X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/00ae04e0bd7f9d80aa80334b8a8bb55e7ca33cad..refs/heads/development:/app/Entities/Controllers/BookshelfApiController.php

diff --git a/app/Entities/Controllers/BookshelfApiController.php b/app/Entities/Controllers/BookshelfApiController.php
index a12dc90ac..b512f2d05 100644
--- a/app/Entities/Controllers/BookshelfApiController.php
+++ b/app/Entities/Controllers/BookshelfApiController.php
@@ -3,6 +3,7 @@
 namespace BookStack\Entities\Controllers;
 
 use BookStack\Entities\Models\Bookshelf;
+use BookStack\Entities\Queries\BookshelfQueries;
 use BookStack\Entities\Repos\BookshelfRepo;
 use BookStack\Http\ApiController;
 use Exception;
@@ -13,7 +14,8 @@ use Illuminate\Validation\ValidationException;
 class BookshelfApiController extends ApiController
 {
     public function __construct(
-        protected BookshelfRepo $bookshelfRepo
+        protected BookshelfRepo $bookshelfRepo,
+        protected BookshelfQueries $queries,
     ) {
     }
 
@@ -22,7 +24,10 @@ class BookshelfApiController extends ApiController
      */
     public function list()
     {
-        $shelves = Bookshelf::visible();
+        $shelves = $this->queries
+            ->visibleForList()
+            ->with(['cover:id,name,url'])
+            ->addSelect(['created_by', 'updated_by']);
 
         return $this->apiListingResponse($shelves, [
             'id', 'name', 'slug', 'description', 'created_at', 'updated_at', 'created_by', 'updated_by', 'owned_by',
@@ -54,7 +59,7 @@ class BookshelfApiController extends ApiController
      */
     public function read(string $id)
     {
-        $shelf = Bookshelf::visible()->findOrFail($id);
+        $shelf = $this->queries->findVisibleByIdOrFail(intval($id));
         $shelf = $this->forJsonDisplay($shelf);
         $shelf->load([
             'createdBy', 'updatedBy', 'ownedBy',
@@ -78,7 +83,7 @@ class BookshelfApiController extends ApiController
      */
     public function update(Request $request, string $id)
     {
-        $shelf = Bookshelf::visible()->findOrFail($id);
+        $shelf = $this->queries->findVisibleByIdOrFail(intval($id));
         $this->checkOwnablePermission('bookshelf-update', $shelf);
 
         $requestData = $this->validate($request, $this->rules()['update']);
@@ -97,7 +102,7 @@ class BookshelfApiController extends ApiController
      */
     public function delete(string $id)
     {
-        $shelf = Bookshelf::visible()->findOrFail($id);
+        $shelf = $this->queries->findVisibleByIdOrFail(intval($id));
         $this->checkOwnablePermission('bookshelf-delete', $shelf);
 
         $this->bookshelfRepo->destroy($shelf);