mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-08-06 12:02:45 +03:00
Watching: Prevent issues when watchable or user is deleted
- Adds filtering to the watched items list in notification preferences so that deleted (recycle bin) items are removed via query. - Adds relations and logic to properly remove watches upon user and entity delete events, to old watches in database do not linger. - Adds testing to cover the above. Did not add migration for existing data, since patch will be close to introduction, and lingering DB entries don't open a security concern, just some potential confusion in specific potential scenarios. Probably not work extra migration risk, although could add in future if concerns/issues are found. Related to #4499
This commit is contained in:
@@ -6,6 +6,7 @@ use BookStack\Access\Mfa\MfaValue;
|
||||
use BookStack\Access\SocialAccount;
|
||||
use BookStack\Activity\Models\Favourite;
|
||||
use BookStack\Activity\Models\Loggable;
|
||||
use BookStack\Activity\Models\Watch;
|
||||
use BookStack\Api\ApiToken;
|
||||
use BookStack\App\Model;
|
||||
use BookStack\App\Sluggable;
|
||||
@@ -291,6 +292,14 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
|
||||
return $this->hasMany(MfaValue::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the tracked entity watches for this user.
|
||||
*/
|
||||
public function watches(): HasMany
|
||||
{
|
||||
return $this->hasMany(Watch::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the last activity time for this user.
|
||||
*/
|
||||
|
Reference in New Issue
Block a user