3 namespace BookStack\Permissions;
5 use BookStack\Entities\EntityProvider;
6 use BookStack\Entities\Models\Entity;
7 use BookStack\Entities\Tools\PermissionsUpdater;
8 use BookStack\Http\ApiController;
9 use Illuminate\Http\Request;
11 class ContentPermissionApiController extends ApiController
13 public function __construct(
14 protected PermissionsUpdater $permissionsUpdater,
15 protected EntityProvider $entities
21 'owner_id' => ['int'],
23 'role_permissions' => ['array'],
24 'role_permissions.*.role_id' => ['required', 'int', 'exists:roles,id'],
25 'role_permissions.*.view' => ['required', 'boolean'],
26 'role_permissions.*.create' => ['required', 'boolean'],
27 'role_permissions.*.update' => ['required', 'boolean'],
28 'role_permissions.*.delete' => ['required', 'boolean'],
30 'fallback_permissions' => ['nullable'],
31 'fallback_permissions.inheriting' => ['required_with:fallback_permissions', 'boolean'],
32 'fallback_permissions.view' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
33 'fallback_permissions.create' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
34 'fallback_permissions.update' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
35 'fallback_permissions.delete' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
40 * Read the configured content-level permissions for the item of the given type and ID.
42 * 'contentType' should be one of: page, book, chapter, bookshelf.
43 * 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
45 * The permissions shown are those that override the default for just the specified item, they do not show the
46 * full evaluated permission for a role, nor do they reflect permissions inherited from other items in the hierarchy.
47 * Fallback permission values may be `null` when inheriting is active.
49 public function read(string $contentType, string $contentId)
51 $entity = $this->entities->get($contentType)
52 ->newQuery()->scopes(['visible'])->findOrFail($contentId);
54 $this->checkOwnablePermission('restrictions-manage', $entity);
56 return response()->json($this->formattedPermissionDataForEntity($entity));
60 * Update the configured content-level permission overrides for the item of the given type and ID.
61 * 'contentType' should be one of: page, book, chapter, bookshelf.
63 * 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
64 * Providing an empty `role_permissions` array will remove any existing configured role permissions,
65 * so you may want to fetch existing permissions beforehand if just adding/removing a single item.
66 * You should completely omit the `owner_id`, `role_permissions` and/or the `fallback_permissions` properties
67 * from your request data if you don't wish to update details within those categories.
69 public function update(Request $request, string $contentType, string $contentId)
71 $entity = $this->entities->get($contentType)
72 ->newQuery()->scopes(['visible'])->findOrFail($contentId);
74 $this->checkOwnablePermission('restrictions-manage', $entity);
76 $data = $this->validate($request, $this->rules()['update']);
77 $this->permissionsUpdater->updateFromApiRequestData($entity, $data);
79 return response()->json($this->formattedPermissionDataForEntity($entity));
82 protected function formattedPermissionDataForEntity(Entity $entity): array
84 $rolePermissions = $entity->permissions()
85 ->where('role_id', '!=', 0)
86 ->with(['role:id,display_name'])
89 $fallback = $entity->permissions()->where('role_id', '=', 0)->first();
91 'inheriting' => is_null($fallback),
92 'view' => $fallback->view ?? null,
93 'create' => $fallback->create ?? null,
94 'update' => $fallback->update ?? null,
95 'delete' => $fallback->delete ?? null,
99 'owner' => $entity->ownedBy()->first(),
100 'role_permissions' => $rolePermissions,
101 'fallback_permissions' => $fallbackData,
projects / bookstack / blob