3 namespace BookStack\Permissions;
5 use BookStack\Entities\EntityProvider;
6 use BookStack\Entities\Models\Entity;
7 use BookStack\Entities\Tools\PermissionsUpdater;
8 use BookStack\Http\ApiController;
9 use Illuminate\Http\Request;
11 class ContentPermissionApiController extends ApiController
13 public function __construct(
14 protected PermissionsUpdater $permissionsUpdater,
15 protected EntityProvider $entities
21 'owner_id' => ['int'],
23 'role_permissions' => ['array'],
24 'role_permissions.*.role_id' => ['required', 'int', 'exists:roles,id'],
25 'role_permissions.*.view' => ['required', 'boolean'],
26 'role_permissions.*.create' => ['required', 'boolean'],
27 'role_permissions.*.update' => ['required', 'boolean'],
28 'role_permissions.*.delete' => ['required', 'boolean'],
30 'fallback_permissions' => ['nullable'],
31 'fallback_permissions.inheriting' => ['required_with:fallback_permissions', 'boolean'],
32 'fallback_permissions.view' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
33 'fallback_permissions.create' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
34 'fallback_permissions.update' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
35 'fallback_permissions.delete' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
40 * Read the configured content-level permissions for the item of the given type and ID.
41 * 'contentType' should be one of: page, book, chapter, bookshelf.
42 * 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
43 * The permissions shown are those that override the default for just the specified item, they do not show the
44 * full evaluated permission for a role, nor do they reflect permissions inherited from other items in the hierarchy.
45 * Fallback permission values may be `null` when inheriting is active.
47 public function read(string $contentType, string $contentId)
49 $entity = $this->entities->get($contentType)
50 ->newQuery()->scopes(['visible'])->findOrFail($contentId);
52 $this->checkOwnablePermission('restrictions-manage', $entity);
54 return response()->json($this->formattedPermissionDataForEntity($entity));
58 * Update the configured content-level permission overrides for the item of the given type and ID.
59 * 'contentType' should be one of: page, book, chapter, bookshelf.
60 * 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
61 * Providing an empty `role_permissions` array will remove any existing configured role permissions,
62 * so you may want to fetch existing permissions beforehand if just adding/removing a single item.
63 * You should completely omit the `owner_id`, `role_permissions` and/or the `fallback_permissions` properties
64 * from your request data if you don't wish to update details within those categories.
66 public function update(Request $request, string $contentType, string $contentId)
68 $entity = $this->entities->get($contentType)
69 ->newQuery()->scopes(['visible'])->findOrFail($contentId);
71 $this->checkOwnablePermission('restrictions-manage', $entity);
73 $data = $this->validate($request, $this->rules()['update']);
74 $this->permissionsUpdater->updateFromApiRequestData($entity, $data);
76 return response()->json($this->formattedPermissionDataForEntity($entity));
79 protected function formattedPermissionDataForEntity(Entity $entity): array
81 $rolePermissions = $entity->permissions()
82 ->where('role_id', '!=', 0)
83 ->with(['role:id,display_name'])
86 $fallback = $entity->permissions()->where('role_id', '=', 0)->first();
88 'inheriting' => is_null($fallback),
89 'view' => $fallback->view ?? null,
90 'create' => $fallback->create ?? null,
91 'update' => $fallback->update ?? null,
92 'delete' => $fallback->delete ?? null,
96 'owner' => $entity->ownedBy()->first(),
97 'role_permissions' => $rolePermissions,
98 'fallback_permissions' => $fallbackData,
projects / bookstack / blob