]> BookStack Code Mirror - bookstack/commitdiff
projects / bookstack / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 0f66c8a)
Reviewed addition to db table prefix
authorDan Brown <redacted>
Wed, 29 Sep 2021 17:41:11 +0000 (18:41 +0100)
committerDan Brown <redacted>
Wed, 29 Sep 2021 17:41:11 +0000 (18:41 +0100)
Review of #2935

- Removed from .env files and added warnings for use if found in config
  file.
- Updated permission service to use whereColumn queries to auto-handle
  use of prefixes.

.env.example patch | blob | history
.env.example.complete patch | blob | history
app/Auth/Permissions/PermissionService.php patch | blob | history
app/Config/database.php patch | blob | history

diff --git a/.env.example b/.env.example
index 33a5d8ab992dc222f3a0978b402215dec6c08368..a0a1b72e6836bcab495a34c0f8633ea295edb644 100644 (file)
--- a/.env.example
+++ b/.env.example
@@ -23,7 +23,6 @@ APP_URL=https://example.com
 # Database details
 DB_HOST=localhost
 DB_DATABASE=database_database
-DB_TABLE_PREFIX=
 DB_USERNAME=database_username
 DB_PASSWORD=database_user_password
 
diff --git a/.env.example.complete b/.env.example.complete
index e28fedad9c58246ad2bc5cfc479ce780291bd707..5eb65c27f09f346fa806d48253ab3e2a26c87337 100644 (file)
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -55,7 +55,6 @@ APP_PROXIES=null
 DB_HOST=localhost
 DB_PORT=3306
 DB_DATABASE=database_database
-DB_TABLE_PREFIX=
 DB_USERNAME=database_username
 DB_PASSWORD=database_user_password
 
diff --git a/app/Auth/Permissions/PermissionService.php b/app/Auth/Permissions/PermissionService.php
index 70204c3f374fd0bb9c49f932d5824446da57dc80..4fcad554b1e24ba853e1e1dd4f842e09f1be7fe5 100644 (file)
--- a/app/Auth/Permissions/PermissionService.php
+++ b/app/Auth/Permissions/PermissionService.php
@@ -603,17 +603,18 @@ class PermissionService
     /**
      * Filter items that have entities set as a polymorphic relation.
      *
-     * @param Builder|\Illuminate\Database\Query\Builder $query
+     * @param Builder|QueryBuilder $query
      */
     public function filterRestrictedEntityRelations($query, string $tableName, string $entityIdColumn, string $entityTypeColumn, string $action = 'view')
     {
-        $tableDetails = ['tableName' => $this->db->getTablePrefix() . $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
+        $tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
 
         $q = $query->where(function ($query) use ($tableDetails, $action) {
             $query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) {
+                /** @var Builder $permissionQuery */
                 $permissionQuery->select(['role_id'])->from('joint_permissions')
-                    ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
-                    ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
+                    ->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
+                    ->whereColumn('joint_permissions.entity_type', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
                     ->where('action', '=', $action)
                     ->whereIn('role_id', $this->getCurrentUserRoles())
                     ->where(function (QueryBuilder $query) {
@@ -639,8 +640,9 @@ class PermissionService
         $q = $query->where(function ($query) use ($tableDetails, $morphClass) {
             $query->where(function ($query) use (&$tableDetails, $morphClass) {
                 $query->whereExists(function ($permissionQuery) use (&$tableDetails, $morphClass) {
+                    /** @var Builder $permissionQuery */
                     $permissionQuery->select('id')->from('joint_permissions')
-                        ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
+                        ->whereColumn('joint_permissions.entity_id', '=',  $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
                         ->where('entity_type', '=', $morphClass)
                         ->where('action', '=', 'view')
                         ->whereIn('role_id', $this->getCurrentUserRoles())
diff --git a/app/Config/database.php b/app/Config/database.php
index 9394439305a3b6839c886f2383dcbaea5141fe18..0c696609526fa5fc02fca74e975f076f87ee6884 100644 (file)
--- a/app/Config/database.php
+++ b/app/Config/database.php
@@ -69,6 +69,9 @@ return [
             'port'           => $mysql_port,
             'charset'        => 'utf8mb4',
             'collation'      => 'utf8mb4_unicode_ci',
+            // Prefixes are only semi-supported and may be unstable
+            // since they are not tested as part of our automated test suite.
+            // If used, the prefix should not be changed otherwise you will likely receive errors.
             'prefix'         => env('DB_TABLE_PREFIX', ''),
             'prefix_indexes' => true,
             'strict'         => false,
The core source code for the BookStack project.