
+        Cache::forget($fullName);
 
         /** @var null|Preference $pref */
-        $pref       = Preference::where('user_id', $user->id)->where('name', $name)->first(['id', 'name', 'data', 'updated_at', 'created_at']);
+        $pref       = Preference::where('user_group_id', $groupId)->where('user_id', $user->id)->where('name', $name)->first(['id', 'name', 'data', 'updated_at', 'created_at']);
 
         if (null !== $pref && null === $value) {
             $pref->delete();
@@ -144,18 +137,14 @@ class Preferences
             return new Preference();
         }
         if (null === $pref) {
-            $pref          = new Preference();
-            $pref->user_id = (int)$user->id;
-            $pref->name    = $name;
+            $pref                = new Preference();
+            $pref->user_id       = (int)$user->id;
+            $pref->user_group_id = $groupId;
+            $pref->name          = $name;
         }
         $pref->data = $value;
-
-        try {
-            $pref->save();
-        } catch (\PDOException $e) {
-            throw new FireflyException(sprintf('Could not save preference: %s', $e->getMessage()), 0, $e);
-        }
-        \Cache::forever($fullName, $pref);
+        $pref->save();
+        Cache::forever($fullName, $pref);
 
         return $pref;
     }
@@ -165,19 +154,25 @@ class Preferences
         return Preference::where('user_id', $user->id)->where('name', 'LIKE', $search.'%')->get();
     }
 
+    /**
+     * Find by name, has no user ID in it, because the method is called from an unauthenticated route any way.
+     */
     public function findByName(string $name): Collection
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
-
         return Preference::where('name', $name)->get();
     }
 
     public function getArrayForUser(User $user, array $list): array
     {
         $result      = [];
-        $preferences = Preference::where('user_id', $user->id)->whereIn('name', $list)->get(['id', 'name', 'data']);
+        $preferences = Preference::where('user_id', $user->id)
+            ->where(function (Builder $q) use ($user): void {
+                $q->whereNull('user_group_id');
+                $q->orWhere('user_group_id', $user->user_group_id);
+            })
+            ->whereIn('name', $list)
+            ->get(['id', 'name', 'data'])
+        ;
 
         /** @var Preference $preference */
         foreach ($preferences as $preference) {
@@ -192,17 +187,8 @@ class Preferences
         return $result;
     }
 
-    /**
-     * @param mixed $default
-     *
-     * @throws FireflyException
-     */
-    public function getFresh(string $name, $default = null): ?Preference
+    public function getFresh(string $name, null|array|bool|int|string $default = null): ?Preference
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
-
         /** @var null|User $user */
         $user = auth()->user();
         if (null === $user) {
@@ -212,22 +198,6 @@ class Preferences
             return $preference;
         }
 
-        return $this->getFreshForUser($user, $name, $default);
-    }
-
-    /**
-     * TODO remove me.
-     *
-     * @param null $default
-     *
-     * @throws FireflyException
-     */
-    public function getFreshForUser(User $user, string $name, $default = null): ?Preference
-    {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
-
         return $this->getForUser($user, $name, $default);
     }
 
@@ -252,19 +222,12 @@ class Preferences
     public function mark(): void
     {
         $this->set('lastActivity', microtime());
-        \Session::forget('first');
+        Session::forget('first');
     }
 
-    /**
-     * @param mixed $value
-     *
-     * @throws FireflyException
-     */
-    public function set(string $name, $value): Preference
+    public function set(string $name, null|array|bool|int|string $value): Preference
     {
-        if ('currencyPreference' === $name) {
-            throw new FireflyException('No longer supports "currencyPreference", please refactor me.');
-        }
+        /** @var null|User $user */
         $user = auth()->user();
         if (null === $user) {
             // make new preference, return it:
@@ -275,6 +238,6 @@ class Preferences
             return $pref;
         }
 
-        return $this->setForUser(auth()->user(), $name, $value);
+        return $this->setForUser($user, $name, $value);
     }
 }