X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/05316c90baac1a1d0d9719d976eb4f19511dc023..refs/pull/1626/head:/app/Http/Controllers/Controller.php

diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
index c5255c0ba..5bc62c601 100644
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -2,13 +2,13 @@
 
 namespace BookStack\Http\Controllers;
 
+use BookStack\Auth\User;
 use BookStack\Ownable;
 use Illuminate\Foundation\Bus\DispatchesJobs;
-use Illuminate\Http\Exception\HttpResponseException;
+use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Http\Exceptions\HttpResponseException;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
-use Illuminate\Foundation\Validation\ValidatesRequests;
-use BookStack\User;
 
 abstract class Controller extends BaseController
 {
@@ -51,7 +51,9 @@ abstract class Controller extends BaseController
      */
     protected function preventAccessForDemoUsers()
     {
-        if (config('app.env') === 'demo') $this->showPermissionError();
+        if (config('app.env') === 'demo') {
+            $this->showPermissionError();
+        }
     }
 
     /**
@@ -100,7 +102,9 @@ abstract class Controller extends BaseController
      */
     protected function checkOwnablePermission($permission, Ownable $ownable)
     {
-        if (userCan($permission, $ownable)) return true;
+        if (userCan($permission, $ownable)) {
+            return true;
+        }
         return $this->showPermissionError();
     }
 
@@ -113,19 +117,24 @@ abstract class Controller extends BaseController
     protected function checkPermissionOr($permissionName, $callback)
     {
         $callbackResult = $callback();
-        if ($callbackResult === false) $this->checkPermission($permissionName);
+        if ($callbackResult === false) {
+            $this->checkPermission($permissionName);
+        }
         return true;
     }
 
     /**
-     * Send a json respons with a message attached as a header.
-     * @param $data
-     * @param string $successMessage
-     * @return $this
+     * Check if the current user has a permission or bypass if the provided user
+     * id matches the current user.
+     * @param string $permissionName
+     * @param int $userId
+     * @return bool
      */
-    protected function jsonSuccess($data, $successMessage = "")
+    protected function checkPermissionOrCurrentUser(string $permissionName, int $userId)
     {
-        return response()->json($data)->header('message-success', $successMessage);
+        return $this->checkPermissionOr($permissionName, function () use ($userId) {
+            return $userId === $this->currentUser->id;
+        });
     }
 
     /**
@@ -141,7 +150,6 @@ abstract class Controller extends BaseController
 
     /**
      * Create the response for when a request fails validation.
-     *
      * @param  \Illuminate\Http\Request  $request
      * @param  array  $errors
      * @return \Symfony\Component\HttpFoundation\Response
@@ -157,4 +165,17 @@ abstract class Controller extends BaseController
             ->withErrors($errors, $this->errorBag());
     }
 
+    /**
+     * Create a response that forces a download in the browser.
+     * @param string $content
+     * @param string $fileName
+     * @return \Illuminate\Http\Response
+     */
+    protected function downloadResponse(string $content, string $fileName)
+    {
+        return response()->make($content, 200, [
+            'Content-Type'        => 'application/octet-stream',
+            'Content-Disposition' => 'attachment; filename="' . $fileName . '"'
+        ]);
+    }
 }