X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/4a24d1c31b7d244cb15eced098c5f8c3954f7fda..refs/pull/651/head:/app/Http/Controllers/BookController.php diff --git a/app/Http/Controllers/BookController.php b/app/Http/Controllers/BookController.php index c042c502b..d70f9d0df 100644 --- a/app/Http/Controllers/BookController.php +++ b/app/Http/Controllers/BookController.php @@ -155,7 +155,7 @@ class BookController extends Controller $book = $this->entityRepo->getBySlug('book', $bookSlug); $this->checkOwnablePermission('book-update', $book); $bookChildren = $this->entityRepo->getBookChildren($book, true); - $books = $this->entityRepo->getAll('book', false); + $books = $this->entityRepo->getAll('book', false, 'update'); $this->setPageTitle(trans('entities.books_sort_named', ['bookName'=>$book->getShortName()])); return view('books/sort', ['book' => $book, 'current' => $book, 'books' => $books, 'bookChildren' => $bookChildren]); } @@ -195,43 +195,49 @@ class BookController extends Controller $sortMap = json_decode($request->get('sort-tree')); $defaultBookId = $book->id; + // Check permissions for all target and source books $permissionsList = [$book->id]; - - // Loop through contents of provided map and update entities accordingly foreach ($sortMap as $bookChild) { - $priority = $bookChild->sort; - $id = intval($bookChild->id); - $isPage = $bookChild->type == 'page'; - $bookId = $defaultBookId; - $targetBook = $this->entityRepo->getById('book', $bookChild->book); - // Check permission for target book - if (!empty($targetBook)) { - $bookId = $targetBook->id; - if (!in_array($bookId, $permissionsList)) { + if (!in_array($bookChild->book, $permissionsList)) { + $targetBook = $this->entityRepo->getById('book', $bookChild->book); + if (!empty($targetBook)) { + $bookId = $targetBook->id; $this->checkOwnablePermission('book-update', $targetBook); // cache the permission for future use. $permissionsList[] = $bookId; } } - $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter); - $model = $this->entityRepo->getById($isPage?'page':'chapter', $id); - // Check permissions for the source book + $id = intval($bookChild->id); + $isPage = $bookChild->type == 'page'; + $model = $this->entityRepo->getById($isPage?'page':'chapter', $id); $sourceBook = $model->book; if (!in_array($sourceBook->id, $permissionsList)) { $this->checkOwnablePermission('book-update', $sourceBook); + + // cache the permission for future use. $permissionsList[] = $sourceBook->id; } + } + + // Loop through contents of provided map and update entities accordingly + foreach ($sortMap as $bookChild) { + $priority = $bookChild->sort; + $id = intval($bookChild->id); + $isPage = $bookChild->type == 'page'; + $bookId = $defaultBookId; + $targetBook = $this->entityRepo->getById('book', $bookChild->book); + + $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter); + $model = $this->entityRepo->getById($isPage?'page':'chapter', $id); // Update models only if there's a change in parent chain or ordering. if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) { $this->entityRepo->changeBook($isPage?'page':'chapter', $bookId, $model); $model->priority = $priority; - if ($isPage) { - $model->chapter_id = $chapterId; - } + if ($isPage) $model->chapter_id = $chapterId; $model->save(); $updatedModels->push($model); }