webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Tied entity restriction system into userCan checks

Browse Source
This commit is contained in:
Dan Brown
2016-02-29 20:31:21 +00:00
parent 7f5872372d
commit 985d2f1c2c
3 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/Controller.php
View File

@ -68,7 +68,7 @@ abstract class Controller extends BaseController
protected function showPermissionError()
{
Session::flash('error', trans('errors.permission'));
$response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/', 403);
$response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/');
throw new HttpResponseException($response);
}
@ -93,10 +93,8 @@ abstract class Controller extends BaseController
*/
protected function checkOwnablePermission($permission, Ownable $ownable)
{
$permissionBaseName = strtolower($permission) . '-';
if (userCan($permissionBaseName . 'all')) return true;
if (userCan($permissionBaseName . 'own') && $ownable->createdBy->id === $this->currentUser->id) return true;
$this->showPermissionError();
if (userCan($permission, $ownable)) return true;
return $this->showPermissionError();
}
/**