Permissions: Cleanup after review of enum implementation PR

2025-10-22 07:52:19 +03:00 · 2025-09-10 11:36:54 +01:00
parent 573d692a59
commit a70c733f27
19 changed files with 56 additions and 45 deletions
--- a/app/Activity/Tools/CommentTree.php
+++ b/app/Activity/Tools/CommentTree.php
@@ -4,6 +4,7 @@ namespace BookStack\Activity\Tools;

 use BookStack\Activity\Models\Comment;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;

 class CommentTree
 {
@@ -70,7 +71,7 @@ class CommentTree
    public function canUpdateAny(): bool
    {
        foreach ($this->comments as $comment) {
-            if (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment)) {
+            if (userCan(Permission::CommentUpdate, $comment)) {
                return true;
            }
        }
--- a/app/Activity/Tools/TagClassGenerator.php
+++ b/app/Activity/Tools/TagClassGenerator.php
@@ -6,6 +6,7 @@ use BookStack\Activity\Models\Tag;
 use BookStack\Entities\Models\BookChild;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;

 class TagClassGenerator
 {
@@ -26,14 +27,14 @@ class TagClassGenerator
             array_push($classes, ...$this->generateClassesForTag($tag));
        }

-        if ($this->entity instanceof BookChild && userCan(\BookStack\Permissions\Permission::View, $this->entity->book)) {
+        if ($this->entity instanceof BookChild && userCan(Permission::BookView, $this->entity->book)) {
            $bookTags = $this->entity->book->tags;
            foreach ($bookTags as $bookTag) {
                 array_push($classes, ...$this->generateClassesForTag($bookTag, 'book-'));
            }
        }

-        if ($this->entity instanceof Page && $this->entity->chapter && userCan(\BookStack\Permissions\Permission::View, $this->entity->chapter)) {
+        if ($this->entity instanceof Page && $this->entity->chapter && userCan(Permission::ChapterView, $this->entity->chapter)) {
            $chapterTags = $this->entity->chapter->tags;
            foreach ($chapterTags as $chapterTag) {
                 array_push($classes, ...$this->generateClassesForTag($chapterTag, 'chapter-'));
--- a/app/Entities/Controllers/PageController.php
+++ b/app/Entities/Controllers/PageController.php
@@ -342,7 +342,7 @@ class PageController extends Controller

        $this->showSuccessNotification(trans('entities.pages_delete_draft_success'));

-        if ($chapter && userCan(\BookStack\Permissions\Permission::View, $chapter)) {
+        if ($chapter && userCan(Permission::ChapterView, $chapter)) {
            return redirect($chapter->getUrl());
        }

--- a/app/Entities/Repos/ChapterRepo.php
+++ b/app/Entities/Repos/ChapterRepo.php
@@ -11,6 +11,7 @@ use BookStack\Entities\Tools\TrashCan;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\PermissionsException;
 use BookStack\Facades\Activity;
+use BookStack\Permissions\Permission;
 use BookStack\Util\DatabaseTransaction;
 use Exception;

@@ -87,7 +88,7 @@ class ChapterRepo
            throw new MoveOperationException('Book to move chapter into not found');
        }

-        if (!userCan(\BookStack\Permissions\Permission::ChapterCreate, $parent)) {
+        if (!userCan(Permission::ChapterCreate, $parent)) {
            throw new PermissionsException('User does not have permission to create a chapter within the chosen book');
        }

--- a/app/Entities/Repos/PageRepo.php
+++ b/app/Entities/Repos/PageRepo.php
@@ -16,6 +16,7 @@ use BookStack\Entities\Tools\TrashCan;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\PermissionsException;
 use BookStack\Facades\Activity;
+use BookStack\Permissions\Permission;
 use BookStack\References\ReferenceStore;
 use BookStack\References\ReferenceUpdater;
 use BookStack\Util\DatabaseTransaction;
@@ -55,7 +56,7 @@ class PageRepo
        }

        $defaultTemplate = $page->chapter->defaultTemplate ?? $page->book->defaultTemplate;
-        if ($defaultTemplate && userCan(\BookStack\Permissions\Permission::View, $defaultTemplate)) {
+        if ($defaultTemplate && userCan(Permission::PageView, $defaultTemplate)) {
            $page->forceFill([
                'html'  => $defaultTemplate->html,
                'markdown' => $defaultTemplate->markdown,
@@ -142,7 +143,7 @@ class PageRepo

    protected function updateTemplateStatusAndContentFromInput(Page $page, array $input): void
    {
-        if (isset($input['template']) && userCan(\BookStack\Permissions\Permission::TemplatesManage)) {
+        if (isset($input['template']) && userCan(Permission::TemplatesManage)) {
            $page->template = ($input['template'] === 'true');
        }

@@ -165,7 +166,7 @@ class PageRepo
            $pageContent->setNewHTML($input['html'], user());
        }

-        if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(\BookStack\Permissions\Permission::EditorChange)) {
+        if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(Permission::EditorChange)) {
            $page->editor = $newEditor->value;
        } elseif (empty($page->editor)) {
            $page->editor = $defaultEditor->value;
@@ -271,7 +272,7 @@ class PageRepo
            throw new MoveOperationException('Book or chapter to move page into not found');
        }

-        if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) {
+        if (!userCan(Permission::PageCreate, $parent)) {
            throw new PermissionsException('User does not have permission to create a page within the new parent');
        }

--- a/app/Entities/Tools/Cloner.php
+++ b/app/Entities/Tools/Cloner.php
@@ -12,6 +12,7 @@ use BookStack\Entities\Models\Page;
 use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Repos\ChapterRepo;
 use BookStack\Entities\Repos\PageRepo;
+use BookStack\Permissions\Permission;
 use BookStack\Uploads\Image;
 use BookStack\Uploads\ImageService;
 use Illuminate\Http\UploadedFile;
@@ -49,7 +50,7 @@ class Cloner

        $copyChapter = $this->chapterRepo->create($chapterDetails, $parent);

-        if (userCan(\BookStack\Permissions\Permission::PageCreate, $copyChapter)) {
+        if (userCan(Permission::PageCreate, $copyChapter)) {
            /** @var Page $page */
            foreach ($original->getVisiblePages() as $page) {
                $this->clonePage($page, $copyChapter, $page->name);
@@ -61,7 +62,7 @@ class Cloner

    /**
     * Clone the given book.
-     * Clones all child chapters & pages.
+     * Clones all child chapters and pages.
     */
    public function cloneBook(Book $original, string $newName): Book
    {
@@ -74,11 +75,11 @@ class Cloner
        // Clone contents
        $directChildren = $original->getDirectVisibleChildren();
        foreach ($directChildren as $child) {
-            if ($child instanceof Chapter && userCan(\BookStack\Permissions\Permission::ChapterCreate, $copyBook)) {
+            if ($child instanceof Chapter && userCan(Permission::ChapterCreate, $copyBook)) {
                $this->cloneChapter($child, $copyBook, $child->name);
            }

-            if ($child instanceof Page && !$child->draft && userCan(\BookStack\Permissions\Permission::PageCreate, $copyBook)) {
+            if ($child instanceof Page && !$child->draft && userCan(Permission::PageCreate, $copyBook)) {
                $this->clonePage($child, $copyBook, $child->name);
            }
        }
@@ -86,7 +87,7 @@ class Cloner
        // Clone bookshelf relationships
        /** @var Bookshelf $shelf */
        foreach ($original->shelves as $shelf) {
-            if (userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf)) {
+            if (userCan(Permission::BookshelfUpdate, $shelf)) {
                $shelf->appendBook($copyBook);
            }
        }
--- a/app/Entities/Tools/PageEditorData.php
+++ b/app/Entities/Tools/PageEditorData.php
@@ -7,6 +7,7 @@ use BookStack\Entities\Models\Page;
 use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Tools\Markdown\HtmlToMarkdown;
 use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
+use BookStack\Permissions\Permission;

 class PageEditorData
 {
@@ -98,9 +99,9 @@ class PageEditorData
    {
        $editorType = PageEditorType::forPage($page) ?: PageEditorType::getSystemDefault();

-        // Use requested editor if valid and if we have permission
+        // Use the requested editor if valid and if we have permission
        $requestedType = PageEditorType::fromRequestValue($this->requestedEditor);
-        if ($requestedType && userCan(\BookStack\Permissions\Permission::EditorChange)) {
+        if ($requestedType && userCan(Permission::EditorChange)) {
            $editorType = $requestedType;
        }

--- a/app/Entities/Tools/PermissionsUpdater.php
+++ b/app/Entities/Tools/PermissionsUpdater.php
@@ -150,7 +150,7 @@ class PermissionsUpdater

        /** @var Book $book */
        foreach ($shelfBooks as $book) {
-            if ($checkUserPermissions && !userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) {
+            if ($checkUserPermissions && !userCan(Permission::RestrictionsManage, $book)) {
                continue;
            }
            $book->permissions()->delete();
--- a/app/Exports/ImportRepo.php
+++ b/app/Exports/ImportRepo.php
@@ -16,6 +16,7 @@ use BookStack\Exports\ZipExports\ZipExportReader;
 use BookStack\Exports\ZipExports\ZipExportValidator;
 use BookStack\Exports\ZipExports\ZipImportRunner;
 use BookStack\Facades\Activity;
+use BookStack\Permissions\Permission;
 use BookStack\Uploads\FileStorage;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Collection;
@@ -46,7 +47,7 @@ class ImportRepo
    {
        $query = Import::query();

-        if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) {
+        if (!userCan(Permission::SettingsManage)) {
            $query->where('created_by', user()->id);
        }

@@ -57,7 +58,7 @@ class ImportRepo
    {
        $query = Import::query();

-        if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) {
+        if (!userCan(Permission::SettingsManage)) {
            $query->where('created_by', user()->id);
        }

--- a/app/Exports/ZipExports/ZipExportReferences.php
+++ b/app/Exports/ZipExports/ZipExportReferences.php
@@ -12,6 +12,7 @@ use BookStack\Exports\ZipExports\Models\ZipExportChapter;
 use BookStack\Exports\ZipExports\Models\ZipExportImage;
 use BookStack\Exports\ZipExports\Models\ZipExportModel;
 use BookStack\Exports\ZipExports\Models\ZipExportPage;
+use BookStack\Permissions\Permission;
 use BookStack\Uploads\Attachment;
 use BookStack\Uploads\Image;

@@ -135,7 +136,7 @@ class ZipExportReferences
            // Find and include images if in visibility
            $page = $model->getPage();
            $pageExportModel = $this->pages[$page->id] ?? ($exportModel instanceof ZipExportPage ? $exportModel : null);
-            if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(\BookStack\Permissions\Permission::View, $page))) {
+            if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(Permission::PageView, $page))) {
                if (!isset($this->images[$model->id])) {
                    $exportImage = ZipExportImage::fromModel($model, $files);
                    $this->images[$model->id] = $exportImage;
--- a/app/Exports/ZipExports/ZipImportRunner.php
+++ b/app/Exports/ZipExports/ZipImportRunner.php
@@ -18,6 +18,7 @@ use BookStack\Exports\ZipExports\Models\ZipExportChapter;
 use BookStack\Exports\ZipExports\Models\ZipExportImage;
 use BookStack\Exports\ZipExports\Models\ZipExportPage;
 use BookStack\Exports\ZipExports\Models\ZipExportTag;
+use BookStack\Permissions\Permission;
 use BookStack\Uploads\Attachment;
 use BookStack\Uploads\AttachmentService;
 use BookStack\Uploads\FileStorage;
@@ -288,7 +289,7 @@ class ZipImportRunner
        $attachments = [];

        if ($exportModel instanceof ZipExportBook) {
-            if (!userCan(\BookStack\Permissions\Permission::BookCreateAll)) {
+            if (!userCan(Permission::BookCreateAll)) {
                $errors[] = trans('errors.import_perms_books');
            }
            array_push($pages, ...$exportModel->pages);
@@ -317,11 +318,11 @@ class ZipImportRunner

        if (count($pages) > 0) {
            if ($parent) {
-                if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) {
+                if (!userCan(Permission::PageCreate, $parent)) {
                    $errors[] = trans('errors.import_perms_pages');
                }
            } else {
-                $hasPermission = userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn);
+                $hasPermission = userCan(Permission::PageCreateAll) || userCan(Permission::PageCreateOwn);
                if (!$hasPermission) {
                    $errors[] = trans('errors.import_perms_pages');
                }
@@ -329,13 +330,13 @@ class ZipImportRunner
        }

        if (count($images) > 0) {
-            if (!userCan(\BookStack\Permissions\Permission::ImageCreateAll)) {
+            if (!userCan(Permission::ImageCreateAll)) {
                $errors[] = trans('errors.import_perms_images');
            }
        }

        if (count($attachments) > 0) {
-            if (!userCan(\BookStack\Permissions\Permission::AttachmentCreateAll)) {
+            if (!userCan(Permission::AttachmentCreateAll)) {
                $errors[] = trans('errors.import_perms_attachments');
            }
        }
--- a/app/Sorting/BookSorter.php
+++ b/app/Sorting/BookSorter.php
@@ -8,6 +8,7 @@ use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
 use BookStack\Entities\Queries\EntityQueries;
+use BookStack\Permissions\Permission;

 class BookSorter
 {
@@ -187,11 +188,11 @@ class BookSorter

        $hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0));
        if ($model instanceof Chapter) {
-            $hasPermission = userCan(\BookStack\Permissions\Permission::BookUpdate, $currentParent)
-                && userCan(\BookStack\Permissions\Permission::BookUpdate, $newBook)
-                && userCan(\BookStack\Permissions\Permission::ChapterUpdate, $model)
-                && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterCreate, $newBook))
-                && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterDelete, $model));
+            $hasPermission = userCan(Permission::BookUpdate, $currentParent)
+                && userCan(Permission::BookUpdate, $newBook)
+                && userCan(Permission::ChapterUpdate, $model)
+                && (!$hasNewParent || userCan(Permission::ChapterCreate, $newBook))
+                && (!$hasNewParent || userCan(Permission::ChapterDelete, $model));

            if (!$hasPermission) {
                return false;
@@ -210,13 +211,13 @@ class BookSorter
                return false;
            }

-            $hasPageEditPermission = userCan(\BookStack\Permissions\Permission::PageUpdate, $model);
+            $hasPageEditPermission = userCan(Permission::PageUpdate, $model);
            $newParentInRightLocation = ($newParent instanceof Book || ($newParent instanceof Chapter && $newParent->book_id === $newBook->id));
            $newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update';
            $hasNewParentPermission = userCan($newParentPermission, $newParent);

-            $hasDeletePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageDelete, $model));
-            $hasCreatePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageCreate, $newParent));
+            $hasDeletePermissionIfMoving = (!$hasNewParent || userCan(Permission::PageDelete, $model));
+            $hasCreatePermissionIfMoving = (!$hasNewParent || userCan(Permission::PageCreate, $newParent));

            $hasPermission = $hasCurrentParentPermission
                && $newParentInRightLocation
--- a/app/Uploads/Controllers/DrawioImageController.php
+++ b/app/Uploads/Controllers/DrawioImageController.php
@@ -82,7 +82,7 @@ class DrawioImageController extends Controller
            return $this->jsonError(trans('errors.drawing_data_not_found'), 404);
        }

-        if ($image->type !== 'drawio' || !userCan(\BookStack\Permissions\Permission::PageView, $image->getPage())) {
+        if ($image->type !== 'drawio' || !userCan(Permission::PageView, $image->getPage())) {
            return $this->jsonError(trans('errors.drawing_data_not_found'), 404);
        }

--- a/app/Users/Controllers/UserAccountController.php
+++ b/app/Users/Controllers/UserAccountController.php
@@ -63,9 +63,9 @@ class UserAccountController extends Controller
            'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
        ]);

-        $this->userRepo->update($user, $validated, userCan(\BookStack\Permissions\Permission::UsersManage));
+        $this->userRepo->update($user, $validated, userCan(Permission::UsersManage));

-        // Save profile image if in request
+        // Save the profile image if in request
        if ($request->hasFile('profile_image')) {
            $imageUpload = $request->file('profile_image');
            $imageRepo->destroyImage($user->avatar);
@@ -74,7 +74,7 @@ class UserAccountController extends Controller
            $user->save();
        }

-        // Delete the profile image if reset option is in request
+        // Delete the profile image if the reset option is in request
        if ($request->has('profile_image_reset')) {
            $imageRepo->destroyImage($user->avatar);
            $user->image_id = 0;
@@ -219,7 +219,7 @@ class UserAccountController extends Controller
        $this->preventAccessInDemoMode();

        $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
-        $newOwnerId = userCan(\BookStack\Permissions\Permission::UsersManage) ? $requestNewOwnerId : null;
+        $newOwnerId = userCan(Permission::UsersManage) ? $requestNewOwnerId : null;

        $this->userRepo->destroy(user(), $newOwnerId);

--- a/app/Users/Controllers/UserApiController.php
+++ b/app/Users/Controllers/UserApiController.php
@@ -125,7 +125,7 @@ class UserApiController extends ApiController
    {
        $data = $this->validate($request, $this->rules($id)['update']);
        $user = $this->userRepo->getById($id);
-        $this->userRepo->update($user, $data, userCan(\BookStack\Permissions\Permission::UsersManage));
+        $this->userRepo->update($user, $data, userCan(Permission::UsersManage));
        $this->singleFormatter($user);

        return response()->json($user);
--- a/app/Users/Controllers/UserSearchController.php
+++ b/app/Users/Controllers/UserSearchController.php
@@ -3,6 +3,7 @@
 namespace BookStack\Users\Controllers;

 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use BookStack\Users\Models\User;
 use Illuminate\Http\Request;

@@ -15,9 +16,9 @@ class UserSearchController extends Controller
    public function forSelect(Request $request)
    {
        $hasPermission = !user()->isGuest() && (
-            userCan(\BookStack\Permissions\Permission::UsersManage)
-                || userCan(\BookStack\Permissions\Permission::RestrictionsManageOwn)
-                || userCan(\BookStack\Permissions\Permission::RestrictionsManageAll)
+            userCan(Permission::UsersManage)
+                || userCan(Permission::RestrictionsManageOwn)
+                || userCan(Permission::RestrictionsManageAll)
        );

        if (!$hasPermission) {
--- a/resources/views/entities/book-tree.blade.php
+++ b/resources/views/entities/book-tree.blade.php
@@ -5,7 +5,7 @@
    <h5>{{ trans('entities.books_navigation') }}</h5>

    <ul class="sidebar-page-list mt-xs menu entity-list">
-        @if (userCan(\BookStack\Permissions\Permission::View, $book))
+        @if (userCan(\BookStack\Permissions\Permission::BookView, $book))
            <li class="list-item-book book">
                @include('entities.list-item-basic', ['entity' => $book, 'classes' => ($current->matches($book)? 'selected' : '')])
            </li>
--- a/resources/views/pages/parts/image-manager-form.blade.php
+++ b/resources/views/pages/parts/image-manager-form.blade.php
@@ -105,7 +105,7 @@
        @if($image->createdBy)
            <div>@icon('user') {{ trans('components.image_uploaded_by', ['userName' => $image->createdBy->name]) }}</div>
        @endif
-        @if(($page = $image->getPage()) && userCan(\BookStack\Permissions\Permission::View, $page))
+        @if(($page = $image->getPage()) && userCan(\BookStack\Permissions\Permission::PageView, $page))
            <div>
                @icon('page')
                {!! trans('components.image_uploaded_to', [
--- a/resources/views/pages/show.blade.php
+++ b/resources/views/pages/show.blade.php
@@ -146,7 +146,7 @@
                    <span>{{ trans('common.edit') }}</span>
                </a>
            @endif
-            @if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCanOnAny('create', \BookStack\Entities\Models\Chapter::class) || userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn))
+            @if(userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Chapter::class))
                <a href="{{ $page->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
                    <span>@icon('copy')</span>
                    <span>{{ trans('common.copy') }}</span>