starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity

Permissions: Updated use of helpers to use enums

Browse Source 
Also added middlware method to Permission enum to allow easier usage
with controller middleware.
This commit is contained in:
Dan Brown
2025-09-09 09:48:19 +01:00
parent 33a0237f87
commit 419dbadcfd
62 changed files with 165 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/Sorting/BookSorter.php
View File

@@ -187,11 +187,11 @@ class BookSorter
$hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0));
if ($model instanceof Chapter) {
$hasPermission = userCan('book-update', $currentParent)
&& userCan('book-update', $newBook)
&& userCan('chapter-update', $model)
&& (!$hasNewParent || userCan('chapter-create', $newBook))
&& (!$hasNewParent || userCan('chapter-delete', $model));
$hasPermission = userCan(\BookStack\Permissions\Permission::BookUpdate, $currentParent)
&& userCan(\BookStack\Permissions\Permission::BookUpdate, $newBook)
&& userCan(\BookStack\Permissions\Permission::ChapterUpdate, $model)
&& (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterCreate, $newBook))
&& (!$hasNewParent || userCan(\BookStack\Permissions\Permission::ChapterDelete, $model));
if (!$hasPermission) {
return false;
@@ -210,13 +210,13 @@ class BookSorter
return false;
}
$hasPageEditPermission = userCan('page-update', $model);
$hasPageEditPermission = userCan(\BookStack\Permissions\Permission::PageUpdate, $model);
$newParentInRightLocation = ($newParent instanceof Book || ($newParent instanceof Chapter && $newParent->book_id === $newBook->id));
$newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update';
$hasNewParentPermission = userCan($newParentPermission, $newParent);
$hasDeletePermissionIfMoving = (!$hasNewParent || userCan('page-delete', $model));
$hasCreatePermissionIfMoving = (!$hasNewParent || userCan('page-create', $newParent));
$hasDeletePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageDelete, $model));
$hasCreatePermissionIfMoving = (!$hasNewParent || userCan(\BookStack\Permissions\Permission::PageCreate, $newParent));
$hasPermission = $hasCurrentParentPermission
&& $newParentInRightLocation