bookstack/app/helpers.php

<?php

if (!function_exists('versioned_asset')) {
    /**
     * Get the path to a versioned file.
     *
     * @param  string $file
     * @return string
     *
     * @throws \InvalidArgumentException
     */
    function versioned_asset($file)
    {
        static $manifest = null;

        if (is_null($manifest)) {
            $manifest = json_decode(file_get_contents(public_path('build/manifest.json')), true);
        }

        if (isset($manifest[$file])) {
            return '/' . $manifest[$file];
        }

        if (file_exists(public_path($file))) {
            return '/' . $file;
        }

        throw new InvalidArgumentException("File {$file} not defined in asset manifest.");
    }
}

/**
 * Check if the current user has a permission.
 * If an ownable element is passed in the permissions are checked against
 * that particular item.
 * @param $permission
 * @param \BookStack\Ownable $ownable
 * @return mixed
 */
function userCan($permission, \BookStack\Ownable $ownable = null)
{
    if (!auth()->check()) return false;
    if ($ownable === null) {
        return auth()->user() && auth()->user()->can($permission);
    }

    // Check permission on ownable item
    $permissionBaseName = strtolower($permission) . '-';
    $hasPermission = false;
    if (auth()->user()->can($permissionBaseName . 'all')) $hasPermission = true;
    if (auth()->user()->can($permissionBaseName . 'own') && $ownable->createdBy && $ownable->createdBy->id === auth()->user()->id) $hasPermission = true;

    if (!$ownable instanceof \BookStack\Entity) return $hasPermission;

    // Check restrictions on the entity
    $restrictionService = app('BookStack\Services\RestrictionService');
    $explodedPermission = explode('-', $permission);
    $action = end($explodedPermission);
    $hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);
    $restrictionsSet = $restrictionService->checkIfRestrictionsSet($ownable, $action);
    return ($hasAccess && $restrictionsSet) || (!$restrictionsSet && $hasPermission);
}

/**
 * Helper to access system settings.
 * @param $key
 * @param bool $default
 * @return mixed
 */
function setting($key, $default = false)
{
    $settingService = app('BookStack\Services\SettingService');
    return $settingService->get($key, $default);
}
Implemented custom asset versioning to make creating releases easier 2015-12-17 01:09:44 +08:00			`<?php`

Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-06 02:09:21 +08:00			`if (!function_exists('versioned_asset')) {`
Implemented custom asset versioning to make creating releases easier 2015-12-17 01:09:44 +08:00			`/**`
			`* Get the path to a versioned file.`
			`*`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-06 02:09:21 +08:00			`* @param string $file`
Implemented custom asset versioning to make creating releases easier 2015-12-17 01:09:44 +08:00			`* @return string`
			`*`
			`* @throws \InvalidArgumentException`
			`*/`
			`function versioned_asset($file)`
			`{`
			`static $manifest = null;`

			`if (is_null($manifest)) {`
			`$manifest = json_decode(file_get_contents(public_path('build/manifest.json')), true);`
			`}`

			`if (isset($manifest[$file])) {`
			`return '/' . $manifest[$file];`
			`}`

			`if (file_exists(public_path($file))) {`
			`return '/' . $file;`
			`}`

			`throw new InvalidArgumentException("File {$file} not defined in asset manifest.");`
			`}`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`}`

			`/**`
			`* Check if the current user has a permission.`
			`* If an ownable element is passed in the permissions are checked against`
			`* that particular item.`
			`* @param $permission`
			`* @param \BookStack\Ownable $ownable`
			`* @return mixed`
			`*/`
			`function userCan($permission, \BookStack\Ownable $ownable = null)`
			`{`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-06 02:09:21 +08:00			`if (!auth()->check()) return false;`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`if ($ownable === null) {`
			`return auth()->user() && auth()->user()->can($permission);`
			`}`

Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00			`// Check permission on ownable item`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`$permissionBaseName = strtolower($permission) . '-';`
Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00			`$hasPermission = false;`
			`if (auth()->user()->can($permissionBaseName . 'all')) $hasPermission = true;`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-06 02:09:21 +08:00			`if (auth()->user()->can($permissionBaseName . 'own') && $ownable->createdBy && $ownable->createdBy->id === auth()->user()->id) $hasPermission = true;`
Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-06 02:09:21 +08:00			`if (!$ownable instanceof \BookStack\Entity) return $hasPermission;`
Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89. 2016-03-31 03:15:44 +08:00			`// Check restrictions on the entity`
Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00			`$restrictionService = app('BookStack\Services\RestrictionService');`
			`$explodedPermission = explode('-', $permission);`
			`$action = end($explodedPermission);`
			`$hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);`
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89. 2016-03-31 03:15:44 +08:00			`$restrictionsSet = $restrictionService->checkIfRestrictionsSet($ownable, $action);`
			`return ($hasAccess && $restrictionsSet) \|\| (!$restrictionsSet && $hasPermission);`
Added settings helper and formatted code in some files 2016-03-06 20:55:08 +08:00			`}`

			`/**`
			`* Helper to access system settings.`
			`* @param $key`
			`* @param bool $default`
			`* @return mixed`
			`*/`
			`function setting($key, $default = false)`
			`{`
			`$settingService = app('BookStack\Services\SettingService');`
			`return $settingService->get($key, $default);`
			`}`