webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-07 23:03:00 +03:00
Code Activity

API: Fixed lacking permission enforcement on book contents

Browse Source
This commit is contained in:
Dan Brown
2024-08-29 14:43:21 +01:00
parent c68d154f0f
commit 9aa3442a17
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Entities/Controllers/BookApiController.php
View File

@@ -7,6 +7,7 @@ use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Models\Entity;
use BookStack\Entities\Queries\BookQueries;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Entities\Repos\BookRepo;
use BookStack\Entities\Tools\BookContents;
use BookStack\Http\ApiController;
@@ -18,6 +19,7 @@ class BookApiController extends ApiController
public function __construct(
protected BookRepo $bookRepo,
protected BookQueries $queries,
protected PageQueries $pageQueries,
) {
}
@@ -69,7 +71,8 @@ class BookApiController extends ApiController
->withType()
->withField('pages', function (Entity $entity) {
if ($entity instanceof Chapter) {
return (new ApiEntityListFormatter($entity->pages->all()))->format();
$pages = $this->pageQueries->visibleForChapterList($entity->id)->get()->all();
return (new ApiEntityListFormatter($pages))->format();
}
return null;
})->format();