colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed lesser-used middleware and updated localization middleware 

So that DB/User access is not explicitly enforced.
Same for GlobalViewData middleware although that was also just doubling
up on ways to access user/auth info.
Also cleaned up Localization Middleware doc blocks.
This commit is contained in:
Dan Brown 2021-01-17 13:41:43 +00:00
parent 6eda1c1fb2
commit 7ba6962707
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
16 changed files with 48 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/HomeController.php
View File

@ -110,15 +110,16 @@ class HomeController extends Controller
/** /**
* Show the view for /robots.txt * Show the view for /robots.txt
* @return $this
*/ */
public function getRobots() public function getRobots()
{ {
$sitePublic = setting('app-public', false); $sitePublic = setting('app-public', false);
$allowRobots = config('app.allow_robots'); $allowRobots = config('app.allow_robots');
if ($allowRobots === null) { if ($allowRobots === null) {
$allowRobots = $sitePublic; $allowRobots = $sitePublic;
} }
return response() return response()
->view('common.robots', ['allowRobots' => $allowRobots]) ->view('common.robots', ['allowRobots' => $allowRobots])
->header('Content-Type', 'text/plain'); ->header('Content-Type', 'text/plain');

1
app/Http/Kernel.php
View File

@ -29,7 +29,6 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class,
\BookStack\Http\Middleware\VerifyCsrfToken::class, \BookStack\Http\Middleware\VerifyCsrfToken::class,
\BookStack\Http\Middleware\Localization::class, \BookStack\Http\Middleware\Localization::class,
\BookStack\Http\Middleware\GlobalViewData::class,
], ],
'api' => [ 'api' => [
\BookStack\Http\Middleware\ThrottleApiRequests::class, \BookStack\Http\Middleware\ThrottleApiRequests::class,

27
app/Http/Middleware/GlobalViewData.php
View File

@ -1,27 +0,0 @@
<?php namespace BookStack\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
/**
* Class GlobalViewData
* Sets up data that is accessible to any view rendered by the web routes.
*/
class GlobalViewData
{
/**
* Handle an incoming request.
*
* @param Request $request
* @param Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
view()->share('signedIn', auth()->check());
view()->share('currentUser', user());
return $next($request);
}
}

35
app/Http/Middleware/Localization.php
View File

@ -57,12 +57,7 @@ class Localization
$defaultLang = config('app.locale'); $defaultLang = config('app.locale');
config()->set('app.default_locale', $defaultLang); config()->set('app.default_locale', $defaultLang);
if (user()->isDefault() && config('app.auto_detect_locale')) { $locale = $this->getUserLocale($request, $defaultLang);
$locale = $this->autoDetectLocale($request, $defaultLang);
} else {
$locale = setting()->getUser(user(), 'language', $defaultLang);
}
config()->set('app.lang', str_replace('_', '-', $this->getLocaleIso($locale))); config()->set('app.lang', str_replace('_', '-', $this->getLocaleIso($locale)));
// Set text direction // Set text direction
@ -76,14 +71,29 @@ class Localization
return $next($request); return $next($request);
} }
/**
* Get the locale specifically for the currently logged in user if available.
*/
protected function getUserLocale(Request $request, string $default): string
{
try {
$user = user();
} catch (\Exception $exception) {
return $default;
}
if ($user->isDefault() && config('app.auto_detect_locale')) {
return $this->autoDetectLocale($request, $default);
}
return setting()->getUser($user, 'language', $default);
}
/** /**
* Autodetect the visitors locale by matching locales in their headers * Autodetect the visitors locale by matching locales in their headers
* against the locales supported by BookStack. * against the locales supported by BookStack.
* @param Request $request
* @param string $default
* @return string
*/ */
protected function autoDetectLocale(Request $request, string $default) protected function autoDetectLocale(Request $request, string $default): string
{ {
$availableLocales = config('app.locales'); $availableLocales = config('app.locales');
foreach ($request->getLanguages() as $lang) { foreach ($request->getLanguages() as $lang) {
@ -96,10 +106,8 @@ class Localization
/** /**
* Get the ISO version of a BookStack language name * Get the ISO version of a BookStack language name
* @param string $locale
* @return string
*/ */
public function getLocaleIso(string $locale) public function getLocaleIso(string $locale): string
{ {
return $this->localeMap[$locale] ?? $locale; return $this->localeMap[$locale] ?? $locale;
} }
@ -107,7 +115,6 @@ class Localization
/** /**
* Set the system date locale for localized date formatting. * Set the system date locale for localized date formatting.
* Will try both the standard locale name and the UTF8 variant. * Will try both the standard locale name and the UTF8 variant.
* @param string $locale
*/ */
protected function setSystemDateLocale(string $locale) protected function setSystemDateLocale(string $locale)
{ {

2
resources/views/books/index.blade.php
View File

@ -36,7 +36,7 @@
<div class="actions mb-xl"> <div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5> <h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-primary"> <div class="icon-list text-primary">
@if($currentUser->can('book-create-all')) @if(user()->can('book-create-all'))
<a href="{{ url("/create-book") }}" class="icon-list-item"> <a href="{{ url("/create-book") }}" class="icon-list-item">
<span>@icon('add')</span> <span>@icon('add')</span>
<span>{{ trans('entities.books_create') }}</span> <span>{{ trans('entities.books_create') }}</span>

4
resources/views/common/home-sidebar.blade.php
View File

@ -6,11 +6,11 @@
@endif @endif
<div class="mb-xl"> <div class="mb-xl">
<h5>{{ trans('entities.' . ($signedIn ? 'my_recently_viewed' : 'books_recent')) }}</h5> <h5>{{ trans('entities.' . (auth()->check() ? 'my_recently_viewed' : 'books_recent')) }}</h5>
@include('partials.entity-list', [ @include('partials.entity-list', [
'entities' => $recents, 'entities' => $recents,
'style' => 'compact', 'style' => 'compact',
'emptyText' => $signedIn ? trans('entities.no_pages_viewed') : trans('entities.books_empty') 'emptyText' => auth()->check() ? trans('entities.no_pages_viewed') : trans('entities.books_empty')
]) ])
</div> </div>

6
resources/views/common/home.blade.php
View File

@ -29,13 +29,13 @@
</div> </div>
@endif @endif
<div id="{{ $signedIn ? 'recently-viewed' : 'recent-books' }}" class="card mb-xl"> <div id="{{ auth()->check() ? 'recently-viewed' : 'recent-books' }}" class="card mb-xl">
<h3 class="card-title">{{ trans('entities.' . ($signedIn ? 'my_recently_viewed' : 'books_recent')) }}</h3> <h3 class="card-title">{{ trans('entities.' . (auth()->check() ? 'my_recently_viewed' : 'books_recent')) }}</h3>
<div class="px-m"> <div class="px-m">
@include('partials.entity-list', [ @include('partials.entity-list', [
'entities' => $recents, 'entities' => $recents,
'style' => 'compact', 'style' => 'compact',
'emptyText' => $signedIn ? trans('entities.no_pages_viewed') : trans('entities.books_empty') 'emptyText' => auth()->check() ? trans('entities.no_pages_viewed') : trans('entities.books_empty')
]) ])
</div> </div>
</div> </div>

2
resources/views/components/expand-toggle.blade.php
View File

@ -4,7 +4,7 @@ $key - Unique key for checking existing stored state.
--}} --}}
<?php $isOpen = setting()->getForCurrentUser('section_expansion#'. $key); ?> <?php $isOpen = setting()->getForCurrentUser('section_expansion#'. $key); ?>
<button type="button" expand-toggle="{{ $target }}" <button type="button" expand-toggle="{{ $target }}"
expand-toggle-update-endpoint="{{ url('/settings/users/'. $currentUser->id .'/update-expansion-preference/' . $key) }}" expand-toggle-update-endpoint="{{ url('/settings/users/'. user()->id .'/update-expansion-preference/' . $key) }}"
expand-toggle-is-open="{{ $isOpen ? 'yes' : 'no' }}" expand-toggle-is-open="{{ $isOpen ? 'yes' : 'no' }}"
class="text-muted icon-list-item text-primary"> class="text-muted icon-list-item text-primary">
<span>@icon('expand-text')</span> <span>@icon('expand-text')</span>

2
resources/views/partials/sort.blade.php
View File

@ -4,7 +4,7 @@
?> ?>
<div class="list-sort-container" list-sort-control> <div class="list-sort-container" list-sort-control>
<div class="list-sort-label">{{ trans('common.sort') }}</div> <div class="list-sort-label">{{ trans('common.sort') }}</div>
<form action="{{ url("/settings/users/{$currentUser->id}/change-sort/{$type}") }}" method="post"> <form action="{{ url("/settings/users/". user()->id ."/change-sort/{$type}") }}" method="post">
{!! csrf_field() !!} {!! csrf_field() !!}
{!! method_field('PATCH') !!} {!! method_field('PATCH') !!}

2
resources/views/partials/view-toggle.blade.php
View File

@ -1,5 +1,5 @@
<div> <div>
<form action="{{ url("/settings/users/{$currentUser->id}/switch-${type}-view") }}" method="POST" class="inline"> <form action="{{ url("/settings/users/". user()->id ."/switch-${type}-view") }}" method="POST" class="inline">
{!! csrf_field() !!} {!! csrf_field() !!}
{!! method_field('PATCH') !!} {!! method_field('PATCH') !!}
<input type="hidden" value="{{ $view === 'list'? 'grid' : 'list' }}" name="view_type"> <input type="hidden" value="{{ $view === 'list'? 'grid' : 'list' }}" name="view_type">

8
resources/views/settings/navbar.blade.php
View File

@ -1,16 +1,16 @@
<nav class="active-link-list"> <nav class="active-link-list">
@if($currentUser->can('settings-manage')) @if(userCan('settings-manage'))
<a href="{{ url('/settings') }}" @if($selected == 'settings') class="active" @endif>@icon('settings'){{ trans('settings.settings') }}</a> <a href="{{ url('/settings') }}" @if($selected == 'settings') class="active" @endif>@icon('settings'){{ trans('settings.settings') }}</a>
<a href="{{ url('/settings/maintenance') }}" @if($selected == 'maintenance') class="active" @endif>@icon('spanner'){{ trans('settings.maint') }}</a> <a href="{{ url('/settings/maintenance') }}" @if($selected == 'maintenance') class="active" @endif>@icon('spanner'){{ trans('settings.maint') }}</a>
@endif @endif
@if($currentUser->can('settings-manage') && $currentUser->can('users-manage')) @if(userCan('settings-manage') && userCan('users-manage'))
<a href="{{ url('/settings/audit') }}" @if($selected == 'audit') class="active" @endif>@icon('open-book'){{ trans('settings.audit') }}</a> <a href="{{ url('/settings/audit') }}" @if($selected == 'audit') class="active" @endif>@icon('open-book'){{ trans('settings.audit') }}</a>
@endif @endif
@if($currentUser->can('users-manage')) @if(userCan('users-manage'))
<a href="{{ url('/settings/users') }}" @if($selected == 'users') class="active" @endif>@icon('users'){{ trans('settings.users') }}</a> <a href="{{ url('/settings/users') }}" @if($selected == 'users') class="active" @endif>@icon('users'){{ trans('settings.users') }}</a>
@endif @endif
@if($currentUser->can('user-roles-manage')) @if(userCan('user-roles-manage'))
<a href="{{ url('/settings/roles') }}" @if($selected == 'roles') class="active" @endif>@icon('lock-open'){{ trans('settings.roles') }}</a> <a href="{{ url('/settings/roles') }}" @if($selected == 'roles') class="active" @endif>@icon('lock-open'){{ trans('settings.roles') }}</a>
@endif @endif
</nav> </nav>

4
resources/views/settings/roles/form.blade.php
View File

@ -244,11 +244,11 @@
<img class="avatar small" src="{{ $user->getAvatar(40) }}" alt="{{ $user->name }}"> <img class="avatar small" src="{{ $user->getAvatar(40) }}" alt="{{ $user->name }}">
</div> </div>
<div> <div>
@if(userCan('users-manage') || $currentUser->id == $user->id) @if(userCan('users-manage') || user()->id == $user->id)
<a href="{{ url("/settings/users/{$user->id}") }}"> <a href="{{ url("/settings/users/{$user->id}") }}">
@endif @endif
{{ $user->name }} {{ $user->name }}
@if(userCan('users-manage') || $currentUser->id == $user->id) @if(userCan('users-manage') || user()->id == $user->id)
</a> </a>
@endif @endif
</div> </div>

2
resources/views/shelves/index.blade.php
View File

@ -9,7 +9,7 @@
<div class="actions mb-xl"> <div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5> <h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-primary"> <div class="icon-list text-primary">
@if($currentUser->can('bookshelf-create-all')) @if(userCan('bookshelf-create-all'))
<a href="{{ url("/create-shelf") }}" class="icon-list-item"> <a href="{{ url("/create-shelf") }}" class="icon-list-item">
<span>@icon('add')</span> <span>@icon('add')</span>
<span>{{ trans('entities.shelves_new_action') }}</span> <span>{{ trans('entities.shelves_new_action') }}</span>

2
resources/views/users/create.blade.php
View File

@ -19,7 +19,7 @@
</div> </div>
<div class="form-group text-right"> <div class="form-group text-right">
<a href="{{ url($currentUser->can('users-manage') ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a> <a href="{{ url(userCan('users-manage') ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a>
<button class="button" type="submit">{{ trans('common.save') }}</button> <button class="button" type="submit">{{ trans('common.save') }}</button>
</div> </div>

8
resources/views/users/edit.blade.php
View File

@ -8,7 +8,7 @@
</div> </div>
<section class="card content-wrap"> <section class="card content-wrap">
<h1 class="list-heading">{{ $user->id === $currentUser->id ? trans('settings.users_edit_profile') : trans('settings.users_edit') }}</h1> <h1 class="list-heading">{{ $user->id === user()->id ? trans('settings.users_edit_profile') : trans('settings.users_edit') }}</h1>
<form action="{{ url("/settings/users/{$user->id}") }}" method="post" enctype="multipart/form-data"> <form action="{{ url("/settings/users/{$user->id}") }}" method="post" enctype="multipart/form-data">
{!! csrf_field() !!} {!! csrf_field() !!}
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
@ -54,7 +54,7 @@
</div> </div>
<div class="text-right"> <div class="text-right">
<a href="{{ url($currentUser->can('users-manage') ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a> <a href="{{ url(userCan('users-manage') ? "/settings/users" : "/") }}" class="button outline">{{ trans('common.cancel') }}</a>
@if($authMethod !== 'system') @if($authMethod !== 'system')
<a href="{{ url("/settings/users/{$user->id}/delete") }}" class="button outline">{{ trans('settings.users_delete') }}</a> <a href="{{ url("/settings/users/{$user->id}/delete") }}" class="button outline">{{ trans('settings.users_delete') }}</a>
@endif @endif
@ -63,7 +63,7 @@
</form> </form>
</section> </section>
@if($currentUser->id === $user->id && count($activeSocialDrivers) > 0) @if(user()->id === $user->id && count($activeSocialDrivers) > 0)
<section class="card content-wrap auto-height"> <section class="card content-wrap auto-height">
<h2 class="list-heading">{{ trans('settings.users_social_accounts') }}</h2> <h2 class="list-heading">{{ trans('settings.users_social_accounts') }}</h2>
<p class="text-muted">{{ trans('settings.users_social_accounts_info') }}</p> <p class="text-muted">{{ trans('settings.users_social_accounts_info') }}</p>
@ -88,7 +88,7 @@
</section> </section>
@endif @endif
@if(($currentUser->id === $user->id && userCan('access-api')) || userCan('users-manage')) @if((user()->id === $user->id && userCan('access-api')) || userCan('users-manage'))
@include('users.api-tokens.list', ['user' => $user]) @include('users.api-tokens.list', ['user' => $user])
@endif @endif
</div> </div>

8
resources/views/users/index.blade.php
View File

@ -21,9 +21,7 @@
<input type="text" name="search" placeholder="{{ trans('settings.users_search') }}" @if($listDetails['search']) value="{{$listDetails['search']}}" @endif> <input type="text" name="search" placeholder="{{ trans('settings.users_search') }}" @if($listDetails['search']) value="{{$listDetails['search']}}" @endif>
</form> </form>
</div> </div>
@if(userCan('users-manage')) <a href="{{ url("/settings/users/create") }}" class="outline button mt-none">{{ trans('settings.users_add_new') }}</a>
<a href="{{ url("/settings/users/create") }}" style="margin-top: 0;" class="outline button">{{ trans('settings.users_add_new') }}</a>
@endif
</div> </div>
</div> </div>
@ -44,13 +42,9 @@
<tr> <tr>
<td class="text-center" style="line-height: 0;"><img class="avatar med" src="{{ $user->getAvatar(40)}}" alt="{{ $user->name }}"></td> <td class="text-center" style="line-height: 0;"><img class="avatar med" src="{{ $user->getAvatar(40)}}" alt="{{ $user->name }}"></td>
<td> <td>
@if(userCan('users-manage') || $currentUser->id == $user->id)
<a href="{{ url("/settings/users/{$user->id}") }}"> <a href="{{ url("/settings/users/{$user->id}") }}">
@endif
{{ $user->name }} <br> <span class="text-muted">{{ $user->email }}</span> {{ $user->name }} <br> <span class="text-muted">{{ $user->email }}</span>
@if(userCan('users-manage') || $currentUser->id == $user->id)
</a> </a>
@endif
</td> </td>
<td> <td>
@foreach($user->roles as $index => $role) @foreach($user->roles as $index => $role)