Permissions: Started addition of revision-view permission

2026-05-04 18:08:46 +03:00 · 2026-04-19 12:41:11 +01:00
parent 083fb1a600
commit befa3a8fbb
7 changed files with 40 additions and 5 deletions
--- a/app/Entities/Controllers/PageRevisionController.php
+++ b/app/Entities/Controllers/PageRevisionController.php
@@ -34,6 +34,7 @@ class PageRevisionController extends Controller
     */
    public function index(Request $request, string $bookSlug, string $pageSlug)
    {
+        $this->checkPermission(Permission::RevisionViewAll);
        $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
        $listOptions = SimpleListOptions::fromRequest($request, 'page_revisions', true)->withSortOptions([
            'id' => trans('entities.pages_revisions_sort_number')
@@ -65,6 +66,8 @@ class PageRevisionController extends Controller
     */
    public function show(string $bookSlug, string $pageSlug, int $revisionId)
    {
+        $this->checkPermission(Permission::RevisionViewAll);
+
        $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
        /** @var ?PageRevision $revision */
        $revision = $page->revisions()->where('id', '=', $revisionId)->first();
@@ -94,6 +97,8 @@ class PageRevisionController extends Controller
     */
    public function changes(string $bookSlug, string $pageSlug, int $revisionId)
    {
+        $this->checkPermission(Permission::RevisionViewAll);
+
        $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
        /** @var ?PageRevision $revision */
        $revision = $page->revisions()->where('id', '=', $revisionId)->first();
@@ -130,6 +135,7 @@ class PageRevisionController extends Controller
    public function restore(string $bookSlug, string $pageSlug, int $revisionId)
    {
        $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
+        $this->checkPermission(Permission::RevisionViewAll);
        $this->checkOwnablePermission(Permission::PageUpdate, $page);

        $page = $this->pageRepo->restoreRevision($page, $revisionId);
@@ -145,6 +151,7 @@ class PageRevisionController extends Controller
    public function destroy(string $bookSlug, string $pageSlug, int $revId)
    {
        $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
+        $this->checkPermission(Permission::RevisionViewAll);
        $this->checkOwnablePermission(Permission::PageDelete, $page);

        $revision = $page->revisions()->where('id', '=', $revId)->first();
--- a/app/Permissions/Permission.php
+++ b/app/Permissions/Permission.php
@@ -118,6 +118,8 @@ enum Permission: string
    case PageViewAll = 'page-view-all';
    case PageViewOwn = 'page-view-own';

+    case RevisionViewAll = 'revision-view-all';
+
    /**
     * Get the generic permissions which may be queried for entities.
     */
--- a/lang/en/settings.php
+++ b/lang/en/settings.php
@@ -207,6 +207,7 @@ return [
    'role_all' => 'All',
    'role_own' => 'Own',
    'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',
+    'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
    'role_save' => 'Save Role',
    'role_users' => 'Users in this role',
    'role_users_none' => 'No users are currently assigned to this role',
--- a/resources/views/entities/meta.blade.php
+++ b/resources/views/entities/meta.blade.php
@@ -9,7 +9,7 @@
        </div>
    @endif

-    @if ($entity->isA('page'))
+    @if ($entity->isA('page') && userCan(\BookStack\Permissions\Permission::RevisionViewAll))
        <a href="{{ $entity->getUrl('/revisions') }}" class="entity-meta-item">
            @icon('history'){{ trans('entities.meta_revision', ['revisionCount' => $entity->revision_count]) }}
        </a>
--- a/resources/views/pages/parts/show-sidebar-section-actions.blade.php
+++ b/resources/views/pages/parts/show-sidebar-section-actions.blade.php
@@ -24,10 +24,12 @@
                </a>
            @endif
        @endif
-        <a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
-            <span>@icon('history')</span>
-            <span>{{ trans('entities.revisions') }}</span>
-        </a>
+        @if(userCan(\BookStack\Permissions\Permission::RevisionViewAll))
+            <a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
+                <span>@icon('history')</span>
+                <span>{{ trans('entities.revisions') }}</span>
+            </a>
+        @endif
        @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
            <a href="{{ $page->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
                <span>@icon('lock')</span>
--- a/resources/views/settings/roles/parts/form.blade.php
+++ b/resources/views/settings/roles/parts/form.blade.php
@@ -79,6 +79,7 @@
            @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.books'), 'permissionPrefix' => 'book'])
            @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.chapters'), 'permissionPrefix' => 'chapter'])
            @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.pages'), 'permissionPrefix' => 'page'])
+            @include('settings.roles.parts.revisions-permissions-row', ['title' => trans('entities.revisions'), 'permissionPrefix' => 'revision'])
            @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.images'), 'permissionPrefix' => 'image'])
            @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.attachments'), 'permissionPrefix' => 'attachment'])
            @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.comments'), 'permissionPrefix' => 'comment'])
--- a/resources/views/settings/roles/parts/revisions-permissions-row.blade.php
+++ b/resources/views/settings/roles/parts/revisions-permissions-row.blade.php
@@ -0,0 +1,22 @@
+<div class="item-list-row flex-container-row items-center wrap">
+    <div class="flex py-s px-m min-width-s">
+        <strong>{{ $title }}</strong> <br>
+        <a href="#" refs="permissions-table@toggle-row" class="text-small text-link">{{ trans('common.toggle_all') }}</a>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.create') }}<br></small>
+        <strong class="text-muted opacity-70 text-large">-</strong>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.view') }}<br></small>
+        @include('settings.roles.parts.checkbox', ['permission' => $permissionPrefix . '-view-all', 'label' => trans('settings.role_all')])
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.edit') }}<br></small>
+        <strong class="text-muted opacity-70 text-large">-</strong>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.delete') }}<br></small>
+        <small>{{ trans('settings.role_controlled_by_page_delete') }}</small>
+    </div>
+</div>