Removed most usages of restricted entitiy property

2025-08-07 23:03:00 +03:00 · 2022-10-10 16:58:26 +01:00
parent 63056dbef4
commit 0f68be608d
22 changed files with 42 additions and 52 deletions
--- a/app/Auth/Permissions/PermissionApplicator.php
+++ b/app/Auth/Permissions/PermissionApplicator.php
@@ -66,6 +66,8 @@ class PermissionApplicator
            return true;
        }

+        // The chain order here is very important due to the fact we walk up the chain
+        // in the loop below. Earlier items in the chain have higher priority.
        $chain = [$entity];
        if ($entity instanceof Page && $entity->chapter_id) {
            $chain[] = $entity->chapter;
@@ -76,16 +78,26 @@ class PermissionApplicator
        }

        foreach ($chain as $currentEntity) {
-            if (is_null($currentEntity->restricted)) {
-                throw new InvalidArgumentException('Entity restricted field used but has not been loaded');
+            $allowedByRoleId = $currentEntity->permissions()
+                ->whereIn('role_id', [0, ...$userRoleIds])
+                ->pluck($action, 'role_id');
+
+            // Continue up the chain if no applicable entity permission overrides.
+            if (empty($allowedByRoleId)) {
+                continue;
            }

-            if ($currentEntity->restricted) {
-                return $currentEntity->permissions()
-                    ->whereIn('role_id', $userRoleIds)
-                    ->where($action, '=', true)
-                    ->count() > 0;
+            // If we have user-role-specific permissions set, allow if any of those
+            // role permissions allow access.
+            $hasDefault = $allowedByRoleId->has(0);
+            if (!$hasDefault || $allowedByRoleId->count() > 1) {
+                return $allowedByRoleId->search(function (bool $allowed, int $roleId) {
+                        return $roleId !== 0 && $allowed;
+                }) !== false;
            }
+
+            // Otherwise, return the default "Other roles" fallback value.
+            return $allowedByRoleId->get(0);
        }

        return null;
--- a/app/Console/Commands/CopyShelfPermissions.php
+++ b/app/Console/Commands/CopyShelfPermissions.php
@@ -66,11 +66,11 @@ class CopyShelfPermissions extends Command
                return;
            }

-            $shelves = Bookshelf::query()->get(['id', 'restricted']);
+            $shelves = Bookshelf::query()->get(['id']);
        }

        if ($shelfSlug) {
-            $shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id', 'restricted']);
+            $shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id']);
            if ($shelves->count() === 0) {
                $this->info('No shelves found with the given slug.');
            }
--- a/app/Entities/Models/Book.php
+++ b/app/Entities/Models/Book.php
@@ -28,7 +28,7 @@ class Book extends Entity implements HasCoverImage
    public $searchFactor = 1.2;

    protected $fillable = ['name', 'description'];
-    protected $hidden = ['restricted', 'pivot', 'image_id', 'deleted_at'];
+    protected $hidden = ['pivot', 'image_id', 'deleted_at'];

    /**
     * Get the url for this book.
--- a/app/Entities/Models/Bookshelf.php
+++ b/app/Entities/Models/Bookshelf.php
@@ -17,7 +17,7 @@ class Bookshelf extends Entity implements HasCoverImage

    protected $fillable = ['name', 'description', 'image_id'];

-    protected $hidden = ['restricted', 'image_id', 'deleted_at'];
+    protected $hidden = ['image_id', 'deleted_at'];

    /**
     * Get the books in this shelf.
--- a/app/Entities/Models/Chapter.php
+++ b/app/Entities/Models/Chapter.php
@@ -19,7 +19,7 @@ class Chapter extends BookChild
    public $searchFactor = 1.2;

    protected $fillable = ['name', 'description', 'priority'];
-    protected $hidden = ['restricted', 'pivot', 'deleted_at'];
+    protected $hidden = ['pivot', 'deleted_at'];

    /**
     * Get the pages that this chapter contains.
--- a/app/Entities/Models/Entity.php
+++ b/app/Entities/Models/Entity.php
@@ -42,7 +42,6 @@ use Illuminate\Database\Eloquent\SoftDeletes;
 * @property Carbon     $deleted_at
 * @property int        $created_by
 * @property int        $updated_by
- * @property bool       $restricted
 * @property Collection $tags
 *
 * @method static Entity|Builder visible()
--- a/app/Entities/Models/Page.php
+++ b/app/Entities/Models/Page.php
@@ -39,7 +39,7 @@ class Page extends BookChild

    public $textField = 'text';

-    protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot', 'deleted_at'];
+    protected $hidden = ['html', 'markdown', 'text', 'pivot', 'deleted_at'];

    protected $casts = [
        'draft'    => 'boolean',
--- a/app/Entities/Models/PageRevision.php
+++ b/app/Entities/Models/PageRevision.php
@@ -31,7 +31,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
 class PageRevision extends Model implements Loggable
 {
    protected $fillable = ['name', 'text', 'summary'];
-    protected $hidden = ['html', 'markdown', 'restricted', 'text'];
+    protected $hidden = ['html', 'markdown', 'text'];

    /**
     * Get the user that created the page revision.
--- a/app/Entities/Tools/Cloner.php
+++ b/app/Entities/Tools/Cloner.php
@@ -122,7 +122,6 @@ class Cloner
     */
    public function copyEntityPermissions(Entity $sourceEntity, Entity $targetEntity): void
    {
-        $targetEntity->restricted = $sourceEntity->restricted;
        $permissions = $sourceEntity->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
        $targetEntity->permissions()->delete();
        $targetEntity->permissions()->createMany($permissions);
--- a/app/Entities/Tools/HierarchyTransformer.php
+++ b/app/Entities/Tools/HierarchyTransformer.php
@@ -65,7 +65,7 @@ class HierarchyTransformer
        foreach ($book->chapters as $index => $chapter) {
            $newBook = $this->transformChapterToBook($chapter);
            $shelfBookSyncData[$newBook->id] = ['order' => $index];
-            if (!$newBook->restricted) {
+            if (!$newBook->hasPermissions()) {
                $this->cloner->copyEntityPermissions($shelf, $newBook);
            }
        }
--- a/app/Entities/Tools/PermissionsUpdater.php
+++ b/app/Entities/Tools/PermissionsUpdater.php
@@ -75,9 +75,8 @@ class PermissionsUpdater
     */
    public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int
    {
-        // TODO - Fix for new format
        $shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
-        $shelfBooks = $shelf->books()->get(['id', 'restricted', 'owned_by']);
+        $shelfBooks = $shelf->books()->get(['id', 'owned_by']);
        $updatedBookCount = 0;

        /** @var Book $book */
@@ -86,9 +85,7 @@ class PermissionsUpdater
                continue;
            }
            $book->permissions()->delete();
-            $book->restricted = $shelf->restricted;
            $book->permissions()->createMany($shelfPermissions);
-            $book->save();
            $book->rebuildPermissions();
            $updatedBookCount++;
        }
--- a/app/Http/Controllers/FavouriteController.php
+++ b/app/Http/Controllers/FavouriteController.php
@@ -87,7 +87,7 @@ class FavouriteController extends Controller

        $modelInstance = $model->newQuery()
            ->where('id', '=', $modelInfo['id'])
-            ->first(['id', 'name', 'restricted', 'owned_by']);
+            ->first(['id', 'name', 'owned_by']);

        $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
        if (is_null($modelInstance) || $inaccessibleEntity) {