BookStack Code Mirror - bookstack/blobdiff - app/Uploads/Attachment.php

index dfd7d980a6fbc571211eeb579b90b8bf86cccc67..6c7066ff9701be00137b4d65c3a90f61d5ee038b 100644 (file)

--- a/app/Uploads/Attachment.php

+++ b/app/Uploads/Attachment.php

@@ -2,7 +2,8 @@

namespace BookStack\Uploads;

-use BookStack\Auth\Permissions\PermissionService;

+use BookStack\Auth\Permissions\PermissionApplicator;

+use BookStack\Auth\User;

use BookStack\Entities\Models\Entity;

use BookStack\Entities\Models\Page;

use BookStack\Model;

@@ -11,13 +12,15 @@ use Illuminate\Database\Eloquent\Builder;

use Illuminate\Database\Eloquent\Relations\BelongsTo;

/**

- * @property int $id

+ * @property int $id

* @property string $name

* @property string $path

* @property string $extension

- * @property ?Page $page

- * @property bool $external

- * @property int $uploaded_to

+ * @property ?Page $page

+ * @property bool $external

+ * @property int $uploaded_to

+ * @property User $updatedBy

+ * @property User $createdBy

* @method static Entity|Builder visible()

@@ -26,6 +29,10 @@ class Attachment extends Model

use HasCreatorAndUpdater;

protected $fillable = ['name', 'order'];

+ protected $hidden = ['path', 'page'];

+ protected $casts = [

+ 'external' => 'bool',

+ ];

/**

* Get the downloadable file name for this upload.

@@ -80,12 +87,12 @@ class Attachment extends Model

/**

* Scope the query to those attachments that are visible based upon related page permissions.

- public function scopeVisible(): string

+ public function scopeVisible(): Builder

{

- $permissionService = app()->make(PermissionService::class);

- return $permissionService->filterRelatedEntity(

- Page::class,

- Attachment::query(),

+ $permissions = app()->make(PermissionApplicator::class);

+ return $permissions->restrictPageRelationQuery(

+ self::query(),

'attachments',

'uploaded_to'

);