colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactored the code to first check for the permissions before sorting the book. 

Signed-off-by: Abijeet <abijeetpatro@gmail.com>
This commit is contained in:
Abijeet 2018-01-06 01:04:48 +05:30
parent e269cc7ea7
commit a77756a2da
1 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/Http/Controllers/BookController.php
View File

@ -195,7 +195,32 @@ class BookController extends Controller
$sortMap = json_decode($request->get('sort-tree')); $sortMap = json_decode($request->get('sort-tree'));
$defaultBookId = $book->id; $defaultBookId = $book->id;
// Check permissions for all target and source books
$permissionsList = [$book->id]; $permissionsList = [$book->id];
foreach ($sortMap as $bookChild) {
// Check permission for target book
if (!in_array($bookChild->book, $permissionsList)) {
$targetBook = $this->entityRepo->getById('book', $bookChild->book);
if (!empty($targetBook)) {
$bookId = $targetBook->id;
$this->checkOwnablePermission('book-update', $targetBook);
// cache the permission for future use.
$permissionsList[] = $bookId;
}
}
// Check permissions for the source book
$id = intval($bookChild->id);
$isPage = $bookChild->type == 'page';
$model = $this->entityRepo->getById($isPage?'page':'chapter', $id);
$sourceBook = $model->book;
if (!in_array($sourceBook->id, $permissionsList)) {
$this->checkOwnablePermission('book-update', $sourceBook);
// cache the permission for future use.
$permissionsList[] = $sourceBook->id;
}
}
// Loop through contents of provided map and update entities accordingly // Loop through contents of provided map and update entities accordingly
foreach ($sortMap as $bookChild) { foreach ($sortMap as $bookChild) {
@ -205,26 +230,9 @@ class BookController extends Controller
$bookId = $defaultBookId; $bookId = $defaultBookId;
$targetBook = $this->entityRepo->getById('book', $bookChild->book); $targetBook = $this->entityRepo->getById('book', $bookChild->book);
// Check permission for target book
if (!empty($targetBook)) {
$bookId = $targetBook->id;
if (!in_array($bookId, $permissionsList)) {
$this->checkOwnablePermission('book-update', $targetBook);
// cache the permission for future use.
$permissionsList[] = $bookId;
}
}
$chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter); $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter);
$model = $this->entityRepo->getById($isPage?'page':'chapter', $id); $model = $this->entityRepo->getById($isPage?'page':'chapter', $id);
// Check permissions for the source book
$sourceBook = $model->book;
if (!in_array($sourceBook->id, $permissionsList)) {
$this->checkOwnablePermission('book-update', $sourceBook);
$permissionsList[] = $sourceBook->id;
}
// Update models only if there's a change in parent chain or ordering. // Update models only if there's a change in parent chain or ordering.
if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) { if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) {
$this->entityRepo->changeBook($isPage?'page':'chapter', $bookId, $model); $this->entityRepo->changeBook($isPage?'page':'chapter', $bookId, $model);