Improve sorting Shelf Books

[bookstack] / app / Auth / Permissions / PermissionService.php

diff --git a/app/Auth/Permissions/PermissionService.php b/app/Auth/Permissions/PermissionService.php
index bd406693692f81ef2bc38fa67d33b15e1f5c06d7..89c8a5fbb25a55fe54fd95cc8d2721c27c6b9334 100644 (file)
--- a/app/Auth/Permissions/PermissionService.php
+++ b/app/Auth/Permissions/PermissionService.php
@@ -526,12 +526,15 @@ class PermissionService
         $action = end($explodedPermission);
         $this->currentAction = $action;
 
+        $nonJointPermissions = ['restrictions', 'image', 'attachment', 'comment'];
+
         // Handle non entity specific jointPermissions
-        if (!($ownable instanceof Entity)) {
+        if (in_array($explodedPermission[0], $nonJointPermissions)) {
             $allPermission = $this->currentUser() && $this->currentUser()->can($permission . '-all');
             $ownPermission = $this->currentUser() && $this->currentUser()->can($permission . '-own');
             $this->currentAction = 'view';
-            $isOwner = $this->currentUser() && $this->currentUser()->id === $ownable->created_by;
+            $ownerField = ($ownable instanceof Entity) ? 'owned_by' : 'created_by';
+            $isOwner = $this->currentUser() && $this->currentUser()->id === $ownable->$ownerField;
             return ($allPermission || ($isOwner && $ownPermission));
         }