X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c429cf78187e80deb63982a282a1c6889f30291a..refs/pull/3406/head:/app/Uploads/Attachment.php

diff --git a/app/Uploads/Attachment.php b/app/Uploads/Attachment.php
index 5acd4f141..5e637246a 100644
--- a/app/Uploads/Attachment.php
+++ b/app/Uploads/Attachment.php
@@ -2,24 +2,37 @@
 
 namespace BookStack\Uploads;
 
+use BookStack\Auth\Permissions\PermissionService;
+use BookStack\Auth\User;
+use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
 use BookStack\Model;
 use BookStack\Traits\HasCreatorAndUpdater;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
 /**
- * @property int id
- * @property string name
- * @property string path
- * @property string extension
- * @property ?Page page
- * @property bool external
+ * @property int    $id
+ * @property string $name
+ * @property string $path
+ * @property string $extension
+ * @property ?Page  $page
+ * @property bool   $external
+ * @property int    $uploaded_to
+ * @property User   $updatedBy
+ * @property User   $createdBy
+ *
+ * @method static Entity|Builder visible()
  */
 class Attachment extends Model
 {
     use HasCreatorAndUpdater;
 
     protected $fillable = ['name', 'order'];
+    protected $hidden = ['path', 'page'];
+    protected $casts = [
+        'external' => 'bool',
+    ];
 
     /**
      * Get the downloadable file name for this upload.
@@ -70,4 +83,19 @@ class Attachment extends Model
     {
         return '[' . $this->name . '](' . $this->getUrl() . ')';
     }
+
+    /**
+     * Scope the query to those attachments that are visible based upon related page permissions.
+     */
+    public function scopeVisible(): Builder
+    {
+        $permissionService = app()->make(PermissionService::class);
+
+        return $permissionService->filterRelatedEntity(
+            Page::class,
+            self::query(),
+            'attachments',
+            'uploaded_to'
+        );
+    }
 }