mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-10-25 06:37:36 +03:00
Permissions: Updated usage of controller methods to use enum
This commit is contained in:
Dan Brown
@@ -9,6 +9,7 @@ use BookStack\Exceptions\LoginAttemptInvalidUserException;
|
|||||||
use BookStack\Exceptions\StoppedAuthenticationException;
|
use BookStack\Exceptions\StoppedAuthenticationException;
|
||||||
use BookStack\Facades\Activity;
|
use BookStack\Facades\Activity;
|
||||||
use BookStack\Facades\Theme;
|
use BookStack\Facades\Theme;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Theming\ThemeEvents;
|
use BookStack\Theming\ThemeEvents;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use Exception;
|
use Exception;
|
||||||
@@ -50,7 +51,7 @@ class LoginService
|
|||||||
Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);
|
Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);
|
||||||
|
|
||||||
// Authenticate on all session guards if a likely admin
|
// Authenticate on all session guards if a likely admin
|
||||||
if ($user->can('users-manage') && $user->can('user-roles-manage')) {
|
if ($user->can(Permission::UsersManage) && $user->can(Permission::UserRolesManage)) {
|
||||||
$guards = ['standard', 'ldap', 'saml2', 'oidc'];
|
$guards = ['standard', 'ldap', 'saml2', 'oidc'];
|
||||||
foreach ($guards as $guard) {
|
foreach ($guards as $guard) {
|
||||||
auth($guard)->login($user);
|
auth($guard)->login($user);
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Activity\Controllers;
|
|||||||
|
|
||||||
use BookStack\Activity\Models\Activity;
|
use BookStack\Activity\Models\Activity;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
|
|
||||||
class AuditLogApiController extends ApiController
|
class AuditLogApiController extends ApiController
|
||||||
{
|
{
|
||||||
@@ -16,8 +17,8 @@ class AuditLogApiController extends ApiController
|
|||||||
*/
|
*/
|
||||||
public function list()
|
public function list()
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$query = Activity::query()->with(['user']);
|
$query = Activity::query()->with(['user']);
|
||||||
|
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ namespace BookStack\Activity\Controllers;
|
|||||||
use BookStack\Activity\ActivityType;
|
use BookStack\Activity\ActivityType;
|
||||||
use BookStack\Activity\Models\Activity;
|
use BookStack\Activity\Models\Activity;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Sorting\SortUrl;
|
use BookStack\Sorting\SortUrl;
|
||||||
use BookStack\Util\SimpleListOptions;
|
use BookStack\Util\SimpleListOptions;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
@@ -13,8 +14,8 @@ class AuditLogController extends Controller
|
|||||||
{
|
{
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$sort = $request->get('sort', 'activity_date');
|
$sort = $request->get('sort', 'activity_date');
|
||||||
$order = $request->get('order', 'desc');
|
$order = $request->get('order', 'desc');
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Activity\Tools\CommentTree;
|
|||||||
use BookStack\Activity\Tools\CommentTreeNode;
|
use BookStack\Activity\Tools\CommentTreeNode;
|
||||||
use BookStack\Entities\Queries\PageQueries;
|
use BookStack\Entities\Queries\PageQueries;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Validation\ValidationException;
|
use Illuminate\Validation\ValidationException;
|
||||||
|
|
||||||
@@ -42,7 +43,7 @@ class CommentController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Create a new comment.
|
// Create a new comment.
|
||||||
$this->checkPermission('comment-create-all');
|
$this->checkPermission(Permission::CommentCreateAll);
|
||||||
$contentRef = $input['content_ref'] ?? '';
|
$contentRef = $input['content_ref'] ?? '';
|
||||||
$comment = $this->commentRepo->create($page, $input['html'], $input['parent_id'] ?? null, $contentRef);
|
$comment = $this->commentRepo->create($page, $input['html'], $input['parent_id'] ?? null, $contentRef);
|
||||||
|
|
||||||
@@ -64,8 +65,8 @@ class CommentController extends Controller
|
|||||||
]);
|
]);
|
||||||
|
|
||||||
$comment = $this->commentRepo->getById($commentId);
|
$comment = $this->commentRepo->getById($commentId);
|
||||||
$this->checkOwnablePermission('page-view', $comment->entity);
|
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
|
||||||
$this->checkOwnablePermission('comment-update', $comment);
|
$this->checkOwnablePermission(Permission::CommentUpdate, $comment);
|
||||||
|
|
||||||
$comment = $this->commentRepo->update($comment, $input['html']);
|
$comment = $this->commentRepo->update($comment, $input['html']);
|
||||||
|
|
||||||
@@ -81,8 +82,8 @@ class CommentController extends Controller
|
|||||||
public function archive(int $id)
|
public function archive(int $id)
|
||||||
{
|
{
|
||||||
$comment = $this->commentRepo->getById($id);
|
$comment = $this->commentRepo->getById($id);
|
||||||
$this->checkOwnablePermission('page-view', $comment->entity);
|
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
|
||||||
if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
|
if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
|
||||||
$this->showPermissionError();
|
$this->showPermissionError();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -101,8 +102,8 @@ class CommentController extends Controller
|
|||||||
public function unarchive(int $id)
|
public function unarchive(int $id)
|
||||||
{
|
{
|
||||||
$comment = $this->commentRepo->getById($id);
|
$comment = $this->commentRepo->getById($id);
|
||||||
$this->checkOwnablePermission('page-view', $comment->entity);
|
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
|
||||||
if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
|
if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
|
||||||
$this->showPermissionError();
|
$this->showPermissionError();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -121,7 +122,7 @@ class CommentController extends Controller
|
|||||||
public function destroy(int $id)
|
public function destroy(int $id)
|
||||||
{
|
{
|
||||||
$comment = $this->commentRepo->getById($id);
|
$comment = $this->commentRepo->getById($id);
|
||||||
$this->checkOwnablePermission('comment-delete', $comment);
|
$this->checkOwnablePermission(Permission::CommentDelete, $comment);
|
||||||
|
|
||||||
$this->commentRepo->delete($comment);
|
$this->commentRepo->delete($comment);
|
||||||
|
|
||||||
|
|||||||
@@ -5,13 +5,14 @@ namespace BookStack\Activity\Controllers;
|
|||||||
use BookStack\Activity\Tools\UserEntityWatchOptions;
|
use BookStack\Activity\Tools\UserEntityWatchOptions;
|
||||||
use BookStack\Entities\Tools\MixedEntityRequestHelper;
|
use BookStack\Entities\Tools\MixedEntityRequestHelper;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
class WatchController extends Controller
|
class WatchController extends Controller
|
||||||
{
|
{
|
||||||
public function update(Request $request, MixedEntityRequestHelper $entityHelper)
|
public function update(Request $request, MixedEntityRequestHelper $entityHelper)
|
||||||
{
|
{
|
||||||
$this->checkPermission('receive-notifications');
|
$this->checkPermission(Permission::ReceiveNotifications);
|
||||||
$this->preventGuestAccess();
|
$this->preventGuestAccess();
|
||||||
|
|
||||||
$requestData = $this->validate($request, array_merge([
|
$requestData = $this->validate($request, array_merge([
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ namespace BookStack\Activity\Notifications\Handlers;
|
|||||||
use BookStack\Activity\Models\Loggable;
|
use BookStack\Activity\Models\Loggable;
|
||||||
use BookStack\Activity\Notifications\Messages\BaseActivityNotification;
|
use BookStack\Activity\Notifications\Messages\BaseActivityNotification;
|
||||||
use BookStack\Entities\Models\Entity;
|
use BookStack\Entities\Models\Entity;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Permissions\PermissionApplicator;
|
use BookStack\Permissions\PermissionApplicator;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use Illuminate\Support\Facades\Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
@@ -26,7 +27,7 @@ abstract class BaseNotificationHandler implements NotificationHandler
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Prevent sending of the user does not have notification permissions
|
// Prevent sending of the user does not have notification permissions
|
||||||
if (!$user->can('receive-notifications')) {
|
if (!$user->can(Permission::ReceiveNotifications)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Activity\WatchLevels;
|
|||||||
use BookStack\Entities\Models\BookChild;
|
use BookStack\Entities\Models\BookChild;
|
||||||
use BookStack\Entities\Models\Entity;
|
use BookStack\Entities\Models\Entity;
|
||||||
use BookStack\Entities\Models\Page;
|
use BookStack\Entities\Models\Page;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use Illuminate\Database\Eloquent\Builder;
|
use Illuminate\Database\Eloquent\Builder;
|
||||||
|
|
||||||
@@ -22,7 +23,7 @@ class UserEntityWatchOptions
|
|||||||
|
|
||||||
public function canWatch(): bool
|
public function canWatch(): bool
|
||||||
{
|
{
|
||||||
return $this->user->can('receive-notifications') && !$this->user->isGuest();
|
return $this->user->can(Permission::ReceiveNotifications) && !$this->user->isGuest();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getWatchLevel(): string
|
public function getWatchLevel(): string
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Api;
|
|||||||
|
|
||||||
use BookStack\Access\LoginService;
|
use BookStack\Access\LoginService;
|
||||||
use BookStack\Exceptions\ApiAuthException;
|
use BookStack\Exceptions\ApiAuthException;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Illuminate\Auth\GuardHelpers;
|
use Illuminate\Auth\GuardHelpers;
|
||||||
use Illuminate\Contracts\Auth\Authenticatable;
|
use Illuminate\Contracts\Auth\Authenticatable;
|
||||||
use Illuminate\Contracts\Auth\Guard;
|
use Illuminate\Contracts\Auth\Guard;
|
||||||
@@ -146,7 +147,7 @@ class ApiTokenGuard implements Guard
|
|||||||
throw new ApiAuthException(trans('errors.api_user_token_expired'), 403);
|
throw new ApiAuthException(trans('errors.api_user_token_expired'), 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$token->user->can('access-api')) {
|
if (!$token->user->can(Permission::AccessApi)) {
|
||||||
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Api;
|
|||||||
|
|
||||||
use BookStack\Activity\ActivityType;
|
use BookStack\Activity\ActivityType;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Support\Facades\Hash;
|
use Illuminate\Support\Facades\Hash;
|
||||||
@@ -16,8 +17,8 @@ class UserApiTokenController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request, int $userId)
|
public function create(Request $request, int $userId)
|
||||||
{
|
{
|
||||||
$this->checkPermission('access-api');
|
$this->checkPermission(Permission::AccessApi);
|
||||||
$this->checkPermissionOrCurrentUser('users-manage', $userId);
|
$this->checkPermissionOrCurrentUser(Permission::UsersManage, $userId);
|
||||||
$this->updateContext($request);
|
$this->updateContext($request);
|
||||||
|
|
||||||
$user = User::query()->findOrFail($userId);
|
$user = User::query()->findOrFail($userId);
|
||||||
@@ -35,8 +36,8 @@ class UserApiTokenController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Request $request, int $userId)
|
public function store(Request $request, int $userId)
|
||||||
{
|
{
|
||||||
$this->checkPermission('access-api');
|
$this->checkPermission(Permission::AccessApi);
|
||||||
$this->checkPermissionOrCurrentUser('users-manage', $userId);
|
$this->checkPermissionOrCurrentUser(Permission::UsersManage, $userId);
|
||||||
|
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'name' => ['required', 'max:250'],
|
'name' => ['required', 'max:250'],
|
||||||
@@ -143,8 +144,8 @@ class UserApiTokenController extends Controller
|
|||||||
*/
|
*/
|
||||||
protected function checkPermissionAndFetchUserToken(int $userId, int $tokenId): array
|
protected function checkPermissionAndFetchUserToken(int $userId, int $tokenId): array
|
||||||
{
|
{
|
||||||
$this->checkPermissionOr('users-manage', function () use ($userId) {
|
$this->checkPermissionOr(Permission::UsersManage, function () use ($userId) {
|
||||||
return $userId === user()->id && userCan('access-api');
|
return $userId === user()->id && userCan(Permission::AccessApi);
|
||||||
});
|
});
|
||||||
|
|
||||||
$user = User::query()->findOrFail($userId);
|
$user = User::query()->findOrFail($userId);
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ function userCan(string|Permission $permission, ?Model $ownable = null): bool
|
|||||||
* Check if the current user can perform the given action on any items in the system.
|
* Check if the current user can perform the given action on any items in the system.
|
||||||
* Can be provided the class name of an entity to filter ability to that specific entity type.
|
* Can be provided the class name of an entity to filter ability to that specific entity type.
|
||||||
*/
|
*/
|
||||||
function userCanOnAny(string $action, string $entityClass = ''): bool
|
function userCanOnAny(string|Permission $action, string $entityClass = ''): bool
|
||||||
{
|
{
|
||||||
$permissions = app()->make(PermissionApplicator::class);
|
$permissions = app()->make(PermissionApplicator::class);
|
||||||
|
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ use BookStack\Entities\Queries\PageQueries;
|
|||||||
use BookStack\Entities\Repos\BookRepo;
|
use BookStack\Entities\Repos\BookRepo;
|
||||||
use BookStack\Entities\Tools\BookContents;
|
use BookStack\Entities\Tools\BookContents;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Validation\ValidationException;
|
use Illuminate\Validation\ValidationException;
|
||||||
|
|
||||||
@@ -47,7 +48,7 @@ class BookApiController extends ApiController
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
$requestData = $this->validate($request, $this->rules()['create']);
|
$requestData = $this->validate($request, $this->rules()['create']);
|
||||||
|
|
||||||
$book = $this->bookRepo->create($requestData);
|
$book = $this->bookRepo->create($requestData);
|
||||||
@@ -92,7 +93,7 @@ class BookApiController extends ApiController
|
|||||||
public function update(Request $request, string $id)
|
public function update(Request $request, string $id)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleByIdOrFail(intval($id));
|
$book = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
|
|
||||||
$requestData = $this->validate($request, $this->rules()['update']);
|
$requestData = $this->validate($request, $this->rules()['update']);
|
||||||
$book = $this->bookRepo->update($book, $requestData);
|
$book = $this->bookRepo->update($book, $requestData);
|
||||||
@@ -109,7 +110,7 @@ class BookApiController extends ApiController
|
|||||||
public function delete(string $id)
|
public function delete(string $id)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleByIdOrFail(intval($id));
|
$book = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('book-delete', $book);
|
$this->checkOwnablePermission(Permission::BookDelete, $book);
|
||||||
|
|
||||||
$this->bookRepo->destroy($book);
|
$this->bookRepo->destroy($book);
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ use BookStack\Exceptions\ImageUploadException;
|
|||||||
use BookStack\Exceptions\NotFoundException;
|
use BookStack\Exceptions\NotFoundException;
|
||||||
use BookStack\Facades\Activity;
|
use BookStack\Facades\Activity;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\References\ReferenceFetcher;
|
use BookStack\References\ReferenceFetcher;
|
||||||
use BookStack\Util\DatabaseTransaction;
|
use BookStack\Util\DatabaseTransaction;
|
||||||
use BookStack\Util\SimpleListOptions;
|
use BookStack\Util\SimpleListOptions;
|
||||||
@@ -73,12 +74,12 @@ class BookController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create(?string $shelfSlug = null)
|
public function create(?string $shelfSlug = null)
|
||||||
{
|
{
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
|
|
||||||
$bookshelf = null;
|
$bookshelf = null;
|
||||||
if ($shelfSlug !== null) {
|
if ($shelfSlug !== null) {
|
||||||
$bookshelf = $this->shelfQueries->findVisibleBySlugOrFail($shelfSlug);
|
$bookshelf = $this->shelfQueries->findVisibleBySlugOrFail($shelfSlug);
|
||||||
$this->checkOwnablePermission('bookshelf-update', $bookshelf);
|
$this->checkOwnablePermission(Permission::BookshelfUpdate, $bookshelf);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.books_create'));
|
$this->setPageTitle(trans('entities.books_create'));
|
||||||
@@ -96,7 +97,7 @@ class BookController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Request $request, ?string $shelfSlug = null)
|
public function store(Request $request, ?string $shelfSlug = null)
|
||||||
{
|
{
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
$validated = $this->validate($request, [
|
$validated = $this->validate($request, [
|
||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
'description_html' => ['string', 'max:2000'],
|
'description_html' => ['string', 'max:2000'],
|
||||||
@@ -108,7 +109,7 @@ class BookController extends Controller
|
|||||||
$bookshelf = null;
|
$bookshelf = null;
|
||||||
if ($shelfSlug !== null) {
|
if ($shelfSlug !== null) {
|
||||||
$bookshelf = $this->shelfQueries->findVisibleBySlugOrFail($shelfSlug);
|
$bookshelf = $this->shelfQueries->findVisibleBySlugOrFail($shelfSlug);
|
||||||
$this->checkOwnablePermission('bookshelf-update', $bookshelf);
|
$this->checkOwnablePermission(Permission::BookshelfUpdate, $bookshelf);
|
||||||
}
|
}
|
||||||
|
|
||||||
$book = $this->bookRepo->create($validated);
|
$book = $this->bookRepo->create($validated);
|
||||||
@@ -154,7 +155,7 @@ class BookController extends Controller
|
|||||||
public function edit(string $slug)
|
public function edit(string $slug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($slug);
|
$book = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
$this->setPageTitle(trans('entities.books_edit_named', ['bookName' => $book->getShortName()]));
|
$this->setPageTitle(trans('entities.books_edit_named', ['bookName' => $book->getShortName()]));
|
||||||
|
|
||||||
return view('books.edit', ['book' => $book, 'current' => $book]);
|
return view('books.edit', ['book' => $book, 'current' => $book]);
|
||||||
@@ -170,7 +171,7 @@ class BookController extends Controller
|
|||||||
public function update(Request $request, string $slug)
|
public function update(Request $request, string $slug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($slug);
|
$book = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
|
|
||||||
$validated = $this->validate($request, [
|
$validated = $this->validate($request, [
|
||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
@@ -197,7 +198,7 @@ class BookController extends Controller
|
|||||||
public function showDelete(string $bookSlug)
|
public function showDelete(string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-delete', $book);
|
$this->checkOwnablePermission(Permission::BookDelete, $book);
|
||||||
$this->setPageTitle(trans('entities.books_delete_named', ['bookName' => $book->getShortName()]));
|
$this->setPageTitle(trans('entities.books_delete_named', ['bookName' => $book->getShortName()]));
|
||||||
|
|
||||||
return view('books.delete', ['book' => $book, 'current' => $book]);
|
return view('books.delete', ['book' => $book, 'current' => $book]);
|
||||||
@@ -211,7 +212,7 @@ class BookController extends Controller
|
|||||||
public function destroy(string $bookSlug)
|
public function destroy(string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-delete', $book);
|
$this->checkOwnablePermission(Permission::BookDelete, $book);
|
||||||
|
|
||||||
$this->bookRepo->destroy($book);
|
$this->bookRepo->destroy($book);
|
||||||
|
|
||||||
@@ -226,7 +227,7 @@ class BookController extends Controller
|
|||||||
public function showCopy(string $bookSlug)
|
public function showCopy(string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-view', $book);
|
$this->checkOwnablePermission(Permission::BookView, $book);
|
||||||
|
|
||||||
session()->flashInput(['name' => $book->name]);
|
session()->flashInput(['name' => $book->name]);
|
||||||
|
|
||||||
@@ -243,8 +244,8 @@ class BookController extends Controller
|
|||||||
public function copy(Request $request, Cloner $cloner, string $bookSlug)
|
public function copy(Request $request, Cloner $cloner, string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-view', $book);
|
$this->checkOwnablePermission(Permission::BookView, $book);
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
|
|
||||||
$newName = $request->get('name') ?: $book->name;
|
$newName = $request->get('name') ?: $book->name;
|
||||||
$bookCopy = $cloner->cloneBook($book, $newName);
|
$bookCopy = $cloner->cloneBook($book, $newName);
|
||||||
@@ -259,10 +260,10 @@ class BookController extends Controller
|
|||||||
public function convertToShelf(HierarchyTransformer $transformer, string $bookSlug)
|
public function convertToShelf(HierarchyTransformer $transformer, string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
$this->checkOwnablePermission('book-delete', $book);
|
$this->checkOwnablePermission(Permission::BookDelete, $book);
|
||||||
$this->checkPermission('bookshelf-create-all');
|
$this->checkPermission(Permission::BookshelfCreateAll);
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
|
|
||||||
$shelf = (new DatabaseTransaction(function () use ($book, $transformer) {
|
$shelf = (new DatabaseTransaction(function () use ($book, $transformer) {
|
||||||
return $transformer->transformBookToShelf($book);
|
return $transformer->transformBookToShelf($book);
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ use BookStack\Entities\Models\Bookshelf;
|
|||||||
use BookStack\Entities\Queries\BookshelfQueries;
|
use BookStack\Entities\Queries\BookshelfQueries;
|
||||||
use BookStack\Entities\Repos\BookshelfRepo;
|
use BookStack\Entities\Repos\BookshelfRepo;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
@@ -45,7 +46,7 @@ class BookshelfApiController extends ApiController
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('bookshelf-create-all');
|
$this->checkPermission(Permission::BookshelfCreateAll);
|
||||||
$requestData = $this->validate($request, $this->rules()['create']);
|
$requestData = $this->validate($request, $this->rules()['create']);
|
||||||
|
|
||||||
$bookIds = $request->get('books', []);
|
$bookIds = $request->get('books', []);
|
||||||
@@ -84,7 +85,7 @@ class BookshelfApiController extends ApiController
|
|||||||
public function update(Request $request, string $id)
|
public function update(Request $request, string $id)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleByIdOrFail(intval($id));
|
$shelf = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('bookshelf-update', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfUpdate, $shelf);
|
||||||
|
|
||||||
$requestData = $this->validate($request, $this->rules()['update']);
|
$requestData = $this->validate($request, $this->rules()['update']);
|
||||||
$bookIds = $request->get('books', null);
|
$bookIds = $request->get('books', null);
|
||||||
@@ -103,7 +104,7 @@ class BookshelfApiController extends ApiController
|
|||||||
public function delete(string $id)
|
public function delete(string $id)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleByIdOrFail(intval($id));
|
$shelf = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('bookshelf-delete', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfDelete, $shelf);
|
||||||
|
|
||||||
$this->bookshelfRepo->destroy($shelf);
|
$this->bookshelfRepo->destroy($shelf);
|
||||||
|
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ use BookStack\Entities\Tools\ShelfContext;
|
|||||||
use BookStack\Exceptions\ImageUploadException;
|
use BookStack\Exceptions\ImageUploadException;
|
||||||
use BookStack\Exceptions\NotFoundException;
|
use BookStack\Exceptions\NotFoundException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\References\ReferenceFetcher;
|
use BookStack\References\ReferenceFetcher;
|
||||||
use BookStack\Util\SimpleListOptions;
|
use BookStack\Util\SimpleListOptions;
|
||||||
use Exception;
|
use Exception;
|
||||||
@@ -68,7 +69,7 @@ class BookshelfController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
$this->checkPermission('bookshelf-create-all');
|
$this->checkPermission(Permission::BookshelfCreateAll);
|
||||||
$books = $this->bookQueries->visibleForList()->orderBy('name')->get(['name', 'id', 'slug', 'created_at', 'updated_at']);
|
$books = $this->bookQueries->visibleForList()->orderBy('name')->get(['name', 'id', 'slug', 'created_at', 'updated_at']);
|
||||||
$this->setPageTitle(trans('entities.shelves_create'));
|
$this->setPageTitle(trans('entities.shelves_create'));
|
||||||
|
|
||||||
@@ -83,7 +84,7 @@ class BookshelfController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Request $request)
|
public function store(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('bookshelf-create-all');
|
$this->checkPermission(Permission::BookshelfCreateAll);
|
||||||
$validated = $this->validate($request, [
|
$validated = $this->validate($request, [
|
||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
'description_html' => ['string', 'max:2000'],
|
'description_html' => ['string', 'max:2000'],
|
||||||
@@ -105,7 +106,7 @@ class BookshelfController extends Controller
|
|||||||
public function show(Request $request, ActivityQueries $activities, string $slug)
|
public function show(Request $request, ActivityQueries $activities, string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('bookshelf-view', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfView, $shelf);
|
||||||
|
|
||||||
$listOptions = SimpleListOptions::fromRequest($request, 'shelf_books')->withSortOptions([
|
$listOptions = SimpleListOptions::fromRequest($request, 'shelf_books')->withSortOptions([
|
||||||
'default' => trans('common.sort_default'),
|
'default' => trans('common.sort_default'),
|
||||||
@@ -143,7 +144,7 @@ class BookshelfController extends Controller
|
|||||||
public function edit(string $slug)
|
public function edit(string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('bookshelf-update', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfUpdate, $shelf);
|
||||||
|
|
||||||
$shelfBookIds = $shelf->books()->get(['id'])->pluck('id');
|
$shelfBookIds = $shelf->books()->get(['id'])->pluck('id');
|
||||||
$books = $this->bookQueries->visibleForList()
|
$books = $this->bookQueries->visibleForList()
|
||||||
@@ -169,7 +170,7 @@ class BookshelfController extends Controller
|
|||||||
public function update(Request $request, string $slug)
|
public function update(Request $request, string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('bookshelf-update', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfUpdate, $shelf);
|
||||||
$validated = $this->validate($request, [
|
$validated = $this->validate($request, [
|
||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
'description_html' => ['string', 'max:2000'],
|
'description_html' => ['string', 'max:2000'],
|
||||||
@@ -195,7 +196,7 @@ class BookshelfController extends Controller
|
|||||||
public function showDelete(string $slug)
|
public function showDelete(string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('bookshelf-delete', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfDelete, $shelf);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.shelves_delete_named', ['name' => $shelf->getShortName()]));
|
$this->setPageTitle(trans('entities.shelves_delete_named', ['name' => $shelf->getShortName()]));
|
||||||
|
|
||||||
@@ -210,7 +211,7 @@ class BookshelfController extends Controller
|
|||||||
public function destroy(string $slug)
|
public function destroy(string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('bookshelf-delete', $shelf);
|
$this->checkOwnablePermission(Permission::BookshelfDelete, $shelf);
|
||||||
|
|
||||||
$this->shelfRepo->destroy($shelf);
|
$this->shelfRepo->destroy($shelf);
|
||||||
|
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ use BookStack\Entities\Queries\EntityQueries;
|
|||||||
use BookStack\Entities\Repos\ChapterRepo;
|
use BookStack\Entities\Repos\ChapterRepo;
|
||||||
use BookStack\Exceptions\PermissionsException;
|
use BookStack\Exceptions\PermissionsException;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -65,7 +66,7 @@ class ChapterApiController extends ApiController
|
|||||||
|
|
||||||
$bookId = $request->get('book_id');
|
$bookId = $request->get('book_id');
|
||||||
$book = $this->entityQueries->books->findVisibleByIdOrFail(intval($bookId));
|
$book = $this->entityQueries->books->findVisibleByIdOrFail(intval($bookId));
|
||||||
$this->checkOwnablePermission('chapter-create', $book);
|
$this->checkOwnablePermission(Permission::ChapterCreate, $book);
|
||||||
|
|
||||||
$chapter = $this->chapterRepo->create($requestData, $book);
|
$chapter = $this->chapterRepo->create($requestData, $book);
|
||||||
|
|
||||||
@@ -101,10 +102,10 @@ class ChapterApiController extends ApiController
|
|||||||
{
|
{
|
||||||
$requestData = $this->validate($request, $this->rules()['update']);
|
$requestData = $this->validate($request, $this->rules()['update']);
|
||||||
$chapter = $this->queries->findVisibleByIdOrFail(intval($id));
|
$chapter = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
|
|
||||||
if ($request->has('book_id') && $chapter->book_id !== intval($requestData['book_id'])) {
|
if ($request->has('book_id') && $chapter->book_id !== intval($requestData['book_id'])) {
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$this->chapterRepo->move($chapter, "book:{$requestData['book_id']}");
|
$this->chapterRepo->move($chapter, "book:{$requestData['book_id']}");
|
||||||
@@ -129,7 +130,7 @@ class ChapterApiController extends ApiController
|
|||||||
public function delete(string $id)
|
public function delete(string $id)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleByIdOrFail(intval($id));
|
$chapter = $this->queries->findVisibleByIdOrFail(intval($id));
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
$this->chapterRepo->destroy($chapter);
|
$this->chapterRepo->destroy($chapter);
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ use BookStack\Exceptions\NotFoundException;
|
|||||||
use BookStack\Exceptions\NotifyException;
|
use BookStack\Exceptions\NotifyException;
|
||||||
use BookStack\Exceptions\PermissionsException;
|
use BookStack\Exceptions\PermissionsException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\References\ReferenceFetcher;
|
use BookStack\References\ReferenceFetcher;
|
||||||
use BookStack\Util\DatabaseTransaction;
|
use BookStack\Util\DatabaseTransaction;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
@@ -39,7 +40,7 @@ class ChapterController extends Controller
|
|||||||
public function create(string $bookSlug)
|
public function create(string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('chapter-create', $book);
|
$this->checkOwnablePermission(Permission::ChapterCreate, $book);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.chapters_create'));
|
$this->setPageTitle(trans('entities.chapters_create'));
|
||||||
|
|
||||||
@@ -64,7 +65,7 @@ class ChapterController extends Controller
|
|||||||
]);
|
]);
|
||||||
|
|
||||||
$book = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('chapter-create', $book);
|
$this->checkOwnablePermission(Permission::ChapterCreate, $book);
|
||||||
|
|
||||||
$chapter = $this->chapterRepo->create($validated, $book);
|
$chapter = $this->chapterRepo->create($validated, $book);
|
||||||
|
|
||||||
@@ -77,7 +78,6 @@ class ChapterController extends Controller
|
|||||||
public function show(string $bookSlug, string $chapterSlug)
|
public function show(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-view', $chapter);
|
|
||||||
|
|
||||||
$sidebarTree = (new BookContents($chapter->book))->getTree();
|
$sidebarTree = (new BookContents($chapter->book))->getTree();
|
||||||
$pages = $this->entityQueries->pages->visibleForChapterList($chapter->id)->get();
|
$pages = $this->entityQueries->pages->visibleForChapterList($chapter->id)->get();
|
||||||
@@ -106,7 +106,7 @@ class ChapterController extends Controller
|
|||||||
public function edit(string $bookSlug, string $chapterSlug)
|
public function edit(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.chapters_edit_named', ['chapterName' => $chapter->getShortName()]));
|
$this->setPageTitle(trans('entities.chapters_edit_named', ['chapterName' => $chapter->getShortName()]));
|
||||||
|
|
||||||
@@ -128,7 +128,7 @@ class ChapterController extends Controller
|
|||||||
]);
|
]);
|
||||||
|
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
|
|
||||||
$this->chapterRepo->update($chapter, $validated);
|
$this->chapterRepo->update($chapter, $validated);
|
||||||
|
|
||||||
@@ -143,7 +143,7 @@ class ChapterController extends Controller
|
|||||||
public function showDelete(string $bookSlug, string $chapterSlug)
|
public function showDelete(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.chapters_delete_named', ['chapterName' => $chapter->getShortName()]));
|
$this->setPageTitle(trans('entities.chapters_delete_named', ['chapterName' => $chapter->getShortName()]));
|
||||||
|
|
||||||
@@ -159,7 +159,7 @@ class ChapterController extends Controller
|
|||||||
public function destroy(string $bookSlug, string $chapterSlug)
|
public function destroy(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
$this->chapterRepo->destroy($chapter);
|
$this->chapterRepo->destroy($chapter);
|
||||||
|
|
||||||
@@ -175,8 +175,8 @@ class ChapterController extends Controller
|
|||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->setPageTitle(trans('entities.chapters_move_named', ['chapterName' => $chapter->getShortName()]));
|
$this->setPageTitle(trans('entities.chapters_move_named', ['chapterName' => $chapter->getShortName()]));
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
return view('chapters.move', [
|
return view('chapters.move', [
|
||||||
'chapter' => $chapter,
|
'chapter' => $chapter,
|
||||||
@@ -192,8 +192,8 @@ class ChapterController extends Controller
|
|||||||
public function move(Request $request, string $bookSlug, string $chapterSlug)
|
public function move(Request $request, string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
|
|
||||||
$entitySelection = $request->get('entity_selection', null);
|
$entitySelection = $request->get('entity_selection', null);
|
||||||
if ($entitySelection === null || $entitySelection === '') {
|
if ($entitySelection === null || $entitySelection === '') {
|
||||||
@@ -221,7 +221,6 @@ class ChapterController extends Controller
|
|||||||
public function showCopy(string $bookSlug, string $chapterSlug)
|
public function showCopy(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-view', $chapter);
|
|
||||||
|
|
||||||
session()->flashInput(['name' => $chapter->name]);
|
session()->flashInput(['name' => $chapter->name]);
|
||||||
|
|
||||||
@@ -240,7 +239,6 @@ class ChapterController extends Controller
|
|||||||
public function copy(Request $request, Cloner $cloner, string $bookSlug, string $chapterSlug)
|
public function copy(Request $request, Cloner $cloner, string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-view', $chapter);
|
|
||||||
|
|
||||||
$entitySelection = $request->get('entity_selection') ?: null;
|
$entitySelection = $request->get('entity_selection') ?: null;
|
||||||
$newParentBook = $entitySelection ? $this->entityQueries->findVisibleByStringIdentifier($entitySelection) : $chapter->getParent();
|
$newParentBook = $entitySelection ? $this->entityQueries->findVisibleByStringIdentifier($entitySelection) : $chapter->getParent();
|
||||||
@@ -251,7 +249,7 @@ class ChapterController extends Controller
|
|||||||
return redirect($chapter->getUrl('/copy'));
|
return redirect($chapter->getUrl('/copy'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('chapter-create', $newParentBook);
|
$this->checkOwnablePermission(Permission::ChapterCreate, $newParentBook);
|
||||||
|
|
||||||
$newName = $request->get('name') ?: $chapter->name;
|
$newName = $request->get('name') ?: $chapter->name;
|
||||||
$chapterCopy = $cloner->cloneChapter($chapter, $newParentBook, $newName);
|
$chapterCopy = $cloner->cloneChapter($chapter, $newParentBook, $newName);
|
||||||
@@ -266,9 +264,9 @@ class ChapterController extends Controller
|
|||||||
public function convertToBook(HierarchyTransformer $transformer, string $bookSlug, string $chapterSlug)
|
public function convertToBook(HierarchyTransformer $transformer, string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('chapter-update', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterUpdate, $chapter);
|
||||||
$this->checkOwnablePermission('chapter-delete', $chapter);
|
$this->checkOwnablePermission(Permission::ChapterDelete, $chapter);
|
||||||
$this->checkPermission('book-create-all');
|
$this->checkPermission(Permission::BookCreateAll);
|
||||||
|
|
||||||
$book = (new DatabaseTransaction(function () use ($chapter, $transformer) {
|
$book = (new DatabaseTransaction(function () use ($chapter, $transformer) {
|
||||||
return $transformer->transformChapterToBook($chapter);
|
return $transformer->transformChapterToBook($chapter);
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Entities\Queries\PageQueries;
|
|||||||
use BookStack\Entities\Repos\PageRepo;
|
use BookStack\Entities\Repos\PageRepo;
|
||||||
use BookStack\Exceptions\PermissionsException;
|
use BookStack\Exceptions\PermissionsException;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -76,7 +77,7 @@ class PageApiController extends ApiController
|
|||||||
} else {
|
} else {
|
||||||
$parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
|
$parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
|
||||||
}
|
}
|
||||||
$this->checkOwnablePermission('page-create', $parent);
|
$this->checkOwnablePermission(Permission::PageCreate, $parent);
|
||||||
|
|
||||||
$draft = $this->pageRepo->getNewDraftPage($parent);
|
$draft = $this->pageRepo->getNewDraftPage($parent);
|
||||||
$this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));
|
$this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));
|
||||||
@@ -116,7 +117,7 @@ class PageApiController extends ApiController
|
|||||||
$requestData = $this->validate($request, $this->rules['update']);
|
$requestData = $this->validate($request, $this->rules['update']);
|
||||||
|
|
||||||
$page = $this->queries->findVisibleByIdOrFail($id);
|
$page = $this->queries->findVisibleByIdOrFail($id);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$parent = null;
|
$parent = null;
|
||||||
if ($request->has('chapter_id')) {
|
if ($request->has('chapter_id')) {
|
||||||
@@ -126,7 +127,7 @@ class PageApiController extends ApiController
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($parent && !$parent->matches($page->getParent())) {
|
if ($parent && !$parent->matches($page->getParent())) {
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
|
$this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
|
||||||
@@ -151,7 +152,7 @@ class PageApiController extends ApiController
|
|||||||
public function delete(string $id)
|
public function delete(string $id)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleByIdOrFail($id);
|
$page = $this->queries->findVisibleByIdOrFail($id);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
|
|
||||||
$this->pageRepo->destroy($page);
|
$this->pageRepo->destroy($page);
|
||||||
|
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ use BookStack\Exceptions\NotFoundException;
|
|||||||
use BookStack\Exceptions\NotifyException;
|
use BookStack\Exceptions\NotifyException;
|
||||||
use BookStack\Exceptions\PermissionsException;
|
use BookStack\Exceptions\PermissionsException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\References\ReferenceFetcher;
|
use BookStack\References\ReferenceFetcher;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||||
@@ -50,7 +51,7 @@ class PageController extends Controller
|
|||||||
$parent = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
$parent = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-create', $parent);
|
$this->checkOwnablePermission(Permission::PageCreate, $parent);
|
||||||
|
|
||||||
// Redirect to draft edit screen if signed in
|
// Redirect to draft edit screen if signed in
|
||||||
if ($this->isSignedIn()) {
|
if ($this->isSignedIn()) {
|
||||||
@@ -82,7 +83,7 @@ class PageController extends Controller
|
|||||||
$parent = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
$parent = $this->entityQueries->books->findVisibleBySlugOrFail($bookSlug);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-create', $parent);
|
$this->checkOwnablePermission(Permission::PageCreate, $parent);
|
||||||
|
|
||||||
$page = $this->pageRepo->getNewDraftPage($parent);
|
$page = $this->pageRepo->getNewDraftPage($parent);
|
||||||
$this->pageRepo->publishDraft($page, [
|
$this->pageRepo->publishDraft($page, [
|
||||||
@@ -100,7 +101,7 @@ class PageController extends Controller
|
|||||||
public function editDraft(Request $request, string $bookSlug, int $pageId)
|
public function editDraft(Request $request, string $bookSlug, int $pageId)
|
||||||
{
|
{
|
||||||
$draft = $this->queries->findVisibleByIdOrFail($pageId);
|
$draft = $this->queries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-create', $draft->getParent());
|
$this->checkOwnablePermission(Permission::PageCreate, $draft->getParent());
|
||||||
|
|
||||||
$editorData = new PageEditorData($draft, $this->entityQueries, $request->query('editor', ''));
|
$editorData = new PageEditorData($draft, $this->entityQueries, $request->query('editor', ''));
|
||||||
$this->setPageTitle(trans('entities.pages_edit_draft'));
|
$this->setPageTitle(trans('entities.pages_edit_draft'));
|
||||||
@@ -120,7 +121,7 @@ class PageController extends Controller
|
|||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
]);
|
]);
|
||||||
$draftPage = $this->queries->findVisibleByIdOrFail($pageId);
|
$draftPage = $this->queries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-create', $draftPage->getParent());
|
$this->checkOwnablePermission(Permission::PageCreate, $draftPage->getParent());
|
||||||
|
|
||||||
$page = $this->pageRepo->publishDraft($draftPage, $request->all());
|
$page = $this->pageRepo->publishDraft($draftPage, $request->all());
|
||||||
|
|
||||||
@@ -148,8 +149,6 @@ class PageController extends Controller
|
|||||||
return redirect($page->getUrl());
|
return redirect($page->getUrl());
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
|
||||||
|
|
||||||
$pageContent = (new PageContent($page));
|
$pageContent = (new PageContent($page));
|
||||||
$page->html = $pageContent->render();
|
$page->html = $pageContent->render();
|
||||||
$pageNav = $pageContent->getNavigation($page->html);
|
$pageNav = $pageContent->getNavigation($page->html);
|
||||||
@@ -197,7 +196,7 @@ class PageController extends Controller
|
|||||||
public function edit(Request $request, string $bookSlug, string $pageSlug)
|
public function edit(Request $request, string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-update', $page, $page->getUrl());
|
$this->checkOwnablePermission(Permission::PageUpdate, $page, $page->getUrl());
|
||||||
|
|
||||||
$editorData = new PageEditorData($page, $this->entityQueries, $request->query('editor', ''));
|
$editorData = new PageEditorData($page, $this->entityQueries, $request->query('editor', ''));
|
||||||
if ($editorData->getWarnings()) {
|
if ($editorData->getWarnings()) {
|
||||||
@@ -221,7 +220,7 @@ class PageController extends Controller
|
|||||||
'name' => ['required', 'string', 'max:255'],
|
'name' => ['required', 'string', 'max:255'],
|
||||||
]);
|
]);
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$this->pageRepo->update($page, $request->all());
|
$this->pageRepo->update($page, $request->all());
|
||||||
|
|
||||||
@@ -236,7 +235,7 @@ class PageController extends Controller
|
|||||||
public function saveDraft(Request $request, int $pageId)
|
public function saveDraft(Request $request, int $pageId)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
if (!$this->isSignedIn()) {
|
if (!$this->isSignedIn()) {
|
||||||
return $this->jsonError(trans('errors.guests_cannot_save_drafts'), 500);
|
return $this->jsonError(trans('errors.guests_cannot_save_drafts'), 500);
|
||||||
@@ -273,7 +272,7 @@ class PageController extends Controller
|
|||||||
public function showDelete(string $bookSlug, string $pageSlug)
|
public function showDelete(string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
$this->setPageTitle(trans('entities.pages_delete_named', ['pageName' => $page->getShortName()]));
|
$this->setPageTitle(trans('entities.pages_delete_named', ['pageName' => $page->getShortName()]));
|
||||||
$usedAsTemplate =
|
$usedAsTemplate =
|
||||||
$this->entityQueries->books->start()->where('default_template_id', '=', $page->id)->count() > 0 ||
|
$this->entityQueries->books->start()->where('default_template_id', '=', $page->id)->count() > 0 ||
|
||||||
@@ -295,7 +294,7 @@ class PageController extends Controller
|
|||||||
public function showDeleteDraft(string $bookSlug, int $pageId)
|
public function showDeleteDraft(string $bookSlug, int $pageId)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
$this->setPageTitle(trans('entities.pages_delete_draft_named', ['pageName' => $page->getShortName()]));
|
$this->setPageTitle(trans('entities.pages_delete_draft_named', ['pageName' => $page->getShortName()]));
|
||||||
$usedAsTemplate =
|
$usedAsTemplate =
|
||||||
$this->entityQueries->books->start()->where('default_template_id', '=', $page->id)->count() > 0 ||
|
$this->entityQueries->books->start()->where('default_template_id', '=', $page->id)->count() > 0 ||
|
||||||
@@ -318,7 +317,7 @@ class PageController extends Controller
|
|||||||
public function destroy(string $bookSlug, string $pageSlug)
|
public function destroy(string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
$parent = $page->getParent();
|
$parent = $page->getParent();
|
||||||
|
|
||||||
$this->pageRepo->destroy($page);
|
$this->pageRepo->destroy($page);
|
||||||
@@ -337,7 +336,7 @@ class PageController extends Controller
|
|||||||
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
$page = $this->queries->findVisibleByIdOrFail($pageId);
|
||||||
$book = $page->book;
|
$book = $page->book;
|
||||||
$chapter = $page->chapter;
|
$chapter = $page->chapter;
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$this->pageRepo->destroy($page);
|
$this->pageRepo->destroy($page);
|
||||||
|
|
||||||
@@ -384,8 +383,8 @@ class PageController extends Controller
|
|||||||
public function showMove(string $bookSlug, string $pageSlug)
|
public function showMove(string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
|
|
||||||
return view('pages.move', [
|
return view('pages.move', [
|
||||||
'book' => $page->book,
|
'book' => $page->book,
|
||||||
@@ -402,8 +401,8 @@ class PageController extends Controller
|
|||||||
public function move(Request $request, string $bookSlug, string $pageSlug)
|
public function move(Request $request, string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
|
|
||||||
$entitySelection = $request->get('entity_selection', null);
|
$entitySelection = $request->get('entity_selection', null);
|
||||||
if ($entitySelection === null || $entitySelection === '') {
|
if ($entitySelection === null || $entitySelection === '') {
|
||||||
@@ -431,7 +430,6 @@ class PageController extends Controller
|
|||||||
public function showCopy(string $bookSlug, string $pageSlug)
|
public function showCopy(string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
|
||||||
session()->flashInput(['name' => $page->name]);
|
session()->flashInput(['name' => $page->name]);
|
||||||
|
|
||||||
return view('pages.copy', [
|
return view('pages.copy', [
|
||||||
@@ -449,7 +447,7 @@ class PageController extends Controller
|
|||||||
public function copy(Request $request, Cloner $cloner, string $bookSlug, string $pageSlug)
|
public function copy(Request $request, Cloner $cloner, string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
$this->checkOwnablePermission(Permission::PageView, $page);
|
||||||
|
|
||||||
$entitySelection = $request->get('entity_selection') ?: null;
|
$entitySelection = $request->get('entity_selection') ?: null;
|
||||||
$newParent = $entitySelection ? $this->entityQueries->findVisibleByStringIdentifier($entitySelection) : $page->getParent();
|
$newParent = $entitySelection ? $this->entityQueries->findVisibleByStringIdentifier($entitySelection) : $page->getParent();
|
||||||
@@ -460,7 +458,7 @@ class PageController extends Controller
|
|||||||
return redirect($page->getUrl('/copy'));
|
return redirect($page->getUrl('/copy'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-create', $newParent);
|
$this->checkOwnablePermission(Permission::PageCreate, $newParent);
|
||||||
|
|
||||||
$newName = $request->get('name') ?: $page->name;
|
$newName = $request->get('name') ?: $page->name;
|
||||||
$pageCopy = $cloner->clonePage($page, $newParent, $newName);
|
$pageCopy = $cloner->clonePage($page, $newParent, $newName);
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ use BookStack\Entities\Tools\PageContent;
|
|||||||
use BookStack\Exceptions\NotFoundException;
|
use BookStack\Exceptions\NotFoundException;
|
||||||
use BookStack\Facades\Activity;
|
use BookStack\Facades\Activity;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Util\SimpleListOptions;
|
use BookStack\Util\SimpleListOptions;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Ssddanbrown\HtmlDiff\Diff;
|
use Ssddanbrown\HtmlDiff\Diff;
|
||||||
@@ -124,7 +125,7 @@ class PageRevisionController extends Controller
|
|||||||
public function restore(string $bookSlug, string $pageSlug, int $revisionId)
|
public function restore(string $bookSlug, string $pageSlug, int $revisionId)
|
||||||
{
|
{
|
||||||
$page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$page = $this->pageRepo->restoreRevision($page, $revisionId);
|
$page = $this->pageRepo->restoreRevision($page, $revisionId);
|
||||||
|
|
||||||
@@ -139,7 +140,7 @@ class PageRevisionController extends Controller
|
|||||||
public function destroy(string $bookSlug, string $pageSlug, int $revId)
|
public function destroy(string $bookSlug, string $pageSlug, int $revId)
|
||||||
{
|
{
|
||||||
$page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('page-delete', $page);
|
$this->checkOwnablePermission(Permission::PageDelete, $page);
|
||||||
|
|
||||||
$revision = $page->revisions()->where('id', '=', $revId)->first();
|
$revision = $page->revisions()->where('id', '=', $revId)->first();
|
||||||
if ($revision === null) {
|
if ($revision === null) {
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ use BookStack\Entities\Models\Deletion;
|
|||||||
use BookStack\Entities\Models\Page;
|
use BookStack\Entities\Models\Page;
|
||||||
use BookStack\Entities\Repos\DeletionRepo;
|
use BookStack\Entities\Repos\DeletionRepo;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Illuminate\Database\Eloquent\Builder;
|
use Illuminate\Database\Eloquent\Builder;
|
||||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||||
|
|
||||||
@@ -17,8 +18,8 @@ class RecycleBinApiController extends ApiController
|
|||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->middleware(function ($request, $next) {
|
$this->middleware(function ($request, $next) {
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->checkPermission('restrictions-manage-all');
|
$this->checkPermission(Permission::RestrictionsManageAll);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ use BookStack\Entities\Models\Entity;
|
|||||||
use BookStack\Entities\Repos\DeletionRepo;
|
use BookStack\Entities\Repos\DeletionRepo;
|
||||||
use BookStack\Entities\Tools\TrashCan;
|
use BookStack\Entities\Tools\TrashCan;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
|
|
||||||
class RecycleBinController extends Controller
|
class RecycleBinController extends Controller
|
||||||
{
|
{
|
||||||
@@ -20,8 +21,8 @@ class RecycleBinController extends Controller
|
|||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->middleware(function ($request, $next) {
|
$this->middleware(function ($request, $next) {
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->checkPermission('restrictions-manage-all');
|
$this->checkPermission(Permission::RestrictionsManageAll);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Entities\Queries\PageQueries;
|
|||||||
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
|
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
|
||||||
use BookStack\Exceptions\ImageUploadException;
|
use BookStack\Exceptions\ImageUploadException;
|
||||||
use BookStack\Facades\Theme;
|
use BookStack\Facades\Theme;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Theming\ThemeEvents;
|
use BookStack\Theming\ThemeEvents;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Uploads\ImageService;
|
use BookStack\Uploads\ImageService;
|
||||||
@@ -122,7 +123,7 @@ class PageContent
|
|||||||
$imageInfo = $this->parseBase64ImageUri($uri);
|
$imageInfo = $this->parseBase64ImageUri($uri);
|
||||||
|
|
||||||
// Validate user has permission to create images
|
// Validate user has permission to create images
|
||||||
if (!$updater->can('image-create-all')) {
|
if (!$updater->can(Permission::ImageCreateAll)) {
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3,6 +3,7 @@
|
|||||||
namespace BookStack\Http\Middleware;
|
namespace BookStack\Http\Middleware;
|
||||||
|
|
||||||
use BookStack\Exceptions\ApiAuthException;
|
use BookStack\Exceptions\ApiAuthException;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Closure;
|
use Closure;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -51,7 +52,7 @@ class ApiAuthenticate
|
|||||||
*/
|
*/
|
||||||
protected function sessionUserHasApiAccess(): bool
|
protected function sessionUserHasApiAccess(): bool
|
||||||
{
|
{
|
||||||
$hasApiPermission = user()->can('access-api');
|
$hasApiPermission = user()->can(Permission::AccessApi);
|
||||||
|
|
||||||
return $hasApiPermission && user()->hasAppAccess();
|
return $hasApiPermission && user()->hasAppAccess();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
namespace BookStack\Http\Middleware;
|
namespace BookStack\Http\Middleware;
|
||||||
|
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use Closure;
|
use Closure;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -10,13 +11,9 @@ class CheckUserHasPermission
|
|||||||
/**
|
/**
|
||||||
* Handle an incoming request.
|
* Handle an incoming request.
|
||||||
*
|
*
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
* @param \Closure $next
|
|
||||||
* @param string $permission
|
|
||||||
*
|
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function handle($request, Closure $next, $permission)
|
public function handle(Request $request, Closure $next, string|Permission $permission)
|
||||||
{
|
{
|
||||||
if (!user()->can($permission)) {
|
if (!user()->can($permission)) {
|
||||||
return $this->errorResponse($request);
|
return $this->errorResponse($request);
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ class ContentPermissionApiController extends ApiController
|
|||||||
$entity = $this->entities->get($contentType)
|
$entity = $this->entities->get($contentType)
|
||||||
->newQuery()->scopes(['visible'])->findOrFail($contentId);
|
->newQuery()->scopes(['visible'])->findOrFail($contentId);
|
||||||
|
|
||||||
$this->checkOwnablePermission('restrictions-manage', $entity);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $entity);
|
||||||
|
|
||||||
return response()->json($this->formattedPermissionDataForEntity($entity));
|
return response()->json($this->formattedPermissionDataForEntity($entity));
|
||||||
}
|
}
|
||||||
@@ -71,7 +71,7 @@ class ContentPermissionApiController extends ApiController
|
|||||||
$entity = $this->entities->get($contentType)
|
$entity = $this->entities->get($contentType)
|
||||||
->newQuery()->scopes(['visible'])->findOrFail($contentId);
|
->newQuery()->scopes(['visible'])->findOrFail($contentId);
|
||||||
|
|
||||||
$this->checkOwnablePermission('restrictions-manage', $entity);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $entity);
|
||||||
|
|
||||||
$data = $this->validate($request, $this->rules()['update']);
|
$data = $this->validate($request, $this->rules()['update']);
|
||||||
$this->permissionsUpdater->updateFromApiRequestData($entity, $data);
|
$this->permissionsUpdater->updateFromApiRequestData($entity, $data);
|
||||||
|
|||||||
@@ -10,6 +10,9 @@ namespace BookStack\Permissions;
|
|||||||
* We use and still allow the string values in usage to allow for compatibility with scenarios where
|
* We use and still allow the string values in usage to allow for compatibility with scenarios where
|
||||||
* users have customised their instance with additional permissions via the theme system.
|
* users have customised their instance with additional permissions via the theme system.
|
||||||
* This enum primarily exists for alignment within the codebase.
|
* This enum primarily exists for alignment within the codebase.
|
||||||
|
*
|
||||||
|
* Permissions with all/own suffixes may also be represented as a higher-level alias without the own/all
|
||||||
|
* suffix, which are used and assessed in the permission system logic.
|
||||||
*/
|
*/
|
||||||
enum Permission: string
|
enum Permission: string
|
||||||
{
|
{
|
||||||
@@ -26,6 +29,7 @@ enum Permission: string
|
|||||||
case ContentImport = 'content-import';
|
case ContentImport = 'content-import';
|
||||||
case EditorChange = 'editor-change';
|
case EditorChange = 'editor-change';
|
||||||
case ReceiveNotifications = 'receive-notifications';
|
case ReceiveNotifications = 'receive-notifications';
|
||||||
|
case RestrictionsManage = 'restrictions-manage';
|
||||||
case RestrictionsManageAll = 'restrictions-manage-all';
|
case RestrictionsManageAll = 'restrictions-manage-all';
|
||||||
case RestrictionsManageOwn = 'restrictions-manage-own';
|
case RestrictionsManageOwn = 'restrictions-manage-own';
|
||||||
case SettingsManage = 'settings-manage';
|
case SettingsManage = 'settings-manage';
|
||||||
@@ -33,33 +37,46 @@ enum Permission: string
|
|||||||
case UserRolesManage = 'user-roles-manage';
|
case UserRolesManage = 'user-roles-manage';
|
||||||
case UsersManage = 'users-manage';
|
case UsersManage = 'users-manage';
|
||||||
|
|
||||||
// Entity permissions
|
// Non-entity content permissions
|
||||||
// Each has 'all' or 'own' in it's RolePermission, with the base non-suffix name being used
|
|
||||||
// in actual checking logic, with the permission system handling the assessment of the underlying RolePermission.
|
|
||||||
case AttachmentCreate = 'attachment-create';
|
case AttachmentCreate = 'attachment-create';
|
||||||
case AttachmentCreateAll = 'attachment-create-all';
|
case AttachmentCreateAll = 'attachment-create-all';
|
||||||
case AttachmentCreateOwn = 'attachment-create-own';
|
case AttachmentCreateOwn = 'attachment-create-own';
|
||||||
|
|
||||||
case AttachmentDelete = 'attachment-delete';
|
case AttachmentDelete = 'attachment-delete';
|
||||||
case AttachmentDeleteAll = 'attachment-delete-all';
|
case AttachmentDeleteAll = 'attachment-delete-all';
|
||||||
case AttachmentDeleteOwn = 'attachment-delete-own';
|
case AttachmentDeleteOwn = 'attachment-delete-own';
|
||||||
|
|
||||||
case AttachmentUpdate = 'attachment-update';
|
case AttachmentUpdate = 'attachment-update';
|
||||||
case AttachmentUpdateAll = 'attachment-update-all';
|
case AttachmentUpdateAll = 'attachment-update-all';
|
||||||
case AttachmentUpdateOwn = 'attachment-update-own';
|
case AttachmentUpdateOwn = 'attachment-update-own';
|
||||||
|
|
||||||
|
case CommentCreate = 'comment-create';
|
||||||
|
case CommentCreateAll = 'comment-create-all';
|
||||||
|
case CommentCreateOwn = 'comment-create-own';
|
||||||
|
case CommentDelete = 'comment-delete';
|
||||||
|
case CommentDeleteAll = 'comment-delete-all';
|
||||||
|
case CommentDeleteOwn = 'comment-delete-own';
|
||||||
|
case CommentUpdate = 'comment-update';
|
||||||
|
case CommentUpdateAll = 'comment-update-all';
|
||||||
|
case CommentUpdateOwn = 'comment-update-own';
|
||||||
|
|
||||||
|
case ImageCreateAll = 'image-create-all';
|
||||||
|
case ImageCreateOwn = 'image-create-own';
|
||||||
|
case ImageDelete = 'image-delete';
|
||||||
|
case ImageDeleteAll = 'image-delete-all';
|
||||||
|
case ImageDeleteOwn = 'image-delete-own';
|
||||||
|
case ImageUpdate = 'image-update';
|
||||||
|
case ImageUpdateAll = 'image-update-all';
|
||||||
|
case ImageUpdateOwn = 'image-update-own';
|
||||||
|
|
||||||
|
// Entity content permissions
|
||||||
case BookCreate = 'book-create';
|
case BookCreate = 'book-create';
|
||||||
case BookCreateAll = 'book-create-all';
|
case BookCreateAll = 'book-create-all';
|
||||||
case BookCreateOwn = 'book-create-own';
|
case BookCreateOwn = 'book-create-own';
|
||||||
|
|
||||||
case BookDelete = 'book-delete';
|
case BookDelete = 'book-delete';
|
||||||
case BookDeleteAll = 'book-delete-all';
|
case BookDeleteAll = 'book-delete-all';
|
||||||
case BookDeleteOwn = 'book-delete-own';
|
case BookDeleteOwn = 'book-delete-own';
|
||||||
|
|
||||||
case BookUpdate = 'book-update';
|
case BookUpdate = 'book-update';
|
||||||
case BookUpdateAll = 'book-update-all';
|
case BookUpdateAll = 'book-update-all';
|
||||||
case BookUpdateOwn = 'book-update-own';
|
case BookUpdateOwn = 'book-update-own';
|
||||||
|
|
||||||
case BookView = 'book-view';
|
case BookView = 'book-view';
|
||||||
case BookViewAll = 'book-view-all';
|
case BookViewAll = 'book-view-all';
|
||||||
case BookViewOwn = 'book-view-own';
|
case BookViewOwn = 'book-view-own';
|
||||||
@@ -67,15 +84,12 @@ enum Permission: string
|
|||||||
case BookshelfCreate = 'bookshelf-create';
|
case BookshelfCreate = 'bookshelf-create';
|
||||||
case BookshelfCreateAll = 'bookshelf-create-all';
|
case BookshelfCreateAll = 'bookshelf-create-all';
|
||||||
case BookshelfCreateOwn = 'bookshelf-create-own';
|
case BookshelfCreateOwn = 'bookshelf-create-own';
|
||||||
|
|
||||||
case BookshelfDelete = 'bookshelf-delete';
|
case BookshelfDelete = 'bookshelf-delete';
|
||||||
case BookshelfDeleteAll = 'bookshelf-delete-all';
|
case BookshelfDeleteAll = 'bookshelf-delete-all';
|
||||||
case BookshelfDeleteOwn = 'bookshelf-delete-own';
|
case BookshelfDeleteOwn = 'bookshelf-delete-own';
|
||||||
|
|
||||||
case BookshelfUpdate = 'bookshelf-update';
|
case BookshelfUpdate = 'bookshelf-update';
|
||||||
case BookshelfUpdateAll = 'bookshelf-update-all';
|
case BookshelfUpdateAll = 'bookshelf-update-all';
|
||||||
case BookshelfUpdateOwn = 'bookshelf-update-own';
|
case BookshelfUpdateOwn = 'bookshelf-update-own';
|
||||||
|
|
||||||
case BookshelfView = 'bookshelf-view';
|
case BookshelfView = 'bookshelf-view';
|
||||||
case BookshelfViewAll = 'bookshelf-view-all';
|
case BookshelfViewAll = 'bookshelf-view-all';
|
||||||
case BookshelfViewOwn = 'bookshelf-view-own';
|
case BookshelfViewOwn = 'bookshelf-view-own';
|
||||||
@@ -83,55 +97,25 @@ enum Permission: string
|
|||||||
case ChapterCreate = 'chapter-create';
|
case ChapterCreate = 'chapter-create';
|
||||||
case ChapterCreateAll = 'chapter-create-all';
|
case ChapterCreateAll = 'chapter-create-all';
|
||||||
case ChapterCreateOwn = 'chapter-create-own';
|
case ChapterCreateOwn = 'chapter-create-own';
|
||||||
|
|
||||||
case ChapterDelete = 'chapter-delete';
|
case ChapterDelete = 'chapter-delete';
|
||||||
case ChapterDeleteAll = 'chapter-delete-all';
|
case ChapterDeleteAll = 'chapter-delete-all';
|
||||||
case ChapterDeleteOwn = 'chapter-delete-own';
|
case ChapterDeleteOwn = 'chapter-delete-own';
|
||||||
|
|
||||||
case ChapterUpdate = 'chapter-update';
|
case ChapterUpdate = 'chapter-update';
|
||||||
case ChapterUpdateAll = 'chapter-update-all';
|
case ChapterUpdateAll = 'chapter-update-all';
|
||||||
case ChapterUpdateOwn = 'chapter-update-own';
|
case ChapterUpdateOwn = 'chapter-update-own';
|
||||||
|
|
||||||
case ChapterView = 'chapter-view';
|
case ChapterView = 'chapter-view';
|
||||||
case ChapterViewAll = 'chapter-view-all';
|
case ChapterViewAll = 'chapter-view-all';
|
||||||
case ChapterViewOwn = 'chapter-view-own';
|
case ChapterViewOwn = 'chapter-view-own';
|
||||||
|
|
||||||
case CommentCreate = 'comment-create';
|
|
||||||
case CommentCreateAll = 'comment-create-all';
|
|
||||||
case CommentCreateOwn = 'comment-create-own';
|
|
||||||
|
|
||||||
case CommentDelete = 'comment-delete';
|
|
||||||
case CommentDeleteAll = 'comment-delete-all';
|
|
||||||
case CommentDeleteOwn = 'comment-delete-own';
|
|
||||||
|
|
||||||
case CommentUpdate = 'comment-update';
|
|
||||||
case CommentUpdateAll = 'comment-update-all';
|
|
||||||
case CommentUpdateOwn = 'comment-update-own';
|
|
||||||
|
|
||||||
case ImageCreate = 'image-create';
|
|
||||||
case ImageCreateAll = 'image-create-all';
|
|
||||||
case ImageCreateOwn = 'image-create-own';
|
|
||||||
|
|
||||||
case ImageDelete = 'image-delete';
|
|
||||||
case ImageDeleteAll = 'image-delete-all';
|
|
||||||
case ImageDeleteOwn = 'image-delete-own';
|
|
||||||
|
|
||||||
case ImageUpdate = 'image-update';
|
|
||||||
case ImageUpdateAll = 'image-update-all';
|
|
||||||
case ImageUpdateOwn = 'image-update-own';
|
|
||||||
|
|
||||||
case PageCreate = 'page-create';
|
case PageCreate = 'page-create';
|
||||||
case PageCreateAll = 'page-create-all';
|
case PageCreateAll = 'page-create-all';
|
||||||
case PageCreateOwn = 'page-create-own';
|
case PageCreateOwn = 'page-create-own';
|
||||||
|
|
||||||
case PageDelete = 'page-delete';
|
case PageDelete = 'page-delete';
|
||||||
case PageDeleteAll = 'page-delete-all';
|
case PageDeleteAll = 'page-delete-all';
|
||||||
case PageDeleteOwn = 'page-delete-own';
|
case PageDeleteOwn = 'page-delete-own';
|
||||||
|
|
||||||
case PageUpdate = 'page-update';
|
case PageUpdate = 'page-update';
|
||||||
case PageUpdateAll = 'page-update-all';
|
case PageUpdateAll = 'page-update-all';
|
||||||
case PageUpdateOwn = 'page-update-own';
|
case PageUpdateOwn = 'page-update-own';
|
||||||
|
|
||||||
case PageView = 'page-view';
|
case PageView = 'page-view';
|
||||||
case PageViewAll = 'page-view-all';
|
case PageViewAll = 'page-view-all';
|
||||||
case PageViewOwn = 'page-view-own';
|
case PageViewOwn = 'page-view-own';
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ class PermissionsController extends Controller
|
|||||||
public function showForPage(string $bookSlug, string $pageSlug)
|
public function showForPage(string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->pages->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->pages->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $page);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $page);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.pages_permissions'));
|
$this->setPageTitle(trans('entities.pages_permissions'));
|
||||||
return view('pages.permissions', [
|
return view('pages.permissions', [
|
||||||
@@ -39,7 +39,7 @@ class PermissionsController extends Controller
|
|||||||
public function updateForPage(Request $request, string $bookSlug, string $pageSlug)
|
public function updateForPage(Request $request, string $bookSlug, string $pageSlug)
|
||||||
{
|
{
|
||||||
$page = $this->queries->pages->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
$page = $this->queries->pages->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $page);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $page);
|
||||||
|
|
||||||
(new DatabaseTransaction(function () use ($page, $request) {
|
(new DatabaseTransaction(function () use ($page, $request) {
|
||||||
$this->permissionsUpdater->updateFromPermissionsForm($page, $request);
|
$this->permissionsUpdater->updateFromPermissionsForm($page, $request);
|
||||||
@@ -56,7 +56,7 @@ class PermissionsController extends Controller
|
|||||||
public function showForChapter(string $bookSlug, string $chapterSlug)
|
public function showForChapter(string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->chapters->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->chapters->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $chapter);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $chapter);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.chapters_permissions'));
|
$this->setPageTitle(trans('entities.chapters_permissions'));
|
||||||
return view('chapters.permissions', [
|
return view('chapters.permissions', [
|
||||||
@@ -71,7 +71,7 @@ class PermissionsController extends Controller
|
|||||||
public function updateForChapter(Request $request, string $bookSlug, string $chapterSlug)
|
public function updateForChapter(Request $request, string $bookSlug, string $chapterSlug)
|
||||||
{
|
{
|
||||||
$chapter = $this->queries->chapters->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
$chapter = $this->queries->chapters->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $chapter);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $chapter);
|
||||||
|
|
||||||
(new DatabaseTransaction(function () use ($chapter, $request) {
|
(new DatabaseTransaction(function () use ($chapter, $request) {
|
||||||
$this->permissionsUpdater->updateFromPermissionsForm($chapter, $request);
|
$this->permissionsUpdater->updateFromPermissionsForm($chapter, $request);
|
||||||
@@ -88,7 +88,7 @@ class PermissionsController extends Controller
|
|||||||
public function showForBook(string $slug)
|
public function showForBook(string $slug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->books->findVisibleBySlugOrFail($slug);
|
$book = $this->queries->books->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $book);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $book);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.books_permissions'));
|
$this->setPageTitle(trans('entities.books_permissions'));
|
||||||
return view('books.permissions', [
|
return view('books.permissions', [
|
||||||
@@ -103,7 +103,7 @@ class PermissionsController extends Controller
|
|||||||
public function updateForBook(Request $request, string $slug)
|
public function updateForBook(Request $request, string $slug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->books->findVisibleBySlugOrFail($slug);
|
$book = $this->queries->books->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $book);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $book);
|
||||||
|
|
||||||
(new DatabaseTransaction(function () use ($book, $request) {
|
(new DatabaseTransaction(function () use ($book, $request) {
|
||||||
$this->permissionsUpdater->updateFromPermissionsForm($book, $request);
|
$this->permissionsUpdater->updateFromPermissionsForm($book, $request);
|
||||||
@@ -120,7 +120,7 @@ class PermissionsController extends Controller
|
|||||||
public function showForShelf(string $slug)
|
public function showForShelf(string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $shelf);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $shelf);
|
||||||
|
|
||||||
$this->setPageTitle(trans('entities.shelves_permissions'));
|
$this->setPageTitle(trans('entities.shelves_permissions'));
|
||||||
return view('shelves.permissions', [
|
return view('shelves.permissions', [
|
||||||
@@ -135,7 +135,7 @@ class PermissionsController extends Controller
|
|||||||
public function updateForShelf(Request $request, string $slug)
|
public function updateForShelf(Request $request, string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $shelf);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $shelf);
|
||||||
|
|
||||||
(new DatabaseTransaction(function () use ($shelf, $request) {
|
(new DatabaseTransaction(function () use ($shelf, $request) {
|
||||||
$this->permissionsUpdater->updateFromPermissionsForm($shelf, $request);
|
$this->permissionsUpdater->updateFromPermissionsForm($shelf, $request);
|
||||||
@@ -152,7 +152,7 @@ class PermissionsController extends Controller
|
|||||||
public function copyShelfPermissionsToBooks(string $slug)
|
public function copyShelfPermissionsToBooks(string $slug)
|
||||||
{
|
{
|
||||||
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
$shelf = $this->queries->shelves->findVisibleBySlugOrFail($slug);
|
||||||
$this->checkOwnablePermission('restrictions-manage', $shelf);
|
$this->checkOwnablePermission(Permission::RestrictionsManage, $shelf);
|
||||||
|
|
||||||
$updateCount = (new DatabaseTransaction(function () use ($shelf) {
|
$updateCount = (new DatabaseTransaction(function () use ($shelf) {
|
||||||
return $this->permissionsUpdater->updateBookPermissionsFromShelf($shelf);
|
return $this->permissionsUpdater->updateBookPermissionsFromShelf($shelf);
|
||||||
@@ -168,7 +168,7 @@ class PermissionsController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function formRowForRole(string $entityType, string $roleId)
|
public function formRowForRole(string $entityType, string $roleId)
|
||||||
{
|
{
|
||||||
$this->checkPermissionOr('restrictions-manage-all', fn() => userCan('restrictions-manage-own'));
|
$this->checkPermissionOr(Permission::RestrictionsManageAll, fn() => userCan(Permission::RestrictionsManageOwn));
|
||||||
|
|
||||||
$role = Role::query()->findOrFail($roleId);
|
$role = Role::query()->findOrFail($roleId);
|
||||||
|
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ use BookStack\Activity\ActivityType;
|
|||||||
use BookStack\App\AppVersion;
|
use BookStack\App\AppVersion;
|
||||||
use BookStack\Entities\Tools\TrashCan;
|
use BookStack\Entities\Tools\TrashCan;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\References\ReferenceStore;
|
use BookStack\References\ReferenceStore;
|
||||||
use BookStack\Uploads\ImageService;
|
use BookStack\Uploads\ImageService;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
@@ -17,7 +18,7 @@ class MaintenanceController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(TrashCan $trashCan)
|
public function index(TrashCan $trashCan)
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->setPageTitle(trans('settings.maint'));
|
$this->setPageTitle(trans('settings.maint'));
|
||||||
|
|
||||||
// Recycle bin details
|
// Recycle bin details
|
||||||
@@ -34,7 +35,7 @@ class MaintenanceController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function cleanupImages(Request $request, ImageService $imageService)
|
public function cleanupImages(Request $request, ImageService $imageService)
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'cleanup-images');
|
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'cleanup-images');
|
||||||
|
|
||||||
$checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
|
$checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
|
||||||
@@ -62,7 +63,7 @@ class MaintenanceController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function sendTestEmail()
|
public function sendTestEmail()
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'send-test-email');
|
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'send-test-email');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -81,7 +82,7 @@ class MaintenanceController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function regenerateReferences(ReferenceStore $referenceStore)
|
public function regenerateReferences(ReferenceStore $referenceStore)
|
||||||
{
|
{
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'regenerate-references');
|
$this->logActivity(ActivityType::MAINTENANCE_ACTION_RUN, 'regenerate-references');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ namespace BookStack\Settings;
|
|||||||
use BookStack\Activity\ActivityType;
|
use BookStack\Activity\ActivityType;
|
||||||
use BookStack\App\AppVersion;
|
use BookStack\App\AppVersion;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -24,7 +25,7 @@ class SettingController extends Controller
|
|||||||
public function category(string $category)
|
public function category(string $category)
|
||||||
{
|
{
|
||||||
$this->ensureCategoryExists($category);
|
$this->ensureCategoryExists($category);
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->setPageTitle(trans('settings.settings'));
|
$this->setPageTitle(trans('settings.settings'));
|
||||||
|
|
||||||
return view('settings.categories.' . $category, [
|
return view('settings.categories.' . $category, [
|
||||||
@@ -41,7 +42,7 @@ class SettingController extends Controller
|
|||||||
{
|
{
|
||||||
$this->ensureCategoryExists($category);
|
$this->ensureCategoryExists($category);
|
||||||
$this->preventAccessInDemoMode();
|
$this->preventAccessInDemoMode();
|
||||||
$this->checkPermission('settings-manage');
|
$this->checkPermission(Permission::SettingsManage);
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'app_logo' => ['nullable', ...$this->getImageValidationRules()],
|
'app_logo' => ['nullable', ...$this->getImageValidationRules()],
|
||||||
'app_icon' => ['nullable', ...$this->getImageValidationRules()],
|
'app_icon' => ['nullable', ...$this->getImageValidationRules()],
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Entities\Queries\BookQueries;
|
|||||||
use BookStack\Entities\Tools\BookContents;
|
use BookStack\Entities\Tools\BookContents;
|
||||||
use BookStack\Facades\Activity;
|
use BookStack\Facades\Activity;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Util\DatabaseTransaction;
|
use BookStack\Util\DatabaseTransaction;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
@@ -23,7 +24,7 @@ class BookSortController extends Controller
|
|||||||
public function show(string $bookSlug)
|
public function show(string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
|
|
||||||
$bookChildren = (new BookContents($book))->getTree(false);
|
$bookChildren = (new BookContents($book))->getTree(false);
|
||||||
|
|
||||||
@@ -51,7 +52,7 @@ class BookSortController extends Controller
|
|||||||
public function update(Request $request, BookSorter $sorter, string $bookSlug)
|
public function update(Request $request, BookSorter $sorter, string $bookSlug)
|
||||||
{
|
{
|
||||||
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission(Permission::BookUpdate, $book);
|
||||||
$loggedActivityForBook = false;
|
$loggedActivityForBook = false;
|
||||||
|
|
||||||
// Sort via map
|
// Sort via map
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ namespace BookStack\Uploads\Controllers;
|
|||||||
use BookStack\Entities\Queries\PageQueries;
|
use BookStack\Entities\Queries\PageQueries;
|
||||||
use BookStack\Exceptions\FileUploadException;
|
use BookStack\Exceptions\FileUploadException;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\Attachment;
|
use BookStack\Uploads\Attachment;
|
||||||
use BookStack\Uploads\AttachmentService;
|
use BookStack\Uploads\AttachmentService;
|
||||||
use Exception;
|
use Exception;
|
||||||
@@ -45,12 +46,12 @@ class AttachmentApiController extends ApiController
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('attachment-create-all');
|
$this->checkPermission(Permission::AttachmentCreateAll);
|
||||||
$requestData = $this->validate($request, $this->rules()['create']);
|
$requestData = $this->validate($request, $this->rules()['create']);
|
||||||
|
|
||||||
$pageId = $request->get('uploaded_to');
|
$pageId = $request->get('uploaded_to');
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
if ($request->hasFile('file')) {
|
if ($request->hasFile('file')) {
|
||||||
$uploadedFile = $request->file('file');
|
$uploadedFile = $request->file('file');
|
||||||
@@ -137,9 +138,9 @@ class AttachmentApiController extends ApiController
|
|||||||
$attachment->uploaded_to = $requestData['uploaded_to'];
|
$attachment->uploaded_to = $requestData['uploaded_to'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
$this->checkOwnablePermission(Permission::PageView, $page);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
$this->checkOwnablePermission('attachment-update', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
|
||||||
|
|
||||||
if ($request->hasFile('file')) {
|
if ($request->hasFile('file')) {
|
||||||
$uploadedFile = $request->file('file');
|
$uploadedFile = $request->file('file');
|
||||||
@@ -160,7 +161,7 @@ class AttachmentApiController extends ApiController
|
|||||||
{
|
{
|
||||||
/** @var Attachment $attachment */
|
/** @var Attachment $attachment */
|
||||||
$attachment = Attachment::visible()->findOrFail($id);
|
$attachment = Attachment::visible()->findOrFail($id);
|
||||||
$this->checkOwnablePermission('attachment-delete', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentDelete, $attachment);
|
||||||
|
|
||||||
$this->attachmentService->deleteFile($attachment);
|
$this->attachmentService->deleteFile($attachment);
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Entities\Repos\PageRepo;
|
|||||||
use BookStack\Exceptions\FileUploadException;
|
use BookStack\Exceptions\FileUploadException;
|
||||||
use BookStack\Exceptions\NotFoundException;
|
use BookStack\Exceptions\NotFoundException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\Attachment;
|
use BookStack\Uploads\Attachment;
|
||||||
use BookStack\Uploads\AttachmentService;
|
use BookStack\Uploads\AttachmentService;
|
||||||
use Exception;
|
use Exception;
|
||||||
@@ -40,8 +41,8 @@ class AttachmentController extends Controller
|
|||||||
$pageId = $request->get('uploaded_to');
|
$pageId = $request->get('uploaded_to');
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
||||||
|
|
||||||
$this->checkPermission('attachment-create-all');
|
$this->checkPermission(Permission::AttachmentCreateAll);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$uploadedFile = $request->file('file');
|
$uploadedFile = $request->file('file');
|
||||||
|
|
||||||
@@ -67,9 +68,9 @@ class AttachmentController extends Controller
|
|||||||
|
|
||||||
/** @var Attachment $attachment */
|
/** @var Attachment $attachment */
|
||||||
$attachment = Attachment::query()->findOrFail($attachmentId);
|
$attachment = Attachment::query()->findOrFail($attachmentId);
|
||||||
$this->checkOwnablePermission('view', $attachment->page);
|
$this->checkOwnablePermission(Permission::PageView, $attachment->page);
|
||||||
$this->checkOwnablePermission('page-update', $attachment->page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
|
||||||
$this->checkOwnablePermission('attachment-create', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
|
||||||
|
|
||||||
$uploadedFile = $request->file('file');
|
$uploadedFile = $request->file('file');
|
||||||
|
|
||||||
@@ -90,8 +91,8 @@ class AttachmentController extends Controller
|
|||||||
/** @var Attachment $attachment */
|
/** @var Attachment $attachment */
|
||||||
$attachment = Attachment::query()->findOrFail($attachmentId);
|
$attachment = Attachment::query()->findOrFail($attachmentId);
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-update', $attachment->page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
|
||||||
$this->checkOwnablePermission('attachment-create', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentCreate, $attachment);
|
||||||
|
|
||||||
return view('attachments.manager-edit-form', [
|
return view('attachments.manager-edit-form', [
|
||||||
'attachment' => $attachment,
|
'attachment' => $attachment,
|
||||||
@@ -118,9 +119,9 @@ class AttachmentController extends Controller
|
|||||||
]), 422);
|
]), 422);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-view', $attachment->page);
|
$this->checkOwnablePermission(Permission::PageView, $attachment->page);
|
||||||
$this->checkOwnablePermission('page-update', $attachment->page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
|
||||||
$this->checkOwnablePermission('attachment-update', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
|
||||||
|
|
||||||
$attachment = $this->attachmentService->updateFile($attachment, [
|
$attachment = $this->attachmentService->updateFile($attachment, [
|
||||||
'name' => $request->get('attachment_edit_name'),
|
'name' => $request->get('attachment_edit_name'),
|
||||||
@@ -156,8 +157,8 @@ class AttachmentController extends Controller
|
|||||||
|
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
||||||
|
|
||||||
$this->checkPermission('attachment-create-all');
|
$this->checkPermission(Permission::AttachmentCreateAll);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$attachmentName = $request->get('attachment_link_name');
|
$attachmentName = $request->get('attachment_link_name');
|
||||||
$link = $request->get('attachment_link_url');
|
$link = $request->get('attachment_link_url');
|
||||||
@@ -176,7 +177,6 @@ class AttachmentController extends Controller
|
|||||||
public function listForPage(int $pageId)
|
public function listForPage(int $pageId)
|
||||||
{
|
{
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
|
||||||
|
|
||||||
return view('attachments.manager-list', [
|
return view('attachments.manager-list', [
|
||||||
'attachments' => $page->attachments->all(),
|
'attachments' => $page->attachments->all(),
|
||||||
@@ -195,7 +195,7 @@ class AttachmentController extends Controller
|
|||||||
'order' => ['required', 'array'],
|
'order' => ['required', 'array'],
|
||||||
]);
|
]);
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
|
||||||
$this->checkOwnablePermission('page-update', $page);
|
$this->checkOwnablePermission(Permission::PageUpdate, $page);
|
||||||
|
|
||||||
$attachmentOrder = $request->get('order');
|
$attachmentOrder = $request->get('order');
|
||||||
$this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
|
$this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
|
||||||
@@ -220,7 +220,7 @@ class AttachmentController extends Controller
|
|||||||
throw new NotFoundException(trans('errors.attachment_not_found'));
|
throw new NotFoundException(trans('errors.attachment_not_found'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkOwnablePermission('page-view', $page);
|
$this->checkOwnablePermission(Permission::PageView, $page);
|
||||||
|
|
||||||
if ($attachment->external) {
|
if ($attachment->external) {
|
||||||
return redirect($attachment->path);
|
return redirect($attachment->path);
|
||||||
@@ -246,7 +246,7 @@ class AttachmentController extends Controller
|
|||||||
{
|
{
|
||||||
/** @var Attachment $attachment */
|
/** @var Attachment $attachment */
|
||||||
$attachment = Attachment::query()->findOrFail($attachmentId);
|
$attachment = Attachment::query()->findOrFail($attachmentId);
|
||||||
$this->checkOwnablePermission('attachment-delete', $attachment);
|
$this->checkOwnablePermission(Permission::AttachmentDelete, $attachment);
|
||||||
$this->attachmentService->deleteFile($attachment);
|
$this->attachmentService->deleteFile($attachment);
|
||||||
|
|
||||||
return response()->json(['message' => trans('entities.attachments_deleted')]);
|
return response()->json(['message' => trans('entities.attachments_deleted')]);
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Uploads\Controllers;
|
|||||||
|
|
||||||
use BookStack\Exceptions\ImageUploadException;
|
use BookStack\Exceptions\ImageUploadException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Uploads\ImageResizer;
|
use BookStack\Uploads\ImageResizer;
|
||||||
use BookStack\Util\OutOfMemoryHandler;
|
use BookStack\Util\OutOfMemoryHandler;
|
||||||
@@ -57,7 +58,7 @@ class DrawioImageController extends Controller
|
|||||||
'uploaded_to' => ['required', 'integer'],
|
'uploaded_to' => ['required', 'integer'],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$this->checkPermission('image-create-all');
|
$this->checkPermission(Permission::ImageCreateAll);
|
||||||
$imageBase64Data = $request->get('image');
|
$imageBase64Data = $request->get('image');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Uploads\Controllers;
|
|||||||
|
|
||||||
use BookStack\Exceptions\ImageUploadException;
|
use BookStack\Exceptions\ImageUploadException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Uploads\ImageResizer;
|
use BookStack\Uploads\ImageResizer;
|
||||||
use BookStack\Util\OutOfMemoryHandler;
|
use BookStack\Util\OutOfMemoryHandler;
|
||||||
@@ -52,7 +53,7 @@ class GalleryImageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('image-create-all');
|
$this->checkPermission(Permission::ImageCreateAll);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ use BookStack\Exceptions\ImageUploadException;
|
|||||||
use BookStack\Exceptions\NotFoundException;
|
use BookStack\Exceptions\NotFoundException;
|
||||||
use BookStack\Exceptions\NotifyException;
|
use BookStack\Exceptions\NotifyException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\Image;
|
use BookStack\Uploads\Image;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Uploads\ImageResizer;
|
use BookStack\Uploads\ImageResizer;
|
||||||
@@ -50,7 +51,7 @@ class ImageController extends Controller
|
|||||||
|
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkImagePermission($image);
|
$this->checkImagePermission($image);
|
||||||
$this->checkOwnablePermission('image-update', $image);
|
$this->checkOwnablePermission(Permission::ImageUpdate, $image);
|
||||||
|
|
||||||
$image = $this->imageRepo->updateImageDetails($image, $data);
|
$image = $this->imageRepo->updateImageDetails($image, $data);
|
||||||
|
|
||||||
@@ -71,7 +72,7 @@ class ImageController extends Controller
|
|||||||
|
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkImagePermission($image);
|
$this->checkImagePermission($image);
|
||||||
$this->checkOwnablePermission('image-update', $image);
|
$this->checkOwnablePermission(Permission::ImageUpdate, $image);
|
||||||
$file = $request->file('file');
|
$file = $request->file('file');
|
||||||
|
|
||||||
new OutOfMemoryHandler(function () {
|
new OutOfMemoryHandler(function () {
|
||||||
@@ -125,7 +126,7 @@ class ImageController extends Controller
|
|||||||
public function destroy(string $id)
|
public function destroy(string $id)
|
||||||
{
|
{
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkOwnablePermission('image-delete', $image);
|
$this->checkOwnablePermission(Permission::ImageDelete, $image);
|
||||||
$this->checkImagePermission($image);
|
$this->checkImagePermission($image);
|
||||||
|
|
||||||
$this->imageRepo->destroyImage($image);
|
$this->imageRepo->destroyImage($image);
|
||||||
@@ -140,7 +141,7 @@ class ImageController extends Controller
|
|||||||
{
|
{
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkImagePermission($image);
|
$this->checkImagePermission($image);
|
||||||
$this->checkOwnablePermission('image-update', $image);
|
$this->checkOwnablePermission(Permission::ImageUpdate, $image);
|
||||||
|
|
||||||
new OutOfMemoryHandler(function () {
|
new OutOfMemoryHandler(function () {
|
||||||
return $this->jsonError(trans('errors.image_thumbnail_memory_limit'));
|
return $this->jsonError(trans('errors.image_thumbnail_memory_limit'));
|
||||||
@@ -163,7 +164,7 @@ class ImageController extends Controller
|
|||||||
|
|
||||||
$relatedPage = $image->getPage();
|
$relatedPage = $image->getPage();
|
||||||
if ($relatedPage) {
|
if ($relatedPage) {
|
||||||
$this->checkOwnablePermission('page-view', $relatedPage);
|
$this->checkOwnablePermission(Permission::PageView, $relatedPage);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Uploads\Controllers;
|
|||||||
|
|
||||||
use BookStack\Entities\Queries\PageQueries;
|
use BookStack\Entities\Queries\PageQueries;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\Image;
|
use BookStack\Uploads\Image;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Uploads\ImageResizer;
|
use BookStack\Uploads\ImageResizer;
|
||||||
@@ -65,7 +66,7 @@ class ImageGalleryApiController extends ApiController
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('image-create-all');
|
$this->checkPermission(Permission::ImageCreateAll);
|
||||||
$data = $this->validate($request, $this->rules()['create']);
|
$data = $this->validate($request, $this->rules()['create']);
|
||||||
$page = $this->pageQueries->findVisibleByIdOrFail($data['uploaded_to']);
|
$page = $this->pageQueries->findVisibleByIdOrFail($data['uploaded_to']);
|
||||||
|
|
||||||
@@ -102,8 +103,8 @@ class ImageGalleryApiController extends ApiController
|
|||||||
{
|
{
|
||||||
$data = $this->validate($request, $this->rules()['update']);
|
$data = $this->validate($request, $this->rules()['update']);
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkOwnablePermission('page-view', $image->getPage());
|
$this->checkOwnablePermission(Permission::PageView, $image->getPage());
|
||||||
$this->checkOwnablePermission('image-update', $image);
|
$this->checkOwnablePermission(Permission::ImageUpdate, $image);
|
||||||
|
|
||||||
$this->imageRepo->updateImageDetails($image, $data);
|
$this->imageRepo->updateImageDetails($image, $data);
|
||||||
if (isset($data['image'])) {
|
if (isset($data['image'])) {
|
||||||
@@ -121,8 +122,8 @@ class ImageGalleryApiController extends ApiController
|
|||||||
public function delete(string $id)
|
public function delete(string $id)
|
||||||
{
|
{
|
||||||
$image = $this->imageRepo->getById($id);
|
$image = $this->imageRepo->getById($id);
|
||||||
$this->checkOwnablePermission('page-view', $image->getPage());
|
$this->checkOwnablePermission(Permission::PageView, $image->getPage());
|
||||||
$this->checkOwnablePermission('image-delete', $image);
|
$this->checkOwnablePermission(Permission::ImageDelete, $image);
|
||||||
$this->imageRepo->destroyImage($image);
|
$this->imageRepo->destroyImage($image);
|
||||||
|
|
||||||
return response('', 204);
|
return response('', 204);
|
||||||
|
|||||||
@@ -3,6 +3,7 @@
|
|||||||
namespace BookStack\Users\Controllers;
|
namespace BookStack\Users\Controllers;
|
||||||
|
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Permissions\PermissionsRepo;
|
use BookStack\Permissions\PermissionsRepo;
|
||||||
use BookStack\Users\Models\Role;
|
use BookStack\Users\Models\Role;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
@@ -38,7 +39,7 @@ class RoleApiController extends ApiController
|
|||||||
) {
|
) {
|
||||||
// Checks for all endpoints in this controller
|
// Checks for all endpoints in this controller
|
||||||
$this->middleware(function ($request, $next) {
|
$this->middleware(function ($request, $next) {
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Users\Controllers;
|
|||||||
|
|
||||||
use BookStack\Exceptions\PermissionsException;
|
use BookStack\Exceptions\PermissionsException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Permissions\PermissionsRepo;
|
use BookStack\Permissions\PermissionsRepo;
|
||||||
use BookStack\Users\Models\Role;
|
use BookStack\Users\Models\Role;
|
||||||
use BookStack\Users\Queries\RolesAllPaginatedAndSorted;
|
use BookStack\Users\Queries\RolesAllPaginatedAndSorted;
|
||||||
@@ -23,7 +24,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
|
|
||||||
$listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
|
$listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
|
||||||
'display_name' => trans('common.sort_name'),
|
'display_name' => trans('common.sort_name'),
|
||||||
@@ -49,7 +50,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
|
|
||||||
/** @var ?Role $role */
|
/** @var ?Role $role */
|
||||||
$role = null;
|
$role = null;
|
||||||
@@ -71,7 +72,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Request $request)
|
public function store(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
$data = $this->validate($request, [
|
$data = $this->validate($request, [
|
||||||
'display_name' => ['required', 'min:3', 'max:180'],
|
'display_name' => ['required', 'min:3', 'max:180'],
|
||||||
'description' => ['max:180'],
|
'description' => ['max:180'],
|
||||||
@@ -92,7 +93,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function edit(string $id)
|
public function edit(string $id)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
$role = $this->permissionsRepo->getRoleById($id);
|
$role = $this->permissionsRepo->getRoleById($id);
|
||||||
|
|
||||||
$this->setPageTitle(trans('settings.role_edit'));
|
$this->setPageTitle(trans('settings.role_edit'));
|
||||||
@@ -105,7 +106,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function update(Request $request, string $id)
|
public function update(Request $request, string $id)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
$data = $this->validate($request, [
|
$data = $this->validate($request, [
|
||||||
'display_name' => ['required', 'min:3', 'max:180'],
|
'display_name' => ['required', 'min:3', 'max:180'],
|
||||||
'description' => ['max:180'],
|
'description' => ['max:180'],
|
||||||
@@ -127,7 +128,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function showDelete(string $id)
|
public function showDelete(string $id)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
$role = $this->permissionsRepo->getRoleById($id);
|
$role = $this->permissionsRepo->getRoleById($id);
|
||||||
$roles = $this->permissionsRepo->getAllRolesExcept($role);
|
$roles = $this->permissionsRepo->getAllRolesExcept($role);
|
||||||
$blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
|
$blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
|
||||||
@@ -146,7 +147,7 @@ class RoleController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function delete(Request $request, string $id)
|
public function delete(Request $request, string $id)
|
||||||
{
|
{
|
||||||
$this->checkPermission('user-roles-manage');
|
$this->checkPermission(Permission::UserRolesManage);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
|
$migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace BookStack\Users\Controllers;
|
|||||||
|
|
||||||
use BookStack\Access\SocialDriverManager;
|
use BookStack\Access\SocialDriverManager;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Permissions\PermissionApplicator;
|
use BookStack\Permissions\PermissionApplicator;
|
||||||
use BookStack\Settings\UserNotificationPreferences;
|
use BookStack\Settings\UserNotificationPreferences;
|
||||||
use BookStack\Settings\UserShortcutMap;
|
use BookStack\Settings\UserShortcutMap;
|
||||||
@@ -122,7 +123,7 @@ class UserAccountController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function showNotifications(PermissionApplicator $permissions)
|
public function showNotifications(PermissionApplicator $permissions)
|
||||||
{
|
{
|
||||||
$this->checkPermission('receive-notifications');
|
$this->checkPermission(Permission::ReceiveNotifications);
|
||||||
|
|
||||||
$preferences = (new UserNotificationPreferences(user()));
|
$preferences = (new UserNotificationPreferences(user()));
|
||||||
|
|
||||||
@@ -145,7 +146,7 @@ class UserAccountController extends Controller
|
|||||||
public function updateNotifications(Request $request)
|
public function updateNotifications(Request $request)
|
||||||
{
|
{
|
||||||
$this->preventAccessInDemoMode();
|
$this->preventAccessInDemoMode();
|
||||||
$this->checkPermission('receive-notifications');
|
$this->checkPermission(Permission::ReceiveNotifications);
|
||||||
$data = $this->validate($request, [
|
$data = $this->validate($request, [
|
||||||
'preferences' => ['required', 'array'],
|
'preferences' => ['required', 'array'],
|
||||||
'preferences.*' => ['required', 'string'],
|
'preferences.*' => ['required', 'string'],
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ namespace BookStack\Users\Controllers;
|
|||||||
|
|
||||||
use BookStack\Exceptions\UserUpdateException;
|
use BookStack\Exceptions\UserUpdateException;
|
||||||
use BookStack\Http\ApiController;
|
use BookStack\Http\ApiController;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Users\Models\User;
|
use BookStack\Users\Models\User;
|
||||||
use BookStack\Users\UserRepo;
|
use BookStack\Users\UserRepo;
|
||||||
use Closure;
|
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Support\Facades\DB;
|
use Illuminate\Support\Facades\DB;
|
||||||
use Illuminate\Validation\Rules\Password;
|
use Illuminate\Validation\Rules\Password;
|
||||||
@@ -26,7 +26,7 @@ class UserApiController extends ApiController
|
|||||||
|
|
||||||
// Checks for all endpoints in this controller
|
// Checks for all endpoints in this controller
|
||||||
$this->middleware(function ($request, $next) {
|
$this->middleware(function ($request, $next) {
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
$this->preventAccessInDemoMode();
|
$this->preventAccessInDemoMode();
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ use BookStack\Access\UserInviteException;
|
|||||||
use BookStack\Exceptions\ImageUploadException;
|
use BookStack\Exceptions\ImageUploadException;
|
||||||
use BookStack\Exceptions\UserUpdateException;
|
use BookStack\Exceptions\UserUpdateException;
|
||||||
use BookStack\Http\Controller;
|
use BookStack\Http\Controller;
|
||||||
|
use BookStack\Permissions\Permission;
|
||||||
use BookStack\Uploads\ImageRepo;
|
use BookStack\Uploads\ImageRepo;
|
||||||
use BookStack\Users\Models\Role;
|
use BookStack\Users\Models\Role;
|
||||||
use BookStack\Users\Queries\UsersAllPaginatedAndSorted;
|
use BookStack\Users\Queries\UsersAllPaginatedAndSorted;
|
||||||
@@ -32,7 +33,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$listOptions = SimpleListOptions::fromRequest($request, 'users')->withSortOptions([
|
$listOptions = SimpleListOptions::fromRequest($request, 'users')->withSortOptions([
|
||||||
'name' => trans('common.sort_name'),
|
'name' => trans('common.sort_name'),
|
||||||
@@ -58,7 +59,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
$authMethod = config('auth.method');
|
$authMethod = config('auth.method');
|
||||||
$roles = Role::query()->orderBy('display_name', 'asc')->get();
|
$roles = Role::query()->orderBy('display_name', 'asc')->get();
|
||||||
$this->setPageTitle(trans('settings.users_add_new'));
|
$this->setPageTitle(trans('settings.users_add_new'));
|
||||||
@@ -73,7 +74,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Request $request)
|
public function store(Request $request)
|
||||||
{
|
{
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$authMethod = config('auth.method');
|
$authMethod = config('auth.method');
|
||||||
$sendInvite = ($request->get('send_invite', 'false') === 'true');
|
$sendInvite = ($request->get('send_invite', 'false') === 'true');
|
||||||
@@ -111,7 +112,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function edit(int $id, SocialDriverManager $socialDriverManager)
|
public function edit(int $id, SocialDriverManager $socialDriverManager)
|
||||||
{
|
{
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$user = $this->userRepo->getById($id);
|
$user = $this->userRepo->getById($id);
|
||||||
$user->load(['apiTokens', 'mfaValues']);
|
$user->load(['apiTokens', 'mfaValues']);
|
||||||
@@ -141,7 +142,7 @@ class UserController extends Controller
|
|||||||
public function update(Request $request, int $id)
|
public function update(Request $request, int $id)
|
||||||
{
|
{
|
||||||
$this->preventAccessInDemoMode();
|
$this->preventAccessInDemoMode();
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$validated = $this->validate($request, [
|
$validated = $this->validate($request, [
|
||||||
'name' => ['min:1', 'max:100'],
|
'name' => ['min:1', 'max:100'],
|
||||||
@@ -182,7 +183,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function delete(int $id)
|
public function delete(int $id)
|
||||||
{
|
{
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$user = $this->userRepo->getById($id);
|
$user = $this->userRepo->getById($id);
|
||||||
$this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
|
$this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
|
||||||
@@ -198,7 +199,7 @@ class UserController extends Controller
|
|||||||
public function destroy(Request $request, int $id)
|
public function destroy(Request $request, int $id)
|
||||||
{
|
{
|
||||||
$this->preventAccessInDemoMode();
|
$this->preventAccessInDemoMode();
|
||||||
$this->checkPermission('users-manage');
|
$this->checkPermission(Permission::UsersManage);
|
||||||
|
|
||||||
$user = $this->userRepo->getById($id);
|
$user = $this->userRepo->getById($id);
|
||||||
$newOwnerId = intval($request->get('new_owner_id')) ?: null;
|
$newOwnerId = intval($request->get('new_owner_id')) ?: null;
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
<div class="actions mb-xl">
|
<div class="actions mb-xl">
|
||||||
<h5>{{ trans('common.actions') }}</h5>
|
<h5>{{ trans('common.actions') }}</h5>
|
||||||
<div class="icon-list text-link">
|
<div class="icon-list text-link">
|
||||||
@if(user()->can('book-create-all'))
|
@if(userCan('book-create-all'))
|
||||||
<a href="{{ url("/create-book") }}" class="icon-list-item">
|
<a href="{{ url("/create-book") }}" class="icon-list-item">
|
||||||
<span>@icon('add')</span>
|
<span>@icon('add')</span>
|
||||||
<span>{{ trans('entities.books_create') }}</span>
|
<span>{{ trans('entities.books_create') }}</span>
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
<div class="actions mb-xl">
|
<div class="actions mb-xl">
|
||||||
<h5>{{ trans('common.actions') }}</h5>
|
<h5>{{ trans('common.actions') }}</h5>
|
||||||
<div class="icon-list text-link">
|
<div class="icon-list text-link">
|
||||||
@if(user()->can('bookshelf-create-all'))
|
@if(userCan('bookshelf-create-all'))
|
||||||
<a href="{{ url("/create-shelf") }}" class="icon-list-item">
|
<a href="{{ url("/create-shelf") }}" class="icon-list-item">
|
||||||
<span>@icon('add')</span>
|
<span>@icon('add')</span>
|
||||||
<span>{{ trans('entities.shelves_new_action') }}</span>
|
<span>{{ trans('entities.shelves_new_action') }}</span>
|
||||||
|
|||||||
Reference in New Issue
Block a user