Fixed entities wrongly visible on 404

author Dan Brown <redacted>

Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)

committer Dan Brown <redacted>

Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)
author Dan Brown <redacted>
Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)
committer Dan Brown <redacted>
Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php

index c55cc9ab8d47f11caa0ee7bacf9b1cee705b73bf..839590c956e776f3e6e6e2f5dadb44f13e19a25d 100644 (file)
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -13,6 +13,8 @@ class Kernel extends HttpKernel
       */
      protected $middleware = [
          \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
+        \Illuminate\Session\Middleware\StartSession::class,
+        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
      ];
  
      /**
@@ -24,8 +26,6 @@ class Kernel extends HttpKernel
          'web' => [
              \BookStack\Http\Middleware\EncryptCookies::class,
              \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
              \BookStack\Http\Middleware\VerifyCsrfToken::class,
              \Illuminate\Routing\Middleware\SubstituteBindings::class,
              \BookStack\Http\Middleware\Localization::class
diff --git a/app/helpers.php b/app/helpers.php

index 6decb08e96517233086eb9fe2e76ad002ce892fa..e68e29d132a80af4caec8084bd642e59ca6395f6 100644 (file)
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -37,6 +37,15 @@ function user()
      return auth()->user() ?: \BookStack\User::getDefault();
  }
  
+/**
+ * Check if current user is a signed in user.
+ * @return bool
+ */
+function signedInUser()
+{
+    return auth()->user() && !auth()->user()->isDefault();
+}
+
  /**
   * Check if the current user has a permission.
   * If an ownable element is passed in the jointPermissions are checked against
diff --git a/resources/views/base.blade.php b/resources/views/base.blade.php

index 43f22d89a117cac1a6921058b2006c32292755b2..a98a37131aaf30f487a65fae983cd645def94e04 100644 (file)
--- a/resources/views/base.blade.php
+++ b/resources/views/base.blade.php
@@ -55,15 +55,15 @@
                      <div class="float right">
                          <div class="links text-center">
                              <a href="{{ baseUrl('/books') }}"><i class="zmdi zmdi-book"></i>{{ trans('entities.books') }}</a>
-                            @if(isset($currentUser) && userCan('settings-manage'))
+                            @if(signedInUser() && userCan('settings-manage'))
                                  <a href="{{ baseUrl('/settings') }}"><i class="zmdi zmdi-settings"></i>{{ trans('settings.settings') }}</a>
                              @endif
-                            @if(!isset($signedIn) || !$signedIn)
+                            @if(!signedInUser())
                                  <a href="{{ baseUrl('/login') }}"><i class="zmdi zmdi-sign-in"></i>{{ trans('auth.log_in') }}</a>
                              @endif
                          </div>
-                        @if(isset($signedIn) && $signedIn)
-                            @include('partials._header-dropdown', ['currentUser' => $currentUser])
+                        @if(signedInUser())
+                            @include('partials._header-dropdown', ['currentUser' => user()])
                          @endif
  
                      </div>
diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php

index c9e600ceb7376489f6945f863b2b241da3037949..a0e34e83ddd8d351528372242e757390b240c124 100644 (file)
--- a/resources/views/errors/404.blade.php
+++ b/resources/views/errors/404.blade.php
@@ -10,22 +10,24 @@
      <p>{{ trans('errors.sorry_page_not_found') }}</p>
      <p><a href="{{ baseUrl('/') }}" class="button">{{ trans('errors.return_home') }}</a></p>
  
-    <hr>
-
-    <div class="row">
-        <div class="col-md-4">
-            <h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
-        </div>
-        <div class="col-md-4">
-            <h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
-        </div>
-        <div class="col-md-4">
-            <h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
+    @if (setting('app-public') || !user()->isDefault())
+        <hr>
+
+        <div class="row">
+            <div class="col-md-4">
+                <h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
+            </div>
+            <div class="col-md-4">
+                <h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
+            </div>
+            <div class="col-md-4">
+                <h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
+            </div>
          </div>
-    </div>
+    @endif
  </div>
  
  @stop
 \ No newline at end of file
diff --git a/tests/PublicActionTest.php b/tests/PublicActionTest.php

index 2ea5fbfed428e89a3f02cfac45b73a8a9ec90257..4e242fc7d6d34e9dadcd670771e326f225a0906f 100644 (file)
--- a/tests/PublicActionTest.php
+++ b/tests/PublicActionTest.php
@@ -80,4 +80,14 @@ class PublicActionTest extends TestCase
          ]);
      }
  
+    public function test_content_not_listed_on_404_for_public_users()
+    {
+        $page = \BookStack\Page::first();
+        $this->asAdmin()->visit($page->getUrl());
+        Auth::logout();
+        view()->share('pageTitle', '');
+        $this->forceVisit('/cats/dogs/hippos');
+        $this->dontSee($page->name);
+    }
+
  }
 \ No newline at end of file
author	Dan Brown <redacted>
	Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)
committer	Dan Brown <redacted>
	Sun, 5 Feb 2017 21:19:29 +0000 (21:19 +0000)
app/Http/Kernel.php		patch \| blob \| history
app/helpers.php		patch \| blob \| history
resources/views/base.blade.php		patch \| blob \| history
resources/views/errors/404.blade.php		patch \| blob \| history
tests/PublicActionTest.php		patch \| blob \| history