From: Dan Brown Date: Sat, 9 Mar 2019 16:12:12 +0000 (+0000) Subject: Merge branch 'Copy-For-View-Only' of git://github.com/mark-james/BookStack into mark... X-Git-Tag: v0.25.2~1^2~2^2~1 X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/6be2d3f28c2d59987dba8b2b38714a7b9aae7c6b?ds=sidebyside;hp=-c Merge branch 'Copy-For-View-Only' of git://github.com/mark-james/BookStack into mark-james-Copy-For-View-Only --- 6be2d3f28c2d59987dba8b2b38714a7b9aae7c6b diff --combined app/Auth/Permissions/PermissionService.php index af2a5e1fd,fa375b4dd..b28f59cc5 --- a/app/Auth/Permissions/PermissionService.php +++ b/app/Auth/Permissions/PermissionService.php @@@ -190,10 -190,10 +190,10 @@@ class PermissionServic { return $this->entityProvider->book->newQuery() ->select(['id', 'restricted', 'created_by'])->with(['chapters' => function ($query) { - $query->select(['id', 'restricted', 'created_by', 'book_id']); - }, 'pages' => function ($query) { - $query->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']); - }]); + $query->select(['id', 'restricted', 'created_by', 'book_id']); + }, 'pages' => function ($query) { + $query->select(['id', 'restricted', 'created_by', 'book_id', 'chapter_id']); + }]); } /** @@@ -556,6 -556,33 +556,33 @@@ return $q; } + /** + * Checks if a user has a book or chapter available to create a page + * @param Ownable $ownable + * @param $permission + * @return bool + */ + public function checkAvailableCreatePageAccess() + { + $userRoleIds = $this->currentUser()->roles()->pluck('id')->toArray(); + $userId = $this->currentUser()->id; + + + $canCreatePage = $this->db->table('joint_permissions') + ->where('action', '=', 'page-create') + ->whereIn('role_id', $userRoleIds) + ->where(function ($query) use ($userId) { + $query->where('has_permission', '=', 1) + ->orWhere(function ($query2) use ($userId) { + $query2->where('has_permission_own', '=', 1) + ->where('created_by', '=', $userId); + }); + }) + ->get()->count() > 0; + + return $canCreatePage; + } + /** * Check if an entity has restrictions set on itself or its * parent tree. @@@ -612,13 -639,13 +639,13 @@@ $entities = $this->entityProvider; $pageSelect = $this->db->table('pages')->selectRaw($entities->page->entityRawQuery($fetchPageContent)) ->where('book_id', '=', $book_id)->where(function ($query) use ($filterDrafts) { - $query->where('draft', '=', 0); - if (!$filterDrafts) { - $query->orWhere(function ($query) { - $query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id); - }); - } - }); + $query->where('draft', '=', 0); + if (!$filterDrafts) { + $query->orWhere(function ($query) { + $query->where('draft', '=', 1)->where('created_by', '=', $this->currentUser()->id); + }); + } + }); $chapterSelect = $this->db->table('chapters')->selectRaw($entities->chapter->entityRawQuery())->where('book_id', '=', $book_id); $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U")) ->mergeBindings($pageSelect)->mergeBindings($chapterSelect); diff --combined app/Http/Controllers/PageController.php index b68655241,de3720f97..d95e02470 --- a/app/Http/Controllers/PageController.php +++ b/app/Http/Controllers/PageController.php @@@ -586,7 -586,6 +586,7 @@@ class PageController extends Controlle { $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug); $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('page-delete', $page); return view('pages/move', [ 'book' => $page->book, 'page' => $page @@@ -605,7 -604,6 +605,7 @@@ { $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug); $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('page-delete', $page); $entitySelection = $request->get('entity_selection', null); if ($entitySelection === null || $entitySelection === '') { @@@ -643,7 -641,7 +643,7 @@@ public function showCopy($bookSlug, $pageSlug) { $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug); - $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('page-view', $page); session()->flashInput(['name' => $page->name]); return view('pages/copy', [ 'book' => $page->book, @@@ -662,7 -660,7 +662,7 @@@ public function copy($bookSlug, $pageSlug, Request $request) { $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug); - $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('page-view', $page); $entitySelection = $request->get('entity_selection', null); if ($entitySelection === null || $entitySelection === '') { diff --combined resources/views/pages/show.blade.php index afe007d45,011158dfb..6f221edee --- a/resources/views/pages/show.blade.php +++ b/resources/views/pages/show.blade.php @@@ -17,15 -17,15 +17,17 @@@ @if(userCan('page-update', $page)) @icon('edit'){{ trans('common.edit') }} @endif - @if(userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page)) + @if((userCan('page-view', $page) && userCanCreatePage()) || userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page))
@icon('more') {{ trans('common.more') }}