return $q;
}
+ /**
+ * Checks if a user has a book or chapter available to create a page
+ * @param Ownable $ownable
+ * @param $permission
+ * @return bool
+ */
+ public function checkAvailableCreatePageAccess()
+ {
+ $userRoleIds = $this->currentUser()->roles()->pluck('id')->toArray();
+ $userId = $this->currentUser()->id;
+
+
+ $canCreatePage = $this->db->table('joint_permissions')
+ ->where('action', '=', 'page-create')
+ ->whereIn('role_id', $userRoleIds)
+ ->where(function ($query) use ($userId) {
+ $query->where('has_permission', '=', 1)
+ ->orWhere(function ($query2) use ($userId) {
+ $query2->where('has_permission_own', '=', 1)
+ ->where('created_by', '=', $userId);
+ });
+ })
+ ->get()->count() > 0;
+
+ return $canCreatePage;
+ }
+
/**
* Check if an entity has restrictions set on itself or its
* parent tree.
public function showCopy($bookSlug, $pageSlug)
{
$page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug);
- $this->checkOwnablePermission('page-update', $page);
+ $this->checkOwnablePermission('page-view', $page);
session()->flashInput(['name' => $page->name]);
return view('pages/copy', [
'book' => $page->book,
public function copy($bookSlug, $pageSlug, Request $request)
{
$page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug);
- $this->checkOwnablePermission('page-update', $page);
+ $this->checkOwnablePermission('page-view', $page);
$entitySelection = $request->get('entity_selection', null);
if ($entitySelection === null || $entitySelection === '') {
return $permissionService->checkOwnableUserAccess($ownable, $permission);
}
+/**
+ * Check if the current user has the ability to create a page for an existing object
+ * @return bool
+ */
+function userCanCreatePage()
+{
+ // Check for create page permissions
+ $permissionService = app(\BookStack\Auth\Permissions\PermissionService::class);
+ return $permissionService->checkAvailableCreatePageAccess();
+}
+
/**
* Helper to access system settings.
* @param $key
@if(userCan('page-update', $page))
<a href="{{ $page->getUrl('/edit') }}" class="text-primary text-button" >@icon('edit'){{ trans('common.edit') }}</a>
@endif
- @if(userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page))
+ @if((userCan('page-view', $page) && userCanCreatePage()) || userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page))
<div dropdown class="dropdown-container">
<a dropdown-toggle class="text-primary text-button">@icon('more') {{ trans('common.more') }}</a>
<ul>
- @if(userCan('page-update', $page))
+ @if(userCanCreatePage())
<li><a href="{{ $page->getUrl('/copy') }}" class="text-primary" >@icon('copy'){{ trans('common.copy') }}</a></li>
- @if(userCan('page-delete', $page))
- <li><a href="{{ $page->getUrl('/move') }}" class="text-primary" >@icon('folder'){{ trans('common.move') }}</a></li>
- @endif
+ @endif
+ @if(userCan('page-delete', $page) && userCan('page-update, $page))
+ <li><a href="{{ $page->getUrl('/move') }}" class="text-primary" >@icon('folder'){{ trans('common.move') }}</a></li>
+ @endif
+ @if(userCan('page-update', $page))
<li><a href="{{ $page->getUrl('/revisions') }}" class="text-primary">@icon('history'){{ trans('entities.revisions') }}</a></li>
@endif
@if(userCan('restrictions-manage', $page))
projects / bookstack / commitdiff