X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/14ca31768cdc79e06a4ab4c74bb650a37bff4eb5..refs/pull/84/head:/app/Http/Controllers/Controller.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index ab37a44a1..f0cb47cd9 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -2,6 +2,7 @@ namespace BookStack\Http\Controllers; +use BookStack\Ownable; use HttpRequestException; use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Http\Exception\HttpResponseException; @@ -61,21 +62,19 @@ abstract class Controller extends BaseController } /** - * On a permission error redirect to home and display + * On a permission error redirect to home and display. * the error as a notification. */ protected function showPermissionError() { Session::flash('error', trans('errors.permission')); - throw new HttpResponseException( - redirect('/') - ); + $response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/'); + throw new HttpResponseException($response); } /** * Checks for a permission. - * - * @param $permissionName + * @param string $permissionName * @return bool|\Illuminate\Http\RedirectResponse */ protected function checkPermission($permissionName) @@ -83,10 +82,21 @@ abstract class Controller extends BaseController if (!$this->currentUser || !$this->currentUser->can($permissionName)) { $this->showPermissionError(); } - return true; } + /** + * Check the current user's permissions against an ownable item. + * @param $permission + * @param Ownable $ownable + * @return bool + */ + protected function checkOwnablePermission($permission, Ownable $ownable) + { + if (userCan($permission, $ownable)) return true; + return $this->showPermissionError(); + } + /** * Check if a user has a permission or bypass if the callback is true. * @param $permissionName