bookstack/app/Entities/Tools/PermissionsUpdater.php

<?php

namespace BookStack\Entities\Tools;

use BookStack\Actions\ActivityType;
use BookStack\Auth\Permissions\EntityPermission;
use BookStack\Auth\User;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
use BookStack\Entities\Models\Entity;
use BookStack\Facades\Activity;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;

class PermissionsUpdater
{
    /**
     * Update an entities permissions from a permission form submit request.
     */
    public function updateFromPermissionsForm(Entity $entity, Request $request)
    {
        $permissions = $request->get('permissions', null);
        $ownerId = $request->get('owned_by', null);

        $entity->permissions()->delete();

        if (!is_null($permissions)) {
            $entityPermissionData = $this->formatPermissionsFromRequestToEntityPermissions($permissions);
            $entity->permissions()->createMany($entityPermissionData);
        }

        if (!is_null($ownerId)) {
            $this->updateOwnerFromId($entity, intval($ownerId));
        }

        $entity->save();
        $entity->rebuildPermissions();

        Activity::add(ActivityType::PERMISSIONS_UPDATE, $entity);
    }

    /**
     * Update the owner of the given entity.
     * Checks the user exists in the system first.
     * Does not save the model, just updates it.
     */
    protected function updateOwnerFromId(Entity $entity, int $newOwnerId)
    {
        $newOwner = User::query()->find($newOwnerId);
        if (!is_null($newOwner)) {
            $entity->owned_by = $newOwner->id;
        }
    }

    /**
     * Format permissions provided from a permission form to be EntityPermission data.
     */
    protected function formatPermissionsFromRequestToEntityPermissions(array $permissions): array
    {
        $formatted = [];

        foreach ($permissions as $roleId => $info) {
            $entityPermissionData = ['role_id' => $roleId];
            foreach (EntityPermission::PERMISSIONS as $permission) {
                $entityPermissionData[$permission] = (($info[$permission] ?? false) === "true");
            }
            $formatted[] = $entityPermissionData;
        }

        return $formatted;
    }

    /**
     * Copy down the permissions of the given shelf to all child books.
     */
    public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int
    {
        $shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
        $shelfBooks = $shelf->books()->get(['id', 'owned_by']);
        $updatedBookCount = 0;

        /** @var Book $book */
        foreach ($shelfBooks as $book) {
            if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {
                continue;
            }
            $book->permissions()->delete();
            $book->permissions()->createMany($shelfPermissions);
            $book->rebuildPermissions();
            $updatedBookCount++;
        }

        return $updatedBookCount;
    }
}
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`<?php`

			`namespace BookStack\Entities\Tools;`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00
			`use BookStack\Actions\ActivityType;`
Started code update for new entity permission format 2022-10-08 20:52:59 +08:00			`use BookStack\Auth\Permissions\EntityPermission;`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`use BookStack\Auth\User;`
Reorgranised permission routes into their own controller Also introduced helpers for getting entities by slugs since we do it in so many places. 2022-10-09 23:36:03 +08:00			`use BookStack\Entities\Models\Book;`
			`use BookStack\Entities\Models\Bookshelf;`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`use BookStack\Entities\Models\Entity;`
			`use BookStack\Facades\Activity;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Collection;`

			`class PermissionsUpdater`
			`{`
			`/**`
			`* Update an entities permissions from a permission form submit request.`
			`*/`
			`public function updateFromPermissionsForm(Entity $entity, Request $request)`
			`{`
Started code update for new entity permission format 2022-10-08 20:52:59 +08:00			`$permissions = $request->get('permissions', null);`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`$ownerId = $request->get('owned_by', null);`

			`$entity->permissions()->delete();`

			`if (!is_null($permissions)) {`
			`$entityPermissionData = $this->formatPermissionsFromRequestToEntityPermissions($permissions);`
			`$entity->permissions()->createMany($entityPermissionData);`
			`}`

			`if (!is_null($ownerId)) {`
Added manual type conversion to fix failing tests 2021-01-02 02:38:54 +08:00			`$this->updateOwnerFromId($entity, intval($ownerId));`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`}`

			`$entity->save();`
			`$entity->rebuildPermissions();`

Refactored the activity service - Renamed to "ActivityLogger" to be more focused in usage. - Extracted out query elements to seperate "ActivityQueries" class. - Removed old 'addForEntity' activity method to limit activity record points. 2021-12-12 01:29:33 +08:00			`Activity::add(ActivityType::PERMISSIONS_UPDATE, $entity);`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`}`

			`/**`
			`* Update the owner of the given entity.`
			`* Checks the user exists in the system first.`
			`* Does not save the model, just updates it.`
			`*/`
			`protected function updateOwnerFromId(Entity $entity, int $newOwnerId)`
			`{`
			`$newOwner = User::query()->find($newOwnerId);`
			`if (!is_null($newOwner)) {`
			`$entity->owned_by = $newOwner->id;`
			`}`
			`}`

			`/**`
Started code update for new entity permission format 2022-10-08 20:52:59 +08:00			`* Format permissions provided from a permission form to be EntityPermission data.`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`*/`
Started code update for new entity permission format 2022-10-08 20:52:59 +08:00			`protected function formatPermissionsFromRequestToEntityPermissions(array $permissions): array`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`{`
Started code update for new entity permission format 2022-10-08 20:52:59 +08:00			`$formatted = [];`

			`foreach ($permissions as $roleId => $info) {`
			`$entityPermissionData = ['role_id' => $roleId];`
			`foreach (EntityPermission::PERMISSIONS as $permission) {`
			`$entityPermissionData[$permission] = (($info[$permission] ?? false) === "true");`
			`}`
			`$formatted[] = $entityPermissionData;`
			`}`

			`return $formatted;`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`}`
Reorgranised permission routes into their own controller Also introduced helpers for getting entities by slugs since we do it in so many places. 2022-10-09 23:36:03 +08:00
			`/**`
			`* Copy down the permissions of the given shelf to all child books.`
			`*/`
			`public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int`
			`{`
			`$shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();`
Removed most usages of restricted entitiy property 2022-10-10 23:58:26 +08:00			`$shelfBooks = $shelf->books()->get(['id', 'owned_by']);`
Reorgranised permission routes into their own controller Also introduced helpers for getting entities by slugs since we do it in so many places. 2022-10-09 23:36:03 +08:00			`$updatedBookCount = 0;`

			`/** @var Book $book */`
			`foreach ($shelfBooks as $book) {`
			`if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {`
			`continue;`
			`}`
			`$book->permissions()->delete();`
			`$book->permissions()->createMany($shelfPermissions);`
			`$book->rebuildPermissions();`
			`$updatedBookCount++;`
			`}`

			`return $updatedBookCount;`
			`}`
Moved permission updating to its own tool And added support for owner changing. 2021-01-02 01:49:48 +08:00			`}`