X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/6bccf0e64a2c59d6d7db67472d133df446b91392..refs/pull/2393/head:/app/Auth/Permissions/PermissionService.php diff --git a/app/Auth/Permissions/PermissionService.php b/app/Auth/Permissions/PermissionService.php index 8fc70e916..5f4648d58 100644 --- a/app/Auth/Permissions/PermissionService.php +++ b/app/Auth/Permissions/PermissionService.php @@ -2,12 +2,9 @@ use BookStack\Auth\Permissions; use BookStack\Auth\Role; -use BookStack\Entities\Book; -use BookStack\Entities\Bookshelf; -use BookStack\Entities\Chapter; -use BookStack\Entities\Entity; +use BookStack\Entities\Models\Book; +use BookStack\Entities\Models\Entity; use BookStack\Entities\EntityProvider; -use BookStack\Entities\Page; use BookStack\Ownable; use Illuminate\Database\Connection; use Illuminate\Database\Eloquent\Builder; @@ -51,11 +48,6 @@ class PermissionService /** * PermissionService constructor. - * @param JointPermission $jointPermission - * @param EntityPermission $entityPermission - * @param Role $role - * @param Connection $db - * @param EntityProvider $entityProvider */ public function __construct( JointPermission $jointPermission, @@ -82,7 +74,7 @@ class PermissionService /** * Prepare the local entity cache and ensure it's empty - * @param \BookStack\Entities\Entity[] $entities + * @param \BookStack\Entities\Models\Entity[] $entities */ protected function readyEntityCache($entities = []) { @@ -119,7 +111,7 @@ class PermissionService /** * Get a chapter via ID, Checks local cache * @param $chapterId - * @return \BookStack\Entities\Book + * @return \BookStack\Entities\Models\Book */ protected function getChapter($chapterId) { @@ -176,7 +168,7 @@ class PermissionService }); // Chunk through all bookshelves - $this->entityProvider->bookshelf->newQuery()->select(['id', 'restricted', 'created_by']) + $this->entityProvider->bookshelf->newQuery()->withTrashed()->select(['id', 'restricted', 'created_by']) ->chunk(50, function ($shelves) use ($roles) { $this->buildJointPermissionsForShelves($shelves, $roles); }); @@ -188,11 +180,11 @@ class PermissionService */ protected function bookFetchQuery() { - return $this->entityProvider->book->newQuery() + return $this->entityProvider->book->withTrashed()->newQuery() ->select(['id', 'restricted', 'created_by'])->with(['chapters' => function ($query) { - $query->select(['id', 'restricted', 'created_by', 'book_id']); + $query->withTrashed()->select(['id', 'restricted', 'created_by', 'book_id']); }, 'pages' => function ($query) { - $query->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']); + $query->withTrashed()->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']); }]); } @@ -215,7 +207,6 @@ class PermissionService * @param Collection $books * @param array $roles * @param bool $deleteOld - * @throws \Throwable */ protected function buildJointPermissionsForBooks($books, $roles, $deleteOld = false) { @@ -239,7 +230,7 @@ class PermissionService /** * Rebuild the entity jointPermissions for a particular entity. - * @param \BookStack\Entities\Entity $entity + * @param \BookStack\Entities\Models\Entity $entity * @throws \Throwable */ public function buildJointPermissionsForEntity(Entity $entity) @@ -334,7 +325,7 @@ class PermissionService /** * Delete all of the entity jointPermissions for a list of entities. - * @param \BookStack\Entities\Entity[] $entities + * @param \BookStack\Entities\Models\Entity[] $entities * @throws \Throwable */ protected function deleteManyJointPermissionsForEntities($entities) @@ -415,7 +406,7 @@ class PermissionService /** * Get the actions related to an entity. - * @param \BookStack\Entities\Entity $entity + * @param \BookStack\Entities\Models\Entity $entity * @return array */ protected function getActions(Entity $entity) @@ -501,7 +492,7 @@ class PermissionService /** * Create an array of data with the information of an entity jointPermissions. * Used to build data for bulk insertion. - * @param \BookStack\Entities\Entity $entity + * @param \BookStack\Entities\Models\Entity $entity * @param Role $role * @param $action * @param $permissionAll @@ -577,7 +568,7 @@ class PermissionService $query2->where('has_permission_own', '=', 1) ->where('created_by', '=', $userId); }); - }) ; + }); if (!is_null($entityClass)) { $entityInstance = app()->make($entityClass); @@ -592,7 +583,7 @@ class PermissionService /** * Check if an entity has restrictions set on itself or its * parent tree. - * @param \BookStack\Entities\Entity $entity + * @param \BookStack\Entities\Models\Entity $entity * @param $action * @return bool|mixed */ @@ -634,48 +625,46 @@ class PermissionService } /** - * Get the children of a book in an efficient single query, Filtered by the permission system. - * @param integer $book_id - * @param bool $filterDrafts - * @param bool $fetchPageContent - * @return QueryBuilder + * Limited the given entity query so that the query will only + * return items that the user has permission for the given ability. */ - public function bookChildrenQuery($book_id, $filterDrafts = false, $fetchPageContent = false) + public function restrictEntityQuery(Builder $query, string $ability = 'view'): Builder { - $entities = $this->entityProvider; - $pageSelect = $this->db->table('pages')->selectRaw($entities->page->entityRawQuery($fetchPageContent)) - ->where('book_id', '=', $book_id)->where(function ($query) use ($filterDrafts) { - $query->where('draft', '=', 0); - if (!$filterDrafts) { - $query->orWhere(function ($query) { - $query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id); + $this->clean(); + return $query->where(function (Builder $parentQuery) use ($ability) { + $parentQuery->whereHas('jointPermissions', function (Builder $permissionQuery) use ($ability) { + $permissionQuery->whereIn('role_id', $this->getRoles()) + ->where('action', '=', $ability) + ->where(function (Builder $query) { + $query->where('has_permission', '=', true) + ->orWhere(function (Builder $query) { + $query->where('has_permission_own', '=', true) + ->where('created_by', '=', $this->currentUser()->id); + }); }); - } - }); - $chapterSelect = $this->db->table('chapters')->selectRaw($entities->chapter->entityRawQuery())->where('book_id', '=', $book_id); - $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U")) - ->mergeBindings($pageSelect)->mergeBindings($chapterSelect); - - // Add joint permission filter - $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)') - ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type') - ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles()) - ->where(function ($query) { - $query->where('jp.has_permission', '=', 1)->orWhere(function ($query) { - $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id); - }); }); - $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery); + }); + } - $query->orderBy('draft', 'desc')->orderBy('priority', 'asc'); - $this->clean(); - return $query; + /** + * Extend the given page query to ensure draft items are not visible + * unless created by the given user. + */ + public function enforceDraftVisiblityOnQuery(Builder $query): Builder + { + return $query->where(function (Builder $query) { + $query->where('draft', '=', false) + ->orWhere(function (Builder $query) { + $query->where('draft', '=', true) + ->where('created_by', '=', $this->currentUser()->id); + }); + }); } /** * Add restrictions for a generic entity * @param string $entityType - * @param Builder|\BookStack\Entities\Entity $query + * @param Builder|\BookStack\Entities\Models\Entity $query * @param string $action * @return Builder */ @@ -684,12 +673,11 @@ class PermissionService if (strtolower($entityType) === 'page') { // Prevent drafts being visible to others. $query = $query->where(function ($query) { - $query->where('draft', '=', false); - if ($this->currentUser()) { - $query->orWhere(function ($query) { - $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id); + $query->where('draft', '=', false) + ->orWhere(function ($query) { + $query->where('draft', '=', true) + ->where('created_by', '=', $this->currentUser()->id); }); - } }); } @@ -704,7 +692,7 @@ class PermissionService * @param string $entityIdColumn * @param string $entityTypeColumn * @param string $action - * @return mixed + * @return QueryBuilder */ public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn, $action = 'view') { @@ -732,18 +720,21 @@ class PermissionService } /** - * Filters pages that are a direct relation to another item. + * Add conditions to a query to filter the selection to related entities + * where permissions are granted. + * @param $entityType * @param $query * @param $tableName * @param $entityIdColumn * @return mixed */ - public function filterRelatedPages($query, $tableName, $entityIdColumn) + public function filterRelatedEntity($entityType, $query, $tableName, $entityIdColumn) { $this->currentAction = 'view'; $tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn]; - $pageMorphClass = $this->entityProvider->page->getMorphClass(); + $pageMorphClass = $this->entityProvider->get($entityType)->getMorphClass(); + $q = $query->where(function ($query) use ($tableDetails, $pageMorphClass) { $query->where(function ($query) use (&$tableDetails, $pageMorphClass) { $query->whereExists(function ($permissionQuery) use (&$tableDetails, $pageMorphClass) { @@ -761,7 +752,9 @@ class PermissionService }); })->orWhere($tableDetails['entityIdColumn'], '=', 0); }); + $this->clean(); + return $q; }