namespace BookStack\Http\Controllers;
+use BookStack\Ownable;
use HttpRequestException;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Http\Exception\HttpResponseException;
}
/**
- * On a permission error redirect to home and display
+ * On a permission error redirect to home and display.
* the error as a notification.
*/
protected function showPermissionError()
/**
* Checks for a permission.
- *
- * @param $permissionName
+ * @param string $permissionName
* @return bool|\Illuminate\Http\RedirectResponse
*/
protected function checkPermission($permissionName)
{
if (!$this->currentUser || !$this->currentUser->can($permissionName)) {
- dd($this->currentUser);
$this->showPermissionError();
}
-
return true;
}
+ /**
+ * Check the current user's permissions against an ownable item.
+ * @param $permission
+ * @param Ownable $ownable
+ * @return bool
+ */
+ protected function checkOwnablePermission($permission, Ownable $ownable)
+ {
+ $permissionBaseName = strtolower($permission) . '-';
+ if (userCan($permissionBaseName . 'all')) return true;
+ if (userCan($permissionBaseName . 'own') && $ownable->createdBy->id === $this->currentUser->id) return true;
+ $this->showPermissionError();
+ }
+
/**
* Check if a user has a permission or bypass if the callback is true.
* @param $permissionName
projects / bookstack / blobdiff