X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/5c60f27a7d3e10d7c3256a78f9e9b2068c8fe0f4..refs/pull/358/head:/app/Services/PermissionService.php diff --git a/app/Services/PermissionService.php b/app/Services/PermissionService.php index 65fe0f33e..8b47e1246 100644 --- a/app/Services/PermissionService.php +++ b/app/Services/PermissionService.php @@ -243,13 +243,14 @@ class PermissionService */ protected function deleteManyJointPermissionsForEntities($entities) { + if (count($entities) === 0) return; $query = $this->jointPermission->newQuery(); - foreach ($entities as $entity) { - $query->orWhere(function($query) use ($entity) { - $query->where('entity_id', '=', $entity->id) - ->where('entity_type', '=', $entity->getMorphClass()); - }); - } + foreach ($entities as $entity) { + $query->orWhere(function($query) use ($entity) { + $query->where('entity_id', '=', $entity->id) + ->where('entity_type', '=', $entity->getMorphClass()); + }); + } $query->delete(); } @@ -473,11 +474,13 @@ class PermissionService /** * Get the children of a book in an efficient single query, Filtered by the permission system. * @param integer $book_id - * @param bool $filterDrafts + * @param bool $filterDrafts + * @param bool $fetchPageContent * @return \Illuminate\Database\Query\Builder */ - public function bookChildrenQuery($book_id, $filterDrafts = false) { - $pageSelect = $this->db->table('pages')->selectRaw("'BookStack\\\\Page' as entity_type, id, slug, name, text, '' as description, book_id, priority, chapter_id, draft")->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) { + public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false) { + $pageContentSelect = $fetchPageContent ? 'html' : "''"; + $pageSelect = $this->db->table('pages')->selectRaw("'BookStack\\\\Page' as entity_type, id, slug, name, text, {$pageContentSelect} as description, book_id, priority, chapter_id, draft")->where('book_id', '=', $book_id)->where(function($query) use ($filterDrafts) { $query->where('draft', '=', 0); if (!$filterDrafts) { $query->orWhere(function($query) { @@ -486,17 +489,22 @@ class PermissionService } }); $chapterSelect = $this->db->table('chapters')->selectRaw("'BookStack\\\\Chapter' as entity_type, id, slug, name, '' as text, description, book_id, priority, 0 as chapter_id, 0 as draft")->where('book_id', '=', $book_id); - $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)') - ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type') - ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles()) - ->where(function($query) { - $query->where('jp.has_permission', '=', 1)->orWhere(function($query) { - $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id); - }); - }); $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U")) - ->mergeBindings($pageSelect)->mergeBindings($chapterSelect) - ->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery)->orderBy('draft', 'desc')->orderBy('priority', 'asc'); + ->mergeBindings($pageSelect)->mergeBindings($chapterSelect); + + if (!$this->isAdmin()) { + $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)') + ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type') + ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles()) + ->where(function($query) { + $query->where('jp.has_permission', '=', 1)->orWhere(function($query) { + $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id); + }); + }); + $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery); + } + + $query->orderBy('draft', 'desc')->orderBy('priority', 'asc'); $this->clean(); return $query; }