BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Controller.php

index f0cb47cd9197f6cfaf3b6c3441390e4ecd57be8f..5bc62c601a73bcf63913a2bac3bd63c25dbab2e1 100644 (file)

--- a/app/Http/Controllers/Controller.php

+++ b/app/Http/Controllers/Controller.php

@@ -2,15 +2,13 @@

namespace BookStack\Http\Controllers;

+use BookStack\Auth\User;

use BookStack\Ownable;

-use HttpRequestException;

use Illuminate\Foundation\Bus\DispatchesJobs;

-use Illuminate\Http\Exception\HttpResponseException;

-use Illuminate\Routing\Controller as BaseController;

use Illuminate\Foundation\Validation\ValidatesRequests;

-use Illuminate\Support\Facades\Auth;

-use Illuminate\Support\Facades\Session;

-use BookStack\User;

+use Illuminate\Http\Exceptions\HttpResponseException;

+use Illuminate\Http\Request;

+use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController

{

abstract class Controller extends BaseController

{

@@ -30,17 +28,21 @@ abstract class Controller extends BaseController

public function __construct()

{

public function __construct()

{

- // Get a user instance for the current user

- $user = auth()->user();

- if (!$user) $user = User::getDefault();

+ $this->middleware(function ($request, $next) {

+ // Get a user instance for the current user

+ $user = user();

- // Share variables with views

- view()->share('signedIn', auth()->check());

- view()->share('currentUser', $user);

+ // Share variables with controllers

+ $this->currentUser = $user;

+ $this->signedIn = auth()->check();

- // Share variables with controllers

- $this->currentUser = $user;

- $this->signedIn = auth()->check();

+ // Share variables with views

+ view()->share('signedIn', $this->signedIn);

+ view()->share('currentUser', $user);

+ return $next($request);

+ });

}

/**

}

/**

@@ -49,7 +51,9 @@ abstract class Controller extends BaseController

protected function preventAccessForDemoUsers()

{

protected function preventAccessForDemoUsers()

{

- if (config('app.env') === 'demo') $this->showPermissionError();

+ if (config('app.env') === 'demo') {

+ $this->showPermissionError();

+ }

}

/**

}

/**

@@ -67,8 +71,13 @@ abstract class Controller extends BaseController

protected function showPermissionError()

{

protected function showPermissionError()

{

- Session::flash('error', trans('errors.permission'));

- $response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/');

+ if (request()->wantsJson()) {

+ $response = response()->json(['error' => trans('errors.permissionJson')], 403);

+ } else {

+ $response = redirect('/');

+ session()->flash('error', trans('errors.permission'));

+ }

throw new HttpResponseException($response);

}

throw new HttpResponseException($response);

}

@@ -79,7 +88,7 @@ abstract class Controller extends BaseController

protected function checkPermission($permissionName)

{

protected function checkPermission($permissionName)

{

- if (!$this->currentUser || !$this->currentUser->can($permissionName)) {

+ if (!user() || !user()->can($permissionName)) {

$this->showPermissionError();

}

return true;

$this->showPermissionError();

}

return true;

@@ -93,7 +102,9 @@ abstract class Controller extends BaseController

protected function checkOwnablePermission($permission, Ownable $ownable)

{

protected function checkOwnablePermission($permission, Ownable $ownable)

{

- if (userCan($permission, $ownable)) return true;

+ if (userCan($permission, $ownable)) {

+ return true;

+ }

return $this->showPermissionError();

}

return $this->showPermissionError();

}

@@ -106,8 +117,65 @@ abstract class Controller extends BaseController

protected function checkPermissionOr($permissionName, $callback)

{

$callbackResult = $callback();

protected function checkPermissionOr($permissionName, $callback)

{

$callbackResult = $callback();

- if ($callbackResult === false) $this->checkPermission($permissionName);

+ if ($callbackResult === false) {

+ $this->checkPermission($permissionName);

+ }

return true;

}

return true;

}

+ /**

+ * Check if the current user has a permission or bypass if the provided user

+ * id matches the current user.

+ * @param string $permissionName

+ * @param int $userId

+ * @return bool

+ */

+ protected function checkPermissionOrCurrentUser(string $permissionName, int $userId)

+ {

+ return $this->checkPermissionOr($permissionName, function () use ($userId) {

+ return $userId === $this->currentUser->id;

+ });

+ }

+ /**

+ * Send back a json error message.

+ * @param string $messageText

+ * @param int $statusCode

+ * @return mixed

+ */

+ protected function jsonError($messageText = "", $statusCode = 500)

+ {

+ return response()->json(['message' => $messageText], $statusCode);

+ }

+ /**

+ * Create the response for when a request fails validation.

+ * @param \Illuminate\Http\Request $request

+ * @param array $errors

+ * @return \Symfony\Component\HttpFoundation\Response

+ */

+ protected function buildFailedValidationResponse(Request $request, array $errors)

+ {

+ if ($request->expectsJson()) {

+ return response()->json(['validation' => $errors], 422);

+ }

+ return redirect()->to($this->getRedirectUrl())

+ ->withInput($request->input())

+ ->withErrors($errors, $this->errorBag());

+ }

+ /**

+ * Create a response that forces a download in the browser.

+ * @param string $content

+ * @param string $fileName

+ * @return \Illuminate\Http\Response

+ */

+ protected function downloadResponse(string $content, string $fileName)

+ {

+ return response()->make($content, 200, [

+ 'Content-Type' => 'application/octet-stream',

+ 'Content-Disposition' => 'attachment; filename="' . $fileName . '"'

+ ]);

+ }

}