X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/fff5bbcee458992443e3732fbcbbbe34f765fcc3..refs/pull/906/head:/app/Http/Controllers/Controller.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 43292d941..a51ff5d77 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -3,13 +3,11 @@ namespace BookStack\Http\Controllers; use BookStack\Ownable; -use HttpRequestException; use Illuminate\Foundation\Bus\DispatchesJobs; -use Illuminate\Http\Exception\HttpResponseException; +use Illuminate\Http\Exceptions\HttpResponseException; +use Illuminate\Http\Request; use Illuminate\Routing\Controller as BaseController; use Illuminate\Foundation\Validation\ValidatesRequests; -use Illuminate\Support\Facades\Auth; -use Illuminate\Support\Facades\Session; use BookStack\User; abstract class Controller extends BaseController @@ -33,17 +31,16 @@ abstract class Controller extends BaseController $this->middleware(function ($request, $next) { // Get a user instance for the current user - $user = auth()->user(); - if (!$user) $user = User::getDefault(); - - // Share variables with views - view()->share('signedIn', auth()->check()); - view()->share('currentUser', $user); + $user = user(); // Share variables with controllers $this->currentUser = $user; $this->signedIn = auth()->check(); + // Share variables with views + view()->share('signedIn', $this->signedIn); + view()->share('currentUser', $user); + return $next($request); }); } @@ -54,7 +51,9 @@ abstract class Controller extends BaseController */ protected function preventAccessForDemoUsers() { - if (config('app.env') === 'demo') $this->showPermissionError(); + if (config('app.env') === 'demo') { + $this->showPermissionError(); + } } /** @@ -72,8 +71,13 @@ abstract class Controller extends BaseController */ protected function showPermissionError() { - Session::flash('error', trans('errors.permission')); - $response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/'); + if (request()->wantsJson()) { + $response = response()->json(['error' => trans('errors.permissionJson')], 403); + } else { + $response = redirect('/'); + session()->flash('error', trans('errors.permission')); + } + throw new HttpResponseException($response); } @@ -84,7 +88,7 @@ abstract class Controller extends BaseController */ protected function checkPermission($permissionName) { - if (!$this->currentUser || !$this->currentUser->can($permissionName)) { + if (!user() || !user()->can($permissionName)) { $this->showPermissionError(); } return true; @@ -98,7 +102,9 @@ abstract class Controller extends BaseController */ protected function checkOwnablePermission($permission, Ownable $ownable) { - if (userCan($permission, $ownable)) return true; + if (userCan($permission, $ownable)) { + return true; + } return $this->showPermissionError(); } @@ -111,7 +117,9 @@ abstract class Controller extends BaseController protected function checkPermissionOr($permissionName, $callback) { $callbackResult = $callback(); - if ($callbackResult === false) $this->checkPermission($permissionName); + if ($callbackResult === false) { + $this->checkPermission($permissionName); + } return true; } @@ -126,4 +134,21 @@ abstract class Controller extends BaseController return response()->json(['message' => $messageText], $statusCode); } + /** + * Create the response for when a request fails validation. + * + * @param \Illuminate\Http\Request $request + * @param array $errors + * @return \Symfony\Component\HttpFoundation\Response + */ + protected function buildFailedValidationResponse(Request $request, array $errors) + { + if ($request->expectsJson()) { + return response()->json(['validation' => $errors], 422); + } + + return redirect()->to($this->getRedirectUrl()) + ->withInput($request->input()) + ->withErrors($errors, $this->errorBag()); + } }