BookStack Code Mirror - bookstack/blobdiff - app/Auth/Permissions/PermissionService.php

index af2a5e1fd8c694ee36d2e5e25134e0b3f5ec991d..9e1876c90047f9414b1cacd3505aa3fab74af777 100644 (file)

--- a/app/Auth/Permissions/PermissionService.php

+++ b/app/Auth/Permissions/PermissionService.php

@@ -215,7 +215,6 @@ class PermissionService

* @param Collection $books

* @param array $roles

* @param bool $deleteOld

- * @throws \Throwable

protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false)

{

@@ -556,6 +555,39 @@ class PermissionService

return $q;

}

+ /**

+ * Checks if a user has the given permission for any items in the system.

+ * Can be passed an entity instance to filter on a specific type.

+ * @param string $permission

+ * @param string $entityClass

+ * @return bool

+ */

+ public function checkUserHasPermissionOnAnything(string $permission, string $entityClass = null)

+ {

+ $userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray();

+ $userId = $this->currentUser()->id;

+ $permissionQuery = $this->db->table('joint_permissions')

+ ->where('action', '=', $permission)

+ ->whereIn('role_id', $userRoleIds)

+ ->where(function ($query) use ($userId) {

+ $query->where('has_permission', '=', 1)

+ ->orWhere(function ($query2) use ($userId) {

+ $query2->where('has_permission_own', '=', 1)

+ ->where('created_by', '=', $userId);

+ });

+ if (!is_null($entityClass)) {

+ $entityInstance = app()->make($entityClass);

+ $permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());

+ }

+ $hasPermission = $permissionQuery->count() > 0;

+ $this->clean();

+ return $hasPermission;

+ }

/**

* Check if an entity has restrictions set on itself or its

* parent tree.

@@ -651,12 +683,11 @@ class PermissionService

if (strtolower($entityType) === 'page') {

// Prevent drafts being visible to others.

$query = $query->where(function ($query) {

- $query->where('draft', '=', false);

- if ($this->currentUser()) {

- $query->orWhere(function ($query) {

- $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);

+ $query->where('draft', '=', false)

+ ->orWhere(function ($query) {

+ $query->where('draft', '=', true)

+ ->where('created_by', '=', $this->currentUser()->id);

});

- }

});

}

@@ -671,7 +702,7 @@ class PermissionService

* @param string $entityIdColumn

* @param string $entityTypeColumn

* @param string $action

- * @return mixed

+ * @return QueryBuilder

public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn, $action = 'view')

{

@@ -699,18 +730,21 @@ class PermissionService

}

/**

- * Filters pages that are a direct relation to another item.

+ * Add conditions to a query to filter the selection to related entities

+ * where permissions are granted.

+ * @param $entityType

* @param $query

* @param $tableName

* @param $entityIdColumn

* @return mixed

- public function filterRelatedPages($query, $tableName, $entityIdColumn)

+ public function filterRelatedEntity($entityType, $query, $tableName, $entityIdColumn)

{

$this->currentAction = 'view';

$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn];

- $pageMorphClass = $this->entityProvider->page->getMorphClass();

+ $pageMorphClass = $this->entityProvider->get($entityType)->getMorphClass();

$q = $query->where(function ($query) use ($tableDetails, $pageMorphClass) {

$query->where(function ($query) use (&$tableDetails, $pageMorphClass) {

$query->whereExists(function ($permissionQuery) use (&$tableDetails, $pageMorphClass) {

@@ -728,7 +762,9 @@ class PermissionService

});

})->orWhere($tableDetails['entityIdColumn'], '=', 0);

});

$this->clean();

return $q;

}