colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed most usages of restricted entitiy property

This commit is contained in:
Dan Brown 2022-10-10 16:58:26 +01:00
parent 63056dbef4
commit 0f68be608d
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
22 changed files with 42 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/Auth/Permissions/PermissionApplicator.php
View File

@ -66,6 +66,8 @@ class PermissionApplicator
return true; return true;
} }
// The chain order here is very important due to the fact we walk up the chain
// in the loop below. Earlier items in the chain have higher priority.
$chain = [$entity]; $chain = [$entity];
if ($entity instanceof Page && $entity->chapter_id) { if ($entity instanceof Page && $entity->chapter_id) {
$chain[] = $entity->chapter; $chain[] = $entity->chapter;
@ -76,16 +78,26 @@ class PermissionApplicator
} }
foreach ($chain as $currentEntity) { foreach ($chain as $currentEntity) {
if (is_null($currentEntity->restricted)) { $allowedByRoleId = $currentEntity->permissions()
throw new InvalidArgumentException('Entity restricted field used but has not been loaded'); ->whereIn('role_id', [0, ...$userRoleIds])
->pluck($action, 'role_id');
// Continue up the chain if no applicable entity permission overrides.
if (empty($allowedByRoleId)) {
continue;
} }
if ($currentEntity->restricted) { // If we have user-role-specific permissions set, allow if any of those
return $currentEntity->permissions() // role permissions allow access.
->whereIn('role_id', $userRoleIds) $hasDefault = $allowedByRoleId->has(0);
->where($action, '=', true) if (!$hasDefault || $allowedByRoleId->count() > 1) {
->count() > 0; return $allowedByRoleId->search(function (bool $allowed, int $roleId) {
return $roleId !== 0 && $allowed;
}) !== false;
} }
// Otherwise, return the default "Other roles" fallback value.
return $allowedByRoleId->get(0);
} }
return null; return null;

4
app/Console/Commands/CopyShelfPermissions.php
View File

@ -66,11 +66,11 @@ class CopyShelfPermissions extends Command
return; return;
} }
$shelves = Bookshelf::query()->get(['id', 'restricted']); $shelves = Bookshelf::query()->get(['id']);
} }
if ($shelfSlug) { if ($shelfSlug) {
$shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id', 'restricted']); $shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id']);
if ($shelves->count() === 0) { if ($shelves->count() === 0) {
$this->info('No shelves found with the given slug.'); $this->info('No shelves found with the given slug.');
} }

2
app/Entities/Models/Book.php
View File

@ -28,7 +28,7 @@ class Book extends Entity implements HasCoverImage
public $searchFactor = 1.2; public $searchFactor = 1.2;
protected $fillable = ['name', 'description']; protected $fillable = ['name', 'description'];
protected $hidden = ['restricted', 'pivot', 'image_id', 'deleted_at']; protected $hidden = ['pivot', 'image_id', 'deleted_at'];
/** /**
* Get the url for this book. * Get the url for this book.

2
app/Entities/Models/Bookshelf.php
View File

@ -17,7 +17,7 @@ class Bookshelf extends Entity implements HasCoverImage
protected $fillable = ['name', 'description', 'image_id']; protected $fillable = ['name', 'description', 'image_id'];
protected $hidden = ['restricted', 'image_id', 'deleted_at']; protected $hidden = ['image_id', 'deleted_at'];
/** /**
* Get the books in this shelf. * Get the books in this shelf.

2
app/Entities/Models/Chapter.php
View File

@ -19,7 +19,7 @@ class Chapter extends BookChild
public $searchFactor = 1.2; public $searchFactor = 1.2;
protected $fillable = ['name', 'description', 'priority']; protected $fillable = ['name', 'description', 'priority'];
protected $hidden = ['restricted', 'pivot', 'deleted_at']; protected $hidden = ['pivot', 'deleted_at'];
/** /**
* Get the pages that this chapter contains. * Get the pages that this chapter contains.

1
app/Entities/Models/Entity.php
View File

@ -42,7 +42,6 @@ use Illuminate\Database\Eloquent\SoftDeletes;
* @property Carbon $deleted_at * @property Carbon $deleted_at
* @property int $created_by * @property int $created_by
* @property int $updated_by * @property int $updated_by
* @property bool $restricted
* @property Collection $tags * @property Collection $tags
* *
* @method static Entity|Builder visible() * @method static Entity|Builder visible()

2
app/Entities/Models/Page.php
View File

@ -39,7 +39,7 @@ class Page extends BookChild
public $textField = 'text'; public $textField = 'text';
protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot', 'deleted_at']; protected $hidden = ['html', 'markdown', 'text', 'pivot', 'deleted_at'];
protected $casts = [ protected $casts = [
'draft' => 'boolean', 'draft' => 'boolean',

2
app/Entities/Models/PageRevision.php
View File

@ -31,7 +31,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
class PageRevision extends Model implements Loggable class PageRevision extends Model implements Loggable
{ {
protected $fillable = ['name', 'text', 'summary']; protected $fillable = ['name', 'text', 'summary'];
protected $hidden = ['html', 'markdown', 'restricted', 'text']; protected $hidden = ['html', 'markdown', 'text'];
/** /**
* Get the user that created the page revision. * Get the user that created the page revision.

1
app/Entities/Tools/Cloner.php
View File

@ -122,7 +122,6 @@ class Cloner
*/ */
public function copyEntityPermissions(Entity $sourceEntity, Entity $targetEntity): void public function copyEntityPermissions(Entity $sourceEntity, Entity $targetEntity): void
{ {
$targetEntity->restricted = $sourceEntity->restricted;
$permissions = $sourceEntity->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray(); $permissions = $sourceEntity->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
$targetEntity->permissions()->delete(); $targetEntity->permissions()->delete();
$targetEntity->permissions()->createMany($permissions); $targetEntity->permissions()->createMany($permissions);

2
app/Entities/Tools/HierarchyTransformer.php
View File

@ -65,7 +65,7 @@ class HierarchyTransformer
foreach ($book->chapters as $index => $chapter) { foreach ($book->chapters as $index => $chapter) {
$newBook = $this->transformChapterToBook($chapter); $newBook = $this->transformChapterToBook($chapter);
$shelfBookSyncData[$newBook->id] = ['order' => $index]; $shelfBookSyncData[$newBook->id] = ['order' => $index];
if (!$newBook->restricted) { if (!$newBook->hasPermissions()) {
$this->cloner->copyEntityPermissions($shelf, $newBook); $this->cloner->copyEntityPermissions($shelf, $newBook);
} }
} }

5
app/Entities/Tools/PermissionsUpdater.php
View File

@ -75,9 +75,8 @@ class PermissionsUpdater
*/ */
public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int
{ {
// TODO - Fix for new format
$shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray(); $shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
$shelfBooks = $shelf->books()->get(['id', 'restricted', 'owned_by']); $shelfBooks = $shelf->books()->get(['id', 'owned_by']);
$updatedBookCount = 0; $updatedBookCount = 0;
/** @var Book $book */ /** @var Book $book */
@ -86,9 +85,7 @@ class PermissionsUpdater
continue; continue;
} }
$book->permissions()->delete(); $book->permissions()->delete();
$book->restricted = $shelf->restricted;
$book->permissions()->createMany($shelfPermissions); $book->permissions()->createMany($shelfPermissions);
$book->save();
$book->rebuildPermissions(); $book->rebuildPermissions();
$updatedBookCount++; $updatedBookCount++;
} }

2
app/Http/Controllers/FavouriteController.php
View File

@ -87,7 +87,7 @@ class FavouriteController extends Controller
$modelInstance = $model->newQuery() $modelInstance = $model->newQuery()
->where('id', '=', $modelInfo['id']) ->where('id', '=', $modelInfo['id'])
->first(['id', 'name', 'restricted', 'owned_by']); ->first(['id', 'name', 'owned_by']);
$inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance)); $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
if (is_null($modelInstance) || $inaccessibleEntity) { if (is_null($modelInstance) || $inaccessibleEntity) {

4
tests/Api/AttachmentsApiTest.php
View File

@ -50,9 +50,7 @@ class AttachmentsApiTest extends TestCase
], ],
]]); ]]);
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$page->save();
$this->entities->regenPermissions($page);
$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id'); $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
$resp->assertJsonMissing(['data' => [ $resp->assertJsonMissing(['data' => [

8
tests/Commands/CopyShelfPermissionsCommandTest.php
View File

@ -19,7 +19,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
$shelf = $this->entities->shelf(); $shelf = $this->entities->shelf();
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first(); $editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default'); $this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -28,7 +28,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
]); ]);
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted'); $this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions'); $this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);
@ -40,7 +40,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
Bookshelf::query()->where('id', '!=', $shelf->id)->delete(); Bookshelf::query()->where('id', '!=', $shelf->id)->delete();
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first(); $editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default'); $this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -48,7 +48,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
->expectsQuestion('Permission settings for all shelves will be cascaded. Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. Are you sure you want to proceed?', 'y'); ->expectsQuestion('Permission settings for all shelves will be cascaded. Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. Are you sure you want to proceed?', 'y');
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted'); $this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions'); $this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);

4
tests/Entity/BookShelfTest.php
View File

@ -295,7 +295,7 @@ class BookShelfTest extends TestCase
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first(); $editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default'); $this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -303,7 +303,7 @@ class BookShelfTest extends TestCase
$child = $shelf->books()->first(); $child = $shelf->books()->first();
$resp->assertRedirect($shelf->getUrl()); $resp->assertRedirect($shelf->getUrl());
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted'); $this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions'); $this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]); $this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);

4
tests/Entity/BookTest.php
View File

@ -304,9 +304,7 @@ class BookTest extends TestCase
// Hide child content // Hide child content
/** @var BookChild $page */ /** @var BookChild $page */
foreach ($book->getDirectChildren() as $child) { foreach ($book->getDirectChildren() as $child) {
$child->restricted = true; $this->entities->setPermissions($child, [], []);
$child->save();
$this->entities->regenPermissions($child);
} }
$this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']); $this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']);

4
tests/Entity/ChapterTest.php
View File

@ -101,9 +101,7 @@ class ChapterTest extends TestCase
// Hide pages to all non-admin roles // Hide pages to all non-admin roles
/** @var Page $page */ /** @var Page $page */
foreach ($chapter->pages as $page) { foreach ($chapter->pages as $page) {
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$page->save();
$this->entities->regenPermissions($page);
} }
$this->asEditor()->post($chapter->getUrl('/copy'), [ $this->asEditor()->post($chapter->getUrl('/copy'), [

3
tests/Entity/EntitySearchTest.php
View File

@ -172,8 +172,7 @@ class EntitySearchTest extends TestCase
// Restricted filter // Restricted filter
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertDontSee($page->name); $this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertDontSee($page->name);
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$page->save();
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertSee($page->name); $this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertSee($page->name);
// Date filters // Date filters

7
tests/Entity/TagTest.php
View File

@ -75,9 +75,7 @@ class TagTest extends TestCase
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']); $this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
// Set restricted permission the page // Set restricted permission the page
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$page->save();
$page->rebuildPermissions();
$this->asAdmin()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']); $this->asAdmin()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson([]); $this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson([]);
@ -180,8 +178,7 @@ class TagTest extends TestCase
$resp = $this->get('/tags?name=SuperCategory'); $resp = $this->get('/tags?name=SuperCategory');
$resp->assertSee('GreatTestContent'); $resp->assertSee('GreatTestContent');
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$this->entities->regenPermissions($page);
$resp = $this->asEditor()->get('/tags'); $resp = $this->asEditor()->get('/tags');
$resp->assertDontSee('SuperCategory'); $resp->assertDontSee('SuperCategory');

2
tests/Helpers/EntityProvider.php
View File

@ -204,7 +204,6 @@ class EntityProvider
*/ */
public function setPermissions(Entity $entity, array $actions = [], array $roles = []): void public function setPermissions(Entity $entity, array $actions = [], array $roles = []): void
{ {
$entity->restricted = true;
$entity->permissions()->delete(); $entity->permissions()->delete();
$permissions = []; $permissions = [];
@ -217,7 +216,6 @@ class EntityProvider
} }
$entity->permissions()->createMany($permissions); $entity->permissions()->createMany($permissions);
$entity->save();
$entity->load('permissions'); $entity->load('permissions');
$this->regenPermissions($entity); $this->regenPermissions($entity);
} }

1
tests/Permissions/EntityPermissionsTest.php
View File

@ -376,7 +376,6 @@ class EntityPermissionsTest extends TestCase
->assertSee($title); ->assertSee($title);
$this->put($modelInstance->getUrl('/permissions'), [ $this->put($modelInstance->getUrl('/permissions'), [
'restricted' => 'true',
'restrictions' => [ 'restrictions' => [
$roleId => [ $roleId => [
$permission => 'true', $permission => 'true',

6
tests/Uploads/AttachmentTest.php
View File

@ -253,11 +253,7 @@ class AttachmentTest extends TestCase
$this->uploadFile($fileName, $page->id); $this->uploadFile($fileName, $page->id);
$attachment = Attachment::orderBy('id', 'desc')->take(1)->first(); $attachment = Attachment::orderBy('id', 'desc')->take(1)->first();
$page->restricted = true; $this->entities->setPermissions($page, [], []);
$page->permissions()->delete();
$page->save();
$page->rebuildPermissions();
$page->load('jointPermissions');
$this->actingAs($viewer); $this->actingAs($viewer);
$attachmentGet = $this->get($attachment->getUrl()); $attachmentGet = $this->get($attachment->getUrl());