webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Fixed a couple of non-intended logical permission issues

Browse Source 
Both caught in tests:
Fixed loss of permissions for admin users when entity restrictions were
active, since there are no entity-restrictions for the admin role but
we'd force generate them in joint permissions, which would be queried.
Fixed new role permission checks when permissions given with only the
action (eg. 'view'), since the type prefix would be required for role
permission checks. Was previously not needed as only the simpler form
was used in the jointpermissions after merge & calculation.
This commit is contained in:
Dan Brown
2022-07-16 20:55:32 +01:00
parent afe1a04239
commit 2332401854
4 changed files with 17 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/BookshelfController.php
View File

@ -104,7 +104,7 @@ class BookshelfController extends Controller
public function show(ActivityQueries $activities, string $slug)
{
$shelf = $this->bookshelfRepo->getBySlug($slug);
$this->checkOwnablePermission('book-view', $shelf);
$this->checkOwnablePermission('bookshelf-view', $shelf);
$sort = setting()->getForCurrentUser('shelf_books_sort', 'default');
$order = setting()->getForCurrentUser('shelf_books_sort_order', 'asc');