mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-10-22 07:52:19 +03:00
Permissions: Updated use of helpers to use enums
Also added middlware method to Permission enum to allow easier usage with controller middleware.
This commit is contained in:
Dan Brown
@@ -6,6 +6,7 @@ use BookStack\Activity\ActivityType;
|
||||
use BookStack\Activity\Models\Webhook;
|
||||
use BookStack\Activity\Queries\WebhooksAllPaginatedAndSorted;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\Util\SimpleListOptions;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
@@ -14,7 +15,7 @@ class WebhookController extends Controller
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware([
|
||||
'can:settings-manage',
|
||||
Permission::SettingsManage->middleware()
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ class CommentTree
|
||||
public function canUpdateAny(): bool
|
||||
{
|
||||
foreach ($this->comments as $comment) {
|
||||
if (userCan('comment-update', $comment)) {
|
||||
if (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,14 +26,14 @@ class TagClassGenerator
|
||||
array_push($classes, ...$this->generateClassesForTag($tag));
|
||||
}
|
||||
|
||||
if ($this->entity instanceof BookChild && userCan('view', $this->entity->book)) {
|
||||
if ($this->entity instanceof BookChild && userCan(\BookStack\Permissions\Permission::View, $this->entity->book)) {
|
||||
$bookTags = $this->entity->book->tags;
|
||||
foreach ($bookTags as $bookTag) {
|
||||
array_push($classes, ...$this->generateClassesForTag($bookTag, 'book-'));
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->entity instanceof Page && $this->entity->chapter && userCan('view', $this->entity->chapter)) {
|
||||
if ($this->entity instanceof Page && $this->entity->chapter && userCan(\BookStack\Permissions\Permission::View, $this->entity->chapter)) {
|
||||
$chapterTags = $this->entity->chapter->tags;
|
||||
foreach ($chapterTags as $chapterTag) {
|
||||
array_push($classes, ...$this->generateClassesForTag($chapterTag, 'chapter-'));
|
||||
|
||||
@@ -342,7 +342,7 @@ class PageController extends Controller
|
||||
|
||||
$this->showSuccessNotification(trans('entities.pages_delete_draft_success'));
|
||||
|
||||
if ($chapter && userCan('view', $chapter)) {
|
||||
if ($chapter && userCan(\BookStack\Permissions\Permission::View, $chapter)) {
|
||||
return redirect($chapter->getUrl());
|
||||
}
|
||||
|
||||
|
||||
@@ -87,7 +87,7 @@ class ChapterRepo
|
||||
throw new MoveOperationException('Book to move chapter into not found');
|
||||
}
|
||||
|
||||
if (!userCan('chapter-create', $parent)) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::ChapterCreate, $parent)) {
|
||||
throw new PermissionsException('User does not have permission to create a chapter within the chosen book');
|
||||
}
|
||||
|
||||
|
||||
@@ -55,7 +55,7 @@ class PageRepo
|
||||
}
|
||||
|
||||
$defaultTemplate = $page->chapter->defaultTemplate ?? $page->book->defaultTemplate;
|
||||
if ($defaultTemplate && userCan('view', $defaultTemplate)) {
|
||||
if ($defaultTemplate && userCan(\BookStack\Permissions\Permission::View, $defaultTemplate)) {
|
||||
$page->forceFill([
|
||||
'html' => $defaultTemplate->html,
|
||||
'markdown' => $defaultTemplate->markdown,
|
||||
@@ -142,7 +142,7 @@ class PageRepo
|
||||
|
||||
protected function updateTemplateStatusAndContentFromInput(Page $page, array $input): void
|
||||
{
|
||||
if (isset($input['template']) && userCan('templates-manage')) {
|
||||
if (isset($input['template']) && userCan(\BookStack\Permissions\Permission::TemplatesManage)) {
|
||||
$page->template = ($input['template'] === 'true');
|
||||
}
|
||||
|
||||
@@ -165,7 +165,7 @@ class PageRepo
|
||||
$pageContent->setNewHTML($input['html'], user());
|
||||
}
|
||||
|
||||
if (($newEditor !== $currentEditor || empty($page->editor)) && userCan('editor-change')) {
|
||||
if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(\BookStack\Permissions\Permission::EditorChange)) {
|
||||
$page->editor = $newEditor->value;
|
||||
} elseif (empty($page->editor)) {
|
||||
$page->editor = $defaultEditor->value;
|
||||
@@ -271,7 +271,7 @@ class PageRepo
|
||||
throw new MoveOperationException('Book or chapter to move page into not found');
|
||||
}
|
||||
|
||||
if (!userCan('page-create', $parent)) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) {
|
||||
throw new PermissionsException('User does not have permission to create a page within the new parent');
|
||||
}
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ class Cloner
|
||||
|
||||
$copyChapter = $this->chapterRepo->create($chapterDetails, $parent);
|
||||
|
||||
if (userCan('page-create', $copyChapter)) {
|
||||
if (userCan(\BookStack\Permissions\Permission::PageCreate, $copyChapter)) {
|
||||
/** @var Page $page */
|
||||
foreach ($original->getVisiblePages() as $page) {
|
||||
$this->clonePage($page, $copyChapter, $page->name);
|
||||
@@ -74,11 +74,11 @@ class Cloner
|
||||
// Clone contents
|
||||
$directChildren = $original->getDirectVisibleChildren();
|
||||
foreach ($directChildren as $child) {
|
||||
if ($child instanceof Chapter && userCan('chapter-create', $copyBook)) {
|
||||
if ($child instanceof Chapter && userCan(\BookStack\Permissions\Permission::ChapterCreate, $copyBook)) {
|
||||
$this->cloneChapter($child, $copyBook, $child->name);
|
||||
}
|
||||
|
||||
if ($child instanceof Page && !$child->draft && userCan('page-create', $copyBook)) {
|
||||
if ($child instanceof Page && !$child->draft && userCan(\BookStack\Permissions\Permission::PageCreate, $copyBook)) {
|
||||
$this->clonePage($child, $copyBook, $child->name);
|
||||
}
|
||||
}
|
||||
@@ -86,7 +86,7 @@ class Cloner
|
||||
// Clone bookshelf relationships
|
||||
/** @var Bookshelf $shelf */
|
||||
foreach ($original->shelves as $shelf) {
|
||||
if (userCan('bookshelf-update', $shelf)) {
|
||||
if (userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf)) {
|
||||
$shelf->appendBook($copyBook);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -100,7 +100,7 @@ class PageEditorData
|
||||
|
||||
// Use requested editor if valid and if we have permission
|
||||
$requestedType = PageEditorType::fromRequestValue($this->requestedEditor);
|
||||
if ($requestedType && userCan('editor-change')) {
|
||||
if ($requestedType && userCan(\BookStack\Permissions\Permission::EditorChange)) {
|
||||
$editorType = $requestedType;
|
||||
}
|
||||
|
||||
|
||||
@@ -150,7 +150,7 @@ class PermissionsUpdater
|
||||
|
||||
/** @var Book $book */
|
||||
foreach ($shelfBooks as $book) {
|
||||
if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {
|
||||
if ($checkUserPermissions && !userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) {
|
||||
continue;
|
||||
}
|
||||
$book->permissions()->delete();
|
||||
|
||||
@@ -6,6 +6,7 @@ use BookStack\Entities\Queries\BookQueries;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\ApiController;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class BookExportApiController extends ApiController
|
||||
@@ -14,7 +15,7 @@ class BookExportApiController extends ApiController
|
||||
protected ExportFormatter $exportFormatter,
|
||||
protected BookQueries $queries,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -7,6 +7,7 @@ use BookStack\Exceptions\NotFoundException;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class BookExportController extends Controller
|
||||
@@ -15,7 +16,7 @@ class BookExportController extends Controller
|
||||
protected BookQueries $queries,
|
||||
protected ExportFormatter $exportFormatter,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
$this->middleware('throttle:exports');
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ use BookStack\Entities\Queries\ChapterQueries;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\ApiController;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class ChapterExportApiController extends ApiController
|
||||
@@ -14,7 +15,7 @@ class ChapterExportApiController extends ApiController
|
||||
protected ExportFormatter $exportFormatter,
|
||||
protected ChapterQueries $queries,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -7,6 +7,7 @@ use BookStack\Exceptions\NotFoundException;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class ChapterExportController extends Controller
|
||||
@@ -15,7 +16,7 @@ class ChapterExportController extends Controller
|
||||
protected ChapterQueries $queries,
|
||||
protected ExportFormatter $exportFormatter,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
$this->middleware('throttle:exports');
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ use BookStack\Exceptions\ZipImportException;
|
||||
use BookStack\Exceptions\ZipValidationException;
|
||||
use BookStack\Exports\ImportRepo;
|
||||
use BookStack\Http\ApiController;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\Uploads\AttachmentService;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -18,7 +19,7 @@ class ImportApiController extends ApiController
|
||||
public function __construct(
|
||||
protected ImportRepo $imports,
|
||||
) {
|
||||
$this->middleware('can:content-import');
|
||||
$this->middleware(Permission::ContentImport->middleware());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -8,6 +8,7 @@ use BookStack\Exceptions\ZipImportException;
|
||||
use BookStack\Exceptions\ZipValidationException;
|
||||
use BookStack\Exports\ImportRepo;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\Uploads\AttachmentService;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
@@ -16,7 +17,7 @@ class ImportController extends Controller
|
||||
public function __construct(
|
||||
protected ImportRepo $imports,
|
||||
) {
|
||||
$this->middleware('can:content-import');
|
||||
$this->middleware(Permission::ContentImport->middleware());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -6,6 +6,7 @@ use BookStack\Entities\Queries\PageQueries;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\ApiController;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class PageExportApiController extends ApiController
|
||||
@@ -14,7 +15,7 @@ class PageExportApiController extends ApiController
|
||||
protected ExportFormatter $exportFormatter,
|
||||
protected PageQueries $queries,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -8,6 +8,7 @@ use BookStack\Exceptions\NotFoundException;
|
||||
use BookStack\Exports\ExportFormatter;
|
||||
use BookStack\Exports\ZipExports\ZipExportBuilder;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Throwable;
|
||||
|
||||
class PageExportController extends Controller
|
||||
@@ -16,7 +17,7 @@ class PageExportController extends Controller
|
||||
protected PageQueries $queries,
|
||||
protected ExportFormatter $exportFormatter,
|
||||
) {
|
||||
$this->middleware('can:content-export');
|
||||
$this->middleware(Permission::ContentExport->middleware());
|
||||
$this->middleware('throttle:exports');
|
||||
}
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ class ImportRepo
|
||||
{
|
||||
$query = Import::query();
|
||||
|
||||
if (!userCan('settings-manage')) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) {
|
||||
$query->where('created_by', user()->id);
|
||||
}
|
||||
|
||||
@@ -57,7 +57,7 @@ class ImportRepo
|
||||
{
|
||||
$query = Import::query();
|
||||
|
||||
if (!userCan('settings-manage')) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) {
|
||||
$query->where('created_by', user()->id);
|
||||
}
|
||||
|
||||
|
||||
@@ -135,7 +135,7 @@ class ZipExportReferences
|
||||
// Find and include images if in visibility
|
||||
$page = $model->getPage();
|
||||
$pageExportModel = $this->pages[$page->id] ?? ($exportModel instanceof ZipExportPage ? $exportModel : null);
|
||||
if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan('view', $page))) {
|
||||
if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(\BookStack\Permissions\Permission::View, $page))) {
|
||||
if (!isset($this->images[$model->id])) {
|
||||
$exportImage = ZipExportImage::fromModel($model, $files);
|
||||
$this->images[$model->id] = $exportImage;
|
||||
|
||||
@@ -288,7 +288,7 @@ class ZipImportRunner
|
||||
$attachments = [];
|
||||
|
||||
if ($exportModel instanceof ZipExportBook) {
|
||||
if (!userCan('book-create-all')) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::BookCreateAll)) {
|
||||
$errors[] = trans('errors.import_perms_books');
|
||||
}
|
||||
array_push($pages, ...$exportModel->pages);
|
||||
@@ -317,11 +317,11 @@ class ZipImportRunner
|
||||
|
||||
if (count($pages) > 0) {
|
||||
if ($parent) {
|
||||
if (!userCan('page-create', $parent)) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) {
|
||||
$errors[] = trans('errors.import_perms_pages');
|
||||
}
|
||||
} else {
|
||||
$hasPermission = userCan('page-create-all') || userCan('page-create-own');
|
||||
$hasPermission = userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn);
|
||||
if (!$hasPermission) {
|
||||
$errors[] = trans('errors.import_perms_pages');
|
||||
}
|
||||
@@ -329,13 +329,13 @@ class ZipImportRunner
|
||||
}
|
||||
|
||||
if (count($images) > 0) {
|
||||
if (!userCan('image-create-all')) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::ImageCreateAll)) {
|
||||
$errors[] = trans('errors.import_perms_images');
|
||||
}
|
||||
}
|
||||
|
||||
if (count($attachments) > 0) {
|
||||
if (!userCan('attachment-create-all')) {
|
||||
if (!userCan(\BookStack\Permissions\Permission::AttachmentCreateAll)) {
|
||||
$errors[] = trans('errors.import_perms_attachments');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -132,4 +132,13 @@ enum Permission: string
|
||||
self::Delete,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the application permission-check middleware-string for this permission.
|
||||
* Uses registered CheckUserHasPermission middleware.
|
||||
*/
|
||||
public function middleware(): string
|
||||
{
|
||||
return 'can:' . $this->value;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -187,11 +187,11 @@ class BookSorter
|
||||
|
||||
$hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0));
|
||||
if ($model instanceof Chapter) {
|
||||
$hasPermission = userCan('book-update', $currentParent)
|
||||
&& userCan('book-update', $newBook)
|
||||
&& userCan('chapter-update', $model)
|
||||
&& (!$hasNewParent || userCan('chapter-create', $newBook))
|
||||
&& (!$hasNewParent || userCan('chapter-delete', $model));
|
||||
$hasPermission = userCan(\BookStack\Permissions\Permission::BookUpdate, $currentParent)
|
||||
&& userCan(\BookStack\Permissions\Permission::BookUpdate, $newBook)
|
||||
&& userCan(\BookStack\Permissions\Permission::ChapterUpdate, $model)
|
||||
&& (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterCreate, $newBook))
|
||||
&& (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterDelete, $model));
|
||||
|
||||
if (!$hasPermission) {
|
||||
return false;
|
||||
@@ -210,13 +210,13 @@ class BookSorter
|
||||
return false;
|
||||
}
|
||||
|
||||
$hasPageEditPermission = userCan('page-update', $model);
|
||||
$hasPageEditPermission = userCan(\BookStack\Permissions\Permission::PageUpdate, $model);
|
||||
$newParentInRightLocation = ($newParent instanceof Book || ($newParent instanceof Chapter && $newParent->book_id === $newBook->id));
|
||||
$newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update';
|
||||
$hasNewParentPermission = userCan($newParentPermission, $newParent);
|
||||
|
||||
$hasDeletePermissionIfMoving = (!$hasNewParent || userCan('page-delete', $model));
|
||||
$hasCreatePermissionIfMoving = (!$hasNewParent || userCan('page-create', $newParent));
|
||||
$hasDeletePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageDelete, $model));
|
||||
$hasCreatePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageCreate, $newParent));
|
||||
|
||||
$hasPermission = $hasCurrentParentPermission
|
||||
&& $newParentInRightLocation
|
||||
|
||||
@@ -4,13 +4,14 @@ namespace BookStack\Sorting;
|
||||
|
||||
use BookStack\Activity\ActivityType;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class SortRuleController extends Controller
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('can:settings-manage');
|
||||
$this->middleware(Permission::SettingsManage->middleware());
|
||||
}
|
||||
|
||||
public function create()
|
||||
|
||||
@@ -82,7 +82,7 @@ class DrawioImageController extends Controller
|
||||
return $this->jsonError(trans('errors.drawing_data_not_found'), 404);
|
||||
}
|
||||
|
||||
if ($image->type !== 'drawio' || !userCan('page-view', $image->getPage())) {
|
||||
if ($image->type !== 'drawio' || !userCan(\BookStack\Permissions\Permission::PageView, $image->getPage())) {
|
||||
return $this->jsonError(trans('errors.drawing_data_not_found'), 404);
|
||||
}
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ class UserAccountController extends Controller
|
||||
'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()),
|
||||
]);
|
||||
|
||||
$this->userRepo->update($user, $validated, userCan('users-manage'));
|
||||
$this->userRepo->update($user, $validated, userCan(\BookStack\Permissions\Permission::UsersManage));
|
||||
|
||||
// Save profile image if in request
|
||||
if ($request->hasFile('profile_image')) {
|
||||
@@ -219,7 +219,7 @@ class UserAccountController extends Controller
|
||||
$this->preventAccessInDemoMode();
|
||||
|
||||
$requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
|
||||
$newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;
|
||||
$newOwnerId = userCan(\BookStack\Permissions\Permission::UsersManage) ? $requestNewOwnerId : null;
|
||||
|
||||
$this->userRepo->destroy(user(), $newOwnerId);
|
||||
|
||||
|
||||
@@ -125,7 +125,7 @@ class UserApiController extends ApiController
|
||||
{
|
||||
$data = $this->validate($request, $this->rules($id)['update']);
|
||||
$user = $this->userRepo->getById($id);
|
||||
$this->userRepo->update($user, $data, userCan('users-manage'));
|
||||
$this->userRepo->update($user, $data, userCan(\BookStack\Permissions\Permission::UsersManage));
|
||||
$this->singleFormatter($user);
|
||||
|
||||
return response()->json($user);
|
||||
|
||||
@@ -15,9 +15,9 @@ class UserSearchController extends Controller
|
||||
public function forSelect(Request $request)
|
||||
{
|
||||
$hasPermission = !user()->isGuest() && (
|
||||
userCan('users-manage')
|
||||
|| userCan('restrictions-manage-own')
|
||||
|| userCan('restrictions-manage-all')
|
||||
userCan(\BookStack\Permissions\Permission::UsersManage)
|
||||
|| userCan(\BookStack\Permissions\Permission::RestrictionsManageOwn)
|
||||
|| userCan(\BookStack\Permissions\Permission::RestrictionsManageAll)
|
||||
);
|
||||
|
||||
if (!$hasPermission) {
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
type="button"
|
||||
title="{{ trans('entities.attachments_insert_link') }}"
|
||||
class="drag-card-action text-center text-link">@icon('link')</button>
|
||||
@if(userCan('attachment-update', $attachment))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AttachmentUpdate, $attachment))
|
||||
<button component="event-emit-select"
|
||||
option:event-emit-select:name="edit"
|
||||
option:event-emit-select:id="{{ $attachment->id }}"
|
||||
@@ -24,7 +24,7 @@
|
||||
title="{{ trans('common.edit') }}"
|
||||
class="drag-card-action text-center text-link">@icon('edit')</button>
|
||||
@endif
|
||||
@if(userCan('attachment-delete', $attachment))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AttachmentDelete, $attachment))
|
||||
<div component="dropdown" class="flex-fill relative">
|
||||
<button refs="dropdown@toggle"
|
||||
type="button"
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
</main>
|
||||
|
||||
|
||||
@if(userCan('book-delete', $book) && userCan('book-create-all') && userCan('bookshelf-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookDelete, $book) && userCan(\BookStack\Permissions\Permission::BookCreateAll) && userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
|
||||
@include('books.parts.convert-to-shelf', ['book' => $book])
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
<div class="actions mb-xl">
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
@if(userCan('book-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
|
||||
<a href="{{ url("/create-book") }}" data-shortcut="new" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.books_create') }}</span>
|
||||
@@ -50,7 +50,7 @@
|
||||
<span>{{ trans('entities.tags_view_tags') }}</span>
|
||||
</a>
|
||||
|
||||
@if(userCan('content-import'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ContentImport))
|
||||
<a href="{{ url('/import') }}" class="icon-list-item">
|
||||
<span>@icon('upload')</span>
|
||||
<span>{{ trans('entities.import') }}</span>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
</div>
|
||||
@else
|
||||
<p class="text-muted">{{ trans('entities.books_empty') }}</p>
|
||||
@if(userCan('book-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
|
||||
<div class="icon-list block inline">
|
||||
<a href="{{ url("/create-book") }}"
|
||||
class="icon-list-item text-book">
|
||||
|
||||
@@ -43,13 +43,13 @@
|
||||
<p class="text-muted italic mb-m mt-xl">{{ trans('entities.books_empty_contents') }}</p>
|
||||
|
||||
<div class="icon-list block inline">
|
||||
@if(userCan('page-create', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $book))
|
||||
<a href="{{ $book->getUrl('/create-page') }}" class="icon-list-item text-page">
|
||||
<span class="icon">@icon('page')</span>
|
||||
<span>{{ trans('entities.books_empty_create_page') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('chapter-create', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book))
|
||||
<a href="{{ $book->getUrl('/create-chapter') }}" class="icon-list-item text-chapter">
|
||||
<span class="icon">@icon('chapter')</span>
|
||||
<span>{{ trans('entities.books_empty_add_chapter') }}</span>
|
||||
@@ -73,7 +73,7 @@
|
||||
@include('entities.meta', ['entity' => $book, 'watchOptions' => $watchOptions])
|
||||
@if($book->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
|
||||
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.books_permissions_active') }}</div>
|
||||
@@ -93,13 +93,13 @@
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
|
||||
@if(userCan('page-create', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $book))
|
||||
<a href="{{ $book->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.pages_new') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('chapter-create', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book))
|
||||
<a href="{{ $book->getUrl('/create-chapter') }}" data-shortcut="new" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.chapters_new') }}</span>
|
||||
@@ -108,7 +108,7 @@
|
||||
|
||||
<hr class="primary-background">
|
||||
|
||||
@if(userCan('book-update', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book))
|
||||
<a href="{{ $book->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
|
||||
<span>@icon('edit')</span>
|
||||
<span>{{ trans('common.edit') }}</span>
|
||||
@@ -118,19 +118,19 @@
|
||||
<span>{{ trans('common.sort') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('book-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
|
||||
<a href="{{ $book->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
|
||||
<span>@icon('copy')</span>
|
||||
<span>{{ trans('common.copy') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('restrictions-manage', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
|
||||
<a href="{{ $book->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
|
||||
<span>@icon('lock')</span>
|
||||
<span>{{ trans('entities.permissions') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('book-delete', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookDelete, $book))
|
||||
<a href="{{ $book->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
|
||||
<span>@icon('delete')</span>
|
||||
<span>{{ trans('common.delete') }}</span>
|
||||
@@ -145,7 +145,7 @@
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $book])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
|
||||
@include('entities.export-menu', ['entity' => $book])
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
</form>
|
||||
</main>
|
||||
|
||||
@if(userCan('chapter-delete', $chapter) && userCan('book-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter) && userCan(\BookStack\Permissions\Permission::BookCreateAll))
|
||||
@include('chapters.parts.convert-to-book')
|
||||
@endif
|
||||
|
||||
|
||||
@@ -37,13 +37,13 @@
|
||||
<p class="text-muted italic mb-m mt-xl">{{ trans('entities.chapters_empty') }}</p>
|
||||
|
||||
<div class="icon-list block inline">
|
||||
@if(userCan('page-create', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/create-page') }}" class="icon-list-item text-page">
|
||||
<span class="icon">@icon('page')</span>
|
||||
<span>{{ trans('entities.books_empty_create_page') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('book-update', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book))
|
||||
<a href="{{ $book->getUrl('/sort') }}" class="icon-list-item text-book">
|
||||
<span class="icon">@icon('book')</span>
|
||||
<span>{{ trans('entities.books_empty_sort_current_book') }}</span>
|
||||
@@ -71,7 +71,7 @@
|
||||
|
||||
@if($book->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
|
||||
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.books_permissions_active') }}</div>
|
||||
@@ -87,7 +87,7 @@
|
||||
|
||||
@if($chapter->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.chapters_permissions_active') }}</div>
|
||||
@@ -107,7 +107,7 @@
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
|
||||
@if(userCan('page-create', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.pages_new') }}</span>
|
||||
@@ -116,38 +116,38 @@
|
||||
|
||||
<hr class="primary-background"/>
|
||||
|
||||
@if(userCan('chapter-update', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
|
||||
<span>@icon('edit')</span>
|
||||
<span>{{ trans('common.edit') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCanOnAny('create', \BookStack\Entities\Models\Book::class) || userCan('chapter-create-all') || userCan('chapter-create-own'))
|
||||
@if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCan(\BookStack\Permissions\Permission::ChapterCreateAll) || userCan(\BookStack\Permissions\Permission::ChapterCreateOwn))
|
||||
<a href="{{ $chapter->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
|
||||
<span>@icon('copy')</span>
|
||||
<span>{{ trans('common.copy') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('chapter-update', $chapter) && userCan('chapter-delete', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter) && userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
|
||||
<span>@icon('folder')</span>
|
||||
<span>{{ trans('common.move') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('restrictions-manage', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
|
||||
<span>@icon('lock')</span>
|
||||
<span>{{ trans('entities.permissions') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('chapter-delete', $chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
|
||||
<a href="{{ $chapter->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
|
||||
<span>@icon('delete')</span>
|
||||
<span>{{ trans('common.delete') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
|
||||
@if($chapter->book && userCan('book-update', $chapter->book))
|
||||
@if($chapter->book && userCan(\BookStack\Permissions\Permission::BookUpdate, $chapter->book))
|
||||
<hr class="primary-background"/>
|
||||
<a href="{{ $chapter->book->getUrl('/sort') }}" data-shortcut="sort" class="icon-list-item">
|
||||
<span>@icon('sort')</span>
|
||||
@@ -163,7 +163,7 @@
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $chapter])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
|
||||
@include('entities.export-menu', ['entity' => $chapter])
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -33,23 +33,23 @@
|
||||
@endif
|
||||
</div>
|
||||
<div class="right-meta flex-container-row justify-flex-end items-center px-s">
|
||||
@if(!$readOnly && (userCan('comment-create-all') || userCan('comment-update', $comment) || userCan('comment-delete', $comment)))
|
||||
@if(!$readOnly && (userCan(\BookStack\Permissions\Permission::CommentCreateAll) || userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment) || userCan(\BookStack\Permissions\Permission::CommentDelete, $comment)))
|
||||
<div class="actions mr-s">
|
||||
@if(userCan('comment-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::CommentCreateAll))
|
||||
<button refs="page-comment@reply-button" type="button"
|
||||
class="text-button text-muted hover-underline text-small p-xs">@icon('reply') {{ trans('common.reply') }}</button>
|
||||
@endif
|
||||
@if(!$comment->parent_id && (userCan('comment-update', $comment) || userCan('comment-delete', $comment)))
|
||||
@if(!$comment->parent_id && (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment) || userCan(\BookStack\Permissions\Permission::CommentDelete, $comment)))
|
||||
<button refs="page-comment@archive-button"
|
||||
type="button"
|
||||
data-is-archived="{{ $comment->archived ? 'true' : 'false' }}"
|
||||
class="text-button text-muted hover-underline text-small p-xs">@icon('archive') {{ trans('common.' . ($comment->archived ? 'unarchive' : 'archive')) }}</button>
|
||||
@endif
|
||||
@if(userCan('comment-update', $comment))
|
||||
@if(userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment))
|
||||
<button refs="page-comment@edit-button" type="button"
|
||||
class="text-button text-muted hover-underline text-small p-xs">@icon('edit') {{ trans('common.edit') }}</button>
|
||||
@endif
|
||||
@if(userCan('comment-delete', $comment))
|
||||
@if(userCan(\BookStack\Permissions\Permission::CommentDelete, $comment))
|
||||
<div component="dropdown" class="dropdown-container">
|
||||
<button type="button" refs="dropdown@toggle" aria-haspopup="true" aria-expanded="false"
|
||||
class="text-button text-muted hover-underline text-small p-xs">@icon('delete') {{ trans('common.delete') }}</button>
|
||||
@@ -100,7 +100,7 @@
|
||||
{!! $commentHtml !!}
|
||||
</div>
|
||||
|
||||
@if(!$readOnly && userCan('comment-update', $comment))
|
||||
@if(!$readOnly && userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment))
|
||||
<form novalidate refs="page-comment@form" hidden class="content pt-s px-s block">
|
||||
<div class="form-group description-input">
|
||||
<textarea refs="page-comment@input" name="html" rows="3"
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
refs="page-comments@archived-tab"
|
||||
aria-selected="false">{{ trans_choice('entities.comment_archived_count', count($commentTree->getArchived())) }}</button>
|
||||
</div>
|
||||
@if ($commentTree->empty() && userCan('comment-create-all'))
|
||||
@if ($commentTree->empty() && userCan(\BookStack\Permissions\Permission::CommentCreateAll))
|
||||
<div refs="page-comments@add-button-container" class="ml-m flex-container-row" >
|
||||
<button type="button"
|
||||
refs="page-comments@add-comment-button"
|
||||
@@ -45,7 +45,7 @@
|
||||
|
||||
<p class="text-center text-muted italic empty-state">{{ trans('entities.comment_none') }}</p>
|
||||
|
||||
@if(userCan('comment-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::CommentCreateAll))
|
||||
@include('comments.create')
|
||||
@if (!$commentTree->empty())
|
||||
<div refs="page-comments@addButtonContainer" class="ml-m flex-container-row">
|
||||
@@ -70,7 +70,7 @@
|
||||
<p class="text-center text-muted italic empty-state">{{ trans('entities.comment_none') }}</p>
|
||||
</div>
|
||||
|
||||
@if(userCan('comment-create-all') || $commentTree->canUpdateAny())
|
||||
@if(userCan(\BookStack\Permissions\Permission::CommentCreateAll) || $commentTree->canUpdateAny())
|
||||
@push('body-end')
|
||||
@include('form.editor-translations')
|
||||
@include('entities.selector-popup')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
<h5>{{ trans('entities.books_navigation') }}</h5>
|
||||
|
||||
<ul class="sidebar-page-list mt-xs menu entity-list">
|
||||
@if (userCan('view', $book))
|
||||
@if (userCan(\BookStack\Permissions\Permission::View, $book))
|
||||
<li class="list-item-book book">
|
||||
@include('entities.list-item-basic', ['entity' => $book, 'classes' => ($current->matches($book)? 'selected' : '')])
|
||||
</li>
|
||||
|
||||
@@ -38,7 +38,7 @@
|
||||
<span>@icon($crumb['icon'])</span>
|
||||
<span>{{ $crumb['text'] }}</span>
|
||||
</a>
|
||||
@elseif($isEntity && userCan('view', $crumb))
|
||||
@elseif($isEntity && userCan(\BookStack\Permissions\Permission::View, $crumb))
|
||||
@if($breadcrumbCount > 0)
|
||||
@include('entities.breadcrumb-listing', ['entity' => $crumb])
|
||||
@endif
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
<div class="actions mb-xl">
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
@if(userCan('book-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
|
||||
<a href="{{ url("/create-book") }}" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.books_create') }}</span>
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
<div class="actions mb-xl">
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
@if(userCan('bookshelf-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
|
||||
<a href="{{ url("/create-shelf") }}" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.shelves_new_action') }}</span>
|
||||
|
||||
@@ -2,16 +2,16 @@
|
||||
|
||||
@if (user()->hasAppAccess())
|
||||
<a class="hide-over-l" href="{{ url('/search') }}">@icon('search'){{ trans('common.search') }}</a>
|
||||
@if(userCanOnAny('view', \BookStack\Entities\Models\Bookshelf::class) || userCan('bookshelf-view-all') || userCan('bookshelf-view-own'))
|
||||
@if(userCanOnAny(\BookStack\Permissions\Permission::View, \BookStack\Entities\Models\Bookshelf::class) || userCan(\BookStack\Permissions\Permission::BookshelfViewAll) || userCan(\BookStack\Permissions\Permission::BookshelfViewOwn))
|
||||
<a href="{{ url('/shelves') }}"
|
||||
data-shortcut="shelves_view">@icon('bookshelf'){{ trans('entities.shelves') }}</a>
|
||||
@endif
|
||||
<a href="{{ url('/books') }}" data-shortcut="books_view">@icon('books'){{ trans('entities.books') }}</a>
|
||||
@if(!user()->isGuest() && userCan('settings-manage'))
|
||||
@if(!user()->isGuest() && userCan(\BookStack\Permissions\Permission::SettingsManage))
|
||||
<a href="{{ url('/settings') }}"
|
||||
data-shortcut="settings_view">@icon('settings'){{ trans('settings.settings') }}</a>
|
||||
@endif
|
||||
@if(!user()->isGuest() && userCan('users-manage') && !userCan('settings-manage'))
|
||||
@if(!user()->isGuest() && userCan(\BookStack\Permissions\Permission::UsersManage) && !userCan(\BookStack\Permissions\Permission::SettingsManage))
|
||||
<a href="{{ url('/settings/users') }}"
|
||||
data-shortcut="settings_view">@icon('users'){{ trans('settings.users') }}</a>
|
||||
@endif
|
||||
|
||||
@@ -50,7 +50,7 @@
|
||||
<div>{{ trans('entities.pages_edit_delete_draft') }}</div>
|
||||
</button>
|
||||
</li>
|
||||
@if(userCan('editor-change'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::EditorChange))
|
||||
<li role="presentation">
|
||||
<hr>
|
||||
</li>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<div class="tabs-inner flex-container-column justify-center">
|
||||
<button type="button" refs="editor-toolbox@toggle" title="{{ trans('entities.toggle_sidebar') }}" aria-expanded="false" class="toolbox-toggle">@icon('caret-left-circle')</button>
|
||||
<button type="button" refs="editor-toolbox@tab-button" data-tab="tags" title="{{ trans('entities.page_tags') }}" class="active">@icon('tag')</button>
|
||||
@if(userCan('attachment-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AttachmentCreateAll))
|
||||
<button type="button" refs="editor-toolbox@tab-button" data-tab="files" title="{{ trans('entities.attachments') }}">@icon('attach')</button>
|
||||
@endif
|
||||
<button type="button" refs="editor-toolbox@tab-button" data-tab="templates" title="{{ trans('entities.templates') }}">@icon('template')</button>
|
||||
@@ -21,7 +21,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@if(userCan('attachment-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AttachmentCreateAll))
|
||||
@include('attachments.manager', ['page' => $page])
|
||||
@endif
|
||||
|
||||
|
||||
@@ -38,17 +38,17 @@
|
||||
<input id="name" class="input-base" type="text" name="name" value="{{ $image->name }}">
|
||||
</div>
|
||||
<div class="flex-container-row justify-space-between gap-m">
|
||||
@if(userCan('image-delete', $image) || userCan('image-update', $image))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ImageDelete, $image) || userCan(\BookStack\Permissions\Permission::ImageUpdate, $image))
|
||||
<div component="dropdown"
|
||||
class="dropdown-container">
|
||||
<button refs="dropdown@toggle" type="button" class="button icon outline">@icon('more')</button>
|
||||
<div refs="dropdown@menu" class="dropdown-menu anchor-left">
|
||||
@if(userCan('image-delete', $image))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ImageDelete, $image))
|
||||
<button type="button"
|
||||
id="image-manager-delete"
|
||||
class="text-item">{{ trans('common.delete') }}</button>
|
||||
@endif
|
||||
@if(userCan('image-update', $image))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ImageUpdate, $image))
|
||||
<button type="button"
|
||||
id="image-manager-replace"
|
||||
refs="dropzone@select-button"
|
||||
@@ -105,7 +105,7 @@
|
||||
@if($image->createdBy)
|
||||
<div>@icon('user') {{ trans('components.image_uploaded_by', ['userName' => $image->createdBy->name]) }}</div>
|
||||
@endif
|
||||
@if(($page = $image->getPage()) && userCan('view', $page))
|
||||
@if(($page = $image->getPage()) && userCan(\BookStack\Permissions\Permission::View, $page))
|
||||
<div>
|
||||
@icon('page')
|
||||
{!! trans('components.image_uploaded_to', [
|
||||
|
||||
@@ -26,11 +26,11 @@
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
@if(userCan('page-update', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
|
||||
<a href="{{ $page->getUrl('/edit') }}" id="pointer-edit" data-edit-href="{{ $page->getUrl('/edit') }}"
|
||||
class="button primary outline icon heading-edit-icon px-xs" title="{{ trans('entities.pages_edit_content_link')}}">@icon('edit')</a>
|
||||
@endif
|
||||
@if($commentTree->enabled() && userCan('comment-create-all'))
|
||||
@if($commentTree->enabled() && userCan(\BookStack\Permissions\Permission::CommentCreateAll))
|
||||
<button type="button"
|
||||
refs="pointer@comment-button"
|
||||
class="button primary outline icon px-xs m-none" title="{{ trans('entities.comment_add')}}">@icon('comment')</button>
|
||||
|
||||
@@ -38,7 +38,7 @@
|
||||
@else
|
||||
<a href="{{ $revision->getUrl() }}" target="_blank" rel="noopener">{{ trans('entities.pages_revisions_preview') }}</a>
|
||||
|
||||
@if(userCan('page-update', $revision->page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $revision->page))
|
||||
<span class="text-muted opacity-70"> | </span>
|
||||
<div component="dropdown" class="dropdown-container">
|
||||
<a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('entities.pages_revisions_restore') }}</a>
|
||||
@@ -58,7 +58,7 @@
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if(userCan('page-delete', $revision->page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $revision->page))
|
||||
<span class="text-muted opacity-70"> | </span>
|
||||
<div component="dropdown" class="dropdown-container">
|
||||
<a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('common.delete') }}</a>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<div component="template-manager">
|
||||
@if(userCan('templates-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::TemplatesManage))
|
||||
<p class="text-muted small mb-none">
|
||||
{{ trans('entities.templates_explain_set_as_template') }}
|
||||
</p>
|
||||
|
||||
@@ -79,7 +79,7 @@
|
||||
|
||||
@if($book->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $book))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
|
||||
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.books_permissions_active') }}</div>
|
||||
@@ -95,7 +95,7 @@
|
||||
|
||||
@if($page->chapter && $page->chapter->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $page->chapter))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page->chapter))
|
||||
<a href="{{ $page->chapter->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.chapters_permissions_active') }}</div>
|
||||
@@ -111,7 +111,7 @@
|
||||
|
||||
@if($page->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
|
||||
<a href="{{ $page->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.pages_permissions_active') }}</div>
|
||||
@@ -140,20 +140,20 @@
|
||||
<div class="icon-list text-link">
|
||||
|
||||
{{--User Actions--}}
|
||||
@if(userCan('page-update', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
|
||||
<a href="{{ $page->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
|
||||
<span>@icon('edit')</span>
|
||||
<span>{{ trans('common.edit') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCanOnAny('create', \BookStack\Entities\Models\Book::class) || userCanOnAny('create', \BookStack\Entities\Models\Chapter::class) || userCan('page-create-all') || userCan('page-create-own'))
|
||||
@if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCanOnAny('create', \BookStack\Entities\Models\Chapter::class) || userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn))
|
||||
<a href="{{ $page->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
|
||||
<span>@icon('copy')</span>
|
||||
<span>{{ trans('common.copy') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('page-update', $page))
|
||||
@if(userCan('page-delete', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
|
||||
<a href="{{ $page->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
|
||||
<span>@icon('folder')</span>
|
||||
<span>{{ trans('common.move') }}</span>
|
||||
@@ -164,13 +164,13 @@
|
||||
<span>@icon('history')</span>
|
||||
<span>{{ trans('entities.revisions') }}</span>
|
||||
</a>
|
||||
@if(userCan('restrictions-manage', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
|
||||
<a href="{{ $page->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
|
||||
<span>@icon('lock')</span>
|
||||
<span>{{ trans('entities.permissions') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('page-delete', $page))
|
||||
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
|
||||
<a href="{{ $page->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
|
||||
<span>@icon('delete')</span>
|
||||
<span>{{ trans('common.delete') }}</span>
|
||||
@@ -185,7 +185,7 @@
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $page])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
|
||||
@include('entities.export-menu', ['entity' => $page])
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
<div>
|
||||
<label for="setting-app-public" class="setting-list-label">{{ trans('settings.app_public_access') }}</label>
|
||||
<p class="small">{!! trans('settings.app_public_access_desc') !!}</p>
|
||||
@if(userCan('users-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<p class="small mb-none">
|
||||
<a href="{{ url($guestUser->getEditUrl()) }}">{!! trans('settings.app_public_access_desc_guest') !!}</a>
|
||||
</p>
|
||||
|
||||
@@ -1,19 +1,19 @@
|
||||
|
||||
<nav class="active-link-list py-m flex-container-row justify-center wrap">
|
||||
@if(userCan('settings-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::SettingsManage))
|
||||
<a href="{{ url('/settings') }}" @if($selected == 'settings') class="active" @endif>@icon('settings'){{ trans('settings.settings') }}</a>
|
||||
<a href="{{ url('/settings/maintenance') }}" @if($selected == 'maintenance') class="active" @endif>@icon('spanner'){{ trans('settings.maint') }}</a>
|
||||
@endif
|
||||
@if(userCan('settings-manage') && userCan('users-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::SettingsManage) && userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<a href="{{ url('/settings/audit') }}" @if($selected == 'audit') class="active" @endif>@icon('open-book'){{ trans('settings.audit') }}</a>
|
||||
@endif
|
||||
@if(userCan('users-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<a href="{{ url('/settings/users') }}" @if($selected == 'users') class="active" @endif>@icon('users'){{ trans('settings.users') }}</a>
|
||||
@endif
|
||||
@if(userCan('user-roles-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::UserRolesManage))
|
||||
<a href="{{ url('/settings/roles') }}" @if($selected == 'roles') class="active" @endif>@icon('lock-open'){{ trans('settings.roles') }}</a>
|
||||
@endif
|
||||
@if(userCan('settings-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::SettingsManage))
|
||||
<a href="{{ url('/settings/webhooks') }}" @if($selected == 'webhooks') class="active" @endif>@icon('webhooks'){{ trans('settings.webhooks') }}</a>
|
||||
@endif
|
||||
</nav>
|
||||
@@ -35,11 +35,11 @@
|
||||
<img class="avatar small" src="{{ $user->getAvatar(40) }}" alt="{{ $user->name }}">
|
||||
</div>
|
||||
<div>
|
||||
@if(userCan('users-manage') || user()->id == $user->id)
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage) || user()->id == $user->id)
|
||||
<a href="{{ url("/settings/users/{$user->id}") }}">
|
||||
@endif
|
||||
{{ $user->name }}
|
||||
@if(userCan('users-manage') || user()->id == $user->id)
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage) || user()->id == $user->id)
|
||||
</a>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
<div class="actions mb-xl">
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
@if(userCan('bookshelf-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
|
||||
<a href="{{ url("/create-shelf") }}" data-shortcut="new" class="icon-list-item">
|
||||
<span>@icon('add')</span>
|
||||
<span>{{ trans('entities.shelves_new_action') }}</span>
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
</div>
|
||||
@else
|
||||
<p class="text-muted">{{ trans('entities.shelves_empty') }}</p>
|
||||
@if(userCan('bookshelf-create-all'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
|
||||
<div class="icon-list block inline">
|
||||
<a href="{{ url("/create-shelf") }}"
|
||||
class="icon-list-item text-bookshelf">
|
||||
|
||||
@@ -48,13 +48,13 @@
|
||||
<hr>
|
||||
<p class="text-muted italic mt-xl mb-m">{{ trans('entities.shelves_empty_contents') }}</p>
|
||||
<div class="icon-list inline block">
|
||||
@if(userCan('book-create-all') && userCan('bookshelf-update', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll) && userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/create-book') }}" class="icon-list-item text-book">
|
||||
<span class="icon">@icon('add')</span>
|
||||
<span>{{ trans('entities.books_create') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
@if(userCan('bookshelf-update', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/edit') }}" class="icon-list-item text-bookshelf">
|
||||
<span class="icon">@icon('edit')</span>
|
||||
<span>{{ trans('entities.shelves_edit_and_assign') }}</span>
|
||||
@@ -82,7 +82,7 @@
|
||||
@include('entities.meta', ['entity' => $shelf, 'watchOptions' => null])
|
||||
@if($shelf->hasPermissions())
|
||||
<div class="active-restriction">
|
||||
@if(userCan('restrictions-manage', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/permissions') }}" class="entity-meta-item">
|
||||
@icon('lock')
|
||||
<div>{{ trans('entities.shelves_permissions_active') }}</div>
|
||||
@@ -111,7 +111,7 @@
|
||||
<h5>{{ trans('common.actions') }}</h5>
|
||||
<div class="icon-list text-link">
|
||||
|
||||
@if(userCan('book-create-all') && userCan('bookshelf-update', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll) && userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/create-book') }}" data-shortcut="new" class="icon-list-item">
|
||||
<span class="icon">@icon('add')</span>
|
||||
<span>{{ trans('entities.books_new_action') }}</span>
|
||||
@@ -122,21 +122,21 @@
|
||||
|
||||
<hr class="primary-background">
|
||||
|
||||
@if(userCan('bookshelf-update', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
|
||||
<span>@icon('edit')</span>
|
||||
<span>{{ trans('common.edit') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
|
||||
@if(userCan('restrictions-manage', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
|
||||
<span>@icon('lock')</span>
|
||||
<span>{{ trans('entities.permissions') }}</span>
|
||||
</a>
|
||||
@endif
|
||||
|
||||
@if(userCan('bookshelf-delete', $shelf))
|
||||
@if(userCan(\BookStack\Permissions\Permission::BookshelfDelete, $shelf))
|
||||
<a href="{{ $shelf->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
|
||||
<span>@icon('delete')</span>
|
||||
<span>{{ trans('common.delete') }}</span>
|
||||
|
||||
@@ -81,7 +81,7 @@
|
||||
</section>
|
||||
@endif
|
||||
|
||||
@if(userCan('access-api'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AccessApi))
|
||||
@include('users.api-tokens.parts.list', ['user' => user(), 'context' => 'my-account'])
|
||||
@endif
|
||||
@stop
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
|
||||
<p>{{ trans('preferences.delete_my_account_desc') }}</p>
|
||||
|
||||
@if(userCan('users-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<hr class="my-l">
|
||||
|
||||
<div class="grid half gap-xl v-center">
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
<a href="{{ url('/my-account/profile') }}" class="{{ $category === 'profile' ? 'active' : '' }}">@icon('user') {{ trans('preferences.profile') }}</a>
|
||||
<a href="{{ url('/my-account/auth') }}" class="{{ $category === 'auth' ? 'active' : '' }}">@icon('security') {{ trans('preferences.auth') }}</a>
|
||||
<a href="{{ url('/my-account/shortcuts') }}" class="{{ $category === 'shortcuts' ? 'active' : '' }}">@icon('shortcuts') {{ trans('preferences.shortcuts_interface') }}</a>
|
||||
@if(userCan('receive-notifications'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::ReceiveNotifications))
|
||||
<a href="{{ url('/my-account/notifications') }}" class="{{ $category === 'notifications' ? 'active' : '' }}">@icon('notifications') {{ trans('preferences.notifications') }}</a>
|
||||
@endif
|
||||
</nav>
|
||||
|
||||
@@ -35,10 +35,10 @@
|
||||
<p class="text-small mb-none">{{ trans('preferences.profile_email_desc') }}</p>
|
||||
</div>
|
||||
<div class="flex stretch-inputs">
|
||||
@include('form.text', ['name' => 'email', 'disabled' => !userCan('users-manage')])
|
||||
@include('form.text', ['name' => 'email', 'disabled' => !userCan(\BookStack\Permissions\Permission::UsersManage)])
|
||||
</div>
|
||||
</div>
|
||||
@if(!userCan('users-manage'))
|
||||
@if(!userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<p class="text-small text-muted">{{ trans('preferences.profile_email_no_permission') }}</p>
|
||||
@endif
|
||||
</div>
|
||||
@@ -75,7 +75,7 @@
|
||||
</form>
|
||||
</section>
|
||||
|
||||
@if(userCan('users-manage'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<section class="card content-wrap auto-height">
|
||||
<div class="flex-container-row gap-l items-center wrap">
|
||||
<div class="flex">
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<div class="flex-container-row wrap justify-space-between items-center mb-s">
|
||||
<h2 class="list-heading">{{ trans('settings.users_api_tokens') }}</h2>
|
||||
<div class="text-right pt-xs">
|
||||
@if(userCan('access-api'))
|
||||
@if(userCan(\BookStack\Permissions\Permission::AccessApi))
|
||||
<a href="{{ url('/api/docs') }}" class="button outline">{{ trans('settings.users_api_tokens_docs') }}</a>
|
||||
<a href="{{ url('/api-tokens/' . $user->id . '/create?context=' . $context) }}" class="button outline">{{ trans('settings.users_api_tokens_create') }}</a>
|
||||
@endif
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
</div>
|
||||
|
||||
<div class="form-group text-right">
|
||||
<a href="{{ url(userCan('users-manage') ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a>
|
||||
<a href="{{ url(userCan(\BookStack\Permissions\Permission::UsersManage) ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a>
|
||||
<button class="button" type="submit">{{ trans('common.save') }}</button>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -17,9 +17,9 @@
|
||||
@include('form.text', ['name' => 'name'])
|
||||
</div>
|
||||
<div>
|
||||
@if($authMethod !== 'ldap' || userCan('users-manage'))
|
||||
@if($authMethod !== 'ldap' || userCan(\BookStack\Permissions\Permission::UsersManage))
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email', 'disabled' => !userCan('users-manage')])
|
||||
@include('form.text', ['name' => 'email', 'disabled' => !userCan(\BookStack\Permissions\Permission::UsersManage)])
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -7,6 +7,7 @@ use BookStack\Entities\Models\Bookshelf;
|
||||
use BookStack\Entities\Models\Chapter;
|
||||
use BookStack\Entities\Models\Entity;
|
||||
use BookStack\Entities\Models\Page;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\Users\Models\Role;
|
||||
use BookStack\Users\Models\User;
|
||||
use Exception;
|
||||
@@ -25,7 +26,7 @@ class EntityPermissionsTest extends TestCase
|
||||
$this->viewer = $this->users->viewer();
|
||||
}
|
||||
|
||||
protected function setRestrictionsForTestRoles(Entity $entity, array $actions = [])
|
||||
protected function setRestrictionsForTestRoles(Entity $entity, array $actions = []): void
|
||||
{
|
||||
$roles = [
|
||||
$this->user->roles->first(),
|
||||
@@ -676,7 +677,7 @@ class EntityPermissionsTest extends TestCase
|
||||
$this->permissions->setEntityPermissions($book, ['update'], [$viewerRole], false);
|
||||
$this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true);
|
||||
|
||||
$this->assertFalse(userCan('chapter-update', $chapter));
|
||||
$this->assertFalse(userCan(Permission::ChapterUpdate, $chapter));
|
||||
}
|
||||
|
||||
public function test_access_to_item_allowed_if_inheritance_active_and_permission_prevented_via_role_but_allowed_via_parent()
|
||||
@@ -692,7 +693,7 @@ class EntityPermissionsTest extends TestCase
|
||||
$this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true);
|
||||
|
||||
$this->actingAs($user);
|
||||
$this->assertTrue(userCan('chapter-update', $chapter));
|
||||
$this->assertTrue(userCan(Permission::ChapterUpdate, $chapter));
|
||||
}
|
||||
|
||||
public function test_book_permissions_can_be_generated_without_error_if_child_chapter_is_in_recycle_bin()
|
||||
|
||||
Reference in New Issue
Block a user