BookStack Code Mirror - bookstack/blobdiff - app/Services/PermissionService.php

index 341a69edb624a4967b86c432c66b044a0ae896aa..1e75308a07e3734ac6771cf2b78a5c5babe8f3d7 100644 (file)

--- a/app/Services/PermissionService.php

+++ b/app/Services/PermissionService.php

@@ -8,8 +8,9 @@ use BookStack\Ownable;

use BookStack\Page;

use BookStack\Role;

use BookStack\User;

use BookStack\Page;

use BookStack\Role;

use BookStack\User;

+use Illuminate\Database\Connection;

+use Illuminate\Database\Eloquent\Builder;

use Illuminate\Support\Collection;

-use Illuminate\Support\Facades\Log;

class PermissionService

{

class PermissionService

{

@@ -23,6 +24,8 @@ class PermissionService

public $chapter;

public $page;

public $chapter;

public $page;

+ protected $db;

protected $jointPermission;

protected $role;

protected $jointPermission;

protected $role;

@@ -31,18 +34,21 @@ class PermissionService

/**

* PermissionService constructor.

* @param JointPermission $jointPermission

/**

* PermissionService constructor.

* @param JointPermission $jointPermission

+ * @param Connection $db

* @param Book $book

* @param Chapter $chapter

* @param Page $page

* @param Role $role

* @param Book $book

* @param Chapter $chapter

* @param Page $page

* @param Role $role

- public function __construct(JointPermission $jointPermission, Book $book, Chapter $chapter, Page $page, Role $role)

+ public function __construct(JointPermission $jointPermission, Connection $db, Book $book, Chapter $chapter, Page $page, Role $role)

{

+ $this->db = $db;

$this->jointPermission = $jointPermission;

$this->role = $role;

$this->book = $book;

$this->chapter = $chapter;

$this->page = $page;

$this->jointPermission = $jointPermission;

$this->role = $role;

$this->book = $book;

$this->chapter = $chapter;

$this->page = $page;

+ // TODO - Update so admin still goes through filters

}

/**

}

/**

@@ -151,7 +157,7 @@ class PermissionService

public function buildJointPermissionsForEntity(Entity $entity)

{

public function buildJointPermissionsForEntity(Entity $entity)

{

- $roles = $this->role->with('jointPermissions')->get();

+ $roles = $this->role->get();

$entities = collect([$entity]);

if ($entity->isA('book')) {

$entities = collect([$entity]);

if ($entity->isA('book')) {

@@ -171,7 +177,7 @@ class PermissionService

public function buildJointPermissionsForEntities(Collection $entities)

{

public function buildJointPermissionsForEntities(Collection $entities)

{

- $roles = $this->role->with('jointPermissions')->get();

+ $roles = $this->role->get();

$this->deleteManyJointPermissionsForEntities($entities);

$this->createManyJointPermissions($entities, $roles);

}

$this->deleteManyJointPermissionsForEntities($entities);

$this->createManyJointPermissions($entities, $roles);

}

@@ -237,13 +243,14 @@ class PermissionService

protected function deleteManyJointPermissionsForEntities($entities)

{

protected function deleteManyJointPermissionsForEntities($entities)

{

+ if (count($entities) === 0) return;

$query = $this->jointPermission->newQuery();

- foreach ($entities as $entity) {

- $query->orWhere(function($query) use ($entity) {

- $query->where('entity_id', '=', $entity->id)

- ->where('entity_type', '=', $entity->getMorphClass());

- });

- }

+ foreach ($entities as $entity) {

+ $query->orWhere(function($query) use ($entity) {

+ $query->where('entity_id', '=', $entity->id)

+ ->where('entity_type', '=', $entity->getMorphClass());

+ });

+ }

$query->delete();

}

$query->delete();

}

@@ -302,6 +309,10 @@ class PermissionService

$explodedAction = explode('-', $action);

$restrictionAction = end($explodedAction);

$explodedAction = explode('-', $action);

$restrictionAction = end($explodedAction);

+ if ($role->system_name === 'admin') {

+ return $this->createJointPermissionDataArray($entity, $role, $action, true, true);

+ }

if ($entity->isA('book')) {

if (!$entity->restricted) {

if ($entity->isA('book')) {

if (!$entity->restricted) {

@@ -395,7 +406,7 @@ class PermissionService

$action = end($explodedPermission);

$this->currentAction = $action;

$action = end($explodedPermission);

$this->currentAction = $action;

- $nonJointPermissions = ['restrictions'];

+ $nonJointPermissions = ['restrictions', 'image', 'attachment'];

// Handle non entity specific jointPermissions

if (in_array($explodedPermission[0], $nonJointPermissions)) {

// Handle non entity specific jointPermissions

if (in_array($explodedPermission[0], $nonJointPermissions)) {

@@ -411,7 +422,6 @@ class PermissionService

$this->currentAction = $permission;

}

$this->currentAction = $permission;

}

$q = $this->entityRestrictionQuery($baseQuery)->count() > 0;

$this->clean();

return $q;

$q = $this->entityRestrictionQuery($baseQuery)->count() > 0;

$this->clean();

return $q;

@@ -462,66 +472,74 @@ class PermissionService

}

/**

}

/**

- * Add restrictions for a page query

- * @param $query

- * @param string $action

- * @return mixed

+ * Get the children of a book in an efficient single query, Filtered by the permission system.

+ * @param integer $book_id

+ * @param bool $filterDrafts

+ * @param bool $fetchPageContent

+ * @return \Illuminate\Database\Query\Builder

- public function enforcePageRestrictions($query, $action = 'view')

- {

- // Prevent drafts being visible to others.

- $query = $query->where(function ($query) {

- $query->where('draft', '=', false);

- if ($this->currentUser()) {

- $query->orWhere(function ($query) {

- $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);

+ public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false) {

+ $pageSelect = $this->db->table('pages')->selectRaw($this->page->entityRawQuery($fetchPageContent))->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) {

+ $query->where('draft', '=', 0);

+ if (!$filterDrafts) {

+ $query->orWhere(function($query) {

+ $query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id);

});

}

});

}

});

+ $chapterSelect = $this->db->table('chapters')->selectRaw($this->chapter->entityRawQuery())->where('book_id', '=', $book_id);

+ $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U"))

+ ->mergeBindings($pageSelect)->mergeBindings($chapterSelect);

+ if (!$this->isAdmin()) {

+ $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)')

+ ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type')

+ ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles())

+ ->where(function($query) {

+ $query->where('jp.has_permission', '=', 1)->orWhere(function($query) {

+ $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id);

+ });

+ $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery);

+ }

- return $this->enforceEntityRestrictions($query, $action);

- }

- /**

- * Add on permission restrictions to a chapter query.

- * @param $query

- * @param string $action

- * @return mixed

- */

- public function enforceChapterRestrictions($query, $action = 'view')

- {

- return $this->enforceEntityRestrictions($query, $action);

- }

- /**

- * Add restrictions to a book query.

- * @param $query

- * @param string $action

- * @return mixed

- */

- public function enforceBookRestrictions($query, $action = 'view')

- {

- return $this->enforceEntityRestrictions($query, $action);

+ $query->orderBy('draft', 'desc')->orderBy('priority', 'asc');

+ $this->clean();

+ return $query;

}

/**

* Add restrictions for a generic entity

}

/**

* Add restrictions for a generic entity

- * @param $query

+ * @param string $entityType

+ * @param Builder|Entity $query

* @param string $action

- * @return mixed

+ * @return Builder

- public function enforceEntityRestrictions($query, $action = 'view')

+ public function enforceEntityRestrictions($entityType, $query, $action = 'view')

{

+ if (strtolower($entityType) === 'page') {

+ // Prevent drafts being visible to others.

+ $query = $query->where(function ($query) {

+ $query->where('draft', '=', false);

+ if ($this->currentUser()) {

+ $query->orWhere(function ($query) {

+ $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);

+ });

+ }

+ });

+ }

if ($this->isAdmin()) {

$this->clean();

return $query;

}

if ($this->isAdmin()) {

$this->clean();

return $query;

}

$this->currentAction = $action;

return $this->entityRestrictionQuery($query);

}

/**

$this->currentAction = $action;

return $this->entityRestrictionQuery($query);

}

/**

- * Filter items that have entities set a a polymorphic relation.

+ * Filter items that have entities set as a polymorphic relation.

* @param $query

* @param string $tableName

* @param string $entityIdColumn

* @param $query

* @param string $tableName

* @param string $entityIdColumn

@@ -553,6 +571,7 @@ class PermissionService

});

+ $this->clean();

return $q;

}

return $q;

}

@@ -601,7 +620,7 @@ class PermissionService

private function isAdmin()

{

if ($this->isAdminUser === null) {

private function isAdmin()

{

if ($this->isAdminUser === null) {

- $this->isAdminUser = ($this->currentUser()->id !== null) ? $this->currentUser()->hasRole('admin') : false;

+ $this->isAdminUser = ($this->currentUser()->id !== null) ? $this->currentUser()->hasSystemRole('admin') : false;

}

return $this->isAdminUser;

}

return $this->isAdminUser;

@@ -614,7 +633,7 @@ class PermissionService

private function currentUser()

{

if ($this->currentUserModel === false) {

private function currentUser()

{

if ($this->currentUserModel === false) {

- $this->currentUserModel = auth()->user() ? auth()->user() : new User();

+ $this->currentUserModel = user();

}

return $this->currentUserModel;

}

return $this->currentUserModel;