X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/00ae04e0bd7f9d80aa80334b8a8bb55e7ca33cad..refs/pull/4894/head:/app/Entities/Controllers/BookApiController.php

diff --git a/app/Entities/Controllers/BookApiController.php b/app/Entities/Controllers/BookApiController.php
index aa21aea47..15e67a0f7 100644
--- a/app/Entities/Controllers/BookApiController.php
+++ b/app/Entities/Controllers/BookApiController.php
@@ -6,6 +6,7 @@ use BookStack\Api\ApiEntityListFormatter;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Queries\BookQueries;
 use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Tools\BookContents;
 use BookStack\Http\ApiController;
@@ -15,7 +16,8 @@ use Illuminate\Validation\ValidationException;
 class BookApiController extends ApiController
 {
     public function __construct(
-        protected BookRepo $bookRepo
+        protected BookRepo $bookRepo,
+        protected BookQueries $queries,
     ) {
     }
 
@@ -24,7 +26,9 @@ class BookApiController extends ApiController
      */
     public function list()
     {
-        $books = Book::visible();
+        $books = $this->queries
+            ->visibleForList()
+            ->addSelect(['created_by', 'updated_by']);
 
         return $this->apiListingResponse($books, [
             'id', 'name', 'slug', 'description', 'created_at', 'updated_at', 'created_by', 'updated_by', 'owned_by',
@@ -56,7 +60,7 @@ class BookApiController extends ApiController
      */
     public function read(string $id)
     {
-        $book = Book::visible()->findOrFail($id);
+        $book = $this->queries->findVisibleByIdOrFail(intval($id));
         $book = $this->forJsonDisplay($book);
         $book->load(['createdBy', 'updatedBy', 'ownedBy']);
 
@@ -83,7 +87,7 @@ class BookApiController extends ApiController
      */
     public function update(Request $request, string $id)
     {
-        $book = Book::visible()->findOrFail($id);
+        $book = $this->queries->findVisibleByIdOrFail(intval($id));
         $this->checkOwnablePermission('book-update', $book);
 
         $requestData = $this->validate($request, $this->rules()['update']);
@@ -100,7 +104,7 @@ class BookApiController extends ApiController
      */
     public function delete(string $id)
     {
-        $book = Book::visible()->findOrFail($id);
+        $book = $this->queries->findVisibleByIdOrFail(intval($id));
         $this->checkOwnablePermission('book-delete', $book);
 
         $this->bookRepo->destroy($book);