Updated shelf-list view to enforce view permissions for child books

- Aligned shelf-homepage behaviour to match
- Updated testing to cover.

For #2111

diff --git a/app/Entities/Repos/BookshelfRepo.php b/app/Entities/Repos/BookshelfRepo.php
index 876f56e1036aa144ee211a4930448db4c62a570c..ba687c6f6e754f3a49959ad932294620cb3e74c8 100644 (file)
--- a/app/Entities/Repos/BookshelfRepo.php
+++ b/app/Entities/Repos/BookshelfRepo.php
@@ -28,8 +28,10 @@ class BookshelfRepo
      */
     public function getAllPaginated(int $count = 20, string $sort = 'name', string $order = 'asc'): LengthAwarePaginator
     {
-        return Bookshelf::visible()->with('visibleBooks')
-            ->orderBy($sort, $order)->paginate($count);
+        return Bookshelf::visible()
+            ->with('visibleBooks')
+            ->orderBy($sort, $order)
+            ->paginate($count);
     }
 
     /**

diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php
index 260952fd16eb8e18962bc962ac3db1acc3f13445..60d2664d03a81107b9427f1258a8a82664551c90 100644 (file)
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
@@ -69,11 +69,7 @@ class HomeController extends Controller
         }
 
         if ($homepageOption === 'bookshelves') {
-            $shelfRepo = app(BookshelfRepo::class);
             $shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['sort'], $commonData['order']);
-            foreach ($shelves as $shelf) {
-                $shelf->books = $shelf->visibleBooks;
-            }
             $data = array_merge($commonData, ['shelves' => $shelves]);
             return view('common.home-shelves', $data);
         }

diff --git a/resources/views/shelves/list-item.blade.php b/resources/views/shelves/list-item.blade.php
index c9c9670c5833c84e02b09b919decc73a152cf0e2..6e5ed29a5fa41ef09156e58456b842e77b4039de 100644 (file)
--- a/resources/views/shelves/list-item.blade.php
+++ b/resources/views/shelves/list-item.blade.php
@@ -10,7 +10,7 @@
     </div>
 </a>
 <div class="entity-shelf-books grid third gap-y-xs entity-list-item-children">
-    @foreach($shelf->books as $book)
+    @foreach($shelf->visibleBooks as $book)
         <div>
             <a href="{{ $book->getUrl('?shelf=' . $shelf->id) }}" class="entity-chip text-book">
                 @icon('book')

diff --git a/tests/Entity/BookShelfTest.php b/tests/Entity/BookShelfTest.php
index abee4d34a6e15e19b0f96c72f69be8f3c182e5d3..cb3acfb1e8eb8724d3a927e0b4c8c1a5a11d9823 100644 (file)
--- a/tests/Entity/BookShelfTest.php
+++ b/tests/Entity/BookShelfTest.php
@@ -56,6 +56,25 @@ class BookShelfTest extends TestCase
         $resp->assertElementContains('a', 'New Shelf');
     }
 
+    public function test_book_not_visible_in_shelf_list_view_if_user_cant_view_shelf()
+    {
+        config()->set([
+            'app.views.bookshelves' => 'list',
+        ]);
+        $shelf = Bookshelf::query()->first();
+        $book = $shelf->books()->first();
+
+        $resp = $this->asEditor()->get('/shelves');
+        $resp->assertSee($book->name);
+        $resp->assertSee($book->getUrl());
+
+        $this->setEntityRestrictions($book, []);
+
+        $resp = $this->asEditor()->get('/shelves');
+        $resp->assertDontSee($book->name);
+        $resp->assertDontSee($book->getUrl());
+    }
+
     public function test_shelves_create()
     {
         $booksToInclude = Book::take(2)->get();