BookStack Code Mirror - bookstack/blob - app/Http/Controllers/PermissionsController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Auth\Permissions\EntityPermission;
   6 use BookStack\Auth\Permissions\PermissionFormData;
   7 use BookStack\Auth\Role;
   8 use BookStack\Entities\Models\Book;
   9 use BookStack\Entities\Models\Bookshelf;
  10 use BookStack\Entities\Models\Chapter;
  11 use BookStack\Entities\Models\Page;
  12 use BookStack\Entities\Tools\PermissionsUpdater;
  13 use Illuminate\Http\Request;
  14
  15 class PermissionsController extends Controller
  16 {
  17     protected PermissionsUpdater $permissionsUpdater;
  18
  19     public function __construct(PermissionsUpdater $permissionsUpdater)
  20     {
  21         $this->permissionsUpdater = $permissionsUpdater;
  22     }
  23
  24     /**
  25      * Show the Permissions view for a page.
  26      */
  27     public function showForPage(string $bookSlug, string $pageSlug)
  28     {
  29         $page = Page::getBySlugs($bookSlug, $pageSlug);
  30         $this->checkOwnablePermission('restrictions-manage', $page);
  31
  32         return view('pages.permissions', [
  33             'page' => $page,
  34             'data' => new PermissionFormData($page),
  35         ]);
  36     }
  37
  38     /**
  39      * Set the permissions for a page.
  40      */
  41     public function updateForPage(Request $request, string $bookSlug, string $pageSlug)
  42     {
  43         $page = Page::getBySlugs($bookSlug, $pageSlug);
  44         $this->checkOwnablePermission('restrictions-manage', $page);
  45
  46         $this->permissionsUpdater->updateFromPermissionsForm($page, $request);
  47
  48         $this->showSuccessNotification(trans('entities.pages_permissions_success'));
  49
  50         return redirect($page->getUrl());
  51     }
  52
  53     /**
  54      * Show the Restrictions view for a chapter.
  55      */
  56     public function showForChapter(string $bookSlug, string $chapterSlug)
  57     {
  58         $chapter = Chapter::getBySlugs($bookSlug, $chapterSlug);
  59         $this->checkOwnablePermission('restrictions-manage', $chapter);
  60
  61         return view('chapters.permissions', [
  62             'chapter' => $chapter,
  63             'data' => new PermissionFormData($chapter),
  64         ]);
  65     }
  66
  67     /**
  68      * Set the restrictions for a chapter.
  69      */
  70     public function updateForChapter(Request $request, string $bookSlug, string $chapterSlug)
  71     {
  72         $chapter = Chapter::getBySlugs($bookSlug, $chapterSlug);
  73         $this->checkOwnablePermission('restrictions-manage', $chapter);
  74
  75         $this->permissionsUpdater->updateFromPermissionsForm($chapter, $request);
  76
  77         $this->showSuccessNotification(trans('entities.chapters_permissions_success'));
  78
  79         return redirect($chapter->getUrl());
  80     }
  81
  82     /**
  83      * Show the permissions view for a book.
  84      */
  85     public function showForBook(string $slug)
  86     {
  87         $book = Book::getBySlug($slug);
  88         $this->checkOwnablePermission('restrictions-manage', $book);
  89
  90         return view('books.permissions', [
  91             'book' => $book,
  92             'data' => new PermissionFormData($book),
  93         ]);
  94     }
  95
  96     /**
  97      * Set the restrictions for a book.
  98      */
  99     public function updateForBook(Request $request, string $slug)
 100     {
 101         $book = Book::getBySlug($slug);
 102         $this->checkOwnablePermission('restrictions-manage', $book);
 103
 104         $this->permissionsUpdater->updateFromPermissionsForm($book, $request);
 105
 106         $this->showSuccessNotification(trans('entities.books_permissions_updated'));
 107
 108         return redirect($book->getUrl());
 109     }
 110
 111     /**
 112      * Show the permissions view for a shelf.
 113      */
 114     public function showForShelf(string $slug)
 115     {
 116         $shelf = Bookshelf::getBySlug($slug);
 117         $this->checkOwnablePermission('restrictions-manage', $shelf);
 118
 119         return view('shelves.permissions', [
 120             'shelf' => $shelf,
 121             'data' => new PermissionFormData($shelf),
 122         ]);
 123     }
 124
 125     /**
 126      * Set the permissions for a shelf.
 127      */
 128     public function updateForShelf(Request $request, string $slug)
 129     {
 130         $shelf = Bookshelf::getBySlug($slug);
 131         $this->checkOwnablePermission('restrictions-manage', $shelf);
 132
 133         $this->permissionsUpdater->updateFromPermissionsForm($shelf, $request);
 134
 135         $this->showSuccessNotification(trans('entities.shelves_permissions_updated'));
 136
 137         return redirect($shelf->getUrl());
 138     }
 139
 140     /**
 141      * Copy the permissions of a bookshelf to the child books.
 142      */
 143     public function copyShelfPermissionsToBooks(string $slug)
 144     {
 145         $shelf = Bookshelf::getBySlug($slug);
 146         $this->checkOwnablePermission('restrictions-manage', $shelf);
 147
 148         $updateCount = $this->permissionsUpdater->updateBookPermissionsFromShelf($shelf);
 149         $this->showSuccessNotification(trans('entities.shelves_copy_permission_success', ['count' => $updateCount]));
 150
 151         return redirect($shelf->getUrl());
 152     }
 153
 154     /**
 155      * Get an empty entity permissions form row for the given role.
 156      */
 157     public function formRowForRole(string $entityType, string $roleId)
 158     {
 159         $this->checkPermissionOr('restrictions-manage', fn() => userCan('restrictions-manage-all'));
 160
 161         $role = Role::query()->findOrFail($roleId);
 162
 163         return view('form.entity-permissions-row', [
 164             'role' => $role,
 165             'permission' => new EntityPermission(),
 166             'entityType' => $entityType,
 167         ]);
 168     }
 169 }