X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/2d4034f3b7a0828a47859f0fc313dfb0b506e622..refs/pull/363/head:/app/Services/PermissionService.php

diff --git a/app/Services/PermissionService.php b/app/Services/PermissionService.php
index 65fe0f33e..1e75308a0 100644
--- a/app/Services/PermissionService.php
+++ b/app/Services/PermissionService.php
@@ -243,13 +243,14 @@ class PermissionService
      */
     protected function deleteManyJointPermissionsForEntities($entities)
     {
+        if (count($entities) === 0) return;
         $query = $this->jointPermission->newQuery();
-        foreach ($entities as $entity) {
-            $query->orWhere(function($query) use ($entity) {
-                $query->where('entity_id', '=', $entity->id)
-                    ->where('entity_type', '=', $entity->getMorphClass());
-            });
-        }
+            foreach ($entities as $entity) {
+                $query->orWhere(function($query) use ($entity) {
+                    $query->where('entity_id', '=', $entity->id)
+                        ->where('entity_type', '=', $entity->getMorphClass());
+                });
+            }
         $query->delete();
     }
 
@@ -473,11 +474,12 @@ class PermissionService
     /**
      * Get the children of a book in an efficient single query, Filtered by the permission system.
      * @param integer $book_id
-     * @param bool    $filterDrafts
+     * @param bool $filterDrafts
+     * @param bool $fetchPageContent
      * @return \Illuminate\Database\Query\Builder
      */
-    public function bookChildrenQuery($book_id, $filterDrafts = false) {
-        $pageSelect = $this->db->table('pages')->selectRaw("'BookStack\\\\Page' as entity_type, id, slug, name, text, '' as description, book_id, priority, chapter_id, draft")->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) {
+    public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false) {
+        $pageSelect = $this->db->table('pages')->selectRaw($this->page->entityRawQuery($fetchPageContent))->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) {
             $query->where('draft', '=', 0);
             if (!$filterDrafts) {
                 $query->orWhere(function($query) {
@@ -485,18 +487,23 @@ class PermissionService
                 });
             }
         });
-        $chapterSelect = $this->db->table('chapters')->selectRaw("'BookStack\\\\Chapter' as entity_type, id, slug, name, '' as text, description, book_id, priority, 0 as chapter_id, 0 as draft")->where('book_id', '=', $book_id);
-        $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)')
-            ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type')
-            ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles())
-            ->where(function($query) {
-                $query->where('jp.has_permission', '=', 1)->orWhere(function($query) {
-                    $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id);
-                });
-            });
+        $chapterSelect = $this->db->table('chapters')->selectRaw($this->chapter->entityRawQuery())->where('book_id', '=', $book_id);
         $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U"))
-            ->mergeBindings($pageSelect)->mergeBindings($chapterSelect)
-            ->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery)->orderBy('draft', 'desc')->orderBy('priority', 'asc');
+            ->mergeBindings($pageSelect)->mergeBindings($chapterSelect);
+
+        if (!$this->isAdmin()) {
+            $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)')
+                ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type')
+                ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles())
+                ->where(function($query) {
+                    $query->where('jp.has_permission', '=', 1)->orWhere(function($query) {
+                        $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id);
+                    });
+                });
+            $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery);
+        }
+
+        $query->orderBy('draft', 'desc')->orderBy('priority', 'asc');
         $this->clean();
         return  $query;
     }
@@ -506,7 +513,7 @@ class PermissionService
      * @param string $entityType
      * @param Builder|Entity $query
      * @param string $action
-     * @return mixed
+     * @return Builder
      */
     public function enforceEntityRestrictions($entityType, $query, $action = 'view')
     {
@@ -532,7 +539,7 @@ class PermissionService
     }
 
     /**
-     * Filter items that have entities set a a polymorphic relation.
+     * Filter items that have entities set as a polymorphic relation.
      * @param $query
      * @param string $tableName
      * @param string $entityIdColumn