X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ebf78d49a866fb61f908111225ced91946f6d3ef..refs/pull/651/head:/app/Http/Controllers/BookController.php diff --git a/app/Http/Controllers/BookController.php b/app/Http/Controllers/BookController.php index 5342ece6b..d70f9d0df 100644 --- a/app/Http/Controllers/BookController.php +++ b/app/Http/Controllers/BookController.php @@ -40,12 +40,14 @@ class BookController extends Controller $recents = $this->signedIn ? $this->entityRepo->getRecentlyViewed('book', 4, 0) : false; $popular = $this->entityRepo->getPopular('book', 4, 0); $new = $this->entityRepo->getRecentlyCreated('book', 4, 0); - $this->setPageTitle('Books'); + $booksViewType = setting()->getUser($this->currentUser, 'books_view_type', 'list'); + $this->setPageTitle(trans('entities.books')); return view('books/index', [ 'books' => $books, 'recents' => $recents, 'popular' => $popular, - 'new' => $new + 'new' => $new, + 'booksViewType' => $booksViewType ]); } @@ -125,9 +127,9 @@ class BookController extends Controller 'name' => 'required|string|max:255', 'description' => 'string|max:1000' ]); - $book = $this->entityRepo->updateFromInput('book', $book, $request->all()); - Activity::add($book, 'book_update', $book->id); - return redirect($book->getUrl()); + $book = $this->entityRepo->updateFromInput('book', $book, $request->all()); + Activity::add($book, 'book_update', $book->id); + return redirect($book->getUrl()); } /** @@ -153,7 +155,7 @@ class BookController extends Controller $book = $this->entityRepo->getBySlug('book', $bookSlug); $this->checkOwnablePermission('book-update', $book); $bookChildren = $this->entityRepo->getBookChildren($book, true); - $books = $this->entityRepo->getAll('book', false); + $books = $this->entityRepo->getAll('book', false, 'update'); $this->setPageTitle(trans('entities.books_sort_named', ['bookName'=>$book->getShortName()])); return view('books/sort', ['book' => $book, 'current' => $book, 'books' => $books, 'bookChildren' => $bookChildren]); } @@ -183,7 +185,7 @@ class BookController extends Controller $this->checkOwnablePermission('book-update', $book); // Return if no map sent - if (!$request->has('sort-tree')) { + if (!$request->filled('sort-tree')) { return redirect($book->getUrl()); } @@ -193,12 +195,41 @@ class BookController extends Controller $sortMap = json_decode($request->get('sort-tree')); $defaultBookId = $book->id; + // Check permissions for all target and source books + $permissionsList = [$book->id]; + foreach ($sortMap as $bookChild) { + // Check permission for target book + if (!in_array($bookChild->book, $permissionsList)) { + $targetBook = $this->entityRepo->getById('book', $bookChild->book); + if (!empty($targetBook)) { + $bookId = $targetBook->id; + $this->checkOwnablePermission('book-update', $targetBook); + // cache the permission for future use. + $permissionsList[] = $bookId; + } + } + + // Check permissions for the source book + $id = intval($bookChild->id); + $isPage = $bookChild->type == 'page'; + $model = $this->entityRepo->getById($isPage?'page':'chapter', $id); + $sourceBook = $model->book; + if (!in_array($sourceBook->id, $permissionsList)) { + $this->checkOwnablePermission('book-update', $sourceBook); + + // cache the permission for future use. + $permissionsList[] = $sourceBook->id; + } + } + // Loop through contents of provided map and update entities accordingly foreach ($sortMap as $bookChild) { $priority = $bookChild->sort; $id = intval($bookChild->id); $isPage = $bookChild->type == 'page'; - $bookId = $this->entityRepo->exists('book', $bookChild->book) ? intval($bookChild->book) : $defaultBookId; + $bookId = $defaultBookId; + $targetBook = $this->entityRepo->getById('book', $bookChild->book); + $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter); $model = $this->entityRepo->getById($isPage?'page':'chapter', $id);