BookStack Code Mirror - bookstack/blobdiff - app/Auth/Permissions/PermissionService.php

use BookStack\Auth\Permissions;

use BookStack\Auth\Role;

use BookStack\Entities\Book;

use BookStack\Auth\Permissions;

use BookStack\Auth\Role;

use BookStack\Entities\Book;

-use BookStack\Entities\Bookshelf;

-use BookStack\Entities\Chapter;

use BookStack\Entities\Entity;

use BookStack\Entities\EntityProvider;

use BookStack\Entities\Entity;

use BookStack\Entities\EntityProvider;

-use BookStack\Entities\Page;

use BookStack\Ownable;

use Illuminate\Database\Connection;

use Illuminate\Database\Eloquent\Builder;

use BookStack\Ownable;

use Illuminate\Database\Connection;

use Illuminate\Database\Eloquent\Builder;

/**

* PermissionService constructor.

/**

* PermissionService constructor.

- * @param JointPermission $jointPermission

- * @param EntityPermission $entityPermission

- * @param Role $role

- * @param Connection $db

- * @param EntityProvider $entityProvider

*/

public function __construct(

JointPermission $jointPermission,

*/

public function __construct(

JointPermission $jointPermission,

});

// Chunk through all bookshelves

});

// Chunk through all bookshelves

- $this->entityProvider->bookshelf->newQuery()->select(['id', 'restricted', 'created_by'])

+ $this->entityProvider->bookshelf->newQuery()->withTrashed()->select(['id', 'restricted', 'created_by'])

->chunk(50, function ($shelves) use ($roles) {

$this->buildJointPermissionsForShelves($shelves, $roles);

});

->chunk(50, function ($shelves) use ($roles) {

$this->buildJointPermissionsForShelves($shelves, $roles);

});

*/

protected function bookFetchQuery()

{

*/

protected function bookFetchQuery()

{

- return $this->entityProvider->book->newQuery()

+ return $this->entityProvider->book->withTrashed()->newQuery()

->select(['id', 'restricted', 'created_by'])->with(['chapters' => function ($query) {

- $query->select(['id', 'restricted', 'created_by', 'book_id']);

+ $query->withTrashed()->select(['id', 'restricted', 'created_by', 'book_id']);

}, 'pages' => function ($query) {

- $query->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']);

+ $query->withTrashed()->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']);

}]);

}

}]);

}

* @param Collection $books

* @param array $roles

* @param bool $deleteOld

* @param Collection $books

* @param array $roles

* @param bool $deleteOld

- * @throws \Throwable

*/

protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false)

{

*/

protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false)

{

return $q;

}

return $q;

}

+ /**

+ * Checks if a user has the given permission for any items in the system.

+ * Can be passed an entity instance to filter on a specific type.

+ * @param string $permission

+ * @param string $entityClass

+ * @return bool

+ */

+ public function checkUserHasPermissionOnAnything(string $permission, string $entityClass = null)

+ {

+ $userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray();

+ $userId = $this->currentUser()->id;

+

+ $permissionQuery = $this->db->table('joint_permissions')

+ ->where('action', '=', $permission)

+ ->whereIn('role_id', $userRoleIds)

+ ->where(function ($query) use ($userId) {

+ $query->where('has_permission', '=', 1)

+ ->orWhere(function ($query2) use ($userId) {

+ $query2->where('has_permission_own', '=', 1)

+ ->where('created_by', '=', $userId);

+ });

+

+ if (!is_null($entityClass)) {

+ $entityInstance = app()->make($entityClass);

+ $permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());

+ }

+

+ $hasPermission = $permissionQuery->count() > 0;

+ $this->clean();

+ return $hasPermission;

+ }

+

/**

* Check if an entity has restrictions set on itself or its

* parent tree.

/**

* Check if an entity has restrictions set on itself or its

* parent tree.

}

/**

}

/**

- * Get the children of a book in an efficient single query, Filtered by the permission system.

- * @param integer $book_id

- * @param bool $filterDrafts

- * @param bool $fetchPageContent

- * @return QueryBuilder

+ * Limited the given entity query so that the query will only

+ * return items that the user has permission for the given ability.

*/

- public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false)

+ public function restrictEntityQuery(Builder $query, string $ability = 'view'): Builder

{

- $entities = $this->entityProvider;

- $pageSelect = $this->db->table('pages')->selectRaw($entities->page->entityRawQuery($fetchPageContent))

- ->where('book_id', '=', $book_id)->where(function ($query) use ($filterDrafts) {

- $query->where('draft', '=', 0);

- if (!$filterDrafts) {

- $query->orWhere(function ($query) {

- $query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id);

+ $this->clean();

+ return $query->where(function (Builder $parentQuery) use ($ability) {

+ $parentQuery->whereHas('jointPermissions', function (Builder $permissionQuery) use ($ability) {

+ $permissionQuery->whereIn('role_id', $this->getRoles())

+ ->where('action', '=', $ability)

+ ->where(function (Builder $query) {

+ $query->where('has_permission', '=', true)

+ ->orWhere(function (Builder $query) {

+ $query->where('has_permission_own', '=', true)

+ ->where('created_by', '=', $this->currentUser()->id);

+ });

});

- }

- });

- $chapterSelect = $this->db->table('chapters')->selectRaw($entities->chapter->entityRawQuery())->where('book_id', '=', $book_id);

- $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U"))

- ->mergeBindings($pageSelect)->mergeBindings($chapterSelect);

-

- // Add joint permission filter

- $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)')

- ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type')

- ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles())

- ->where(function ($query) {

- $query->where('jp.has_permission', '=', 1)->orWhere(function ($query) {

- $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id);

- });

});

- $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery);

+ });

+ }

- $query->orderBy('draft', 'desc')->orderBy('priority', 'asc');

- $this->clean();

- return $query;

+ /**

+ * Extend the given page query to ensure draft items are not visible

+ * unless created by the given user.

+ */

+ public function enforceDraftVisiblityOnQuery(Builder $query): Builder

+ {

+ return $query->where(function (Builder $query) {

+ $query->where('draft', '=', false)

+ ->orWhere(function (Builder $query) {

+ $query->where('draft', '=', true)

+ ->where('created_by', '=', $this->currentUser()->id);

+ });

}

/**

}

/**

if (strtolower($entityType) === 'page') {

// Prevent drafts being visible to others.

$query = $query->where(function ($query) {

if (strtolower($entityType) === 'page') {

// Prevent drafts being visible to others.

$query = $query->where(function ($query) {

- $query->where('draft', '=', false);

- if ($this->currentUser()) {

- $query->orWhere(function ($query) {

- $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);

+ $query->where('draft', '=', false)

+ ->orWhere(function ($query) {

+ $query->where('draft', '=', true)

+ ->where('created_by', '=', $this->currentUser()->id);

});

- }

});

}

});

}

* @param string $entityIdColumn

* @param string $entityTypeColumn

* @param string $action

* @param string $entityIdColumn

* @param string $entityTypeColumn

* @param string $action

- * @return mixed

+ * @return QueryBuilder

*/

public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn, $action = 'view')

{

*/

public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn, $action = 'view')

{

}

/**

}

/**

- * Filters pages that are a direct relation to another item.

+ * Add conditions to a query to filter the selection to related entities

+ * where permissions are granted.

+ * @param $entityType

* @param $query

* @param $tableName

* @param $entityIdColumn

* @return mixed

*/

* @param $query

* @param $tableName

* @param $entityIdColumn

* @return mixed

*/

- public function filterRelatedPages($query, $tableName, $entityIdColumn)

+ public function filterRelatedEntity($entityType, $query, $tableName, $entityIdColumn)

{

$this->currentAction = 'view';

$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn];

{

$this->currentAction = 'view';

$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn];

- $pageMorphClass = $this->entityProvider->page->getMorphClass();

+ $pageMorphClass = $this->entityProvider->get($entityType)->getMorphClass();

+

$q = $query->where(function ($query) use ($tableDetails, $pageMorphClass) {

$query->where(function ($query) use (&$tableDetails, $pageMorphClass) {

$query->whereExists(function ($permissionQuery) use (&$tableDetails, $pageMorphClass) {

$q = $query->where(function ($query) use ($tableDetails, $pageMorphClass) {

$query->where(function ($query) use (&$tableDetails, $pageMorphClass) {

$query->whereExists(function ($permissionQuery) use (&$tableDetails, $pageMorphClass) {

});

})->orWhere($tableDetails['entityIdColumn'], '=', 0);

});

})->orWhere($tableDetails['entityIdColumn'], '=', 0);

});

+

$this->clean();

+

return $q;

}

return $q;

}