From a70c733f2757f8f145fb784b6306e116a4d54fc2 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Wed, 10 Sep 2025 11:36:54 +0100 Subject: [PATCH] Permissions: Cleanup after review of enum implementation PR --- app/Activity/Tools/CommentTree.php | 3 ++- app/Activity/Tools/TagClassGenerator.php | 5 +++-- app/Entities/Controllers/PageController.php | 2 +- app/Entities/Repos/ChapterRepo.php | 3 ++- app/Entities/Repos/PageRepo.php | 9 +++++---- app/Entities/Tools/Cloner.php | 11 ++++++----- app/Entities/Tools/PageEditorData.php | 5 +++-- app/Entities/Tools/PermissionsUpdater.php | 2 +- app/Exports/ImportRepo.php | 5 +++-- app/Exports/ZipExports/ZipExportReferences.php | 3 ++- app/Exports/ZipExports/ZipImportRunner.php | 11 ++++++----- app/Sorting/BookSorter.php | 17 +++++++++-------- .../Controllers/DrawioImageController.php | 2 +- app/Users/Controllers/UserAccountController.php | 8 ++++---- app/Users/Controllers/UserApiController.php | 2 +- app/Users/Controllers/UserSearchController.php | 7 ++++--- resources/views/entities/book-tree.blade.php | 2 +- .../pages/parts/image-manager-form.blade.php | 2 +- resources/views/pages/show.blade.php | 2 +- 19 files changed, 56 insertions(+), 45 deletions(-) diff --git a/app/Activity/Tools/CommentTree.php b/app/Activity/Tools/CommentTree.php index af9b7ecb2..66df29430 100644 --- a/app/Activity/Tools/CommentTree.php +++ b/app/Activity/Tools/CommentTree.php @@ -4,6 +4,7 @@ namespace BookStack\Activity\Tools; use BookStack\Activity\Models\Comment; use BookStack\Entities\Models\Page; +use BookStack\Permissions\Permission; class CommentTree { @@ -70,7 +71,7 @@ class CommentTree public function canUpdateAny(): bool { foreach ($this->comments as $comment) { - if (userCan(\BookStack\Permissions\Permission::CommentUpdate, $comment)) { + if (userCan(Permission::CommentUpdate, $comment)) { return true; } } diff --git a/app/Activity/Tools/TagClassGenerator.php b/app/Activity/Tools/TagClassGenerator.php index 03586eb27..0f7aa1fe0 100644 --- a/app/Activity/Tools/TagClassGenerator.php +++ b/app/Activity/Tools/TagClassGenerator.php @@ -6,6 +6,7 @@ use BookStack\Activity\Models\Tag; use BookStack\Entities\Models\BookChild; use BookStack\Entities\Models\Entity; use BookStack\Entities\Models\Page; +use BookStack\Permissions\Permission; class TagClassGenerator { @@ -26,14 +27,14 @@ class TagClassGenerator array_push($classes, ...$this->generateClassesForTag($tag)); } - if ($this->entity instanceof BookChild && userCan(\BookStack\Permissions\Permission::View, $this->entity->book)) { + if ($this->entity instanceof BookChild && userCan(Permission::BookView, $this->entity->book)) { $bookTags = $this->entity->book->tags; foreach ($bookTags as $bookTag) { array_push($classes, ...$this->generateClassesForTag($bookTag, 'book-')); } } - if ($this->entity instanceof Page && $this->entity->chapter && userCan(\BookStack\Permissions\Permission::View, $this->entity->chapter)) { + if ($this->entity instanceof Page && $this->entity->chapter && userCan(Permission::ChapterView, $this->entity->chapter)) { $chapterTags = $this->entity->chapter->tags; foreach ($chapterTags as $chapterTag) { array_push($classes, ...$this->generateClassesForTag($chapterTag, 'chapter-')); diff --git a/app/Entities/Controllers/PageController.php b/app/Entities/Controllers/PageController.php index 1fe296537..67ecb0bb3 100644 --- a/app/Entities/Controllers/PageController.php +++ b/app/Entities/Controllers/PageController.php @@ -342,7 +342,7 @@ class PageController extends Controller $this->showSuccessNotification(trans('entities.pages_delete_draft_success')); - if ($chapter && userCan(\BookStack\Permissions\Permission::View, $chapter)) { + if ($chapter && userCan(Permission::ChapterView, $chapter)) { return redirect($chapter->getUrl()); } diff --git a/app/Entities/Repos/ChapterRepo.php b/app/Entities/Repos/ChapterRepo.php index 10b9697ed..5d4b52978 100644 --- a/app/Entities/Repos/ChapterRepo.php +++ b/app/Entities/Repos/ChapterRepo.php @@ -11,6 +11,7 @@ use BookStack\Entities\Tools\TrashCan; use BookStack\Exceptions\MoveOperationException; use BookStack\Exceptions\PermissionsException; use BookStack\Facades\Activity; +use BookStack\Permissions\Permission; use BookStack\Util\DatabaseTransaction; use Exception; @@ -87,7 +88,7 @@ class ChapterRepo throw new MoveOperationException('Book to move chapter into not found'); } - if (!userCan(\BookStack\Permissions\Permission::ChapterCreate, $parent)) { + if (!userCan(Permission::ChapterCreate, $parent)) { throw new PermissionsException('User does not have permission to create a chapter within the chosen book'); } diff --git a/app/Entities/Repos/PageRepo.php b/app/Entities/Repos/PageRepo.php index 4a9efd31d..76377f9a6 100644 --- a/app/Entities/Repos/PageRepo.php +++ b/app/Entities/Repos/PageRepo.php @@ -16,6 +16,7 @@ use BookStack\Entities\Tools\TrashCan; use BookStack\Exceptions\MoveOperationException; use BookStack\Exceptions\PermissionsException; use BookStack\Facades\Activity; +use BookStack\Permissions\Permission; use BookStack\References\ReferenceStore; use BookStack\References\ReferenceUpdater; use BookStack\Util\DatabaseTransaction; @@ -55,7 +56,7 @@ class PageRepo } $defaultTemplate = $page->chapter->defaultTemplate ?? $page->book->defaultTemplate; - if ($defaultTemplate && userCan(\BookStack\Permissions\Permission::View, $defaultTemplate)) { + if ($defaultTemplate && userCan(Permission::PageView, $defaultTemplate)) { $page->forceFill([ 'html' => $defaultTemplate->html, 'markdown' => $defaultTemplate->markdown, @@ -142,7 +143,7 @@ class PageRepo protected function updateTemplateStatusAndContentFromInput(Page $page, array $input): void { - if (isset($input['template']) && userCan(\BookStack\Permissions\Permission::TemplatesManage)) { + if (isset($input['template']) && userCan(Permission::TemplatesManage)) { $page->template = ($input['template'] === 'true'); } @@ -165,7 +166,7 @@ class PageRepo $pageContent->setNewHTML($input['html'], user()); } - if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(\BookStack\Permissions\Permission::EditorChange)) { + if (($newEditor !== $currentEditor || empty($page->editor)) && userCan(Permission::EditorChange)) { $page->editor = $newEditor->value; } elseif (empty($page->editor)) { $page->editor = $defaultEditor->value; @@ -271,7 +272,7 @@ class PageRepo throw new MoveOperationException('Book or chapter to move page into not found'); } - if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) { + if (!userCan(Permission::PageCreate, $parent)) { throw new PermissionsException('User does not have permission to create a page within the new parent'); } diff --git a/app/Entities/Tools/Cloner.php b/app/Entities/Tools/Cloner.php index 0af25a2c1..05618fef4 100644 --- a/app/Entities/Tools/Cloner.php +++ b/app/Entities/Tools/Cloner.php @@ -12,6 +12,7 @@ use BookStack\Entities\Models\Page; use BookStack\Entities\Repos\BookRepo; use BookStack\Entities\Repos\ChapterRepo; use BookStack\Entities\Repos\PageRepo; +use BookStack\Permissions\Permission; use BookStack\Uploads\Image; use BookStack\Uploads\ImageService; use Illuminate\Http\UploadedFile; @@ -49,7 +50,7 @@ class Cloner $copyChapter = $this->chapterRepo->create($chapterDetails, $parent); - if (userCan(\BookStack\Permissions\Permission::PageCreate, $copyChapter)) { + if (userCan(Permission::PageCreate, $copyChapter)) { /** @var Page $page */ foreach ($original->getVisiblePages() as $page) { $this->clonePage($page, $copyChapter, $page->name); @@ -61,7 +62,7 @@ class Cloner /** * Clone the given book. - * Clones all child chapters & pages. + * Clones all child chapters and pages. */ public function cloneBook(Book $original, string $newName): Book { @@ -74,11 +75,11 @@ class Cloner // Clone contents $directChildren = $original->getDirectVisibleChildren(); foreach ($directChildren as $child) { - if ($child instanceof Chapter && userCan(\BookStack\Permissions\Permission::ChapterCreate, $copyBook)) { + if ($child instanceof Chapter && userCan(Permission::ChapterCreate, $copyBook)) { $this->cloneChapter($child, $copyBook, $child->name); } - if ($child instanceof Page && !$child->draft && userCan(\BookStack\Permissions\Permission::PageCreate, $copyBook)) { + if ($child instanceof Page && !$child->draft && userCan(Permission::PageCreate, $copyBook)) { $this->clonePage($child, $copyBook, $child->name); } } @@ -86,7 +87,7 @@ class Cloner // Clone bookshelf relationships /** @var Bookshelf $shelf */ foreach ($original->shelves as $shelf) { - if (userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf)) { + if (userCan(Permission::BookshelfUpdate, $shelf)) { $shelf->appendBook($copyBook); } } diff --git a/app/Entities/Tools/PageEditorData.php b/app/Entities/Tools/PageEditorData.php index fc32e9a43..b41b31909 100644 --- a/app/Entities/Tools/PageEditorData.php +++ b/app/Entities/Tools/PageEditorData.php @@ -7,6 +7,7 @@ use BookStack\Entities\Models\Page; use BookStack\Entities\Queries\EntityQueries; use BookStack\Entities\Tools\Markdown\HtmlToMarkdown; use BookStack\Entities\Tools\Markdown\MarkdownToHtml; +use BookStack\Permissions\Permission; class PageEditorData { @@ -98,9 +99,9 @@ class PageEditorData { $editorType = PageEditorType::forPage($page) ?: PageEditorType::getSystemDefault(); - // Use requested editor if valid and if we have permission + // Use the requested editor if valid and if we have permission $requestedType = PageEditorType::fromRequestValue($this->requestedEditor); - if ($requestedType && userCan(\BookStack\Permissions\Permission::EditorChange)) { + if ($requestedType && userCan(Permission::EditorChange)) { $editorType = $requestedType; } diff --git a/app/Entities/Tools/PermissionsUpdater.php b/app/Entities/Tools/PermissionsUpdater.php index fbf92e203..fa9ae753c 100644 --- a/app/Entities/Tools/PermissionsUpdater.php +++ b/app/Entities/Tools/PermissionsUpdater.php @@ -150,7 +150,7 @@ class PermissionsUpdater /** @var Book $book */ foreach ($shelfBooks as $book) { - if ($checkUserPermissions && !userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book)) { + if ($checkUserPermissions && !userCan(Permission::RestrictionsManage, $book)) { continue; } $book->permissions()->delete(); diff --git a/app/Exports/ImportRepo.php b/app/Exports/ImportRepo.php index 071fa532c..79db69fca 100644 --- a/app/Exports/ImportRepo.php +++ b/app/Exports/ImportRepo.php @@ -16,6 +16,7 @@ use BookStack\Exports\ZipExports\ZipExportReader; use BookStack\Exports\ZipExports\ZipExportValidator; use BookStack\Exports\ZipExports\ZipImportRunner; use BookStack\Facades\Activity; +use BookStack\Permissions\Permission; use BookStack\Uploads\FileStorage; use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Collection; @@ -46,7 +47,7 @@ class ImportRepo { $query = Import::query(); - if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) { + if (!userCan(Permission::SettingsManage)) { $query->where('created_by', user()->id); } @@ -57,7 +58,7 @@ class ImportRepo { $query = Import::query(); - if (!userCan(\BookStack\Permissions\Permission::SettingsManage)) { + if (!userCan(Permission::SettingsManage)) { $query->where('created_by', user()->id); } diff --git a/app/Exports/ZipExports/ZipExportReferences.php b/app/Exports/ZipExports/ZipExportReferences.php index 621076acc..64107cf21 100644 --- a/app/Exports/ZipExports/ZipExportReferences.php +++ b/app/Exports/ZipExports/ZipExportReferences.php @@ -12,6 +12,7 @@ use BookStack\Exports\ZipExports\Models\ZipExportChapter; use BookStack\Exports\ZipExports\Models\ZipExportImage; use BookStack\Exports\ZipExports\Models\ZipExportModel; use BookStack\Exports\ZipExports\Models\ZipExportPage; +use BookStack\Permissions\Permission; use BookStack\Uploads\Attachment; use BookStack\Uploads\Image; @@ -135,7 +136,7 @@ class ZipExportReferences // Find and include images if in visibility $page = $model->getPage(); $pageExportModel = $this->pages[$page->id] ?? ($exportModel instanceof ZipExportPage ? $exportModel : null); - if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(\BookStack\Permissions\Permission::View, $page))) { + if (isset($this->images[$model->id]) || ($page && $pageExportModel && userCan(Permission::PageView, $page))) { if (!isset($this->images[$model->id])) { $exportImage = ZipExportImage::fromModel($model, $files); $this->images[$model->id] = $exportImage; diff --git a/app/Exports/ZipExports/ZipImportRunner.php b/app/Exports/ZipExports/ZipImportRunner.php index 09a946609..eafb527e8 100644 --- a/app/Exports/ZipExports/ZipImportRunner.php +++ b/app/Exports/ZipExports/ZipImportRunner.php @@ -18,6 +18,7 @@ use BookStack\Exports\ZipExports\Models\ZipExportChapter; use BookStack\Exports\ZipExports\Models\ZipExportImage; use BookStack\Exports\ZipExports\Models\ZipExportPage; use BookStack\Exports\ZipExports\Models\ZipExportTag; +use BookStack\Permissions\Permission; use BookStack\Uploads\Attachment; use BookStack\Uploads\AttachmentService; use BookStack\Uploads\FileStorage; @@ -288,7 +289,7 @@ class ZipImportRunner $attachments = []; if ($exportModel instanceof ZipExportBook) { - if (!userCan(\BookStack\Permissions\Permission::BookCreateAll)) { + if (!userCan(Permission::BookCreateAll)) { $errors[] = trans('errors.import_perms_books'); } array_push($pages, ...$exportModel->pages); @@ -317,11 +318,11 @@ class ZipImportRunner if (count($pages) > 0) { if ($parent) { - if (!userCan(\BookStack\Permissions\Permission::PageCreate, $parent)) { + if (!userCan(Permission::PageCreate, $parent)) { $errors[] = trans('errors.import_perms_pages'); } } else { - $hasPermission = userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn); + $hasPermission = userCan(Permission::PageCreateAll) || userCan(Permission::PageCreateOwn); if (!$hasPermission) { $errors[] = trans('errors.import_perms_pages'); } @@ -329,13 +330,13 @@ class ZipImportRunner } if (count($images) > 0) { - if (!userCan(\BookStack\Permissions\Permission::ImageCreateAll)) { + if (!userCan(Permission::ImageCreateAll)) { $errors[] = trans('errors.import_perms_images'); } } if (count($attachments) > 0) { - if (!userCan(\BookStack\Permissions\Permission::AttachmentCreateAll)) { + if (!userCan(Permission::AttachmentCreateAll)) { $errors[] = trans('errors.import_perms_attachments'); } } diff --git a/app/Sorting/BookSorter.php b/app/Sorting/BookSorter.php index e1fd17238..1152101d2 100644 --- a/app/Sorting/BookSorter.php +++ b/app/Sorting/BookSorter.php @@ -8,6 +8,7 @@ use BookStack\Entities\Models\Chapter; use BookStack\Entities\Models\Entity; use BookStack\Entities\Models\Page; use BookStack\Entities\Queries\EntityQueries; +use BookStack\Permissions\Permission; class BookSorter { @@ -187,11 +188,11 @@ class BookSorter $hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0)); if ($model instanceof Chapter) { - $hasPermission = userCan(\BookStack\Permissions\Permission::BookUpdate, $currentParent) - && userCan(\BookStack\Permissions\Permission::BookUpdate, $newBook) - && userCan(\BookStack\Permissions\Permission::ChapterUpdate, $model) - && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterCreate, $newBook)) - && (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterDelete, $model)); + $hasPermission = userCan(Permission::BookUpdate, $currentParent) + && userCan(Permission::BookUpdate, $newBook) + && userCan(Permission::ChapterUpdate, $model) + && (!$hasNewParent || userCan(Permission::ChapterCreate, $newBook)) + && (!$hasNewParent || userCan(Permission::ChapterDelete, $model)); if (!$hasPermission) { return false; @@ -210,13 +211,13 @@ class BookSorter return false; } - $hasPageEditPermission = userCan(\BookStack\Permissions\Permission::PageUpdate, $model); + $hasPageEditPermission = userCan(Permission::PageUpdate, $model); $newParentInRightLocation = ($newParent instanceof Book || ($newParent instanceof Chapter && $newParent->book_id === $newBook->id)); $newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update'; $hasNewParentPermission = userCan($newParentPermission, $newParent); - $hasDeletePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageDelete, $model)); - $hasCreatePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageCreate, $newParent)); + $hasDeletePermissionIfMoving = (!$hasNewParent || userCan(Permission::PageDelete, $model)); + $hasCreatePermissionIfMoving = (!$hasNewParent || userCan(Permission::PageCreate, $newParent)); $hasPermission = $hasCurrentParentPermission && $newParentInRightLocation diff --git a/app/Uploads/Controllers/DrawioImageController.php b/app/Uploads/Controllers/DrawioImageController.php index c9b49b890..f44acd997 100644 --- a/app/Uploads/Controllers/DrawioImageController.php +++ b/app/Uploads/Controllers/DrawioImageController.php @@ -82,7 +82,7 @@ class DrawioImageController extends Controller return $this->jsonError(trans('errors.drawing_data_not_found'), 404); } - if ($image->type !== 'drawio' || !userCan(\BookStack\Permissions\Permission::PageView, $image->getPage())) { + if ($image->type !== 'drawio' || !userCan(Permission::PageView, $image->getPage())) { return $this->jsonError(trans('errors.drawing_data_not_found'), 404); } diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php index 07e384b3a..a8baba529 100644 --- a/app/Users/Controllers/UserAccountController.php +++ b/app/Users/Controllers/UserAccountController.php @@ -63,9 +63,9 @@ class UserAccountController extends Controller 'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()), ]); - $this->userRepo->update($user, $validated, userCan(\BookStack\Permissions\Permission::UsersManage)); + $this->userRepo->update($user, $validated, userCan(Permission::UsersManage)); - // Save profile image if in request + // Save the profile image if in request if ($request->hasFile('profile_image')) { $imageUpload = $request->file('profile_image'); $imageRepo->destroyImage($user->avatar); @@ -74,7 +74,7 @@ class UserAccountController extends Controller $user->save(); } - // Delete the profile image if reset option is in request + // Delete the profile image if the reset option is in request if ($request->has('profile_image_reset')) { $imageRepo->destroyImage($user->avatar); $user->image_id = 0; @@ -219,7 +219,7 @@ class UserAccountController extends Controller $this->preventAccessInDemoMode(); $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null; - $newOwnerId = userCan(\BookStack\Permissions\Permission::UsersManage) ? $requestNewOwnerId : null; + $newOwnerId = userCan(Permission::UsersManage) ? $requestNewOwnerId : null; $this->userRepo->destroy(user(), $newOwnerId); diff --git a/app/Users/Controllers/UserApiController.php b/app/Users/Controllers/UserApiController.php index 28c4a3876..9134b3cc1 100644 --- a/app/Users/Controllers/UserApiController.php +++ b/app/Users/Controllers/UserApiController.php @@ -125,7 +125,7 @@ class UserApiController extends ApiController { $data = $this->validate($request, $this->rules($id)['update']); $user = $this->userRepo->getById($id); - $this->userRepo->update($user, $data, userCan(\BookStack\Permissions\Permission::UsersManage)); + $this->userRepo->update($user, $data, userCan(Permission::UsersManage)); $this->singleFormatter($user); return response()->json($user); diff --git a/app/Users/Controllers/UserSearchController.php b/app/Users/Controllers/UserSearchController.php index a6596046a..a2543b7ee 100644 --- a/app/Users/Controllers/UserSearchController.php +++ b/app/Users/Controllers/UserSearchController.php @@ -3,6 +3,7 @@ namespace BookStack\Users\Controllers; use BookStack\Http\Controller; +use BookStack\Permissions\Permission; use BookStack\Users\Models\User; use Illuminate\Http\Request; @@ -15,9 +16,9 @@ class UserSearchController extends Controller public function forSelect(Request $request) { $hasPermission = !user()->isGuest() && ( - userCan(\BookStack\Permissions\Permission::UsersManage) - || userCan(\BookStack\Permissions\Permission::RestrictionsManageOwn) - || userCan(\BookStack\Permissions\Permission::RestrictionsManageAll) + userCan(Permission::UsersManage) + || userCan(Permission::RestrictionsManageOwn) + || userCan(Permission::RestrictionsManageAll) ); if (!$hasPermission) { diff --git a/resources/views/entities/book-tree.blade.php b/resources/views/entities/book-tree.blade.php index bcc521306..c95b1eebc 100644 --- a/resources/views/entities/book-tree.blade.php +++ b/resources/views/entities/book-tree.blade.php @@ -5,7 +5,7 @@
{{ trans('entities.books_navigation') }}