From 419dbadcfd7176eec8c1e59ab0df92f054363c16 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Sep 2025 09:48:19 +0100 Subject: [PATCH] Permissions: Updated use of helpers to use enums Also added middlware method to Permission enum to allow easier usage with controller middleware. --- .../Controllers/WebhookController.php | 3 ++- app/Activity/Tools/CommentTree.php | 2 +- app/Activity/Tools/TagClassGenerator.php | 4 ++-- app/Entities/Controllers/PageController.php | 2 +- app/Entities/Repos/ChapterRepo.php | 2 +- app/Entities/Repos/PageRepo.php | 8 +++---- app/Entities/Tools/Cloner.php | 8 +++---- app/Entities/Tools/PageEditorData.php | 2 +- app/Entities/Tools/PermissionsUpdater.php | 2 +- .../Controllers/BookExportApiController.php | 3 ++- .../Controllers/BookExportController.php | 3 ++- .../ChapterExportApiController.php | 3 ++- .../Controllers/ChapterExportController.php | 3 ++- .../Controllers/ImportApiController.php | 3 ++- app/Exports/Controllers/ImportController.php | 3 ++- .../Controllers/PageExportApiController.php | 3 ++- .../Controllers/PageExportController.php | 3 ++- app/Exports/ImportRepo.php | 4 ++-- .../ZipExports/ZipExportReferences.php | 2 +- app/Exports/ZipExports/ZipImportRunner.php | 10 ++++---- app/Permissions/Permission.php | 9 +++++++ app/Sorting/BookSorter.php | 16 ++++++------- app/Sorting/SortRuleController.php | 3 ++- .../Controllers/DrawioImageController.php | 2 +- .../Controllers/UserAccountController.php | 4 ++-- app/Users/Controllers/UserApiController.php | 2 +- .../Controllers/UserSearchController.php | 6 ++--- .../views/attachments/manager-list.blade.php | 4 ++-- resources/views/books/edit.blade.php | 2 +- resources/views/books/index.blade.php | 4 ++-- resources/views/books/parts/list.blade.php | 2 +- resources/views/books/show.blade.php | 20 ++++++++-------- resources/views/chapters/edit.blade.php | 2 +- resources/views/chapters/show.blade.php | 24 +++++++++---------- resources/views/comments/comment.blade.php | 12 +++++----- resources/views/comments/comments.blade.php | 6 ++--- resources/views/entities/book-tree.blade.php | 2 +- .../views/entities/breadcrumbs.blade.php | 2 +- resources/views/home/books.blade.php | 2 +- resources/views/home/shelves.blade.php | 2 +- .../layouts/parts/header-links.blade.php | 6 ++--- .../pages/parts/editor-toolbar.blade.php | 2 +- .../pages/parts/editor-toolbox.blade.php | 4 ++-- .../pages/parts/image-manager-form.blade.php | 8 +++---- resources/views/pages/parts/pointer.blade.php | 4 ++-- .../pages/parts/revisions-index-row.blade.php | 4 ++-- .../pages/parts/template-manager.blade.php | 2 +- resources/views/pages/show.blade.php | 20 ++++++++-------- .../settings/categories/features.blade.php | 2 +- .../views/settings/parts/navbar.blade.php | 10 ++++---- resources/views/settings/roles/edit.blade.php | 4 ++-- resources/views/shelves/index.blade.php | 2 +- resources/views/shelves/parts/list.blade.php | 2 +- resources/views/shelves/show.blade.php | 14 +++++------ resources/views/users/account/auth.blade.php | 2 +- .../views/users/account/delete.blade.php | 2 +- .../views/users/account/layout.blade.php | 2 +- .../views/users/account/profile.blade.php | 6 ++--- .../users/api-tokens/parts/list.blade.php | 2 +- resources/views/users/create.blade.php | 2 +- resources/views/users/parts/form.blade.php | 4 ++-- tests/Permissions/EntityPermissionsTest.php | 7 +++--- 62 files changed, 165 insertions(+), 145 deletions(-) diff --git a/app/Activity/Controllers/WebhookController.php b/app/Activity/Controllers/WebhookController.php index dcca1dc41..6a65b8363 100644 --- a/app/Activity/Controllers/WebhookController.php +++ b/app/Activity/Controllers/WebhookController.php @@ -6,6 +6,7 @@ use BookStack\Activity\ActivityType; use BookStack\Activity\Models\Webhook; use BookStack\Activity\Queries\WebhooksAllPaginatedAndSorted; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use BookStack\Util\SimpleListOptions; use Illuminate\Http\Request; @@ -14,7 +15,7 @@ class WebhookController extends Controller public function __construct() { $this->middleware([ - 'can:settings-manage', + Permission::SettingsManage->middleware() ]); } diff --git a/app/Activity/Tools/CommentTree.php b/app/Activity/Tools/CommentTree.php index a05a9d247..af9b7ecb2 100644 --- a/app/Activity/Tools/CommentTree.php +++ b/app/Activity/Tools/CommentTree.php @@ -70,7 +70,7 @@ class CommentTree public function canUpdateAny(): bool { foreach ($this->comments as $comment) { - if (userCan('comment-update', $comment)) { + if (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment)) { return true; } } diff --git a/app/Activity/Tools/TagClassGenerator.php b/app/Activity/Tools/TagClassGenerator.php index 5bcb44113..03586eb27 100644 --- a/app/Activity/Tools/TagClassGenerator.php +++ b/app/Activity/Tools/TagClassGenerator.php @@ -26,14 +26,14 @@ class TagClassGenerator array_push($classes, ...$this->generateClassesForTag($tag)); } - if ($this->entity instanceof BookChild && userCan('view', $this->entity->book)) { + if ($this->entity instanceof BookChild && userCan(\BookStack\Permissions\Permission::View, $this->entity->book)) { $bookTags = $this->entity->book->tags; foreach ($bookTags as $bookTag) { array_push($classes, ...$this->generateClassesForTag($bookTag, 'book-')); } } - if ($this->entity instanceof Page && $this->entity->chapter && userCan('view', $this->entity->chapter)) { + if ($this->entity instanceof Page && $this->entity->chapter && userCan(\BookStack\Permissions\Permission::View, $this->entity->chapter)) { $chapterTags = $this->entity->chapter->tags; foreach ($chapterTags as $chapterTag) { array_push($classes, ...$this->generateClassesForTag($chapterTag, 'chapter-')); diff --git a/app/Entities/Controllers/PageController.php b/app/Entities/Controllers/PageController.php index d4bde300b..1fe296537 100644 --- a/app/Entities/Controllers/PageController.php +++ b/app/Entities/Controllers/PageController.php @@ -342,7 +342,7 @@ class PageController extends Controller $this->showSuccessNotification(trans('entities.pages_delete_draft_success')); - if ($chapter && userCan('view', $chapter)) { + if ($chapter && userCan(\BookStack\Permissions\Permission::View, $chapter)) { return redirect($chapter->getUrl()); } diff --git a/app/Entities/Repos/ChapterRepo.php b/app/Entities/Repos/ChapterRepo.php index 6503e63cf..10b9697ed 100644 --- a/app/Entities/Repos/ChapterRepo.php +++ b/app/Entities/Repos/ChapterRepo.php @@ -87,7 +87,7 @@ class ChapterRepo throw new MoveOperationException('Book to move chapter into not found'); } - if (!userCan('chapter-create', $parent)) { + if (!userCan(\BookStack\Permissions\Permission::ChapterCreate, $parent)) { throw new PermissionsException('User does not have permission to create a chapter within the chosen book'); } diff --git a/app/Entities/Repos/PageRepo.php b/app/Entities/Repos/PageRepo.php index 63e8b8370..4a9efd31d 100644 --- a/app/Entities/Repos/PageRepo.php +++ b/app/Entities/Repos/PageRepo.php @@ -55,7 +55,7 @@ class PageRepo } $defaultTemplate = $page->chapter->defaultTemplate ?? $page->book->defaultTemplate; - if ($defaultTemplate && userCan('view', $defaultTemplate)) { + if ($defaultTemplate && userCan(\BookStack\Permissions\Permission::View, $defaultTemplate)) { $page->forceFill([ 'html' => $defaultTemplate->html, 'markdown' => $defaultTemplate->markdown, @@ -142,7 +142,7 @@ class PageRepo protected function updateTemplateStatusAndContentFromInput(Page $page, array $input): void { - if (isset($input['template']) && userCan('templates-manage')) { + if (isset($input['template']) && userCan(\BookStack\Permissions\Permission::TemplatesManage)) { $page->template = ($input['template'] === 'true'); } @@ -165,7 +165,7 @@ class PageRepo $pageContent->setNewHTML($input['html'], user()); } - if (($newEditor !== $currentEditor || empty($page->editor)) && userCan('editor-change')) { + if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(\BookStack\Permissions\Permission::EditorChange)) { $page->editor = $newEditor->value; } elseif (empty($page->editor)) { $page->editor = $defaultEditor->value; @@ -271,7 +271,7 @@ class PageRepo throw new MoveOperationException('Book or chapter to move page into not found'); } - if (!userCan('page-create', $parent)) { + if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) { throw new PermissionsException('User does not have permission to create a page within the new parent'); } diff --git a/app/Entities/Tools/Cloner.php b/app/Entities/Tools/Cloner.php index 87aa770c0..0af25a2c1 100644 --- a/app/Entities/Tools/Cloner.php +++ b/app/Entities/Tools/Cloner.php @@ -49,7 +49,7 @@ class Cloner $copyChapter = $this->chapterRepo->create($chapterDetails, $parent); - if (userCan('page-create', $copyChapter)) { + if (userCan(\BookStack\Permissions\Permission::PageCreate, $copyChapter)) { /** @var Page $page */ foreach ($original->getVisiblePages() as $page) { $this->clonePage($page, $copyChapter, $page->name); @@ -74,11 +74,11 @@ class Cloner // Clone contents $directChildren = $original->getDirectVisibleChildren(); foreach ($directChildren as $child) { - if ($child instanceof Chapter && userCan('chapter-create', $copyBook)) { + if ($child instanceof Chapter && userCan(\BookStack\Permissions\Permission::ChapterCreate, $copyBook)) { $this->cloneChapter($child, $copyBook, $child->name); } - if ($child instanceof Page && !$child->draft && userCan('page-create', $copyBook)) { + if ($child instanceof Page && !$child->draft && userCan(\BookStack\Permissions\Permission::PageCreate, $copyBook)) { $this->clonePage($child, $copyBook, $child->name); } } @@ -86,7 +86,7 @@ class Cloner // Clone bookshelf relationships /** @var Bookshelf $shelf */ foreach ($original->shelves as $shelf) { - if (userCan('bookshelf-update', $shelf)) { + if (userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf)) { $shelf->appendBook($copyBook); } } diff --git a/app/Entities/Tools/PageEditorData.php b/app/Entities/Tools/PageEditorData.php index e4fe2fd25..fc32e9a43 100644 --- a/app/Entities/Tools/PageEditorData.php +++ b/app/Entities/Tools/PageEditorData.php @@ -100,7 +100,7 @@ class PageEditorData // Use requested editor if valid and if we have permission $requestedType = PageEditorType::fromRequestValue($this->requestedEditor); - if ($requestedType && userCan('editor-change')) { + if ($requestedType && userCan(\BookStack\Permissions\Permission::EditorChange)) { $editorType = $requestedType; } diff --git a/app/Entities/Tools/PermissionsUpdater.php b/app/Entities/Tools/PermissionsUpdater.php index 4ca53982a..fbf92e203 100644 --- a/app/Entities/Tools/PermissionsUpdater.php +++ b/app/Entities/Tools/PermissionsUpdater.php @@ -150,7 +150,7 @@ class PermissionsUpdater /** @var Book $book */ foreach ($shelfBooks as $book) { - if ($checkUserPermissions && !userCan('restrictions-manage', $book)) { + if ($checkUserPermissions && !userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) { continue; } $book->permissions()->delete(); diff --git a/app/Exports/Controllers/BookExportApiController.php b/app/Exports/Controllers/BookExportApiController.php index 87f1d7eef..21f276f8a 100644 --- a/app/Exports/Controllers/BookExportApiController.php +++ b/app/Exports/Controllers/BookExportApiController.php @@ -6,6 +6,7 @@ use BookStack\Entities\Queries\BookQueries; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\ApiController; +use BookStack\Permissions\Permission; use Throwable; class BookExportApiController extends ApiController @@ -14,7 +15,7 @@ class BookExportApiController extends ApiController protected ExportFormatter $exportFormatter, protected BookQueries $queries, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); } /** diff --git a/app/Exports/Controllers/BookExportController.php b/app/Exports/Controllers/BookExportController.php index 67247598c..f6bb66666 100644 --- a/app/Exports/Controllers/BookExportController.php +++ b/app/Exports/Controllers/BookExportController.php @@ -7,6 +7,7 @@ use BookStack\Exceptions\NotFoundException; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use Throwable; class BookExportController extends Controller @@ -15,7 +16,7 @@ class BookExportController extends Controller protected BookQueries $queries, protected ExportFormatter $exportFormatter, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); $this->middleware('throttle:exports'); } diff --git a/app/Exports/Controllers/ChapterExportApiController.php b/app/Exports/Controllers/ChapterExportApiController.php index bccd414af..7e5a23c70 100644 --- a/app/Exports/Controllers/ChapterExportApiController.php +++ b/app/Exports/Controllers/ChapterExportApiController.php @@ -6,6 +6,7 @@ use BookStack\Entities\Queries\ChapterQueries; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\ApiController; +use BookStack\Permissions\Permission; use Throwable; class ChapterExportApiController extends ApiController @@ -14,7 +15,7 @@ class ChapterExportApiController extends ApiController protected ExportFormatter $exportFormatter, protected ChapterQueries $queries, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); } /** diff --git a/app/Exports/Controllers/ChapterExportController.php b/app/Exports/Controllers/ChapterExportController.php index 849024343..fdb2bba94 100644 --- a/app/Exports/Controllers/ChapterExportController.php +++ b/app/Exports/Controllers/ChapterExportController.php @@ -7,6 +7,7 @@ use BookStack\Exceptions\NotFoundException; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use Throwable; class ChapterExportController extends Controller @@ -15,7 +16,7 @@ class ChapterExportController extends Controller protected ChapterQueries $queries, protected ExportFormatter $exportFormatter, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); $this->middleware('throttle:exports'); } diff --git a/app/Exports/Controllers/ImportApiController.php b/app/Exports/Controllers/ImportApiController.php index cac155c7c..f8eaea5a1 100644 --- a/app/Exports/Controllers/ImportApiController.php +++ b/app/Exports/Controllers/ImportApiController.php @@ -8,6 +8,7 @@ use BookStack\Exceptions\ZipImportException; use BookStack\Exceptions\ZipValidationException; use BookStack\Exports\ImportRepo; use BookStack\Http\ApiController; +use BookStack\Permissions\Permission; use BookStack\Uploads\AttachmentService; use Illuminate\Http\Request; use Illuminate\Http\JsonResponse; @@ -18,7 +19,7 @@ class ImportApiController extends ApiController public function __construct( protected ImportRepo $imports, ) { - $this->middleware('can:content-import'); + $this->middleware(Permission::ContentImport->middleware()); } /** diff --git a/app/Exports/Controllers/ImportController.php b/app/Exports/Controllers/ImportController.php index 0d3e2414b..7ecc09a41 100644 --- a/app/Exports/Controllers/ImportController.php +++ b/app/Exports/Controllers/ImportController.php @@ -8,6 +8,7 @@ use BookStack\Exceptions\ZipImportException; use BookStack\Exceptions\ZipValidationException; use BookStack\Exports\ImportRepo; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use BookStack\Uploads\AttachmentService; use Illuminate\Http\Request; @@ -16,7 +17,7 @@ class ImportController extends Controller public function __construct( protected ImportRepo $imports, ) { - $this->middleware('can:content-import'); + $this->middleware(Permission::ContentImport->middleware()); } /** diff --git a/app/Exports/Controllers/PageExportApiController.php b/app/Exports/Controllers/PageExportApiController.php index 73af01afa..c5b186289 100644 --- a/app/Exports/Controllers/PageExportApiController.php +++ b/app/Exports/Controllers/PageExportApiController.php @@ -6,6 +6,7 @@ use BookStack\Entities\Queries\PageQueries; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\ApiController; +use BookStack\Permissions\Permission; use Throwable; class PageExportApiController extends ApiController @@ -14,7 +15,7 @@ class PageExportApiController extends ApiController protected ExportFormatter $exportFormatter, protected PageQueries $queries, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); } /** diff --git a/app/Exports/Controllers/PageExportController.php b/app/Exports/Controllers/PageExportController.php index 145dce9dd..9bc79f247 100644 --- a/app/Exports/Controllers/PageExportController.php +++ b/app/Exports/Controllers/PageExportController.php @@ -8,6 +8,7 @@ use BookStack\Exceptions\NotFoundException; use BookStack\Exports\ExportFormatter; use BookStack\Exports\ZipExports\ZipExportBuilder; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use Throwable; class PageExportController extends Controller @@ -16,7 +17,7 @@ class PageExportController extends Controller protected PageQueries $queries, protected ExportFormatter $exportFormatter, ) { - $this->middleware('can:content-export'); + $this->middleware(Permission::ContentExport->middleware()); $this->middleware('throttle:exports'); } diff --git a/app/Exports/ImportRepo.php b/app/Exports/ImportRepo.php index 896af903a..071fa532c 100644 --- a/app/Exports/ImportRepo.php +++ b/app/Exports/ImportRepo.php @@ -46,7 +46,7 @@ class ImportRepo { $query = Import::query(); - if (!userCan('settings-manage')) { + if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) { $query->where('created_by', user()->id); } @@ -57,7 +57,7 @@ class ImportRepo { $query = Import::query(); - if (!userCan('settings-manage')) { + if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) { $query->where('created_by', user()->id); } diff --git a/app/Exports/ZipExports/ZipExportReferences.php b/app/Exports/ZipExports/ZipExportReferences.php index b21248ffd..621076acc 100644 --- a/app/Exports/ZipExports/ZipExportReferences.php +++ b/app/Exports/ZipExports/ZipExportReferences.php @@ -135,7 +135,7 @@ class ZipExportReferences // Find and include images if in visibility $page = $model->getPage(); $pageExportModel = $this->pages[$page->id] ?? ($exportModel instanceof ZipExportPage ? $exportModel : null); - if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan('view', $page))) { + if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(\BookStack\Permissions\Permission::View, $page))) { if (!isset($this->images[$model->id])) { $exportImage = ZipExportImage::fromModel($model, $files); $this->images[$model->id] = $exportImage; diff --git a/app/Exports/ZipExports/ZipImportRunner.php b/app/Exports/ZipExports/ZipImportRunner.php index d25a1621f..09a946609 100644 --- a/app/Exports/ZipExports/ZipImportRunner.php +++ b/app/Exports/ZipExports/ZipImportRunner.php @@ -288,7 +288,7 @@ class ZipImportRunner $attachments = []; if ($exportModel instanceof ZipExportBook) { - if (!userCan('book-create-all')) { + if (!userCan(\BookStack\Permissions\Permission::BookCreateAll)) { $errors[] = trans('errors.import_perms_books'); } array_push($pages, ...$exportModel->pages); @@ -317,11 +317,11 @@ class ZipImportRunner if (count($pages) > 0) { if ($parent) { - if (!userCan('page-create', $parent)) { + if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) { $errors[] = trans('errors.import_perms_pages'); } } else { - $hasPermission = userCan('page-create-all') || userCan('page-create-own'); + $hasPermission = userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn); if (!$hasPermission) { $errors[] = trans('errors.import_perms_pages'); } @@ -329,13 +329,13 @@ class ZipImportRunner } if (count($images) > 0) { - if (!userCan('image-create-all')) { + if (!userCan(\BookStack\Permissions\Permission::ImageCreateAll)) { $errors[] = trans('errors.import_perms_images'); } } if (count($attachments) > 0) { - if (!userCan('attachment-create-all')) { + if (!userCan(\BookStack\Permissions\Permission::AttachmentCreateAll)) { $errors[] = trans('errors.import_perms_attachments'); } } diff --git a/app/Permissions/Permission.php b/app/Permissions/Permission.php index 492ca2621..a434e54fd 100644 --- a/app/Permissions/Permission.php +++ b/app/Permissions/Permission.php @@ -132,4 +132,13 @@ enum Permission: string self::Delete, ]; } + + /** + * Return the application permission-check middleware-string for this permission. + * Uses registered CheckUserHasPermission middleware. + */ + public function middleware(): string + { + return 'can:' . $this->value; + } } diff --git a/app/Sorting/BookSorter.php b/app/Sorting/BookSorter.php index e627d66fd..e1fd17238 100644 --- a/app/Sorting/BookSorter.php +++ b/app/Sorting/BookSorter.php @@ -187,11 +187,11 @@ class BookSorter $hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0)); if ($model instanceof Chapter) { - $hasPermission = userCan('book-update', $currentParent) - && userCan('book-update', $newBook) - && userCan('chapter-update', $model) - && (!$hasNewParent || userCan('chapter-create', $newBook)) - && (!$hasNewParent || userCan('chapter-delete', $model)); + $hasPermission = userCan(\BookStack\Permissions\Permission::BookUpdate, $currentParent) + && userCan(\BookStack\Permissions\Permission::BookUpdate, $newBook) + && userCan(\BookStack\Permissions\Permission::ChapterUpdate, $model) + && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterCreate, $newBook)) + && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterDelete, $model)); if (!$hasPermission) { return false; @@ -210,13 +210,13 @@ class BookSorter return false; } - $hasPageEditPermission = userCan('page-update', $model); + $hasPageEditPermission = userCan(\BookStack\Permissions\Permission::PageUpdate, $model); $newParentInRightLocation = ($newParent instanceof Book || ($newParent instanceof Chapter && $newParent->book_id === $newBook->id)); $newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update'; $hasNewParentPermission = userCan($newParentPermission, $newParent); - $hasDeletePermissionIfMoving = (!$hasNewParent || userCan('page-delete', $model)); - $hasCreatePermissionIfMoving = (!$hasNewParent || userCan('page-create', $newParent)); + $hasDeletePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageDelete, $model)); + $hasCreatePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageCreate, $newParent)); $hasPermission = $hasCurrentParentPermission && $newParentInRightLocation diff --git a/app/Sorting/SortRuleController.php b/app/Sorting/SortRuleController.php index a124ffa9c..bb5540a2a 100644 --- a/app/Sorting/SortRuleController.php +++ b/app/Sorting/SortRuleController.php @@ -4,13 +4,14 @@ namespace BookStack\Sorting; use BookStack\Activity\ActivityType; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use Illuminate\Http\Request; class SortRuleController extends Controller { public function __construct() { - $this->middleware('can:settings-manage'); + $this->middleware(Permission::SettingsManage->middleware()); } public function create() diff --git a/app/Uploads/Controllers/DrawioImageController.php b/app/Uploads/Controllers/DrawioImageController.php index aff27b3b1..c9b49b890 100644 --- a/app/Uploads/Controllers/DrawioImageController.php +++ b/app/Uploads/Controllers/DrawioImageController.php @@ -82,7 +82,7 @@ class DrawioImageController extends Controller return $this->jsonError(trans('errors.drawing_data_not_found'), 404); } - if ($image->type !== 'drawio' || !userCan('page-view', $image->getPage())) { + if ($image->type !== 'drawio' || !userCan(\BookStack\Permissions\Permission::PageView, $image->getPage())) { return $this->jsonError(trans('errors.drawing_data_not_found'), 404); } diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php index 54ca69c5d..07e384b3a 100644 --- a/app/Users/Controllers/UserAccountController.php +++ b/app/Users/Controllers/UserAccountController.php @@ -63,7 +63,7 @@ class UserAccountController extends Controller 'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()), ]); - $this->userRepo->update($user, $validated, userCan('users-manage')); + $this->userRepo->update($user, $validated, userCan(\BookStack\Permissions\Permission::UsersManage)); // Save profile image if in request if ($request->hasFile('profile_image')) { @@ -219,7 +219,7 @@ class UserAccountController extends Controller $this->preventAccessInDemoMode(); $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null; - $newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null; + $newOwnerId = userCan(\BookStack\Permissions\Permission::UsersManage) ? $requestNewOwnerId : null; $this->userRepo->destroy(user(), $newOwnerId); diff --git a/app/Users/Controllers/UserApiController.php b/app/Users/Controllers/UserApiController.php index 1efc82500..28c4a3876 100644 --- a/app/Users/Controllers/UserApiController.php +++ b/app/Users/Controllers/UserApiController.php @@ -125,7 +125,7 @@ class UserApiController extends ApiController { $data = $this->validate($request, $this->rules($id)['update']); $user = $this->userRepo->getById($id); - $this->userRepo->update($user, $data, userCan('users-manage')); + $this->userRepo->update($user, $data, userCan(\BookStack\Permissions\Permission::UsersManage)); $this->singleFormatter($user); return response()->json($user); diff --git a/app/Users/Controllers/UserSearchController.php b/app/Users/Controllers/UserSearchController.php index b6f37bce0..a6596046a 100644 --- a/app/Users/Controllers/UserSearchController.php +++ b/app/Users/Controllers/UserSearchController.php @@ -15,9 +15,9 @@ class UserSearchController extends Controller public function forSelect(Request $request) { $hasPermission = !user()->isGuest() && ( - userCan('users-manage') - || userCan('restrictions-manage-own') - || userCan('restrictions-manage-all') + userCan(\BookStack\Permissions\Permission::UsersManage) + || userCan(\BookStack\Permissions\Permission::RestrictionsManageOwn) + || userCan(\BookStack\Permissions\Permission::RestrictionsManageAll) ); if (!$hasPermission) { diff --git a/resources/views/attachments/manager-list.blade.php b/resources/views/attachments/manager-list.blade.php index 6314aa7b5..10ede4aae 100644 --- a/resources/views/attachments/manager-list.blade.php +++ b/resources/views/attachments/manager-list.blade.php @@ -16,7 +16,7 @@ type="button" title="{{ trans('entities.attachments_insert_link') }}" class="drag-card-action text-center text-link">@icon('link') - @if(userCan('attachment-update', $attachment)) + @if(userCan(\BookStack\Permissions\Permission::AttachmentUpdate, $attachment)) @endif - @if(userCan('attachment-delete', $attachment)) + @if(userCan(\BookStack\Permissions\Permission::AttachmentDelete, $attachment))
diff --git a/resources/views/books/index.blade.php b/resources/views/books/index.blade.php index 197de011d..52d23241a 100644 --- a/resources/views/books/index.blade.php +++ b/resources/views/books/index.blade.php @@ -36,7 +36,7 @@
{{ trans('common.actions') }}
- @if(userCan('book-create-all')) + @if(userCan(\BookStack\Permissions\Permission::BookCreateAll)) @icon('add') {{ trans('entities.books_create') }} @@ -50,7 +50,7 @@ {{ trans('entities.tags_view_tags') }} - @if(userCan('content-import')) + @if(userCan(\BookStack\Permissions\Permission::ContentImport)) @icon('upload') {{ trans('entities.import') }} diff --git a/resources/views/books/parts/list.blade.php b/resources/views/books/parts/list.blade.php index 8b658c711..13784d24e 100644 --- a/resources/views/books/parts/list.blade.php +++ b/resources/views/books/parts/list.blade.php @@ -24,7 +24,7 @@
@else

{{ trans('entities.books_empty') }}

- @if(userCan('book-create-all')) + @if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
diff --git a/resources/views/books/show.blade.php b/resources/views/books/show.blade.php index dbb09fc9e..e28d95648 100644 --- a/resources/views/books/show.blade.php +++ b/resources/views/books/show.blade.php @@ -43,13 +43,13 @@

{{ trans('entities.books_empty_contents') }}

- @if(userCan('page-create', $book)) + @if(userCan(\BookStack\Permissions\Permission::PageCreate, $book)) @icon('page') {{ trans('entities.books_empty_create_page') }} @endif - @if(userCan('chapter-create', $book)) + @if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book)) @icon('chapter') {{ trans('entities.books_empty_add_chapter') }} @@ -73,7 +73,7 @@ @include('entities.meta', ['entity' => $book, 'watchOptions' => $watchOptions]) @if($book->hasPermissions())
- @if(userCan('restrictions-manage', $book)) + @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) @icon('lock')
{{ trans('entities.books_permissions_active') }}
@@ -93,13 +93,13 @@
{{ trans('common.actions') }}
- @if(userCan('page-create', $book)) + @if(userCan(\BookStack\Permissions\Permission::PageCreate, $book)) @icon('add') {{ trans('entities.pages_new') }} @endif - @if(userCan('chapter-create', $book)) + @if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book)) @icon('add') {{ trans('entities.chapters_new') }} @@ -108,7 +108,7 @@
- @if(userCan('book-update', $book)) + @if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book)) @icon('edit') {{ trans('common.edit') }} @@ -118,19 +118,19 @@ {{ trans('common.sort') }} @endif - @if(userCan('book-create-all')) + @if(userCan(\BookStack\Permissions\Permission::BookCreateAll)) @icon('copy') {{ trans('common.copy') }} @endif - @if(userCan('restrictions-manage', $book)) + @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) @icon('lock') {{ trans('entities.permissions') }} @endif - @if(userCan('book-delete', $book)) + @if(userCan(\BookStack\Permissions\Permission::BookDelete, $book)) @icon('delete') {{ trans('common.delete') }} @@ -145,7 +145,7 @@ @if(!user()->isGuest()) @include('entities.favourite-action', ['entity' => $book]) @endif - @if(userCan('content-export')) + @if(userCan(\BookStack\Permissions\Permission::ContentExport)) @include('entities.export-menu', ['entity' => $book]) @endif
diff --git a/resources/views/chapters/edit.blade.php b/resources/views/chapters/edit.blade.php index 36058eff8..5ace966f5 100644 --- a/resources/views/chapters/edit.blade.php +++ b/resources/views/chapters/edit.blade.php @@ -23,7 +23,7 @@ - @if(userCan('chapter-delete', $chapter) && userCan('book-create-all')) + @if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter) && userCan(\BookStack\Permissions\Permission::BookCreateAll)) @include('chapters.parts.convert-to-book') @endif diff --git a/resources/views/chapters/show.blade.php b/resources/views/chapters/show.blade.php index 45e43ad96..da914b32d 100644 --- a/resources/views/chapters/show.blade.php +++ b/resources/views/chapters/show.blade.php @@ -37,13 +37,13 @@

{{ trans('entities.chapters_empty') }}

- @if(userCan('page-create', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter)) @icon('page') {{ trans('entities.books_empty_create_page') }} @endif - @if(userCan('book-update', $book)) + @if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book)) @icon('book') {{ trans('entities.books_empty_sort_current_book') }} @@ -71,7 +71,7 @@ @if($book->hasPermissions())
- @if(userCan('restrictions-manage', $book)) + @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) @icon('lock')
{{ trans('entities.books_permissions_active') }}
@@ -87,7 +87,7 @@ @if($chapter->hasPermissions())
- @if(userCan('restrictions-manage', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter)) @icon('lock')
{{ trans('entities.chapters_permissions_active') }}
@@ -107,7 +107,7 @@
{{ trans('common.actions') }}
- @if(userCan('page-create', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter)) @icon('add') {{ trans('entities.pages_new') }} @@ -116,38 +116,38 @@
- @if(userCan('chapter-update', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter)) @icon('edit') {{ trans('common.edit') }} @endif - @if(userCanOnAny('create', \BookStack\Entities\Models\Book::class) || userCan('chapter-create-all') || userCan('chapter-create-own')) + @if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCan(\BookStack\Permissions\Permission::ChapterCreateAll) || userCan(\BookStack\Permissions\Permission::ChapterCreateOwn)) @icon('copy') {{ trans('common.copy') }} @endif - @if(userCan('chapter-update', $chapter) && userCan('chapter-delete', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter) && userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter)) @icon('folder') {{ trans('common.move') }} @endif - @if(userCan('restrictions-manage', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter)) @icon('lock') {{ trans('entities.permissions') }} @endif - @if(userCan('chapter-delete', $chapter)) + @if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter)) @icon('delete') {{ trans('common.delete') }} @endif - @if($chapter->book && userCan('book-update', $chapter->book)) + @if($chapter->book && userCan(\BookStack\Permissions\Permission::BookUpdate, $chapter->book))
@icon('sort') @@ -163,7 +163,7 @@ @if(!user()->isGuest()) @include('entities.favourite-action', ['entity' => $chapter]) @endif - @if(userCan('content-export')) + @if(userCan(\BookStack\Permissions\Permission::ContentExport)) @include('entities.export-menu', ['entity' => $chapter]) @endif
diff --git a/resources/views/comments/comment.blade.php b/resources/views/comments/comment.blade.php index 67aac7203..10cd02035 100644 --- a/resources/views/comments/comment.blade.php +++ b/resources/views/comments/comment.blade.php @@ -33,23 +33,23 @@ @endif
- @if(!$readOnly && (userCan('comment-create-all') || userCan('comment-update', $comment) || userCan('comment-delete', $comment))) + @if(!$readOnly && (userCan(\BookStack\Permissions\Permission::CommentCreateAll) || userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment) || userCan(\BookStack\Permissions\Permission::CommentDelete, $comment)))
- @if(userCan('comment-create-all')) + @if(userCan(\BookStack\Permissions\Permission::CommentCreateAll)) @endif - @if(!$comment->parent_id && (userCan('comment-update', $comment) || userCan('comment-delete', $comment))) + @if(!$comment->parent_id && (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment) || userCan(\BookStack\Permissions\Permission::CommentDelete, $comment))) @endif - @if(userCan('comment-update', $comment)) + @if(userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment)) @endif - @if(userCan('comment-delete', $comment)) + @if(userCan(\BookStack\Permissions\Permission::CommentDelete, $comment))
@@ -100,7 +100,7 @@ {!! $commentHtml !!}
- @if(!$readOnly && userCan('comment-update', $comment)) + @if(!$readOnly && userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment))