]> BookStack Code Mirror - bookstack/commitdiff
projects / bookstack / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: a825f27)
Aligned admin permission check restriction ignore
authorDan Brown <redacted>
Fri, 13 Jan 2023 22:19:29 +0000 (22:19 +0000)
committerDan Brown <redacted>
Fri, 13 Jan 2023 22:19:29 +0000 (22:19 +0000)
app/Auth/Permissions/PermissionApplicator.php patch | blob | history

diff --git a/app/Auth/Permissions/PermissionApplicator.php b/app/Auth/Permissions/PermissionApplicator.php
index c3ae2dce14354ac2ab5a9537e3c3957bc9ddad08..3ccccb0ace4b03f7fb452d6e0f7306ec806087ad 100644 (file)
--- a/app/Auth/Permissions/PermissionApplicator.php
+++ b/app/Auth/Permissions/PermissionApplicator.php
@@ -161,12 +161,6 @@ class PermissionApplicator
      */
     public function restrictEntityQuery(Builder $query, string $morphClass): Builder
     {
-        // TODO - Leave this as the new admin workaround?
-        //   Or auto generate collapsed role permissions for admins?
-        if (\user()->hasSystemRole('admin')) {
-            return $query;
-        }
-
         $this->applyPermissionsToQuery($query, $query->getModel()->getTable(), $morphClass, 'id', '');
 
         return $query;
@@ -174,14 +168,17 @@ class PermissionApplicator
 
     /**
      * @param Builder|QueryBuilder $query
-     * @return void
      */
-    protected function applyPermissionsToQuery($query, string $queryTable, string $entityTypeLimiter, string $entityIdColumn, string $entityTypeColumn)
+    protected function applyPermissionsToQuery($query, string $queryTable, string $entityTypeLimiter, string $entityIdColumn, string $entityTypeColumn): void
     {
+        if ($this->currentUser()->hasSystemRole('admin')) {
+            return;
+        }
+
         $this->applyFallbackJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
         $this->applyRoleJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
         $this->applyUserJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
-        $this->applyPermissionWhereFilter($query, $queryTable, $entityTypeLimiter, $entityTypeColumn);
+        $this->applyPermissionWhereFilter($query, $entityTypeLimiter, $entityTypeColumn);
     }
 
     /**
@@ -319,7 +316,6 @@ class PermissionApplicator
      */
     public function restrictEntityRelationQuery($query, string $tableName, string $entityIdColumn, string $entityTypeColumn)
     {
-        // TODO - Apply admin allow all as per above query thing
         $this->applyPermissionsToQuery($query, $tableName, '', $entityIdColumn, $entityTypeColumn);
         // TODO - Test page draft access (Might allow drafts which should not be seen)
 
@@ -337,7 +333,6 @@ class PermissionApplicator
         $morphClass = (new Page())->getMorphClass();
 
         $this->applyPermissionsToQuery($query, $tableName, $morphClass, $pageIdColumn, '');
-        // TODO - Admin workaround as above
         // TODO - Draft display
         return $query;
     }
The core source code for the BookStack project.