use BookStack\User;
use Illuminate\Database\Connection;
use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Query\Builder as QueryBuilder;
use Illuminate\Support\Collection;
-use Illuminate\Support\Facades\Log;
class PermissionService
{
// TODO - Update so admin still goes through filters
}
+ /**
+ * Set the database connection
+ * @param Connection $connection
+ */
+ public function setConnection(Connection $connection)
+ {
+ $this->db = $connection;
+ }
+
/**
* Prepare the local entity cache and ensure it's empty
*/
}
$book = $this->book->find($bookId);
- if ($book === null) $book = false;
+ if ($book === null) {
+ $book = false;
+ }
if (isset($this->entityCache['books'])) {
$this->entityCache['books']->put($bookId, $book);
}
}
$chapter = $this->chapter->find($chapterId);
- if ($chapter === null) $chapter = false;
+ if ($chapter === null) {
+ $chapter = false;
+ }
if (isset($this->entityCache['chapters'])) {
$this->entityCache['chapters']->put($chapterId, $chapter);
}
*/
protected function getRoles()
{
- if ($this->userRoles !== false) return $this->userRoles;
+ if ($this->userRoles !== false) {
+ return $this->userRoles;
+ }
$roles = [];
$this->readyEntityCache();
// Get all roles (Should be the most limited dimension)
- $roles = $this->role->with('permissions')->get();
+ $roles = $this->role->with('permissions')->get()->all();
// Chunk through all books
- $this->book->newQuery()->with('chapters', 'pages')->chunk(5, function ($books) use ($roles) {
+ $this->bookFetchQuery()->chunk(5, function ($books) use ($roles) {
$this->buildJointPermissionsForBooks($books, $roles);
});
}
+ /**
+ * Get a query for fetching a book with it's children.
+ * @return QueryBuilder
+ */
+ protected function bookFetchQuery()
+ {
+ return $this->book->newQuery()->select(['id', 'restricted', 'created_by'])->with(['chapters' => function ($query) {
+ $query->select(['id', 'restricted', 'created_by', 'book_id']);
+ }, 'pages' => function ($query) {
+ $query->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']);
+ }]);
+ }
+
/**
* Build joint permissions for an array of books
* @param Collection $books
- * @param Collection $roles
+ * @param array $roles
* @param bool $deleteOld
*/
- protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false) {
+ protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false)
+ {
$entities = clone $books;
- foreach ($books as $book) {
- foreach ($book->chapters as $chapter) {
+ /** @var Book $book */
+ foreach ($books->all() as $book) {
+ foreach ($book->getRelation('chapters') as $chapter) {
$entities->push($chapter);
}
- foreach ($book->pages as $page) {
+ foreach ($book->getRelation('pages') as $page) {
$entities->push($page);
}
}
- if ($deleteOld) $this->deleteManyJointPermissionsForEntities($entities->all());
+ if ($deleteOld) {
+ $this->deleteManyJointPermissionsForEntities($entities->all());
+ }
$this->createManyJointPermissions($entities, $roles);
}
*/
public function buildJointPermissionsForEntity(Entity $entity)
{
- $roles = $this->role->newQuery()->get();
- $book = ($entity->isA('book')) ? $entity : $entity->book;
- $this->buildJointPermissionsForBooks(collect([$book]), $roles, true);
+ $entities = [$entity];
+ if ($entity->isA('book')) {
+ $books = $this->bookFetchQuery()->where('id', '=', $entity->id)->get();
+ $this->buildJointPermissionsForBooks($books, $this->role->newQuery()->get(), true);
+ return;
+ }
+
+ $entities[] = $entity->book;
+
+ if ($entity->isA('page') && $entity->chapter_id) {
+ $entities[] = $entity->chapter;
+ }
+
+ if ($entity->isA('chapter')) {
+ foreach ($entity->pages as $page) {
+ $entities[] = $page;
+ }
+ }
+
+ $this->deleteManyJointPermissionsForEntities($entities);
+ $this->buildJointPermissionsForEntities(collect($entities));
}
/**
*/
public function buildJointPermissionsForEntities(Collection $entities)
{
- $roles = $this->role->get();
+ $roles = $this->role->newQuery()->get();
$this->deleteManyJointPermissionsForEntities($entities->all());
$this->createManyJointPermissions($entities, $roles);
}
*/
public function buildJointPermissionForRole(Role $role)
{
- $roles = collect([$role]);
-
+ $roles = [$role];
$this->deleteManyJointPermissionsForRoles($roles);
// Chunk through all books
- $this->book->with('chapters', 'pages')->chunk(5, function ($books) use ($roles) {
+ $this->bookFetchQuery()->chunk(5, function ($books) use ($roles) {
$this->buildJointPermissionsForBooks($books, $roles);
});
}
*/
protected function deleteManyJointPermissionsForRoles($roles)
{
- foreach ($roles as $role) {
- $role->jointPermissions()->delete();
- }
+ $roleIds = array_map(function ($role) {
+ return $role->id;
+ }, $roles);
+ $this->jointPermission->newQuery()->whereIn('role_id', $roleIds)->delete();
}
/**
*/
protected function deleteManyJointPermissionsForEntities($entities)
{
- if (count($entities) === 0) return;
- $query = $this->jointPermission->newQuery();
-
- foreach ($entities as $entity) {
- $query->orWhere(function($query) use ($entity) {
- $query->where('entity_id', '=', $entity->id)
- ->where('entity_type', '=', $entity->getMorphClass());
- });
+ if (count($entities) === 0) {
+ return;
}
- $query->delete();
+ $this->db->transaction(function () use ($entities) {
+
+ foreach (array_chunk($entities, 1000) as $entityChunk) {
+ $query = $this->db->table('joint_permissions');
+ foreach ($entityChunk as $entity) {
+ $query->orWhere(function (QueryBuilder $query) use ($entity) {
+ $query->where('entity_id', '=', $entity->id)
+ ->where('entity_type', '=', $entity->getMorphClass());
+ });
+ }
+ $query->delete();
+ }
+ });
}
/**
* Create & Save entity jointPermissions for many entities and jointPermissions.
* @param Collection $entities
- * @param Collection $roles
+ * @param array $roles
*/
protected function createManyJointPermissions($entities, $roles)
{
$permissionFetch = $this->entityPermission->newQuery();
foreach ($entities as $entity) {
$entityRestrictedMap[$entity->getMorphClass() . ':' . $entity->id] = boolval($entity->getRawAttribute('restricted'));
- $permissionFetch->orWhere(function($query) use ($entity) {
+ $permissionFetch->orWhere(function ($query) use ($entity) {
$query->where('restrictable_id', '=', $entity->id)->where('restrictable_type', '=', $entity->getMorphClass());
});
}
}
}
}
- foreach (array_chunk($jointPermissions, 5000) as $jointPermissionChunk) {
- $this->jointPermission->insert($jointPermissionChunk);
- }
+
+ $this->db->transaction(function () use ($jointPermissions) {
+ foreach (array_chunk($jointPermissions, 1000) as $jointPermissionChunk) {
+ $this->db->table('joint_permissions')->insert($jointPermissionChunk);
+ }
+ });
}
protected function getActions(Entity $entity)
{
$baseActions = ['view', 'update', 'delete'];
- if ($entity->isA('chapter') || $entity->isA('book')) $baseActions[] = 'page-create';
- if ($entity->isA('book')) $baseActions[] = 'chapter-create';
+ if ($entity->isA('chapter') || $entity->isA('book')) {
+ $baseActions[] = 'page-create';
+ }
+ if ($entity->isA('book')) {
+ $baseActions[] = 'chapter-create';
+ }
return $baseActions;
}
$hasPermissiveAccessToParents = !$book->restricted;
// For pages with a chapter, Check if explicit permissions are set on the Chapter
- if ($entity->isA('page') && $entity->chapter_id !== 0) {
+ if ($entity->isA('page') && $entity->chapter_id !== 0 && $entity->chapter_id !== '0') {
$chapter = $this->getChapter($entity->chapter_id);
$hasPermissiveAccessToParents = $hasPermissiveAccessToParents && !$chapter->restricted;
if ($chapter->restricted) {
}
}
- return $this->createJointPermissionDataArray($entity, $role, $action,
+ return $this->createJointPermissionDataArray(
+ $entity,
+ $role,
+ $action,
($hasExplicitAccessToParents || ($roleHasPermission && $hasPermissiveAccessToParents)),
($hasExplicitAccessToParents || ($roleHasPermissionOwn && $hasPermissiveAccessToParents))
);
* @param $action
* @return bool
*/
- protected function mapHasActiveRestriction($entityMap, Entity $entity, Role $role, $action) {
+ protected function mapHasActiveRestriction($entityMap, Entity $entity, Role $role, $action)
+ {
$key = $entity->getMorphClass() . ':' . $entity->getRawAttribute('id') . ':' . $role->getRawAttribute('id') . ':' . $action;
return isset($entityMap[$key]) ? $entityMap[$key] : false;
}
$action = end($explodedPermission);
$this->currentAction = $action;
- $nonJointPermissions = ['restrictions', 'image', 'attachment'];
+ $nonJointPermissions = ['restrictions', 'image', 'attachment', 'comment'];
// Handle non entity specific jointPermissions
if (in_array($explodedPermission[0], $nonJointPermissions)) {
* @param integer $book_id
* @param bool $filterDrafts
* @param bool $fetchPageContent
- * @return \Illuminate\Database\Query\Builder
+ * @return QueryBuilder
*/
- public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false) {
- $pageSelect = $this->db->table('pages')->selectRaw($this->page->entityRawQuery($fetchPageContent))->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) {
+ public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false)
+ {
+ $pageSelect = $this->db->table('pages')->selectRaw($this->page->entityRawQuery($fetchPageContent))->where('book_id', '=', $book_id)->where(function ($query) use ($filterDrafts) {
$query->where('draft', '=', 0);
if (!$filterDrafts) {
- $query->orWhere(function($query) {
+ $query->orWhere(function ($query) {
$query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id);
});
}
$whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)')
->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type')
->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles())
- ->where(function($query) {
- $query->where('jp.has_permission', '=', 1)->orWhere(function($query) {
+ ->where(function ($query) {
+ $query->where('jp.has_permission', '=', 1)->orWhere(function ($query) {
$query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id);
});
});
$this->userRoles = false;
$this->isAdminUser = null;
}
-
-}
\ No newline at end of file
+}
projects / bookstack / blobdiff