Updated version and assets for release v22.09

Revert "Update german translation"

.env.example.complete

@@ -368,4 +368,4 @@ LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver
 # IP address '146.191.42.4' would result in '146.191.x.x' being logged.
 # For the IPv6 address '2001:db8:85a3:8d3:1319:8a2e:370:7348' this would result as:
 # '2001:db8:85a3:8d3:x:x:x:x'
-IP_ADDRESS_PRECISION=4
+IP_ADDRESS_PRECISION=4

.github/translators.txt

@@ -176,7 +176,7 @@ Alexander Predl (Harveyhase68) :: German
 Rem (Rem9000) :: Dutch
 Michał Stelmach (stelmach-web) :: Polish
 arniom :: French
-REMOVED_USER :: ; Dutch; Turkish
+REMOVED_USER :: Dutch; Turkish
 林祖年 (contagion) :: Chinese Traditional
 Siamak Guodarzi (siamakgoudarzi88) :: Persian
 Lis Maestrelo (lismtrl) :: Portuguese, Brazilian
@@ -274,9 +274,3 @@ Mihai Ochian (soulstorm19) :: Romanian
 HeartCore :: German Informal; German
 simon.pct :: French
 okaeiz :: Persian
-Naoto Ishikawa (na3shkw) :: Japanese
-sdhadi :: Persian
-DerLinkman (derlinkman) :: German; German Informal
-TurnArabic :: Arabic
-Martin Sebek (sebekmartin) :: Czech
-Kuchinashi Hoshikawa (kuchinashi) :: Chinese Simplified

.github/workflows/lint-php.yml

@@ -1,19 +0,0 @@
-name: lint-php
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    if: ${{ github.ref != 'refs/heads/l10n_development' }}
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v1
-
-    - name: Setup PHP
-      uses: shivammathur/setup-php@v2
-      with:
-        php-version: 8.1
-        tools: phpcs
-
-    - name: Run formatting check
-      run: composer lint

.github/workflows/phpstan.yml

@@ -1,18 +1,21 @@
-name: analyse-php
+name: phpstan
 
 on: [push, pull_request]
 
 jobs:
   build:
     if: ${{ github.ref != 'refs/heads/l10n_development' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        php: ['7.4']
     steps:
     - uses: actions/checkout@v1
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
       with:
-        php-version: 8.1
+        php-version: ${{ matrix.php }}
         extensions: gd, mbstring, json, curl, xml, mysql, ldap
 
     - name: Get Composer Cache Directory
@@ -21,14 +24,13 @@ jobs:
         echo "::set-output name=dir::$(composer config cache-files-dir)"
 
     - name: Cache composer packages
-      uses: actions/cache@v2
+      uses: actions/cache@v1
       with:
         path: ${{ steps.composer-cache.outputs.dir }}
-        key: ${{ runner.os }}-composer-8.1
-        restore-keys: ${{ runner.os }}-composer-
+        key: ${{ runner.os }}-composer-${{ matrix.php }}
 
     - name: Install composer dependencies
       run: composer install --prefer-dist --no-interaction --ansi
 
-    - name: Run static analysis check
-      run: composer check-static
+    - name: Run PHPStan
+      run: php${{ matrix.php }} ./vendor/bin/phpstan analyse --memory-limit=2G

.github/workflows/phpunit.yml

@@ -1,11 +1,11 @@
-name: test-php
+name: phpunit
 
 on: [push, pull_request]
 
 jobs:
   build:
     if: ${{ github.ref != 'refs/heads/l10n_development' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         php: ['7.4', '8.0', '8.1']
@@ -24,11 +24,10 @@ jobs:
         echo "::set-output name=dir::$(composer config cache-files-dir)"
 
     - name: Cache composer packages
-      uses: actions/cache@v2
+      uses: actions/cache@v1
       with:
         path: ${{ steps.composer-cache.outputs.dir }}
         key: ${{ runner.os }}-composer-${{ matrix.php }}
-        restore-keys: ${{ runner.os }}-composer-
 
     - name: Start Database
       run: |
@@ -49,5 +48,5 @@ jobs:
         php${{ matrix.php }} artisan migrate --force -n --database=mysql_testing
         php${{ matrix.php }} artisan db:seed --force -n --class=DummyContentSeeder --database=mysql_testing
 
-    - name: Run PHP tests
+    - name: phpunit
       run: php${{ matrix.php }} ./vendor/bin/phpunit

.github/workflows/test-migrations.yml

@@ -5,7 +5,7 @@ on: [push, pull_request]
 jobs:
   build:
     if: ${{ github.ref != 'refs/heads/l10n_development' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         php: ['7.4', '8.0', '8.1']
@@ -24,11 +24,10 @@ jobs:
           echo "::set-output name=dir::$(composer config cache-files-dir)"
 
       - name: Cache composer packages
-        uses: actions/cache@v2
+        uses: actions/cache@v1
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ matrix.php }}
-          restore-keys: ${{ runner.os }}-composer-
 
       - name: Start MySQL
         run: |

.gitignore

@@ -5,10 +5,10 @@ Homestead.yaml
 .idea
 npm-debug.log
 yarn-error.log
-/public/dist
+/public/dist/*.map
 /public/plugins
-/public/css
-/public/js
+/public/css/*.map
+/public/js/*.map
 /public/bower
 /public/build/
 /storage/images

LICENSE

@@ -1,6 +1,7 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2022, Dan Brown and the BookStack Project contributors.
+Copyright (c) 2015-present, Dan Brown and the BookStack Project contributors
+https://github.com/BookStackApp/BookStack/graphs/contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Actions/TagRepo.php

@@ -57,21 +57,21 @@ class TagRepo
      * Get tag name suggestions from scanning existing tag names.
      * If no search term is given the 50 most popular tag names are provided.
      */
-    public function getNameSuggestions(string $searchTerm): Collection
+    public function getNameSuggestions(?string $searchTerm): Collection
     {
         $query = Tag::query()
             ->select('*', DB::raw('count(*) as count'))
             ->groupBy('name');
 
         if ($searchTerm) {
-            $query = $query->where('name', 'LIKE', $searchTerm . '%')->orderBy('name', 'asc');
+            $query = $query->where('name', 'LIKE', $searchTerm . '%')->orderBy('name', 'desc');
         } else {
             $query = $query->orderBy('count', 'desc')->take(50);
         }
 
         $query = $this->permissions->restrictEntityRelationQuery($query, 'tags', 'entity_id', 'entity_type');
 
-        return $query->pluck('name');
+        return $query->get(['name'])->pluck('name');
     }
 
     /**
@@ -79,7 +79,7 @@ class TagRepo
      * If no search is given the 50 most popular values are provided.
      * Passing a tagName will only find values for a tags with a particular name.
      */
-    public function getValueSuggestions(string $searchTerm, string $tagName): Collection
+    public function getValueSuggestions(?string $searchTerm, ?string $tagName): Collection
     {
         $query = Tag::query()
             ->select('*', DB::raw('count(*) as count'))
@@ -97,7 +97,7 @@ class TagRepo
 
         $query = $this->permissions->restrictEntityRelationQuery($query, 'tags', 'entity_id', 'entity_type');
 
-        return $query->pluck('value');
+        return $query->get(['value'])->pluck('value');
     }
 
     /**

app/Actions/Webhook.php

@@ -22,10 +22,10 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
  */
 class Webhook extends Model implements Loggable
 {
-    use HasFactory;
-
     protected $fillable = ['name', 'endpoint', 'timeout'];
 
+    use HasFactory;
+
     protected $casts = [
         'last_called_at'  => 'datetime',
         'last_errored_at' => 'datetime',

app/Actions/WebhookTrackedEvent.php

@@ -12,7 +12,7 @@ use Illuminate\Database\Eloquent\Model;
  */
 class WebhookTrackedEvent extends Model
 {
-    use HasFactory;
-
     protected $fillable = ['event'];
+
+    use HasFactory;
 }

app/Api/ApiEntityListFormatter.php

@@ -1,107 +0,0 @@
-<?php
-
-namespace BookStack\Api;
-
-use BookStack\Entities\Models\Entity;
-
-class ApiEntityListFormatter
-{
-    /**
-     * The list to be formatted.
-     * @var Entity[]
-     */
-    protected $list = [];
-
-    /**
-     * The fields to show in the formatted data.
-     * Can be a plain string array item for a direct model field (If existing on model).
-     * If the key is a string, with a callable value, the return value of the callable
-     * will be used for the resultant value. A null return value will omit the property.
-     * @var array<string|int, string|callable>
-     */
-    protected $fields = [
-        'id', 'name', 'slug', 'book_id', 'chapter_id',
-        'draft', 'template', 'created_at', 'updated_at',
-    ];
-
-    public function __construct(array $list)
-    {
-        $this->list = $list;
-
-        // Default dynamic fields
-        $this->withField('url', fn(Entity $entity) => $entity->getUrl());
-    }
-
-    /**
-     * Add a field to be used in the formatter, with the property using the given
-     * name and value being the return type of the given callback.
-     */
-    public function withField(string $property, callable $callback): self
-    {
-        $this->fields[$property] = $callback;
-        return $this;
-    }
-
-    /**
-     * Show the 'type' property in the response reflecting the entity type.
-     * EG: page, chapter, bookshelf, book
-     * To be included in results with non-pre-determined types.
-     */
-    public function withType(): self
-    {
-        $this->withField('type', fn(Entity $entity) => $entity->getType());
-        return $this;
-    }
-
-    /**
-     * Include tags in the formatted data.
-     */
-    public function withTags(): self
-    {
-        $this->withField('tags', fn(Entity $entity) => $entity->tags);
-        return $this;
-    }
-
-    /**
-     * Format the data and return an array of formatted content.
-     * @return array[]
-     */
-    public function format(): array
-    {
-        $results = [];
-
-        foreach ($this->list as $item) {
-            $results[] = $this->formatSingle($item);
-        }
-
-        return $results;
-    }
-
-    /**
-     * Format a single entity item to a plain array.
-     */
-    protected function formatSingle(Entity $entity): array
-    {
-        $result = [];
-        $values = (clone $entity)->toArray();
-
-        foreach ($this->fields as $field => $callback) {
-            if (is_string($callback)) {
-                $field = $callback;
-                if (!isset($values[$field])) {
-                    continue;
-                }
-                $value = $values[$field];
-            } else {
-                $value = $callback($entity);
-                if (is_null($value)) {
-                    continue;
-                }
-            }
-
-            $result[$field] = $value;
-        }
-
-        return $result;
-    }
-}

app/Api/ListingResponseBuilder.php

@@ -2,6 +2,7 @@
 
 namespace BookStack\Api;
 
+use BookStack\Model;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Http\JsonResponse;

app/Auth/Access/Guards/LdapSessionGuard.php

@@ -2,7 +2,7 @@
 
 namespace BookStack\Auth\Access\Guards;
 
-use BookStack\Auth\Access\Ldap\LdapService;
+use BookStack\Auth\Access\LdapService;
 use BookStack\Auth\Access\RegistrationService;
 use BookStack\Auth\User;
 use BookStack\Exceptions\JsonDebugException;

app/Auth/Access/Ldap.php

@@ -0,0 +1,136 @@
+<?php
+
+namespace BookStack\Auth\Access;
+
+/**
+ * Class Ldap
+ * An object-orientated thin abstraction wrapper for common PHP LDAP functions.
+ * Allows the standard LDAP functions to be mocked for testing.
+ */
+class Ldap
+{
+    /**
+     * Connect to an LDAP server.
+     *
+     * @return resource
+     */
+    public function connect(string $hostName, int $port)
+    {
+        return ldap_connect($hostName, $port);
+    }
+
+    /**
+     * Set the value of a LDAP option for the given connection.
+     *
+     * @param resource $ldapConnection
+     * @param mixed    $value
+     */
+    public function setOption($ldapConnection, int $option, $value): bool
+    {
+        return ldap_set_option($ldapConnection, $option, $value);
+    }
+
+    /**
+     * Start TLS on the given LDAP connection.
+     */
+    public function startTls($ldapConnection): bool
+    {
+        return ldap_start_tls($ldapConnection);
+    }
+
+    /**
+     * Set the version number for the given ldap connection.
+     *
+     * @param resource $ldapConnection
+     */
+    public function setVersion($ldapConnection, int $version): bool
+    {
+        return $this->setOption($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, $version);
+    }
+
+    /**
+     * Search LDAP tree using the provided filter.
+     *
+     * @param resource   $ldapConnection
+     * @param string     $baseDn
+     * @param string     $filter
+     * @param array|null $attributes
+     *
+     * @return resource
+     */
+    public function search($ldapConnection, $baseDn, $filter, array $attributes = null)
+    {
+        return ldap_search($ldapConnection, $baseDn, $filter, $attributes);
+    }
+
+    /**
+     * Get entries from an ldap search result.
+     *
+     * @param resource $ldapConnection
+     * @param resource $ldapSearchResult
+     *
+     * @return array
+     */
+    public function getEntries($ldapConnection, $ldapSearchResult)
+    {
+        return ldap_get_entries($ldapConnection, $ldapSearchResult);
+    }
+
+    /**
+     * Search and get entries immediately.
+     *
+     * @param resource   $ldapConnection
+     * @param string     $baseDn
+     * @param string     $filter
+     * @param array|null $attributes
+     *
+     * @return resource
+     */
+    public function searchAndGetEntries($ldapConnection, $baseDn, $filter, array $attributes = null)
+    {
+        $search = $this->search($ldapConnection, $baseDn, $filter, $attributes);
+
+        return $this->getEntries($ldapConnection, $search);
+    }
+
+    /**
+     * Bind to LDAP directory.
+     *
+     * @param resource $ldapConnection
+     * @param string   $bindRdn
+     * @param string   $bindPassword
+     *
+     * @return bool
+     */
+    public function bind($ldapConnection, $bindRdn = null, $bindPassword = null)
+    {
+        return ldap_bind($ldapConnection, $bindRdn, $bindPassword);
+    }
+
+    /**
+     * Explode a LDAP dn string into an array of components.
+     *
+     * @param string $dn
+     * @param int    $withAttrib
+     *
+     * @return array
+     */
+    public function explodeDn(string $dn, int $withAttrib)
+    {
+        return ldap_explode_dn($dn, $withAttrib);
+    }
+
+    /**
+     * Escape a string for use in an LDAP filter.
+     *
+     * @param string $value
+     * @param string $ignore
+     * @param int    $flags
+     *
+     * @return string
+     */
+    public function escape(string $value, string $ignore = '', int $flags = 0)
+    {
+        return ldap_escape($value, $ignore, $flags);
+    }
+}

app/Auth/Access/Ldap/LdapConfig.php

@@ -1,60 +0,0 @@
-<?php
-
-namespace BookStack\Auth\Access\Ldap;
-
-class LdapConfig
-{
-    /**
-     * App provided config array.
-     * @var array
-     */
-    protected array $config;
-
-    public function __construct(array $config)
-    {
-        $this->config = $config;
-    }
-
-    /**
-     * Get a value from the config.
-     */
-    public function get(string $key)
-    {
-        return $this->config[$key] ?? null;
-    }
-
-    /**
-     * Parse the potentially multi-value LDAP server host string and return an array of host/port detail pairs.
-     * Multiple hosts are separated with a semicolon, for example: 'ldap.example.com:8069;ldaps://ldap.example.com'
-     *
-     * @return array<array{host: string, port: int}>
-     */
-    public function getServers(): array
-    {
-        $serverStringList = explode(';', $this->get('server'));
-
-        return array_map(fn ($serverStr) => $this->parseSingleServerString($serverStr), $serverStringList);
-    }
-
-    /**
-     * Parse an LDAP server string and return the host and port for a connection.
-     * Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'.
-     *
-     * @return array{host: string, port: int}
-     */
-    protected function parseSingleServerString(string $serverString): array
-    {
-        $serverNameParts = explode(':', trim($serverString));
-
-        // If we have a protocol just return the full string since PHP will ignore a separate port.
-        if ($serverNameParts[0] === 'ldaps' || $serverNameParts[0] === 'ldap') {
-            return ['host' => $serverString, 'port' => 389];
-        }
-
-        // Otherwise, extract the port out
-        $hostName = $serverNameParts[0];
-        $ldapPort = (count($serverNameParts) > 1) ? intval($serverNameParts[1]) : 389;
-
-        return ['host' => $hostName, 'port' => $ldapPort];
-    }
-}

app/Auth/Access/Ldap/LdapConnection.php

@@ -1,135 +0,0 @@
-<?php
-
-namespace BookStack\Auth\Access\Ldap;
-
-use ErrorException;
-
-/**
- * An object-orientated wrapper for core ldap functions,
- * holding an internal connection instance.
- */
-class LdapConnection
-{
-    /**
-     * The core ldap connection resource.
-     * @var resource
-     */
-    protected $connection;
-
-    protected string $hostName;
-    protected int $port;
-
-    public function __construct(string $hostName, int $port)
-    {
-        $this->hostName = $hostName;
-        $this->port = $port;
-        $this->connection = $this->connect();
-    }
-
-    /**
-     * Start a connection to an LDAP server.
-     * Does not actually call out to the external server until an action is performed.
-     *
-     * @return resource
-     */
-    protected function connect()
-    {
-        return ldap_connect($this->hostName, $this->port);
-    }
-
-    /**
-     * Set the value of a LDAP option for the current connection.
-     *
-     * @param mixed    $value
-     */
-    public function setOption(int $option, $value): bool
-    {
-        return ldap_set_option($this->connection, $option, $value);
-    }
-
-    /**
-     * Start TLS for this LDAP connection.
-     */
-    public function startTls(): bool
-    {
-        return ldap_start_tls($this->connection);
-    }
-
-    /**
-     * Set the version number for this ldap connection.
-     */
-    public function setVersion(int $version): bool
-    {
-        return $this->setOption(LDAP_OPT_PROTOCOL_VERSION, $version);
-    }
-
-    /**
-     * Search LDAP tree using the provided filter.
-     *
-     * @return resource
-     */
-    public function search(string $baseDn, string $filter, array $attributes = null)
-    {
-        return ldap_search($this->connection, $baseDn, $filter, $attributes);
-    }
-
-    /**
-     * Get entries from an ldap search result.
-     *
-     * @param resource $ldapSearchResult
-     * @return array|false
-     */
-    public function getEntries($ldapSearchResult)
-    {
-        return ldap_get_entries($this->connection, $ldapSearchResult);
-    }
-
-    /**
-     * Search and get entries immediately.
-     *
-     * @return array|false
-     */
-    public function searchAndGetEntries(string $baseDn, string $filter, array $attributes = null)
-    {
-        $search = $this->search($baseDn, $filter, $attributes);
-
-        return $this->getEntries($search);
-    }
-
-    /**
-     * Bind to LDAP directory.
-     *
-     * @throws ErrorException
-     */
-    public function bind(string $bindRdn = null, string $bindPassword = null): bool
-    {
-        return ldap_bind($this->connection, $bindRdn, $bindPassword);
-    }
-
-    /**
-     * Explode a LDAP dn string into an array of components.
-     *
-     * @return array|false
-     */
-    public static function explodeDn(string $dn, int $withAttrib)
-    {
-        return ldap_explode_dn($dn, $withAttrib);
-    }
-
-    /**
-     * Escape a string for use in an LDAP filter.
-     */
-    public static function escape(string $value, string $ignore = '', int $flags = 0): string
-    {
-        return ldap_escape($value, $ignore, $flags);
-    }
-
-    /**
-     * Set a non-connection-specific LDAP option.
-     * @param mixed $value
-     */
-    public static function setGlobalOption(int $option, $value): bool
-    {
-        return ldap_set_option(null, $option, $value);
-    }
-}

app/Auth/Access/Ldap/LdapConnectionManager.php

@@ -1,121 +0,0 @@
-<?php
-
-namespace BookStack\Auth\Access\Ldap;
-
-use BookStack\Exceptions\LdapException;
-use BookStack\Exceptions\LdapFailedBindException;
-use ErrorException;
-use Illuminate\Support\Facades\Log;
-
-class LdapConnectionManager
-{
-    protected array $connectionCache = [];
-
-    /**
-     * Attempt to start and bind to a new LDAP connection as the configured LDAP system user.
-     */
-    public function startSystemBind(LdapConfig $config): LdapConnection
-    {
-        // Incoming options are string|false
-        $dn = $config->get('dn');
-        $pass = $config->get('pass');
-
-        $isAnonymous = ($dn === false || $pass === false);
-
-        try {
-            return $this->startBind($dn ?: null, $pass ?: null, $config);
-        } catch (LdapFailedBindException $exception) {
-            $msg = ($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed'));
-            throw new LdapFailedBindException($msg);
-        }
-    }
-
-    /**
-     * Attempt to start and bind to a new LDAP connection.
-     * Will attempt against multiple defined fail-over hosts if set in the provided config.
-     *
-     * Throws a LdapFailedBindException error if the bind connected but failed.
-     * Otherwise, generic LdapException errors would be thrown.
-     *
-     * @throws LdapException
-     */
-    public function startBind(?string $dn, ?string $password, LdapConfig $config): LdapConnection
-    {
-        // Check LDAP extension in installed
-        if (!function_exists('ldap_connect') && config('app.env') !== 'testing') {
-            throw new LdapException(trans('errors.ldap_extension_not_installed'));
-        }
-
-        // Disable certificate verification.
-        // This option works globally and must be set before a connection is created.
-        if ($config->get('tls_insecure')) {
-            LdapConnection::setGlobalOption(LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
-        }
-
-        $serverDetails = $config->getServers();
-        $lastException = null;
-
-        foreach ($serverDetails as $server) {
-            try {
-                $connection = $this->startServerConnection($server['host'], $server['port'], $config);
-            } catch (LdapException $exception) {
-                $lastException = $exception;
-                continue;
-            }
-
-            try {
-                $bound = $connection->bind($dn, $password);
-                if (!$bound) {
-                    throw new LdapFailedBindException('Failed to perform LDAP bind');
-                }
-            } catch (ErrorException $exception) {
-                Log::error('LDAP bind error: ' . $exception->getMessage());
-                $lastException = new LdapException('Encountered error during LDAP bind');
-                continue;
-            }
-
-            $this->connectionCache[$server['host'] . ':' . $server['port']] = $connection;
-            return $connection;
-        }
-
-        throw $lastException;
-    }
-
-    /**
-     * Attempt to start a server connection from the provided details.
-     * @throws LdapException
-     */
-    protected function startServerConnection(string $host, int $port, LdapConfig $config): LdapConnection
-    {
-        if (isset($this->connectionCache[$host . ':' . $port])) {
-            return $this->connectionCache[$host . ':' . $port];
-        }
-
-        /** @var LdapConnection $ldapConnection */
-        $ldapConnection = app()->make(LdapConnection::class, [$host, $port]);
-
-        if (!$ldapConnection) {
-            throw new LdapException(trans('errors.ldap_cannot_connect'));
-        }
-
-        // Set any required options
-        if ($config->get('version')) {
-            $ldapConnection->setVersion($config->get('version'));
-        }
-
-        // Start and verify TLS if it's enabled
-        if ($config->get('start_tls')) {
-            try {
-                $tlsStarted = $ldapConnection->startTls();
-            } catch (ErrorException $exception) {
-                $tlsStarted = false;
-            }
-
-            if (!$tlsStarted) {
-                throw new LdapException('Could not start TLS connection');
-            }
-        }
-
-        return $ldapConnection;
-    }
-}

app/Auth/Access/LdapService.php

@@ -1,13 +1,12 @@
 <?php
 
-namespace BookStack\Auth\Access\Ldap;
+namespace BookStack\Auth\Access;
 
-use BookStack\Auth\Access\GroupSyncService;
 use BookStack\Auth\User;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\LdapException;
-use BookStack\Exceptions\LdapFailedBindException;
 use BookStack\Uploads\UserAvatars;
+use ErrorException;
 use Illuminate\Support\Facades\Log;
 
 /**
@@ -16,18 +15,36 @@ use Illuminate\Support\Facades\Log;
  */
 class LdapService
 {
-    protected LdapConnectionManager $ldap;
+    protected Ldap $ldap;
     protected GroupSyncService $groupSyncService;
     protected UserAvatars $userAvatars;
 
-    protected LdapConfig $config;
+    /**
+     * @var resource
+     */
+    protected $ldapConnection;
 
-    public function __construct(LdapConnectionManager $ldap, UserAvatars $userAvatars, GroupSyncService $groupSyncService)
+    protected array $config;
+    protected bool $enabled;
+
+    /**
+     * LdapService constructor.
+     */
+    public function __construct(Ldap $ldap, UserAvatars $userAvatars, GroupSyncService $groupSyncService)
     {
         $this->ldap = $ldap;
         $this->userAvatars = $userAvatars;
         $this->groupSyncService = $groupSyncService;
-        $this->config = new LdapConfig(config('services.ldap'));
+        $this->config = config('services.ldap');
+        $this->enabled = config('auth.method') === 'ldap';
+    }
+
+    /**
+     * Check if groups should be synced.
+     */
+    public function shouldSyncGroups(): bool
+    {
+        return $this->enabled && $this->config['user_to_groups'] !== false;
     }
 
     /**
@@ -35,9 +52,10 @@ class LdapService
      *
      * @throws LdapException
      */
-    protected function getUserWithAttributes(string $userName, array $attributes): ?array
+    private function getUserWithAttributes(string $userName, array $attributes): ?array
     {
-        $connection = $this->ldap->startSystemBind($this->config);
+        $ldapConnection = $this->getConnection();
+        $this->bindSystemUser($ldapConnection);
 
         // Clean attributes
         foreach ($attributes as $index => $attribute) {
@@ -47,12 +65,12 @@ class LdapService
         }
 
         // Find user
-        $userFilter = $this->buildFilter($this->config->get('user_filter'), ['user' => $userName]);
-        $baseDn = $this->config->get('base_dn');
+        $userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]);
+        $baseDn = $this->config['base_dn'];
 
-        $followReferrals = $this->config->get('follow_referrals') ? 1 : 0;
-        $connection->setOption(LDAP_OPT_REFERRALS, $followReferrals);
-        $users = $connection->searchAndGetEntries($baseDn, $userFilter, $attributes);
+        $followReferrals = $this->config['follow_referrals'] ? 1 : 0;
+        $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, $followReferrals);
+        $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, $attributes);
         if ($users['count'] === 0) {
             return null;
         }
@@ -68,10 +86,10 @@ class LdapService
      */
     public function getUserDetails(string $userName): ?array
     {
-        $idAttr = $this->config->get('id_attribute');
-        $emailAttr = $this->config->get('email_attribute');
-        $displayNameAttr = $this->config->get('display_name_attribute');
-        $thumbnailAttr = $this->config->get('thumbnail_attribute');
+        $idAttr = $this->config['id_attribute'];
+        $emailAttr = $this->config['email_attribute'];
+        $displayNameAttr = $this->config['display_name_attribute'];
+        $thumbnailAttr = $this->config['thumbnail_attribute'];
 
         $user = $this->getUserWithAttributes($userName, array_filter([
             'cn', 'dn', $idAttr, $emailAttr, $displayNameAttr, $thumbnailAttr,
@@ -87,10 +105,10 @@ class LdapService
             'name'  => $this->getUserResponseProperty($user, $displayNameAttr, $userCn),
             'dn'    => $user['dn'],
             'email' => $this->getUserResponseProperty($user, $emailAttr, null),
-            'avatar' => $thumbnailAttr ? $this->getUserResponseProperty($user, $thumbnailAttr, null) : null,
+            'avatar'=> $thumbnailAttr ? $this->getUserResponseProperty($user, $thumbnailAttr, null) : null,
         ];
 
-        if ($this->config->get('dump_user_details')) {
+        if ($this->config['dump_user_details']) {
             throw new JsonDebugException([
                 'details_from_ldap'        => $user,
                 'details_bookstack_parsed' => $formatted,
@@ -137,15 +155,110 @@ class LdapService
             return false;
         }
 
+        $ldapConnection = $this->getConnection();
+
         try {
-            $this->ldap->startBind($ldapUserDetails['dn'], $password, $this->config);
-        } catch (LdapFailedBindException $e) {
-            return false;
-        } catch (LdapException $e) {
-            throw $e;
+            $ldapBind = $this->ldap->bind($ldapConnection, $ldapUserDetails['dn'], $password);
+        } catch (ErrorException $e) {
+            $ldapBind = false;
         }
 
-        return true;
+        return $ldapBind;
+    }
+
+    /**
+     * Bind the system user to the LDAP connection using the given credentials
+     * otherwise anonymous access is attempted.
+     *
+     * @param resource $connection
+     *
+     * @throws LdapException
+     */
+    protected function bindSystemUser($connection)
+    {
+        $ldapDn = $this->config['dn'];
+        $ldapPass = $this->config['pass'];
+
+        $isAnonymous = ($ldapDn === false || $ldapPass === false);
+        if ($isAnonymous) {
+            $ldapBind = $this->ldap->bind($connection);
+        } else {
+            $ldapBind = $this->ldap->bind($connection, $ldapDn, $ldapPass);
+        }
+
+        if (!$ldapBind) {
+            throw new LdapException(($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed')));
+        }
+    }
+
+    /**
+     * Get the connection to the LDAP server.
+     * Creates a new connection if one does not exist.
+     *
+     * @throws LdapException
+     *
+     * @return resource
+     */
+    protected function getConnection()
+    {
+        if ($this->ldapConnection !== null) {
+            return $this->ldapConnection;
+        }
+
+        // Check LDAP extension in installed
+        if (!function_exists('ldap_connect') && config('app.env') !== 'testing') {
+            throw new LdapException(trans('errors.ldap_extension_not_installed'));
+        }
+
+        // Disable certificate verification.
+        // This option works globally and must be set before a connection is created.
+        if ($this->config['tls_insecure']) {
+            $this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+        }
+
+        $serverDetails = $this->parseServerString($this->config['server']);
+        $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
+
+        if ($ldapConnection === false) {
+            throw new LdapException(trans('errors.ldap_cannot_connect'));
+        }
+
+        // Set any required options
+        if ($this->config['version']) {
+            $this->ldap->setVersion($ldapConnection, $this->config['version']);
+        }
+
+        // Start and verify TLS if it's enabled
+        if ($this->config['start_tls']) {
+            $started = $this->ldap->startTls($ldapConnection);
+            if (!$started) {
+                throw new LdapException('Could not start TLS connection');
+            }
+        }
+
+        $this->ldapConnection = $ldapConnection;
+
+        return $this->ldapConnection;
+    }
+
+    /**
+     * Parse a LDAP server string and return the host and port for a connection.
+     * Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'.
+     */
+    protected function parseServerString(string $serverString): array
+    {
+        $serverNameParts = explode(':', $serverString);
+
+        // If we have a protocol just return the full string since PHP will ignore a separate port.
+        if ($serverNameParts[0] === 'ldaps' || $serverNameParts[0] === 'ldap') {
+            return ['host' => $serverString, 'port' => 389];
+        }
+
+        // Otherwise, extract the port out
+        $hostName = $serverNameParts[0];
+        $ldapPort = (count($serverNameParts) > 1) ? intval($serverNameParts[1]) : 389;
+
+        return ['host' => $hostName, 'port' => $ldapPort];
     }
 
     /**
@@ -156,7 +269,7 @@ class LdapService
         $newAttrs = [];
         foreach ($attrs as $key => $attrText) {
             $newKey = '${' . $key . '}';
-            $newAttrs[$newKey] = LdapConnection::escape($attrText);
+            $newAttrs[$newKey] = $this->ldap->escape($attrText);
         }
 
         return strtr($filterString, $newAttrs);
@@ -170,7 +283,7 @@ class LdapService
      */
     public function getUserGroups(string $userName): array
     {
-        $groupsAttr = $this->config->get('group_attribute');
+        $groupsAttr = $this->config['group_attribute'];
         $user = $this->getUserWithAttributes($userName, [$groupsAttr]);
 
         if ($user === null) {
@@ -180,7 +293,7 @@ class LdapService
         $userGroups = $this->groupFilter($user);
         $allGroups = $this->getGroupsRecursive($userGroups, []);
 
-        if ($this->config->get('dump_user_groups')) {
+        if ($this->config['dump_user_groups']) {
             throw new JsonDebugException([
                 'details_from_ldap'             => $user,
                 'parsed_direct_user_groups'     => $userGroups,
@@ -225,16 +338,17 @@ class LdapService
      */
     private function getGroupGroups(string $groupName): array
     {
-        $connection = $this->ldap->startSystemBind($this->config);
+        $ldapConnection = $this->getConnection();
+        $this->bindSystemUser($ldapConnection);
 
-        $followReferrals = $this->config->get('follow_referrals') ? 1 : 0;
-        $connection->setOption(LDAP_OPT_REFERRALS, $followReferrals);
+        $followReferrals = $this->config['follow_referrals'] ? 1 : 0;
+        $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, $followReferrals);
 
-        $baseDn = $this->config->get('base_dn');
-        $groupsAttr = strtolower($this->config->get('group_attribute'));
+        $baseDn = $this->config['base_dn'];
+        $groupsAttr = strtolower($this->config['group_attribute']);
 
-        $groupFilter = 'CN=' . LdapConnection::escape($groupName);
-        $groups = $connection->searchAndGetEntries($baseDn, $groupFilter, [$groupsAttr]);
+        $groupFilter = 'CN=' . $this->ldap->escape($groupName);
+        $groups = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $groupFilter, [$groupsAttr]);
         if ($groups['count'] === 0) {
             return [];
         }
@@ -248,7 +362,7 @@ class LdapService
      */
     protected function groupFilter(array $userGroupSearchResponse): array
     {
-        $groupsAttr = strtolower($this->config->get('group_attribute'));
+        $groupsAttr = strtolower($this->config['group_attribute']);
         $ldapGroups = [];
         $count = 0;
 
@@ -257,7 +371,7 @@ class LdapService
         }
 
         for ($i = 0; $i < $count; $i++) {
-            $dnComponents = LdapConnection::explodeDn($userGroupSearchResponse[$groupsAttr][$i], 1);
+            $dnComponents = $this->ldap->explodeDn($userGroupSearchResponse[$groupsAttr][$i], 1);
             if (!in_array($dnComponents[0], $ldapGroups)) {
                 $ldapGroups[] = $dnComponents[0];
             }
@@ -275,15 +389,7 @@ class LdapService
     public function syncGroups(User $user, string $username)
     {
         $userLdapGroups = $this->getUserGroups($username);
-        $this->groupSyncService->syncUserWithFoundGroups($user, $userLdapGroups, $this->config->get('remove_from_groups'));
-    }
-
-    /**
-     * Check if groups should be synced.
-     */
-    public function shouldSyncGroups(): bool
-    {
-        return $this->config->get('user_to_groups') !== false;
+        $this->groupSyncService->syncUserWithFoundGroups($user, $userLdapGroups, $this->config['remove_from_groups']);
     }
 
     /**
@@ -292,7 +398,7 @@ class LdapService
      */
     public function saveAndAttachAvatar(User $user, array $ldapUserDetails): void
     {
-        if (is_null($this->config->get('thumbnail_attribute')) || is_null($ldapUserDetails['avatar'])) {
+        if (is_null(config('services.ldap.thumbnail_attribute')) || is_null($ldapUserDetails['avatar'])) {
             return;
         }
 

app/Auth/Access/LoginService.php

@@ -5,7 +5,6 @@ namespace BookStack\Auth\Access;
 use BookStack\Actions\ActivityType;
 use BookStack\Auth\Access\Mfa\MfaSession;
 use BookStack\Auth\User;
-use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Facades\Activity;
 use BookStack\Facades\Theme;
@@ -150,7 +149,6 @@ class LoginService
      * May interrupt the flow if extra authentication requirements are imposed.
      *
      * @throws StoppedAuthenticationException
-     * @throws LoginAttemptException
      */
     public function attempt(array $credentials, string $method, bool $remember = false): bool
     {

app/Auth/Access/Oidc/OidcService.php

@@ -2,6 +2,7 @@
 
 namespace BookStack\Auth\Access\Oidc;
 
+use function auth;
 use BookStack\Auth\Access\GroupSyncService;
 use BookStack\Auth\Access\LoginService;
 use BookStack\Auth\Access\RegistrationService;
@@ -9,11 +10,14 @@ use BookStack\Auth\User;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
+use function config;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Cache;
 use League\OAuth2\Client\OptionProvider\HttpBasicAuthOptionProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use Psr\Http\Client\ClientInterface as HttpClient;
+use function trans;
+use function url;
 
 /**
  * Class OpenIdConnectService

app/Auth/Access/Saml2Service.php

@@ -20,11 +20,14 @@ use OneLogin\Saml2\ValidationError;
  */
 class Saml2Service
 {
-    protected array $config;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
-    protected GroupSyncService $groupSyncService;
+    protected $config;
+    protected $registrationService;
+    protected $loginService;
+    protected $groupSyncService;
 
+    /**
+     * Saml2Service constructor.
+     */
     public function __construct(
         RegistrationService $registrationService,
         LoginService $loginService,
@@ -106,10 +109,9 @@ class Saml2Service
         $errors = $toolkit->getErrors();
 
         if (!empty($errors)) {
-            $reason = $toolkit->getLastErrorReason();
-            $message = 'Invalid ACS Response; Errors: ' . implode(', ', $errors);
-            $message .= $reason ? "; Reason: {$reason}" : '';
-            throw new Error($message);
+            throw new Error(
+                'Invalid ACS Response: ' . implode(', ', $errors)
+            );
         }
 
         if (!$toolkit->isAuthenticated()) {
@@ -166,7 +168,7 @@ class Saml2Service
      */
     public function metadata(): string
     {
-        $toolKit = $this->getToolkit(true);
+        $toolKit = $this->getToolkit();
         $settings = $toolKit->getSettings();
         $metadata = $settings->getSPMetadata();
         $errors = $settings->validateMetadata($metadata);
@@ -187,7 +189,7 @@ class Saml2Service
      * @throws Error
      * @throws Exception
      */
-    protected function getToolkit(bool $spOnly = false): Auth
+    protected function getToolkit(): Auth
     {
         $settings = $this->config['onelogin'];
         $overrides = $this->config['onelogin_overrides'] ?? [];
@@ -197,14 +199,14 @@ class Saml2Service
         }
 
         $metaDataSettings = [];
-        if (!$spOnly && $this->config['autoload_from_metadata']) {
+        if ($this->config['autoload_from_metadata']) {
             $metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
         }
 
         $spSettings = $this->loadOneloginServiceProviderDetails();
         $settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);
 
-        return new Auth($settings, $spOnly);
+        return new Auth($settings);
     }
 
     /**

app/Auth/Permissions/EntityPermission.php

@@ -2,41 +2,20 @@
 
 namespace BookStack\Auth\Permissions;
 
-use BookStack\Auth\Role;
 use BookStack\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-use Illuminate\Database\Eloquent\Relations\MorphTo;
 
-/**
- * @property int $id
- * @property int $role_id
- * @property int $entity_id
- * @property string $entity_type
- * @property boolean $view
- * @property boolean $create
- * @property boolean $update
- * @property boolean $delete
- */
 class EntityPermission extends Model
 {
-    public const PERMISSIONS = ['view', 'create', 'update', 'delete'];
-
-    protected $fillable = ['role_id', 'view', 'create', 'update', 'delete'];
+    protected $fillable = ['role_id', 'action'];
     public $timestamps = false;
 
     /**
-     * Get this restriction's attached entity.
+     * Get all this restriction's attached entity.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\MorphTo
      */
-    public function restrictable(): MorphTo
+    public function restrictable()
     {
         return $this->morphTo('restrictable');
     }
-
-    /**
-     * Get the role assigned to this entity permission.
-     */
-    public function role(): BelongsTo
-    {
-        return $this->belongsTo(Role::class);
-    }
 }

app/Auth/Permissions/JointPermissionBuilder.php

@@ -40,7 +40,7 @@ class JointPermissionBuilder
         });
 
         // Chunk through all bookshelves
-        Bookshelf::query()->withTrashed()->select(['id', 'owned_by'])
+        Bookshelf::query()->withTrashed()->select(['id', 'restricted', 'owned_by'])
             ->chunk(50, function (EloquentCollection $shelves) use ($roles) {
                 $this->createManyJointPermissions($shelves->all(), $roles);
             });
@@ -92,7 +92,7 @@ class JointPermissionBuilder
         });
 
         // Chunk through all bookshelves
-        Bookshelf::query()->select(['id', 'owned_by'])
+        Bookshelf::query()->select(['id', 'restricted', 'owned_by'])
             ->chunk(50, function ($shelves) use ($roles) {
                 $this->createManyJointPermissions($shelves->all(), $roles);
             });
@@ -138,11 +138,12 @@ class JointPermissionBuilder
     protected function bookFetchQuery(): Builder
     {
         return Book::query()->withTrashed()
-            ->select(['id', 'owned_by'])->with([
+            ->select(['id', 'restricted', 'owned_by'])->with([
                 'chapters' => function ($query) {
+                    $query->withTrashed()->select(['id', 'restricted', 'owned_by', 'book_id']);
                 },
                 'pages' => function ($query) {
-                    $query->withTrashed()->select(['id', 'owned_by', 'book_id', 'chapter_id']);
+                    $query->withTrashed()->select(['id', 'restricted', 'owned_by', 'book_id', 'chapter_id']);
                 },
             ]);
     }
@@ -217,6 +218,7 @@ class JointPermissionBuilder
             $simple = new SimpleEntityData();
             $simple->id = $attrs['id'];
             $simple->type = $entity->getMorphClass();
+            $simple->restricted = boolval($attrs['restricted'] ?? 0);
             $simple->owned_by = $attrs['owned_by'] ?? 0;
             $simple->book_id = $attrs['book_id'] ?? null;
             $simple->chapter_id = $attrs['chapter_id'] ?? null;
@@ -238,14 +240,21 @@ class JointPermissionBuilder
         $this->readyEntityCache($entities);
         $jointPermissions = [];
 
+        // Create a mapping of entity restricted statuses
+        $entityRestrictedMap = [];
+        foreach ($entities as $entity) {
+            $entityRestrictedMap[$entity->type . ':' . $entity->id] = $entity->restricted;
+        }
+
         // Fetch related entity permissions
         $permissions = $this->getEntityPermissionsForEntities($entities);
 
         // Create a mapping of explicit entity permissions
         $permissionMap = [];
         foreach ($permissions as $permission) {
-            $key = $permission->entity_type . ':' . $permission->entity_id . ':' . $permission->role_id;
-            $permissionMap[$key] = $permission->view;
+            $key = $permission->restrictable_type . ':' . $permission->restrictable_id . ':' . $permission->role_id;
+            $isRestricted = $entityRestrictedMap[$permission->restrictable_type . ':' . $permission->restrictable_id];
+            $permissionMap[$key] = $isRestricted;
         }
 
         // Create a mapping of role permissions
@@ -310,10 +319,11 @@ class JointPermissionBuilder
     {
         $idsByType = $this->entitiesToTypeIdMap($entities);
         $permissionFetch = EntityPermission::query()
+            ->where('action', '=', 'view')
             ->where(function (Builder $query) use ($idsByType) {
                 foreach ($idsByType as $type => $ids) {
                     $query->orWhere(function (Builder $query) use ($type, $ids) {
-                        $query->where('entity_type', '=', $type)->whereIn('entity_id', $ids);
+                        $query->where('restrictable_type', '=', $type)->whereIn('restrictable_id', $ids);
                     });
                 }
             });
@@ -335,7 +345,7 @@ class JointPermissionBuilder
             return $this->createJointPermissionDataArray($entity, $roleId, true, true);
         }
 
-        if ($this->entityPermissionsActiveForRole($permissionMap, $entity, $roleId)) {
+        if ($entity->restricted) {
             $hasAccess = $this->mapHasActiveRestriction($permissionMap, $entity, $roleId);
 
             return $this->createJointPermissionDataArray($entity, $roleId, $hasAccess, $hasAccess);
@@ -348,14 +358,13 @@ class JointPermissionBuilder
         // For chapters and pages, Check if explicit permissions are set on the Book.
         $book = $this->getBook($entity->book_id);
         $hasExplicitAccessToParents = $this->mapHasActiveRestriction($permissionMap, $book, $roleId);
-        $hasPermissiveAccessToParents = !$this->entityPermissionsActiveForRole($permissionMap, $book, $roleId);
+        $hasPermissiveAccessToParents = !$book->restricted;
 
         // For pages with a chapter, Check if explicit permissions are set on the Chapter
         if ($entity->type === 'page' && $entity->chapter_id !== 0) {
             $chapter = $this->getChapter($entity->chapter_id);
-            $chapterRestricted = $this->entityPermissionsActiveForRole($permissionMap, $chapter, $roleId);
-            $hasPermissiveAccessToParents = $hasPermissiveAccessToParents && !$chapterRestricted;
-            if ($chapterRestricted) {
+            $hasPermissiveAccessToParents = $hasPermissiveAccessToParents && !$chapter->restricted;
+            if ($chapter->restricted) {
                 $hasExplicitAccessToParents = $this->mapHasActiveRestriction($permissionMap, $chapter, $roleId);
             }
         }
@@ -368,25 +377,14 @@ class JointPermissionBuilder
         );
     }
 
-    /**
-     * Check if entity permissions are defined within the given map, for the given entity and role.
-     * Checks for the default `role_id=0` backup option as a fallback.
-     */
-    protected function entityPermissionsActiveForRole(array $permissionMap, SimpleEntityData $entity, int $roleId): bool
-    {
-        $keyPrefix = $entity->type . ':' . $entity->id . ':';
-        return isset($permissionMap[$keyPrefix . $roleId]) || isset($permissionMap[$keyPrefix . '0']);
-    }
-
     /**
      * Check for an active restriction in an entity map.
      */
     protected function mapHasActiveRestriction(array $entityMap, SimpleEntityData $entity, int $roleId): bool
     {
-        $roleKey = $entity->type . ':' . $entity->id . ':' . $roleId;
-        $defaultKey = $entity->type . ':' . $entity->id . ':0';
+        $key = $entity->type . ':' . $entity->id . ':' . $roleId;
 
-        return $entityMap[$roleKey] ?? $entityMap[$defaultKey] ?? false;
+        return $entityMap[$key] ?? false;
     }
 
     /**

app/Auth/Permissions/PermissionApplicator.php

@@ -59,15 +59,11 @@ class PermissionApplicator
      */
     protected function hasEntityPermission(Entity $entity, array $userRoleIds, string $action): ?bool
     {
-        $this->ensureValidEntityAction($action);
-
         $adminRoleId = Role::getSystemRole('admin')->id;
         if (in_array($adminRoleId, $userRoleIds)) {
             return true;
         }
 
-        // The chain order here is very important due to the fact we walk up the chain
-        // in the loop below. Earlier items in the chain have higher priority.
         $chain = [$entity];
         if ($entity instanceof Page && $entity->chapter_id) {
             $chain[] = $entity->chapter;
@@ -78,26 +74,16 @@ class PermissionApplicator
         }
 
         foreach ($chain as $currentEntity) {
-            $allowedByRoleId = $currentEntity->permissions()
-                ->whereIn('role_id', [0, ...$userRoleIds])
-                ->pluck($action, 'role_id');
-
-            // Continue up the chain if no applicable entity permission overrides.
-            if ($allowedByRoleId->isEmpty()) {
-                continue;
+            if (is_null($currentEntity->restricted)) {
+                throw new InvalidArgumentException('Entity restricted field used but has not been loaded');
             }
 
-            // If we have user-role-specific permissions set, allow if any of those
-            // role permissions allow access.
-            $hasDefault = $allowedByRoleId->has(0);
-            if (!$hasDefault || $allowedByRoleId->count() > 1) {
-                return $allowedByRoleId->search(function (bool $allowed, int $roleId) {
-                        return $roleId !== 0 && $allowed;
-                }) !== false;
+            if ($currentEntity->restricted) {
+                return $currentEntity->permissions()
+                    ->whereIn('role_id', $userRoleIds)
+                    ->where('action', '=', $action)
+                    ->count() > 0;
             }
-
-            // Otherwise, return the default "Other roles" fallback value.
-            return $allowedByRoleId->get(0);
         }
 
         return null;
@@ -109,16 +95,18 @@ class PermissionApplicator
      */
     public function checkUserHasEntityPermissionOnAny(string $action, string $entityClass = ''): bool
     {
-        $this->ensureValidEntityAction($action);
+        if (strpos($action, '-') !== false) {
+            throw new InvalidArgumentException('Action should be a simple entity permission action, not a role permission');
+        }
 
         $permissionQuery = EntityPermission::query()
-            ->where($action, '=', true)
+            ->where('action', '=', $action)
             ->whereIn('role_id', $this->getCurrentUserRoleIds());
 
         if (!empty($entityClass)) {
             /** @var Entity $entityInstance */
             $entityInstance = app()->make($entityClass);
-            $permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());
+            $permissionQuery = $permissionQuery->where('restrictable_type', '=', $entityInstance->getMorphClass());
         }
 
         $hasPermission = $permissionQuery->count() > 0;
@@ -267,16 +255,4 @@ class PermissionApplicator
 
         return $this->currentUser()->roles->pluck('id')->values()->all();
     }
-
-    /**
-     * Ensure the given action is a valid and expected entity action.
-     * Throws an exception if invalid otherwise does nothing.
-     * @throws InvalidArgumentException
-     */
-    protected function ensureValidEntityAction(string $action): void
-    {
-        if (!in_array($action, EntityPermission::PERMISSIONS)) {
-            throw new InvalidArgumentException('Action should be a simple entity permission action, not a role permission');
-        }
-    }
 }

app/Auth/Permissions/PermissionFormData.php

@@ -1,68 +0,0 @@
-<?php
-
-namespace BookStack\Auth\Permissions;
-
-use BookStack\Auth\Role;
-use BookStack\Entities\Models\Entity;
-
-class PermissionFormData
-{
-    protected Entity $entity;
-
-    public function __construct(Entity $entity)
-    {
-        $this->entity = $entity;
-    }
-
-    /**
-     * Get the permissions with assigned roles.
-     */
-    public function permissionsWithRoles(): array
-    {
-        return $this->entity->permissions()
-            ->with('role')
-            ->where('role_id', '!=', 0)
-            ->get()
-            ->sortBy('role.display_name')
-            ->all();
-    }
-
-    /**
-     * Get the roles that don't yet have specific permissions for the
-     * entity we're managing permissions for.
-     */
-    public function rolesNotAssigned(): array
-    {
-        $assigned = $this->entity->permissions()->pluck('role_id');
-        return Role::query()
-            ->where('system_name', '!=', 'admin')
-            ->whereNotIn('id', $assigned)
-            ->orderBy('display_name', 'asc')
-            ->get()
-            ->all();
-    }
-
-    /**
-     * Get the entity permission for the "Everyone Else" option.
-     */
-    public function everyoneElseEntityPermission(): EntityPermission
-    {
-        /** @var ?EntityPermission $permission */
-        $permission = $this->entity->permissions()
-            ->where('role_id', '=', 0)
-            ->first();
-        return $permission ?? (new EntityPermission());
-    }
-
-    /**
-     * Get the "Everyone Else" role entry.
-     */
-    public function everyoneElseRole(): Role
-    {
-        return (new Role())->forceFill([
-            'id' => 0,
-            'display_name' => trans('entities.permissions_role_everyone_else'),
-            'description' => trans('entities.permissions_role_everyone_else_desc'),
-        ]);
-    }
-}

app/Auth/Permissions/PermissionsRepo.php

@@ -139,7 +139,6 @@ class PermissionsRepo
             }
         }
 
-        $role->entityPermissions()->delete();
         $role->jointPermissions()->delete();
         Activity::add(ActivityType::ROLE_DELETE, $role);
         $role->delete();

app/Auth/Permissions/SimpleEntityData.php

@@ -6,6 +6,7 @@ class SimpleEntityData
 {
     public int $id;
     public string $type;
+    public bool $restricted;
     public int $owned_by;
     public ?int $book_id;
     public ?int $chapter_id;

app/Auth/Role.php

@@ -2,7 +2,6 @@
 
 namespace BookStack\Auth;
 
-use BookStack\Auth\Permissions\EntityPermission;
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
 use BookStack\Interfaces\Loggable;
@@ -55,14 +54,6 @@ class Role extends Model implements Loggable
         return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
     }
 
-    /**
-     * Get the entity permissions assigned to this role.
-     */
-    public function entityPermissions(): HasMany
-    {
-        return $this->hasMany(EntityPermission::class);
-    }
-
     /**
      * Check if this role has a permission.
      */
@@ -118,6 +109,17 @@ class Role extends Model implements Loggable
         return static::query()->where('hidden', '=', false)->orderBy('name')->get();
     }
 
+    /**
+     * Get the roles that can be restricted.
+     */
+    public static function restrictable(): Collection
+    {
+        return static::query()
+            ->where('system_name', '!=', 'admin')
+            ->orderBy('display_name', 'asc')
+            ->get();
+    }
+
     /**
      * {@inheritdoc}
      */

app/Auth/UserRepo.php

@@ -10,7 +10,6 @@ use BookStack\Exceptions\UserUpdateException;
 use BookStack\Facades\Activity;
 use BookStack\Uploads\UserAvatars;
 use Exception;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Str;
 
@@ -62,7 +61,7 @@ class UserRepo
         $user = new User();
         $user->name = $data['name'];
         $user->email = $data['email'];
-        $user->password = Hash::make(empty($data['password']) ? Str::random(32) : $data['password']);
+        $user->password = bcrypt(empty($data['password']) ? Str::random(32) : $data['password']);
         $user->email_confirmed = $emailConfirmed;
         $user->external_auth_id = $data['external_auth_id'] ?? '';
 
@@ -127,7 +126,7 @@ class UserRepo
         }
 
         if (!empty($data['password'])) {
-            $user->password = Hash::make($data['password']);
+            $user->password = bcrypt($data['password']);
         }
 
         if (!empty($data['language'])) {

app/Config/app.php

@@ -114,8 +114,6 @@ return [
         Illuminate\Foundation\Providers\FoundationServiceProvider::class,
         Illuminate\Hashing\HashServiceProvider::class,
         Illuminate\Mail\MailServiceProvider::class,
-        Illuminate\Notifications\NotificationServiceProvider::class,
-        Illuminate\Pagination\PaginationServiceProvider::class,
         Illuminate\Pipeline\PipelineServiceProvider::class,
         Illuminate\Queue\QueueServiceProvider::class,
         Illuminate\Redis\RedisServiceProvider::class,
@@ -123,22 +121,27 @@ return [
         Illuminate\Session\SessionServiceProvider::class,
         Illuminate\Validation\ValidationServiceProvider::class,
         Illuminate\View\ViewServiceProvider::class,
+        Illuminate\Notifications\NotificationServiceProvider::class,
+        SocialiteProviders\Manager\ServiceProvider::class,
 
         // Third party service providers
+        Intervention\Image\ImageServiceProvider::class,
         Barryvdh\DomPDF\ServiceProvider::class,
         Barryvdh\Snappy\ServiceProvider::class,
-        Intervention\Image\ImageServiceProvider::class,
-        SocialiteProviders\Manager\ServiceProvider::class,
+
+        // BookStack replacement service providers (Extends Laravel)
+        BookStack\Providers\PaginationServiceProvider::class,
+        BookStack\Providers\TranslationServiceProvider::class,
 
         // BookStack custom service providers
         BookStack\Providers\ThemeServiceProvider::class,
-        BookStack\Providers\AppServiceProvider::class,
         BookStack\Providers\AuthServiceProvider::class,
+        BookStack\Providers\AppServiceProvider::class,
+        BookStack\Providers\BroadcastServiceProvider::class,
         BookStack\Providers\EventServiceProvider::class,
         BookStack\Providers\RouteServiceProvider::class,
-        BookStack\Providers\TranslationServiceProvider::class,
-        BookStack\Providers\ValidationRuleServiceProvider::class,
-        BookStack\Providers\ViewTweaksServiceProvider::class,
+        BookStack\Providers\CustomFacadeProvider::class,
+        BookStack\Providers\CustomValidationServiceProvider::class,
     ],
 
     /*

app/Config/dompdf.php

@@ -7,7 +7,6 @@
  * Configuration should be altered via the `.env` file or environment variables.
  * Do not edit this file unless you're happy to maintain any changes yourself.
  */
-
 $dompdfPaperSizeMap = [
     'a4'     => 'a4',
     'letter' => 'letter',

app/Config/snappy.php

@@ -7,7 +7,6 @@
  * Configuration should be altered via the `.env` file or environment variables.
  * Do not edit this file unless you're happy to maintain any changes yourself.
  */
-
 $snappyPaperSizeMap = [
     'a4'     => 'A4',
     'letter' => 'Letter',

app/Console/Commands/CopyShelfPermissions.php

@@ -3,7 +3,7 @@
 namespace BookStack\Console\Commands;
 
 use BookStack\Entities\Models\Bookshelf;
-use BookStack\Entities\Tools\PermissionsUpdater;
+use BookStack\Entities\Repos\BookshelfRepo;
 use Illuminate\Console\Command;
 
 class CopyShelfPermissions extends Command
@@ -25,16 +25,19 @@ class CopyShelfPermissions extends Command
      */
     protected $description = 'Copy shelf permissions to all child books';
 
-    protected PermissionsUpdater $permissionsUpdater;
+    /**
+     * @var BookshelfRepo
+     */
+    protected $bookshelfRepo;
 
     /**
      * Create a new command instance.
      *
      * @return void
      */
-    public function __construct(PermissionsUpdater $permissionsUpdater)
+    public function __construct(BookshelfRepo $repo)
     {
-        $this->permissionsUpdater = $permissionsUpdater;
+        $this->bookshelfRepo = $repo;
         parent::__construct();
     }
 
@@ -66,18 +69,18 @@ class CopyShelfPermissions extends Command
                 return;
             }
 
-            $shelves = Bookshelf::query()->get(['id']);
+            $shelves = Bookshelf::query()->get(['id', 'restricted']);
         }
 
         if ($shelfSlug) {
-            $shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id']);
+            $shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id', 'restricted']);
             if ($shelves->count() === 0) {
                 $this->info('No shelves found with the given slug.');
             }
         }
 
         foreach ($shelves as $shelf) {
-            $this->permissionsUpdater->updateBookPermissionsFromShelf($shelf, false);
+            $this->bookshelfRepo->copyDownPermissions($shelf, false);
             $this->info('Copied permissions for shelf [' . $shelf->id . ']');
         }
 

app/Entities/Models/Book.php

@@ -19,7 +19,6 @@ use Illuminate\Support\Collection;
  * @property \Illuminate\Database\Eloquent\Collection $chapters
  * @property \Illuminate\Database\Eloquent\Collection $pages
  * @property \Illuminate\Database\Eloquent\Collection $directPages
- * @property \Illuminate\Database\Eloquent\Collection $shelves
  */
 class Book extends Entity implements HasCoverImage
 {
@@ -28,7 +27,7 @@ class Book extends Entity implements HasCoverImage
     public $searchFactor = 1.2;
 
     protected $fillable = ['name', 'description'];
-    protected $hidden = ['pivot', 'image_id', 'deleted_at'];
+    protected $hidden = ['restricted', 'pivot', 'image_id', 'deleted_at'];
 
     /**
      * Get the url for this book.
@@ -120,13 +119,4 @@ class Book extends Entity implements HasCoverImage
 
         return $pages->concat($chapters)->sortBy('priority')->sortByDesc('draft');
     }
-
-    /**
-     * Get a visible book by its slug.
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
-     */
-    public static function getBySlug(string $slug): self
-    {
-        return static::visible()->where('slug', '=', $slug)->firstOrFail();
-    }
 }

app/Entities/Models/Bookshelf.php

@@ -17,7 +17,7 @@ class Bookshelf extends Entity implements HasCoverImage
 
     protected $fillable = ['name', 'description', 'image_id'];
 
-    protected $hidden = ['image_id', 'deleted_at'];
+    protected $hidden = ['restricted', 'image_id', 'deleted_at'];
 
     /**
      * Get the books in this shelf.
@@ -109,13 +109,4 @@ class Bookshelf extends Entity implements HasCoverImage
         $maxOrder = $this->books()->max('order');
         $this->books()->attach($book->id, ['order' => $maxOrder + 1]);
     }
-
-    /**
-     * Get a visible shelf by its slug.
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
-     */
-    public static function getBySlug(string $slug): self
-    {
-        return static::visible()->where('slug', '=', $slug)->firstOrFail();
-    }
 }

app/Entities/Models/Chapter.php

@@ -19,7 +19,7 @@ class Chapter extends BookChild
     public $searchFactor = 1.2;
 
     protected $fillable = ['name', 'description', 'priority'];
-    protected $hidden = ['pivot', 'deleted_at'];
+    protected $hidden = ['restricted', 'pivot', 'deleted_at'];
 
     /**
      * Get the pages that this chapter contains.
@@ -58,13 +58,4 @@ class Chapter extends BookChild
         ->orderBy('priority', 'asc')
         ->get();
     }
-
-    /**
-     * Get a visible chapter by its book and page slugs.
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
-     */
-    public static function getBySlugs(string $bookSlug, string $chapterSlug): self
-    {
-        return static::visible()->whereSlugs($bookSlug, $chapterSlug)->firstOrFail();
-    }
 }

app/Entities/Models/Entity.php

@@ -42,6 +42,7 @@ use Illuminate\Database\Eloquent\SoftDeletes;
  * @property Carbon     $deleted_at
  * @property int        $created_by
  * @property int        $updated_by
+ * @property bool       $restricted
  * @property Collection $tags
  *
  * @method static Entity|Builder visible()
@@ -175,15 +176,16 @@ abstract class Entity extends Model implements Sluggable, Favouritable, Viewable
      */
     public function permissions(): MorphMany
     {
-        return $this->morphMany(EntityPermission::class, 'entity');
+        return $this->morphMany(EntityPermission::class, 'restrictable');
     }
 
     /**
      * Check if this entity has a specific restriction set against it.
      */
-    public function hasPermissions(): bool
+    public function hasRestriction(int $role_id, string $action): bool
     {
-        return $this->permissions()->count() > 0;
+        return $this->permissions()->where('role_id', '=', $role_id)
+            ->where('action', '=', $action)->count() > 0;
     }
 
     /**

app/Entities/Models/Page.php

@@ -39,7 +39,7 @@ class Page extends BookChild
 
     public $textField = 'text';
 
-    protected $hidden = ['html', 'markdown', 'text', 'pivot', 'deleted_at'];
+    protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot', 'deleted_at'];
 
     protected $casts = [
         'draft'    => 'boolean',
@@ -145,13 +145,4 @@ class Page extends BookChild
 
         return $refreshed;
     }
-
-    /**
-     * Get a visible page by its book and page slugs.
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
-     */
-    public static function getBySlugs(string $bookSlug, string $pageSlug): self
-    {
-        return static::visible()->whereSlugs($bookSlug, $pageSlug)->firstOrFail();
-    }
 }

app/Entities/Models/PageRevision.php

@@ -31,7 +31,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
 class PageRevision extends Model implements Loggable
 {
     protected $fillable = ['name', 'text', 'summary'];
-    protected $hidden = ['html', 'markdown', 'text'];
+    protected $hidden = ['html', 'markdown', 'restricted', 'text'];
 
     /**
      * Get the user that created the page revision.

app/Entities/Repos/BookshelfRepo.php

@@ -134,6 +134,31 @@ class BookshelfRepo
         $shelf->books()->sync($syncData);
     }
 
+    /**
+     * Copy down the permissions of the given shelf to all child books.
+     */
+    public function copyDownPermissions(Bookshelf $shelf, $checkUserPermissions = true): int
+    {
+        $shelfPermissions = $shelf->permissions()->get(['role_id', 'action'])->toArray();
+        $shelfBooks = $shelf->books()->get(['id', 'restricted', 'owned_by']);
+        $updatedBookCount = 0;
+
+        /** @var Book $book */
+        foreach ($shelfBooks as $book) {
+            if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {
+                continue;
+            }
+            $book->permissions()->delete();
+            $book->restricted = $shelf->restricted;
+            $book->permissions()->createMany($shelfPermissions);
+            $book->save();
+            $book->rebuildPermissions();
+            $updatedBookCount++;
+        }
+
+        return $updatedBookCount;
+    }
+
     /**
      * Remove a bookshelf from the system.
      *

app/Entities/Tools/BookContents.php

@@ -11,15 +11,22 @@ use Illuminate\Support\Collection;
 
 class BookContents
 {
-    protected Book $book;
+    /**
+     * @var Book
+     */
+    protected $book;
 
+    /**
+     * BookContents constructor.
+     */
     public function __construct(Book $book)
     {
         $this->book = $book;
     }
 
     /**
-     * Get the current priority of the last item at the top-level of the book.
+     * Get the current priority of the last item
+     * at the top-level of the book.
      */
     public function getLastPriority(): int
     {

app/Entities/Tools/Cloner.php

@@ -4,7 +4,6 @@ namespace BookStack\Entities\Tools;
 
 use BookStack\Actions\Tag;
 use BookStack\Entities\Models\Book;
-use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
@@ -72,10 +71,8 @@ class Cloner
         $bookDetails = $this->entityToInputData($original);
         $bookDetails['name'] = $newName;
 
-        // Clone book
         $copyBook = $this->bookRepo->create($bookDetails);
 
-        // Clone contents
         $directChildren = $original->getDirectChildren();
         foreach ($directChildren as $child) {
             if ($child instanceof Chapter && userCan('chapter-create', $copyBook)) {
@@ -87,14 +84,6 @@ class Cloner
             }
         }
 
-        // Clone bookshelf relationships
-        /** @var Bookshelf $shelf */
-        foreach ($original->shelves as $shelf) {
-            if (userCan('bookshelf-update', $shelf)) {
-                $shelf->appendBook($copyBook);
-            }
-        }
-
         return $copyBook;
     }
 
@@ -122,7 +111,8 @@ class Cloner
      */
     public function copyEntityPermissions(Entity $sourceEntity, Entity $targetEntity): void
     {
-        $permissions = $sourceEntity->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
+        $targetEntity->restricted = $sourceEntity->restricted;
+        $permissions = $sourceEntity->permissions()->get(['role_id', 'action'])->toArray();
         $targetEntity->permissions()->delete();
         $targetEntity->permissions()->createMany($permissions);
         $targetEntity->rebuildPermissions();

app/Entities/Tools/HierarchyTransformer.php

@@ -65,7 +65,7 @@ class HierarchyTransformer
         foreach ($book->chapters as $index => $chapter) {
             $newBook = $this->transformChapterToBook($chapter);
             $shelfBookSyncData[$newBook->id] = ['order' => $index];
-            if (!$newBook->hasPermissions()) {
+            if (!$newBook->restricted) {
                 $this->cloner->copyEntityPermissions($shelf, $newBook);
             }
         }

app/Entities/Tools/PageEditActivity.php

@@ -42,7 +42,7 @@ class PageEditActivity
             $userMessage = trans('entities.pages_draft_edit_active.start_b', ['userName' => $firstDraft->createdBy->name ?? '']);
         }
 
-        $timeMessage = trans('entities.pages_draft_edit_active.time_b', ['minCount' => 60]);
+        $timeMessage = trans('entities.pages_draft_edit_active.time_b', ['minCount'=> 60]);
 
         return trans('entities.pages_draft_edit_active.message', ['start' => $userMessage, 'time' => $timeMessage]);
     }

app/Entities/Tools/PermissionsUpdater.php

@@ -3,10 +3,7 @@
 namespace BookStack\Entities\Tools;
 
 use BookStack\Actions\ActivityType;
-use BookStack\Auth\Permissions\EntityPermission;
 use BookStack\Auth\User;
-use BookStack\Entities\Models\Book;
-use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Entity;
 use BookStack\Facades\Activity;
 use Illuminate\Http\Request;
@@ -19,9 +16,11 @@ class PermissionsUpdater
      */
     public function updateFromPermissionsForm(Entity $entity, Request $request)
     {
-        $permissions = $request->get('permissions', null);
+        $restricted = $request->get('restricted') === 'true';
+        $permissions = $request->get('restrictions', null);
         $ownerId = $request->get('owned_by', null);
 
+        $entity->restricted = $restricted;
         $entity->permissions()->delete();
 
         if (!is_null($permissions)) {
@@ -53,43 +52,18 @@ class PermissionsUpdater
     }
 
     /**
-     * Format permissions provided from a permission form to be EntityPermission data.
+     * Format permissions provided from a permission form to be
+     * EntityPermission data.
      */
-    protected function formatPermissionsFromRequestToEntityPermissions(array $permissions): array
+    protected function formatPermissionsFromRequestToEntityPermissions(array $permissions): Collection
     {
-        $formatted = [];
-
-        foreach ($permissions as $roleId => $info) {
-            $entityPermissionData = ['role_id' => $roleId];
-            foreach (EntityPermission::PERMISSIONS as $permission) {
-                $entityPermissionData[$permission] = (($info[$permission] ?? false) === "true");
-            }
-            $formatted[] = $entityPermissionData;
-        }
-
-        return $formatted;
-    }
-
-    /**
-     * Copy down the permissions of the given shelf to all child books.
-     */
-    public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int
-    {
-        $shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
-        $shelfBooks = $shelf->books()->get(['id', 'owned_by']);
-        $updatedBookCount = 0;
-
-        /** @var Book $book */
-        foreach ($shelfBooks as $book) {
-            if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {
-                continue;
-            }
-            $book->permissions()->delete();
-            $book->permissions()->createMany($shelfPermissions);
-            $book->rebuildPermissions();
-            $updatedBookCount++;
-        }
-
-        return $updatedBookCount;
+        return collect($permissions)->flatMap(function ($restrictions, $roleId) {
+            return collect($restrictions)->keys()->map(function ($action) use ($roleId) {
+                return [
+                    'role_id' => $roleId,
+                    'action'  => strtolower($action),
+                ];
+            });
+        });
     }
 }

app/Exceptions/LdapFailedBindException.php

@@ -1,7 +0,0 @@
-<?php
-
-namespace BookStack\Exceptions;
-
-class LdapFailedBindException extends LdapException
-{
-}

app/Http/Controllers/Api/BookApiController.php

@@ -2,18 +2,14 @@
 
 namespace BookStack\Http\Controllers\Api;
 
-use BookStack\Api\ApiEntityListFormatter;
 use BookStack\Entities\Models\Book;
-use BookStack\Entities\Models\Chapter;
-use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Repos\BookRepo;
-use BookStack\Entities\Tools\BookContents;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
 class BookApiController extends ApiController
 {
-    protected BookRepo $bookRepo;
+    protected $bookRepo;
 
     public function __construct(BookRepo $bookRepo)
     {
@@ -51,25 +47,11 @@ class BookApiController extends ApiController
 
     /**
      * View the details of a single book.
-     * The response data will contain 'content' property listing the chapter and pages directly within, in
-     * the same structure as you'd see within the BookStack interface when viewing a book. Top-level
-     * contents will have a 'type' property to distinguish between pages & chapters.
      */
     public function read(string $id)
     {
         $book = Book::visible()->with(['tags', 'cover', 'createdBy', 'updatedBy', 'ownedBy'])->findOrFail($id);
 
-        $contents = (new BookContents($book))->getTree(true, false)->all();
-        $contentsApiData = (new ApiEntityListFormatter($contents))
-            ->withType()
-            ->withField('pages', function (Entity $entity) {
-                if ($entity instanceof Chapter) {
-                    return (new ApiEntityListFormatter($entity->pages->all()))->format();
-                }
-                return null;
-            })->format();
-        $book->setAttribute('contents', $contentsApiData);
-
         return response()->json($book);
     }
 

app/Http/Controllers/Api/BookshelfApiController.php

@@ -13,6 +13,9 @@ class BookshelfApiController extends ApiController
 {
     protected BookshelfRepo $bookshelfRepo;
 
+    /**
+     * BookshelfApiController constructor.
+     */
     public function __construct(BookshelfRepo $bookshelfRepo)
     {
         $this->bookshelfRepo = $bookshelfRepo;

app/Http/Controllers/Api/SearchApiController.php

@@ -2,7 +2,6 @@
 
 namespace BookStack\Http\Controllers\Api;
 
-use BookStack\Api\ApiEntityListFormatter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Search\SearchOptions;
 use BookStack\Search\SearchResultsFormatter;
@@ -11,8 +10,8 @@ use Illuminate\Http\Request;
 
 class SearchApiController extends ApiController
 {
-    protected SearchRunner $searchRunner;
-    protected SearchResultsFormatter $resultsFormatter;
+    protected $searchRunner;
+    protected $resultsFormatter;
 
     protected $rules = [
         'all' => [
@@ -51,17 +50,24 @@ class SearchApiController extends ApiController
         $results = $this->searchRunner->searchEntities($options, 'all', $page, $count);
         $this->resultsFormatter->format($results['results']->all(), $options);
 
-        $data = (new ApiEntityListFormatter($results['results']->all()))
-            ->withType()->withTags()
-            ->withField('preview_html', function (Entity $entity) {
-                return [
-                    'name'    => (string) $entity->getAttribute('preview_name'),
-                    'content' => (string) $entity->getAttribute('preview_content'),
-                ];
-            })->format();
+        /** @var Entity $result */
+        foreach ($results['results'] as $result) {
+            $result->setVisible([
+                'id', 'name', 'slug', 'book_id',
+                'chapter_id', 'draft', 'template',
+                'created_at', 'updated_at',
+                'tags', 'type', 'preview_html', 'url',
+            ]);
+            $result->setAttribute('type', $result->getType());
+            $result->setAttribute('url', $result->getUrl());
+            $result->setAttribute('preview_html', [
+                'name'    => (string) $result->getAttribute('preview_name'),
+                'content' => (string) $result->getAttribute('preview_content'),
+            ]);
+        }
 
         return response()->json([
-            'data'  => $data,
+            'data'  => $results['results'],
             'total' => $results['total'],
         ]);
     }

app/Http/Controllers/Auth/ConfirmEmailController.php

@@ -14,9 +14,9 @@ use Illuminate\Http\Request;
 
 class ConfirmEmailController extends Controller
 {
-    protected EmailConfirmationService $emailConfirmationService;
-    protected LoginService $loginService;
-    protected UserRepo $userRepo;
+    protected $emailConfirmationService;
+    protected $loginService;
+    protected $userRepo;
 
     /**
      * Create a new controller instance.

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -4,11 +4,25 @@ namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Actions\ActivityType;
 use BookStack\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Password;
 
 class ForgotPasswordController extends Controller
 {
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset emails and
+    | includes a trait which assists in sending these notifications from
+    | your application to your users. Feel free to explore this trait.
+    |
+    */
+
+    use SendsPasswordResetEmails;
+
     /**
      * Create a new controller instance.
      *
@@ -20,14 +34,6 @@ class ForgotPasswordController extends Controller
         $this->middleware('guard:standard');
     }
 
-    /**
-     * Display the form to request a password reset link.
-     */
-    public function showLinkRequestForm()
-    {
-        return view('auth.passwords.email');
-    }
-
     /**
      * Send a reset link to the given user.
      *
@@ -44,7 +50,7 @@ class ForgotPasswordController extends Controller
         // We will send the password reset link to this user. Once we have attempted
         // to send the link, we will examine the response then see the message we
         // need to show to the user. Finally, we'll send out a proper response.
-        $response = Password::broker()->sendResetLink(
+        $response = $this->broker()->sendResetLink(
             $request->only('email')
         );
 

app/Http/Controllers/Auth/LoginController.php

@@ -8,14 +8,30 @@ use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Facades\Activity;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Http\RedirectResponse;
+use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\ValidationException;
 
 class LoginController extends Controller
 {
-    use ThrottlesLogins;
+    /*
+    |--------------------------------------------------------------------------
+    | Login Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller handles authenticating users for the application and
+    | redirecting them to your home screen. The controller uses a trait
+    | to conveniently provide its functionality to your applications.
+    |
+    */
+
+    use AuthenticatesUsers { logout as traitLogout; }
+
+    /**
+     * Redirection paths.
+     */
+    protected $redirectTo = '/';
+    protected $redirectPath = '/';
 
     protected SocialAuthService $socialAuthService;
     protected LoginService $loginService;
@@ -31,6 +47,21 @@ class LoginController extends Controller
 
         $this->socialAuthService = $socialAuthService;
         $this->loginService = $loginService;
+
+        $this->redirectPath = url('/');
+    }
+
+    public function username()
+    {
+        return config('auth.method') === 'standard' ? 'email' : 'username';
+    }
+
+    /**
+     * Get the needed authorization credentials from the request.
+     */
+    protected function credentials(Request $request)
+    {
+        return $request->only('username', 'email', 'password');
     }
 
     /**
@@ -66,15 +97,27 @@ class LoginController extends Controller
 
     /**
      * Handle a login request to the application.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     *
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
      */
     public function login(Request $request)
     {
         $this->validateLogin($request);
         $username = $request->get($this->username());
 
-        // Check login throttling attempts to see if they've gone over the limit
-        if ($this->hasTooManyLoginAttempts($request)) {
+        // If the class is using the ThrottlesLogins trait, we can automatically throttle
+        // the login attempts for this application. We'll key this by the username and
+        // the IP address of the client making these requests into this application.
+        if (method_exists($this, 'hasTooManyLoginAttempts') &&
+            $this->hasTooManyLoginAttempts($request)) {
+            $this->fireLockoutEvent($request);
+
             Activity::logFailedLogin($username);
+
             return $this->sendLockoutResponse($request);
         }
 
@@ -88,62 +131,24 @@ class LoginController extends Controller
             return $this->sendLoginAttemptExceptionResponse($exception, $request);
         }
 
-        // On unsuccessful login attempt, Increment login attempts for throttling and log failed login.
+        // If the login attempt was unsuccessful we will increment the number of attempts
+        // to login and redirect the user back to the login form. Of course, when this
+        // user surpasses their maximum number of attempts they will get locked out.
         $this->incrementLoginAttempts($request);
+
         Activity::logFailedLogin($username);
 
-        // Throw validation failure for failed login
-        throw ValidationException::withMessages([
-            $this->username() => [trans('auth.failed')],
-        ])->redirectTo('/login');
-    }
-
-    /**
-     * Logout user and perform subsequent redirect.
-     */
-    public function logout(Request $request)
-    {
-        Auth::guard()->logout();
-        $request->session()->invalidate();
-        $request->session()->regenerateToken();
-
-        $redirectUri = $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/';
-
-        return redirect($redirectUri);
-    }
-
-    /**
-     * Get the expected username input based upon the current auth method.
-     */
-    protected function username(): string
-    {
-        return config('auth.method') === 'standard' ? 'email' : 'username';
-    }
-
-    /**
-     * Get the needed authorization credentials from the request.
-     */
-    protected function credentials(Request $request): array
-    {
-        return $request->only('username', 'email', 'password');
-    }
-
-    /**
-     * Send the response after the user was authenticated.
-     * @return RedirectResponse
-     */
-    protected function sendLoginResponse(Request $request)
-    {
-        $request->session()->regenerate();
-        $this->clearLoginAttempts($request);
-
-        return redirect()->intended('/');
+        return $this->sendFailedLoginResponse($request);
     }
 
     /**
      * Attempt to log the user into the application.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return bool
      */
-    protected function attemptLogin(Request $request): bool
+    protected function attemptLogin(Request $request)
     {
         return $this->loginService->attempt(
             $this->credentials($request),
@@ -152,12 +157,29 @@ class LoginController extends Controller
         );
     }
 
+    /**
+     * The user has been authenticated.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param mixed                    $user
+     *
+     * @return mixed
+     */
+    protected function authenticated(Request $request, $user)
+    {
+        return redirect()->intended($this->redirectPath());
+    }
 
     /**
      * Validate the user login request.
-     * @throws ValidationException
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     *
+     * @return void
      */
-    protected function validateLogin(Request $request): void
+    protected function validateLogin(Request $request)
     {
         $rules = ['password' => ['required', 'string']];
         $authMethod = config('auth.method');
@@ -191,6 +213,22 @@ class LoginController extends Controller
         return redirect('/login');
     }
 
+    /**
+     * Get the failed login response instance.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function sendFailedLoginResponse(Request $request)
+    {
+        throw ValidationException::withMessages([
+            $this->username() => [trans('auth.failed')],
+        ])->redirectTo('/login');
+    }
+
     /**
      * Update the intended URL location from their previous URL.
      * Ignores if not from the current app instance or if from certain
@@ -230,4 +268,20 @@ class LoginController extends Controller
 
         return $autoRedirect && count($socialDrivers) === 0 && in_array($authMethod, ['oidc', 'saml2']);
     }
+
+    /**
+     * Logout user and perform subsequent redirect.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return mixed
+     */
+    public function logout(Request $request)
+    {
+        $this->traitLogout($request);
+
+        $redirectUri = $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/';
+
+        return redirect($redirectUri);
+    }
 }

app/Http/Controllers/Auth/RegisterController.php

@@ -5,20 +5,43 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Auth\Access\LoginService;
 use BookStack\Auth\Access\RegistrationService;
 use BookStack\Auth\Access\SocialAuthService;
+use BookStack\Auth\User;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Contracts\Validation\Validator as ValidatorContract;
+use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rules\Password;
 
 class RegisterController extends Controller
 {
+    /*
+    |--------------------------------------------------------------------------
+    | Register Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller handles the registration of new users as well as their
+    | validation and creation. By default this controller uses a trait to
+    | provide this functionality without requiring any additional code.
+    |
+    */
+
+    use RegistersUsers;
+
     protected SocialAuthService $socialAuthService;
     protected RegistrationService $registrationService;
     protected LoginService $loginService;
 
+    /**
+     * Where to redirect users after login / registration.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/';
+    protected $redirectPath = '/';
+
     /**
      * Create a new controller instance.
      */
@@ -33,6 +56,23 @@ class RegisterController extends Controller
         $this->socialAuthService = $socialAuthService;
         $this->registrationService = $registrationService;
         $this->loginService = $loginService;
+
+        $this->redirectTo = url('/');
+        $this->redirectPath = url('/');
+    }
+
+    /**
+     * Get a validator for an incoming registration request.
+     *
+     * @return \Illuminate\Contracts\Validation\Validator
+     */
+    protected function validator(array $data)
+    {
+        return Validator::make($data, [
+            'name'     => ['required', 'min:2', 'max:100'],
+            'email'    => ['required', 'email', 'max:255', 'unique:users'],
+            'password' => ['required', Password::default()],
+        ]);
     }
 
     /**
@@ -75,18 +115,22 @@ class RegisterController extends Controller
 
         $this->showSuccessNotification(trans('auth.register_success'));
 
-        return redirect('/');
+        return redirect($this->redirectPath());
     }
 
     /**
-     * Get a validator for an incoming registration request.
+     * Create a new user instance after a valid registration.
+     *
+     * @param array $data
+     *
+     * @return User
      */
-    protected function validator(array $data): ValidatorContract
+    protected function create(array $data)
     {
-        return Validator::make($data, [
-            'name'     => ['required', 'min:2', 'max:100'],
-            'email'    => ['required', 'email', 'max:255', 'unique:users'],
-            'password' => ['required', Password::default()],
+        return User::create([
+            'name'     => $data['name'],
+            'email'    => $data['email'],
+            'password' => Hash::make($data['password']),
         ]);
     }
 }

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -3,87 +3,66 @@
 namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\User;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Http\RedirectResponse;
+use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
-use Illuminate\Support\Str;
-use Illuminate\Validation\Rules\Password as PasswordRule;
 
 class ResetPasswordController extends Controller
 {
-    protected LoginService $loginService;
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset requests
+    | and uses a simple trait to include this behavior. You're free to
+    | explore this trait and override any methods you wish to tweak.
+    |
+    */
 
-    public function __construct(LoginService $loginService)
+    use ResetsPasswords;
+
+    protected $redirectTo = '/';
+
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
     {
         $this->middleware('guest');
         $this->middleware('guard:standard');
-
-        $this->loginService = $loginService;
-    }
-
-    /**
-     * Display the password reset view for the given token.
-     * If no token is present, display the link request form.
-     */
-    public function showResetForm(Request $request)
-    {
-        $token = $request->route()->parameter('token');
-
-        return view('auth.passwords.reset')->with(
-            ['token' => $token, 'email' => $request->email]
-        );
-    }
-
-    /**
-     * Reset the given user's password.
-     */
-    public function reset(Request $request)
-    {
-        $request->validate([
-            'token' => 'required',
-            'email' => 'required|email',
-            'password' => ['required', 'confirmed', PasswordRule::defaults()],
-        ]);
-
-        // Here we will attempt to reset the user's password. If it is successful we
-        // will update the password on an actual user model and persist it to the
-        // database. Otherwise we will parse the error and return the response.
-        $credentials = $request->only('email', 'password', 'password_confirmation', 'token');
-        $response = Password::broker()->reset($credentials, function (User $user, string $password) {
-            $user->password = Hash::make($password);
-            $user->setRememberToken(Str::random(60));
-            $user->save();
-
-            $this->loginService->login($user, auth()->getDefaultDriver());
-        });
-
-        // If the password was successfully reset, we will redirect the user back to
-        // the application's home authenticated view. If there is an error we can
-        // redirect them back to where they came from with their error message.
-        return $response === Password::PASSWORD_RESET
-            ? $this->sendResetResponse()
-            : $this->sendResetFailedResponse($request, $response);
     }
 
     /**
      * Get the response for a successful password reset.
+     *
+     * @param Request $request
+     * @param string  $response
+     *
+     * @return \Illuminate\Http\Response
      */
-    protected function sendResetResponse(): RedirectResponse
+    protected function sendResetResponse(Request $request, $response)
     {
-        $this->showSuccessNotification(trans('auth.reset_password_success'));
+        $message = trans('auth.reset_password_success');
+        $this->showSuccessNotification($message);
         $this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());
 
-        return redirect('/');
+        return redirect($this->redirectPath())
+            ->with('status', trans($response));
     }
 
     /**
      * Get the response for a failed password reset.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param string                   $response
+     *
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
      */
-    protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
+    protected function sendResetFailedResponse(Request $request, $response)
     {
         // We show invalid users as invalid tokens as to not leak what
         // users may exist in the system.

app/Http/Controllers/Auth/Saml2Controller.php

@@ -9,7 +9,7 @@ use Illuminate\Support\Str;
 
 class Saml2Controller extends Controller
 {
-    protected Saml2Service $samlService;
+    protected $samlService;
 
     /**
      * Saml2Controller constructor.

app/Http/Controllers/Auth/SocialController.php

@@ -16,9 +16,9 @@ use Laravel\Socialite\Contracts\User as SocialUser;
 
 class SocialController extends Controller
 {
-    protected SocialAuthService $socialAuthService;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
+    protected $socialAuthService;
+    protected $registrationService;
+    protected $loginService;
 
     /**
      * SocialController constructor.
@@ -28,7 +28,7 @@ class SocialController extends Controller
         RegistrationService $registrationService,
         LoginService $loginService
     ) {
-        $this->middleware('guest')->only(['register']);
+        $this->middleware('guest')->only(['getRegister', 'postRegister']);
         $this->socialAuthService = $socialAuthService;
         $this->registrationService = $registrationService;
         $this->loginService = $loginService;

app/Http/Controllers/Auth/ThrottlesLogins.php

@@ -1,92 +0,0 @@
-<?php
-
-namespace BookStack\Http\Controllers\Auth;
-
-use Illuminate\Cache\RateLimiter;
-use Illuminate\Http\Request;
-use Illuminate\Http\Response;
-use Illuminate\Support\Str;
-use Illuminate\Validation\ValidationException;
-
-trait ThrottlesLogins
-{
-    /**
-     * Determine if the user has too many failed login attempts.
-     */
-    protected function hasTooManyLoginAttempts(Request $request): bool
-    {
-        return $this->limiter()->tooManyAttempts(
-            $this->throttleKey($request),
-            $this->maxAttempts()
-        );
-    }
-
-    /**
-     * Increment the login attempts for the user.
-     */
-    protected function incrementLoginAttempts(Request $request): void
-    {
-        $this->limiter()->hit(
-            $this->throttleKey($request),
-            $this->decayMinutes() * 60
-        );
-    }
-
-    /**
-     * Redirect the user after determining they are locked out.
-     * @throws ValidationException
-     */
-    protected function sendLockoutResponse(Request $request): \Symfony\Component\HttpFoundation\Response
-    {
-        $seconds = $this->limiter()->availableIn(
-            $this->throttleKey($request)
-        );
-
-        throw ValidationException::withMessages([
-            $this->username() => [trans('auth.throttle', [
-                'seconds' => $seconds,
-                'minutes' => ceil($seconds / 60),
-            ])],
-        ])->status(Response::HTTP_TOO_MANY_REQUESTS);
-    }
-
-    /**
-     * Clear the login locks for the given user credentials.
-     */
-    protected function clearLoginAttempts(Request $request): void
-    {
-        $this->limiter()->clear($this->throttleKey($request));
-    }
-
-    /**
-     * Get the throttle key for the given request.
-     */
-    protected function throttleKey(Request $request): string
-    {
-        return Str::transliterate(Str::lower($request->input($this->username())) . '|' . $request->ip());
-    }
-
-    /**
-     * Get the rate limiter instance.
-     */
-    protected function limiter(): RateLimiter
-    {
-        return app(RateLimiter::class);
-    }
-
-    /**
-     * Get the maximum number of attempts to allow.
-     */
-    public function maxAttempts(): int
-    {
-        return 5;
-    }
-
-    /**
-     * Get the number of minutes to throttle for.
-     */
-    public function decayMinutes(): int
-    {
-        return 1;
-    }
-}

app/Http/Controllers/Auth/UserInviteController.php

@@ -11,13 +11,12 @@ use Exception;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Validation\Rules\Password;
 
 class UserInviteController extends Controller
 {
-    protected UserInviteService $inviteService;
-    protected UserRepo $userRepo;
+    protected $inviteService;
+    protected $userRepo;
 
     /**
      * Create a new controller instance.
@@ -67,7 +66,7 @@ class UserInviteController extends Controller
         }
 
         $user = $this->userRepo->getById($userId);
-        $user->password = Hash::make($request->get('password'));
+        $user->password = bcrypt($request->get('password'));
         $user->email_confirmed = true;
         $user->save();
 

app/Http/Controllers/BookController.php

@@ -10,6 +10,7 @@ use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Tools\BookContents;
 use BookStack\Entities\Tools\Cloner;
 use BookStack\Entities\Tools\HierarchyTransformer;
+use BookStack\Entities\Tools\PermissionsUpdater;
 use BookStack\Entities\Tools\ShelfContext;
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Exceptions\NotFoundException;
@@ -146,7 +147,7 @@ class BookController extends Controller
     {
         $book = $this->bookRepo->getBySlug($slug);
         $this->checkOwnablePermission('book-update', $book);
-        $this->setPageTitle(trans('entities.books_edit_named', ['bookName' => $book->getShortName()]));
+        $this->setPageTitle(trans('entities.books_edit_named', ['bookName'=>$book->getShortName()]));
 
         return view('books.edit', ['book' => $book, 'current' => $book]);
     }
@@ -208,6 +209,36 @@ class BookController extends Controller
         return redirect('/books');
     }
 
+    /**
+     * Show the permissions view.
+     */
+    public function showPermissions(string $bookSlug)
+    {
+        $book = $this->bookRepo->getBySlug($bookSlug);
+        $this->checkOwnablePermission('restrictions-manage', $book);
+
+        return view('books.permissions', [
+            'book' => $book,
+        ]);
+    }
+
+    /**
+     * Set the restrictions for this book.
+     *
+     * @throws Throwable
+     */
+    public function permissions(Request $request, PermissionsUpdater $permissionsUpdater, string $bookSlug)
+    {
+        $book = $this->bookRepo->getBySlug($bookSlug);
+        $this->checkOwnablePermission('restrictions-manage', $book);
+
+        $permissionsUpdater->updateFromPermissionsForm($book, $request);
+
+        $this->showSuccessNotification(trans('entities.books_permissions_updated'));
+
+        return redirect($book->getUrl());
+    }
+
     /**
      * Show the view to copy a book.
      *

app/Http/Controllers/BookSortController.php

@@ -28,7 +28,7 @@ class BookSortController extends Controller
 
         $bookChildren = (new BookContents($book))->getTree(false);
 
-        $this->setPageTitle(trans('entities.books_sort_named', ['bookName' => $book->getShortName()]));
+        $this->setPageTitle(trans('entities.books_sort_named', ['bookName'=>$book->getShortName()]));
 
         return view('books.sort', ['book' => $book, 'current' => $book, 'bookChildren' => $bookChildren]);
     }

app/Http/Controllers/BookshelfController.php

@@ -6,6 +6,7 @@ use BookStack\Actions\ActivityQueries;
 use BookStack\Actions\View;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Repos\BookshelfRepo;
+use BookStack\Entities\Tools\PermissionsUpdater;
 use BookStack\Entities\Tools\ShelfContext;
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Exceptions\NotFoundException;
@@ -206,4 +207,46 @@ class BookshelfController extends Controller
 
         return redirect('/shelves');
     }
+
+    /**
+     * Show the permissions view.
+     */
+    public function showPermissions(string $slug)
+    {
+        $shelf = $this->shelfRepo->getBySlug($slug);
+        $this->checkOwnablePermission('restrictions-manage', $shelf);
+
+        return view('shelves.permissions', [
+            'shelf' => $shelf,
+        ]);
+    }
+
+    /**
+     * Set the permissions for this bookshelf.
+     */
+    public function permissions(Request $request, PermissionsUpdater $permissionsUpdater, string $slug)
+    {
+        $shelf = $this->shelfRepo->getBySlug($slug);
+        $this->checkOwnablePermission('restrictions-manage', $shelf);
+
+        $permissionsUpdater->updateFromPermissionsForm($shelf, $request);
+
+        $this->showSuccessNotification(trans('entities.shelves_permissions_updated'));
+
+        return redirect($shelf->getUrl());
+    }
+
+    /**
+     * Copy the permissions of a bookshelf to the child books.
+     */
+    public function copyPermissions(string $slug)
+    {
+        $shelf = $this->shelfRepo->getBySlug($slug);
+        $this->checkOwnablePermission('restrictions-manage', $shelf);
+
+        $updateCount = $this->shelfRepo->copyDownPermissions($shelf);
+        $this->showSuccessNotification(trans('entities.shelves_copy_permission_success', ['count' => $updateCount]));
+
+        return redirect($shelf->getUrl());
+    }
 }

app/Http/Controllers/ChapterController.php

@@ -9,6 +9,7 @@ use BookStack\Entities\Tools\BookContents;
 use BookStack\Entities\Tools\Cloner;
 use BookStack\Entities\Tools\HierarchyTransformer;
 use BookStack\Entities\Tools\NextPreviousContentLocator;
+use BookStack\Entities\Tools\PermissionsUpdater;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\NotFoundException;
 use BookStack\Exceptions\PermissionsException;
@@ -242,6 +243,38 @@ class ChapterController extends Controller
         return redirect($chapterCopy->getUrl());
     }
 
+    /**
+     * Show the Restrictions view.
+     *
+     * @throws NotFoundException
+     */
+    public function showPermissions(string $bookSlug, string $chapterSlug)
+    {
+        $chapter = $this->chapterRepo->getBySlug($bookSlug, $chapterSlug);
+        $this->checkOwnablePermission('restrictions-manage', $chapter);
+
+        return view('chapters.permissions', [
+            'chapter' => $chapter,
+        ]);
+    }
+
+    /**
+     * Set the restrictions for this chapter.
+     *
+     * @throws NotFoundException
+     */
+    public function permissions(Request $request, PermissionsUpdater $permissionsUpdater, string $bookSlug, string $chapterSlug)
+    {
+        $chapter = $this->chapterRepo->getBySlug($bookSlug, $chapterSlug);
+        $this->checkOwnablePermission('restrictions-manage', $chapter);
+
+        $permissionsUpdater->updateFromPermissionsForm($chapter, $request);
+
+        $this->showSuccessNotification(trans('entities.chapters_permissions_success'));
+
+        return redirect($chapter->getUrl());
+    }
+
     /**
      * Convert the chapter to a book.
      */

app/Http/Controllers/FavouriteController.php

@@ -87,7 +87,7 @@ class FavouriteController extends Controller
 
         $modelInstance = $model->newQuery()
             ->where('id', '=', $modelInfo['id'])
-            ->first(['id', 'name', 'owned_by']);
+            ->first(['id', 'name', 'restricted', 'owned_by']);
 
         $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
         if (is_null($modelInstance) || $inaccessibleEntity) {

app/Http/Controllers/PageController.php

@@ -11,6 +11,7 @@ use BookStack\Entities\Tools\NextPreviousContentLocator;
 use BookStack\Entities\Tools\PageContent;
 use BookStack\Entities\Tools\PageEditActivity;
 use BookStack\Entities\Tools\PageEditorData;
+use BookStack\Entities\Tools\PermissionsUpdater;
 use BookStack\Exceptions\NotFoundException;
 use BookStack\Exceptions\PermissionsException;
 use BookStack\References\ReferenceFetcher;
@@ -451,4 +452,37 @@ class PageController extends Controller
 
         return redirect($pageCopy->getUrl());
     }
+
+    /**
+     * Show the Permissions view.
+     *
+     * @throws NotFoundException
+     */
+    public function showPermissions(string $bookSlug, string $pageSlug)
+    {
+        $page = $this->pageRepo->getBySlug($bookSlug, $pageSlug);
+        $this->checkOwnablePermission('restrictions-manage', $page);
+
+        return view('pages.permissions', [
+            'page' => $page,
+        ]);
+    }
+
+    /**
+     * Set the permissions for this page.
+     *
+     * @throws NotFoundException
+     * @throws Throwable
+     */
+    public function permissions(Request $request, PermissionsUpdater $permissionsUpdater, string $bookSlug, string $pageSlug)
+    {
+        $page = $this->pageRepo->getBySlug($bookSlug, $pageSlug);
+        $this->checkOwnablePermission('restrictions-manage', $page);
+
+        $permissionsUpdater->updateFromPermissionsForm($page, $request);
+
+        $this->showSuccessNotification(trans('entities.pages_permissions_success'));
+
+        return redirect($page->getUrl());
+    }
 }

app/Http/Controllers/PageRevisionController.php

@@ -91,7 +91,7 @@ class PageRevisionController extends Controller
         // TODO - Refactor PageContent so we don't need to juggle this
         $page->html = $revision->html;
         $page->html = (new PageContent($page))->render();
-        $this->setPageTitle(trans('entities.pages_revision_named', ['pageName' => $page->getShortName()]));
+        $this->setPageTitle(trans('entities.pages_revision_named', ['pageName'=>$page->getShortName()]));
 
         return view('pages.revision', [
             'page'     => $page,

app/Http/Controllers/PermissionsController.php

@@ -1,174 +0,0 @@
-<?php
-
-namespace BookStack\Http\Controllers;
-
-use BookStack\Auth\Permissions\EntityPermission;
-use BookStack\Auth\Permissions\PermissionFormData;
-use BookStack\Auth\Role;
-use BookStack\Entities\Models\Book;
-use BookStack\Entities\Models\Bookshelf;
-use BookStack\Entities\Models\Chapter;
-use BookStack\Entities\Models\Page;
-use BookStack\Entities\Tools\PermissionsUpdater;
-use Illuminate\Http\Request;
-
-class PermissionsController extends Controller
-{
-    protected PermissionsUpdater $permissionsUpdater;
-
-    public function __construct(PermissionsUpdater $permissionsUpdater)
-    {
-        $this->permissionsUpdater = $permissionsUpdater;
-    }
-
-    /**
-     * Show the Permissions view for a page.
-     */
-    public function showForPage(string $bookSlug, string $pageSlug)
-    {
-        $page = Page::getBySlugs($bookSlug, $pageSlug);
-        $this->checkOwnablePermission('restrictions-manage', $page);
-
-        $this->setPageTitle(trans('entities.pages_permissions'));
-        return view('pages.permissions', [
-            'page' => $page,
-            'data' => new PermissionFormData($page),
-        ]);
-    }
-
-    /**
-     * Set the permissions for a page.
-     */
-    public function updateForPage(Request $request, string $bookSlug, string $pageSlug)
-    {
-        $page = Page::getBySlugs($bookSlug, $pageSlug);
-        $this->checkOwnablePermission('restrictions-manage', $page);
-
-        $this->permissionsUpdater->updateFromPermissionsForm($page, $request);
-
-        $this->showSuccessNotification(trans('entities.pages_permissions_success'));
-
-        return redirect($page->getUrl());
-    }
-
-    /**
-     * Show the Restrictions view for a chapter.
-     */
-    public function showForChapter(string $bookSlug, string $chapterSlug)
-    {
-        $chapter = Chapter::getBySlugs($bookSlug, $chapterSlug);
-        $this->checkOwnablePermission('restrictions-manage', $chapter);
-
-        $this->setPageTitle(trans('entities.chapters_permissions'));
-        return view('chapters.permissions', [
-            'chapter' => $chapter,
-            'data' => new PermissionFormData($chapter),
-        ]);
-    }
-
-    /**
-     * Set the restrictions for a chapter.
-     */
-    public function updateForChapter(Request $request, string $bookSlug, string $chapterSlug)
-    {
-        $chapter = Chapter::getBySlugs($bookSlug, $chapterSlug);
-        $this->checkOwnablePermission('restrictions-manage', $chapter);
-
-        $this->permissionsUpdater->updateFromPermissionsForm($chapter, $request);
-
-        $this->showSuccessNotification(trans('entities.chapters_permissions_success'));
-
-        return redirect($chapter->getUrl());
-    }
-
-    /**
-     * Show the permissions view for a book.
-     */
-    public function showForBook(string $slug)
-    {
-        $book = Book::getBySlug($slug);
-        $this->checkOwnablePermission('restrictions-manage', $book);
-
-        $this->setPageTitle(trans('entities.books_permissions'));
-        return view('books.permissions', [
-            'book' => $book,
-            'data' => new PermissionFormData($book),
-        ]);
-    }
-
-    /**
-     * Set the restrictions for a book.
-     */
-    public function updateForBook(Request $request, string $slug)
-    {
-        $book = Book::getBySlug($slug);
-        $this->checkOwnablePermission('restrictions-manage', $book);
-
-        $this->permissionsUpdater->updateFromPermissionsForm($book, $request);
-
-        $this->showSuccessNotification(trans('entities.books_permissions_updated'));
-
-        return redirect($book->getUrl());
-    }
-
-    /**
-     * Show the permissions view for a shelf.
-     */
-    public function showForShelf(string $slug)
-    {
-        $shelf = Bookshelf::getBySlug($slug);
-        $this->checkOwnablePermission('restrictions-manage', $shelf);
-
-        $this->setPageTitle(trans('entities.shelves_permissions'));
-        return view('shelves.permissions', [
-            'shelf' => $shelf,
-            'data' => new PermissionFormData($shelf),
-        ]);
-    }
-
-    /**
-     * Set the permissions for a shelf.
-     */
-    public function updateForShelf(Request $request, string $slug)
-    {
-        $shelf = Bookshelf::getBySlug($slug);
-        $this->checkOwnablePermission('restrictions-manage', $shelf);
-
-        $this->permissionsUpdater->updateFromPermissionsForm($shelf, $request);
-
-        $this->showSuccessNotification(trans('entities.shelves_permissions_updated'));
-
-        return redirect($shelf->getUrl());
-    }
-
-    /**
-     * Copy the permissions of a bookshelf to the child books.
-     */
-    public function copyShelfPermissionsToBooks(string $slug)
-    {
-        $shelf = Bookshelf::getBySlug($slug);
-        $this->checkOwnablePermission('restrictions-manage', $shelf);
-
-        $updateCount = $this->permissionsUpdater->updateBookPermissionsFromShelf($shelf);
-        $this->showSuccessNotification(trans('entities.shelves_copy_permission_success', ['count' => $updateCount]));
-
-        return redirect($shelf->getUrl());
-    }
-
-    /**
-     * Get an empty entity permissions form row for the given role.
-     */
-    public function formRowForRole(string $entityType, string $roleId)
-    {
-        $this->checkPermissionOr('restrictions-manage-all', fn() => userCan('restrictions-manage-own'));
-
-        $role = Role::query()->findOrFail($roleId);
-
-        return view('form.entity-permissions-row', [
-            'role' => $role,
-            'permission' => new EntityPermission(),
-            'entityType' => $entityType,
-            'inheriting' => false,
-        ]);
-    }
-}

app/Http/Controllers/ReferenceController.php

@@ -22,7 +22,8 @@ class ReferenceController extends Controller
      */
     public function page(string $bookSlug, string $pageSlug)
     {
-        $page = Page::getBySlugs($bookSlug, $pageSlug);
+        /** @var Page $page */
+        $page = Page::visible()->whereSlugs($bookSlug, $pageSlug)->firstOrFail();
         $references = $this->referenceFetcher->getPageReferencesToEntity($page);
 
         return view('pages.references', [
@@ -36,7 +37,8 @@ class ReferenceController extends Controller
      */
     public function chapter(string $bookSlug, string $chapterSlug)
     {
-        $chapter = Chapter::getBySlugs($bookSlug, $chapterSlug);
+        /** @var Chapter $chapter */
+        $chapter = Chapter::visible()->whereSlugs($bookSlug, $chapterSlug)->firstOrFail();
         $references = $this->referenceFetcher->getPageReferencesToEntity($chapter);
 
         return view('chapters.references', [
@@ -50,7 +52,7 @@ class ReferenceController extends Controller
      */
     public function book(string $slug)
     {
-        $book = Book::getBySlug($slug);
+        $book = Book::visible()->where('slug', '=', $slug)->firstOrFail();
         $references = $this->referenceFetcher->getPageReferencesToEntity($book);
 
         return view('books.references', [
@@ -64,7 +66,7 @@ class ReferenceController extends Controller
      */
     public function shelf(string $slug)
     {
-        $shelf = Bookshelf::getBySlug($slug);
+        $shelf = Bookshelf::visible()->where('slug', '=', $slug)->firstOrFail();
         $references = $this->referenceFetcher->getPageReferencesToEntity($shelf);
 
         return view('shelves.references', [

app/Http/Controllers/TagController.php

@@ -7,8 +7,11 @@ use Illuminate\Http\Request;
 
 class TagController extends Controller
 {
-    protected TagRepo $tagRepo;
+    protected $tagRepo;
 
+    /**
+     * TagController constructor.
+     */
     public function __construct(TagRepo $tagRepo)
     {
         $this->tagRepo = $tagRepo;
@@ -43,7 +46,7 @@ class TagController extends Controller
      */
     public function getNameSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', '');
+        $searchTerm = $request->get('search', null);
         $suggestions = $this->tagRepo->getNameSuggestions($searchTerm);
 
         return response()->json($suggestions);
@@ -54,8 +57,8 @@ class TagController extends Controller
      */
     public function getValueSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', '');
-        $tagName = $request->get('name', '');
+        $searchTerm = $request->get('search', null);
+        $tagName = $request->get('name', null);
         $suggestions = $this->tagRepo->getValueSuggestions($searchTerm, $tagName);
 
         return response()->json($suggestions);

app/Providers/AppServiceProvider.php

@@ -2,44 +2,32 @@
 
 namespace BookStack\Providers;
 
-use BookStack\Actions\ActivityLogger;
+use BookStack\Auth\Access\LoginService;
 use BookStack\Auth\Access\SocialAuthService;
+use BookStack\Entities\BreadcrumbsViewComposer;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Page;
 use BookStack\Exceptions\WhoopsBookStackPrettyHandler;
+use BookStack\Settings\Setting;
 use BookStack\Settings\SettingService;
 use BookStack\Util\CspService;
 use GuzzleHttp\Client;
+use Illuminate\Contracts\Cache\Repository;
 use Illuminate\Database\Eloquent\Relations\Relation;
+use Illuminate\Pagination\Paginator;
+use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\Facades\URL;
+use Illuminate\Support\Facades\View;
 use Illuminate\Support\ServiceProvider;
+use Laravel\Socialite\Contracts\Factory as SocialiteFactory;
 use Psr\Http\Client\ClientInterface as HttpClientInterface;
 use Whoops\Handler\HandlerInterface;
 
 class AppServiceProvider extends ServiceProvider
 {
-    /**
-     * Custom container bindings to register.
-     * @var string[]
-     */
-    public $bindings = [
-        HandlerInterface::class => WhoopsBookStackPrettyHandler::class,
-    ];
-
-    /**
-     * Custom singleton bindings to register.
-     * @var string[]
-     */
-    public $singletons = [
-        'activity' => ActivityLogger::class,
-        SettingService::class => SettingService::class,
-        SocialAuthService::class => SocialAuthService::class,
-        CspService::class => CspService::class,
-    ];
-
     /**
      * Bootstrap any application services.
      *
@@ -55,6 +43,11 @@ class AppServiceProvider extends ServiceProvider
             URL::forceScheme($isHttps ? 'https' : 'http');
         }
 
+        // Custom blade view directives
+        Blade::directive('icon', function ($expression) {
+            return "<?php echo icon($expression); ?>";
+        });
+
         // Allow longer string lengths after upgrade to utf8mb4
         Schema::defaultStringLength(191);
 
@@ -65,6 +58,12 @@ class AppServiceProvider extends ServiceProvider
             'chapter'   => Chapter::class,
             'page'      => Page::class,
         ]);
+
+        // View Composers
+        View::composer('entities.breadcrumbs', BreadcrumbsViewComposer::class);
+
+        // Set paginator to use bootstrap-style pagination
+        Paginator::useBootstrap();
     }
 
     /**
@@ -74,6 +73,22 @@ class AppServiceProvider extends ServiceProvider
      */
     public function register()
     {
+        $this->app->bind(HandlerInterface::class, function ($app) {
+            return $app->make(WhoopsBookStackPrettyHandler::class);
+        });
+
+        $this->app->singleton(SettingService::class, function ($app) {
+            return new SettingService($app->make(Setting::class), $app->make(Repository::class));
+        });
+
+        $this->app->singleton(SocialAuthService::class, function ($app) {
+            return new SocialAuthService($app->make(SocialiteFactory::class), $app->make(LoginService::class));
+        });
+
+        $this->app->singleton(CspService::class, function ($app) {
+            return new CspService();
+        });
+
         $this->app->bind(HttpClientInterface::class, function ($app) {
             return new Client([
                 'timeout' => 3,

app/Providers/AuthServiceProvider.php

@@ -6,7 +6,7 @@ use BookStack\Api\ApiTokenGuard;
 use BookStack\Auth\Access\ExternalBaseUserProvider;
 use BookStack\Auth\Access\Guards\AsyncExternalBaseSessionGuard;
 use BookStack\Auth\Access\Guards\LdapSessionGuard;
-use BookStack\Auth\Access\Ldap\LdapService;
+use BookStack\Auth\Access\LdapService;
 use BookStack\Auth\Access\LoginService;
 use BookStack\Auth\Access\RegistrationService;
 use Illuminate\Support\Facades\Auth;
@@ -24,7 +24,9 @@ class AuthServiceProvider extends ServiceProvider
     {
         // Password Configuration
         // Changes here must be reflected in ApiDocsGenerate@getValidationAsString.
-        Password::defaults(fn () => Password::min(8));
+        Password::defaults(function () {
+            return Password::min(8);
+        });
 
         // Custom guards
         Auth::extend('api-token', function ($app, $name, array $config) {

app/Providers/BroadcastServiceProvider.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace BookStack\Providers;
+
+use Illuminate\Support\ServiceProvider;
+
+class BroadcastServiceProvider extends ServiceProvider
+{
+    /**
+     * Bootstrap any application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+//        Broadcast::routes();
+//
+//        /*
+//         * Authenticate the user's personal channel...
+//         */
+//        Broadcast::channel('BookStack.User.*', function ($user, $userId) {
+//            return (int) $user->id === (int) $userId;
+//        });
+    }
+}

app/Providers/CustomFacadeProvider.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace BookStack\Providers;
+
+use BookStack\Actions\ActivityLogger;
+use BookStack\Theming\ThemeService;
+use Illuminate\Support\ServiceProvider;
+
+class CustomFacadeProvider extends ServiceProvider
+{
+    /**
+     * Bootstrap the application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        //
+    }
+
+    /**
+     * Register the application services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->app->singleton('activity', function () {
+            return $this->app->make(ActivityLogger::class);
+        });
+
+        $this->app->singleton('theme', function () {
+            return $this->app->make(ThemeService::class);
+        });
+    }
+}

app/Providers/CustomValidationServiceProvider.php

@@ -6,7 +6,7 @@ use BookStack\Uploads\ImageService;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\ServiceProvider;
 
-class ValidationRuleServiceProvider extends ServiceProvider
+class CustomValidationServiceProvider extends ServiceProvider
 {
     /**
      * Register our custom validation rules when the application boots.

app/Providers/EventServiceProvider.php

@@ -10,7 +10,7 @@ class EventServiceProvider extends ServiceProvider
     /**
      * The event listener mappings for the application.
      *
-     * @var array<class-string, array<int, class-string>>
+     * @var array
      */
     protected $listen = [
         SocialiteWasCalled::class => [

app/Providers/PaginationServiceProvider.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace BookStack\Providers;
+
+use Illuminate\Pagination\PaginationServiceProvider as IlluminatePaginationServiceProvider;
+use Illuminate\Pagination\Paginator;
+
+class PaginationServiceProvider extends IlluminatePaginationServiceProvider
+{
+    /**
+     * Register the service provider.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        Paginator::viewFactoryResolver(function () {
+            return $this->app['view'];
+        });
+
+        Paginator::currentPathResolver(function () {
+            return url($this->app['request']->path());
+        });
+
+        Paginator::currentPageResolver(function ($pageName = 'page') {
+            $page = $this->app['request']->input($pageName);
+
+            if (filter_var($page, FILTER_VALIDATE_INT) !== false && (int) $page >= 1) {
+                return $page;
+            }
+
+            return 1;
+        });
+    }
+}

app/Providers/ThemeServiceProvider.php

@@ -15,8 +15,9 @@ class ThemeServiceProvider extends ServiceProvider
      */
     public function register()
     {
-        // Register the ThemeService as a singleton
-        $this->app->singleton(ThemeService::class, fn ($app) => new ThemeService());
+        $this->app->singleton(ThemeService::class, function ($app) {
+            return new ThemeService();
+        });
     }
 
     /**
@@ -26,7 +27,6 @@ class ThemeServiceProvider extends ServiceProvider
      */
     public function boot()
     {
-        // Boot up the theme system
         $themeService = $this->app->make(ThemeService::class);
         $themeService->readThemeActions();
         $themeService->dispatch(ThemeEvents::APP_BOOT, $this->app);

app/Providers/ViewTweaksServiceProvider.php

@@ -1,31 +0,0 @@
-<?php
-
-namespace BookStack\Providers;
-
-use BookStack\Entities\BreadcrumbsViewComposer;
-use Illuminate\Pagination\Paginator;
-use Illuminate\Support\Facades\Blade;
-use Illuminate\Support\Facades\View;
-use Illuminate\Support\ServiceProvider;
-
-class ViewTweaksServiceProvider extends ServiceProvider
-{
-    /**
-     * Bootstrap services.
-     *
-     * @return void
-     */
-    public function boot()
-    {
-        // Set paginator to use bootstrap-style pagination
-        Paginator::useBootstrap();
-
-        // View Composers
-        View::composer('entities.breadcrumbs', BreadcrumbsViewComposer::class);
-
-        // Custom blade view directives
-        Blade::directive('icon', function ($expression) {
-            return "<?php echo icon($expression); ?>";
-        });
-    }
-}

app/Search/SearchRunner.php

@@ -162,7 +162,7 @@ class SearchRunner
         $entityQuery = $entityModelInstance->newQuery()->scopes('visible');
 
         if ($entityModelInstance instanceof Page) {
-            $entityQuery->select(array_merge($entityModelInstance::$listAttributes, ['owned_by']));
+            $entityQuery->select(array_merge($entityModelInstance::$listAttributes, ['restricted', 'owned_by']));
         } else {
             $entityQuery->select(['*']);
         }
@@ -447,7 +447,7 @@ class SearchRunner
 
     protected function filterIsRestricted(EloquentBuilder $query, Entity $model, $input)
     {
-        $query->whereHas('permissions');
+        $query->where('restricted', '=', true);
     }
 
     protected function filterViewedByMe(EloquentBuilder $query, Entity $model, $input)

app/Uploads/ImageService.php

@@ -315,7 +315,7 @@ class ImageService
     {
         try {
             $thumb = $this->imageTool->make($imageData);
-        } catch (ErrorException | NotSupportedException $e) {
+        } catch (ErrorException|NotSupportedException $e) {
             throw new ImageUploadException(trans('errors.cannot_create_thumbs'));
         }
 

app/Util/LanguageManager.php

@@ -116,14 +116,12 @@ class LanguageManager
      */
     public function setPhpDateTimeLocale(string $language): void
     {
-        $isoLang = $this->localeMap[$language]['iso'] ?? '';
-        $isoLangPrefix = explode('_', $isoLang)[0];
+        $isoLang = $this->localeMap[$language]['iso'] ?? false;
 
         $locales = array_filter([
             $isoLang ? $isoLang . '.utf8' : false,
             $isoLang ?: false,
             $isoLang ? str_replace('_', '-', $isoLang) : false,
-            $isoLang ? $isoLangPrefix . '.UTF-8' : false,
             $this->localeMap[$language]['windows'] ?? false,
             $language,
         ]);

composer.json

@@ -26,6 +26,7 @@
         "laravel/framework": "^8.68",
         "laravel/socialite": "^5.2",
         "laravel/tinker": "^2.6",
+        "laravel/ui": "^3.3",
         "league/commonmark": "^1.6",
         "league/flysystem-aws-s3-v3": "^1.0.29",
         "league/html-to-markdown": "^5.0.0",
@@ -43,14 +44,12 @@
         "ssddanbrown/htmldiff": "^1.0.2"
     },
     "require-dev": {
-        "brianium/paratest": "^6.6",
         "fakerphp/faker": "^1.16",
         "itsgoingd/clockwork": "^5.1",
         "mockery/mockery": "^1.4",
         "nunomaduro/collision": "^5.10",
         "nunomaduro/larastan": "^1.0",
         "phpunit/phpunit": "^9.5",
-        "squizlabs/php_codesniffer": "^3.7",
         "ssddanbrown/asserthtml": "^1.0"
     },
     "autoload": {
@@ -69,12 +68,6 @@
         }
     },
     "scripts": {
-        "check-static": "phpstan --memory-limit=2g",
-        "format": "phpcbf",
-        "lint": "phpcs",
-        "test": "phpunit",
-        "t": "@php artisan test --parallel",
-        "t-reset": "@php artisan test --recreate-databases",
         "post-autoload-dump": [
             "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
             "@php artisan package:discover --ansi"

database/migrations/2022_10_07_091406_flatten_entity_permissions_table.php

@@ -1,105 +0,0 @@
-<?php
-
-use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Query\Builder;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Schema;
-
-class FlattenEntityPermissionsTable extends Migration
-{
-    /**
-     * Run the migrations.
-     *
-     * @return void
-     */
-    public function up()
-    {
-        // Remove entries for non-existing roles (Caused by previous lack of deletion handling)
-        $roleIds = DB::table('roles')->pluck('id');
-        DB::table('entity_permissions')->whereNotIn('role_id', $roleIds)->delete();
-
-        // Create new table structure for entity_permissions
-        Schema::create('new_entity_permissions', function (Blueprint $table) {
-            $table->id();
-            $table->unsignedInteger('entity_id');
-            $table->string('entity_type', 25);
-            $table->unsignedInteger('role_id')->index();
-            $table->boolean('view')->default(0);
-            $table->boolean('create')->default(0);
-            $table->boolean('update')->default(0);
-            $table->boolean('delete')->default(0);
-
-            $table->index(['entity_id', 'entity_type']);
-        });
-
-        // Migrate existing entity_permission data into new table structure
-
-        $subSelect = function (Builder $query, string $action, string $subAlias) {
-            $sub = $query->newQuery()->select('action')->from('entity_permissions', $subAlias)
-                ->whereColumn('a.restrictable_id', '=', $subAlias . '.restrictable_id')
-                ->whereColumn('a.restrictable_type', '=', $subAlias . '.restrictable_type')
-                ->whereColumn('a.role_id', '=', $subAlias . '.role_id')
-                ->where($subAlias . '.action', '=', $action);
-            return $query->selectRaw("EXISTS({$sub->toSql()})", $sub->getBindings());
-        };
-
-        $query = DB::table('entity_permissions', 'a')->select([
-            'restrictable_id as entity_id',
-            'restrictable_type as entity_type',
-            'role_id',
-            'view'   => fn(Builder $query) => $subSelect($query, 'view', 'b'),
-            'create' => fn(Builder $query) => $subSelect($query, 'create', 'c'),
-            'update' => fn(Builder $query) => $subSelect($query, 'update', 'd'),
-            'delete' => fn(Builder $query) => $subSelect($query, 'delete', 'e'),
-        ])->groupBy('restrictable_id', 'restrictable_type', 'role_id');
-
-        DB::table('new_entity_permissions')->insertUsing(['entity_id', 'entity_type', 'role_id', 'view', 'create', 'update', 'delete'], $query);
-
-        // Drop old entity_permissions table and replace with new structure
-        Schema::dropIfExists('entity_permissions');
-        Schema::rename('new_entity_permissions', 'entity_permissions');
-    }
-
-    /**
-     * Reverse the migrations.
-     *
-     * @return void
-     */
-    public function down()
-    {
-        // Create old table structure for entity_permissions
-        Schema::create('old_entity_permissions', function (Blueprint $table) {
-            $table->increments('id');
-            $table->integer('restrictable_id');
-            $table->string('restrictable_type', 191);
-            $table->integer('role_id')->index();
-            $table->string('action', 191)->index();
-
-            $table->index(['restrictable_id', 'restrictable_type']);
-        });
-
-        // Convert newer data format to old data format, and insert into old database
-
-        $actionQuery = function (Builder $query, string $action) {
-            return $query->select([
-                'entity_id as restrictable_id',
-                'entity_type as restrictable_type',
-                'role_id',
-            ])->selectRaw("? as action", [$action])
-            ->from('entity_permissions')
-            ->where($action, '=', true);
-        };
-
-        $query = $actionQuery(DB::query(), 'view')
-            ->union(fn(Builder $query) => $actionQuery($query, 'create'))
-            ->union(fn(Builder $query) => $actionQuery($query, 'update'))
-            ->union(fn(Builder $query) => $actionQuery($query, 'delete'));
-
-        DB::table('old_entity_permissions')->insertUsing(['restrictable_id', 'restrictable_type', 'role_id', 'action'], $query);
-
-        // Drop new entity_permissions table and replace with old structure
-        Schema::dropIfExists('entity_permissions');
-        Schema::rename('old_entity_permissions', 'entity_permissions');
-    }
-}

database/migrations/2022_10_08_104202_drop_entity_restricted_field.php

@@ -1,93 +0,0 @@
-<?php
-
-use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Query\Builder;
-use Illuminate\Database\Query\JoinClause;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Schema;
-
-class DropEntityRestrictedField extends Migration
-{
-    /**
-     * Run the migrations.
-     *
-     * @return void
-     */
-    public function up()
-    {
-        // Remove entity-permissions on non-restricted entities
-        $deleteInactiveEntityPermissions = function (string $table, string $morphClass) {
-            $permissionIds = DB::table('entity_permissions')->select('entity_permissions.id as id')
-                ->join($table, function (JoinClause $join) use ($table, $morphClass) {
-                    return $join->where($table . '.restricted', '=', 0)
-                        ->on($table . '.id', '=', 'entity_permissions.entity_id');
-                })->where('entity_type', '=', $morphClass)
-                ->pluck('id');
-            DB::table('entity_permissions')->whereIn('id', $permissionIds)->delete();
-        };
-        $deleteInactiveEntityPermissions('pages', 'page');
-        $deleteInactiveEntityPermissions('chapters', 'chapter');
-        $deleteInactiveEntityPermissions('books', 'book');
-        $deleteInactiveEntityPermissions('bookshelves', 'bookshelf');
-
-        // Migrate restricted=1 entries to new entity_permissions (role_id=0) entries
-        $defaultEntityPermissionGenQuery = function (Builder $query, string $table, string $morphClass) {
-            return $query->select(['id as entity_id'])
-                ->selectRaw('? as entity_type', [$morphClass])
-                ->selectRaw('? as `role_id`', [0])
-                ->selectRaw('? as `view`', [0])
-                ->selectRaw('? as `create`', [0])
-                ->selectRaw('? as `update`', [0])
-                ->selectRaw('? as `delete`', [0])
-                ->from($table)
-                ->where('restricted', '=', 1);
-        };
-
-        $query = $defaultEntityPermissionGenQuery(DB::query(), 'pages', 'page')
-            ->union(fn(Builder $query) => $defaultEntityPermissionGenQuery($query, 'books', 'book'))
-            ->union(fn(Builder $query) => $defaultEntityPermissionGenQuery($query, 'chapters', 'chapter'))
-            ->union(fn(Builder $query) => $defaultEntityPermissionGenQuery($query, 'bookshelves', 'bookshelf'));
-
-        DB::table('entity_permissions')->insertUsing(['entity_id', 'entity_type', 'role_id', 'view', 'create', 'update', 'delete'], $query);
-
-        // Drop restricted columns
-        $dropRestrictedColumn = fn(Blueprint $table) => $table->dropColumn('restricted');
-        Schema::table('pages', $dropRestrictedColumn);
-        Schema::table('chapters', $dropRestrictedColumn);
-        Schema::table('books', $dropRestrictedColumn);
-        Schema::table('bookshelves', $dropRestrictedColumn);
-    }
-
-    /**
-     * Reverse the migrations.
-     *
-     * @return void
-     */
-    public function down()
-    {
-        // Create restricted columns
-        $createRestrictedColumn = fn(Blueprint $table) => $table->boolean('restricted')->index()->default(0);
-        Schema::table('pages', $createRestrictedColumn);
-        Schema::table('chapters', $createRestrictedColumn);
-        Schema::table('books', $createRestrictedColumn);
-        Schema::table('bookshelves', $createRestrictedColumn);
-
-        // Set restrictions for entities that have a default entity permission assigned
-        // Note: Possible loss of data where default entity permissions have been configured
-        $restrictEntities = function (string $table, string $morphClass) {
-            $toRestrictIds = DB::table('entity_permissions')
-                ->where('role_id', '=', 0)
-                ->where('entity_type', '=', $morphClass)
-                ->pluck('entity_id');
-            DB::table($table)->whereIn('id', $toRestrictIds)->update(['restricted' => true]);
-        };
-        $restrictEntities('pages', 'page');
-        $restrictEntities('chapters', 'chapter');
-        $restrictEntities('books', 'book');
-        $restrictEntities('bookshelves', 'bookshelf');
-
-        // Delete default entity permissions
-        DB::table('entity_permissions')->where('role_id', '=', 0)->delete();
-    }
-}

dev/api/responses/books-read.json

@@ -17,44 +17,6 @@
     "id": 1,
     "name": "Admin"
   },
-  "contents": [
-    {
-      "id": 50,
-      "name": "Bridge Structures",
-      "slug": "bridge-structures",
-      "book_id": 16,
-      "created_at": "2021-12-19T15:22:11.000000Z",
-      "updated_at": "2021-12-21T19:42:29.000000Z",
-      "url": "https://example.com/books/my-own-book/chapter/bridge-structures",
-      "type": "chapter",
-      "pages": [
-        {
-          "id": 42,
-          "name": "Building Bridges",
-          "slug": "building-bridges",
-          "book_id": 16,
-          "chapter_id": 50,
-          "draft": false,
-          "template": false,
-          "created_at": "2021-12-19T15:22:11.000000Z",
-          "updated_at": "2022-09-29T13:44:15.000000Z",
-          "url": "https://example.com/books/my-own-book/page/building-bridges"
-        }
-      ]
-    },
-    {
-      "id": 43,
-      "name": "Cool Animals",
-      "slug": "cool-animals",
-      "book_id": 16,
-      "chapter_id": 0,
-      "draft": false,
-      "template": false,
-      "created_at": "2021-12-19T18:22:11.000000Z",
-      "updated_at": "2022-07-29T13:44:15.000000Z",
-      "url": "https://example.com/books/my-own-book/page/cool-animals"
-    }
-  ],
   "tags": [
     {
       "id": 13,
@@ -66,12 +28,12 @@
   "cover": {
     "id": 452,
     "name": "sjovall_m117hUWMu40.jpg",
-    "url": "https://example.com/uploads/images/cover_book/2020-01/sjovall_m117hUWMu40.jpg",
+    "url": "http:\/\/bookstack.local\/uploads\/images\/cover_book\/2020-01\/sjovall_m117hUWMu40.jpg",
     "created_at": "2020-01-12T14:11:51.000000Z",
     "updated_at": "2020-01-12T14:11:51.000000Z",
     "created_by": 1,
     "updated_by": 1,
-    "path": "/uploads/images/cover_book/2020-01/sjovall_m117hUWMu40.jpg",
+    "path": "\/uploads\/images\/cover_book\/2020-01\/sjovall_m117hUWMu40.jpg",
     "type": "cover_book",
     "uploaded_to": 16
   }

dev/docs/components.md

@@ -0,0 +1,99 @@
+# JavaScript Components
+
+This document details the format for JavaScript components in BookStack. This is a really simple class-based setup with a few helpers provided.
+
+#### Defining a Component in JS
+
+```js
+class Dropdown {
+    setup() {
+        this.toggle = this.$refs.toggle;
+        this.menu = this.$refs.menu;
+    
+        this.speed = parseInt(this.$opts.speed);
+    }
+}
+```
+
+All usage of $refs, $manyRefs and $opts should be done at the top of the `setup` function so any requirements can be easily seen.
+
+#### Using a Component in HTML
+
+A component is used like so:
+
+```html
+<div component="dropdown"></div>
+
+<!-- or, for multiple -->
+
+<div components="dropdown image-picker"></div>
+```
+
+The names will be parsed and new component instance will be created if a matching name is found in the `components/index.js` componentMapping. 
+
+#### Element References
+
+Within a component you'll often need to refer to other element instances. This can be done like so:
+
+```html
+<div component="dropdown">
+    <span refs="dropdown@toggle othercomponent@handle">View more</span>
+</div>
+```
+
+You can then access the span element as `this.$refs.toggle` in your component.
+
+#### Component Options
+
+```html
+<div component="dropdown"
+    option:dropdown:delay="500"
+    option:dropdown:show>
+</div>
+```
+
+Will result with `this.$opts` being:
+
+```json
+{
+    "delay": "500",
+    "show": ""  
+}
+```
+
+#### Global Helpers
+
+There are various global helper libraries which can be used in components:
+
+```js
+// HTTP service
+window.$http.get(url, params);
+window.$http.post(url, data);
+window.$http.put(url, data);
+window.$http.delete(url, data);
+window.$http.patch(url, data);
+
+// Global event system
+// Emit a global event
+window.$events.emit(eventName, eventData);
+// Listen to a global event
+window.$events.listen(eventName, callback);
+// Show a success message
+window.$events.success(message);
+// Show an error message
+window.$events.error(message);
+// Show validation errors, if existing, as an error notification
+window.$events.showValidationErrors(error);
+
+// Translator
+// Take the given plural text and count to decide on what plural option
+// to use, Similar to laravel's trans_choice function but instead
+// takes the direction directly instead of a translation key.
+window.trans_plural(translationString, count, replacements);
+
+// Component System
+// Parse and initialise any components from the given root el down.
+window.components.init(rootEl);
+// Get the first active component of the given name
+window.components.first(name);
+```

dev/docs/development.md

@@ -1,98 +0,0 @@
-# Development & Testing
-
-All development on BookStack is currently done on the `development` branch. 
-When it's time for a release the `development` branch is merged into release with built & minified CSS & JS then tagged at its version. Here are the current development requirements:
-
-* [Node.js](https://nodejs.org/en/) v16.0+
-
-## Building CSS & JavaScript Assets
-
-This project uses SASS for CSS development and this is built, along with the JavaScript, using a range of npm scripts. The below npm commands can be used to install the dependencies & run the build tasks:
-
-``` bash
-# Install NPM Dependencies
-npm install
-
-# Build assets for development
-npm run build
-
-# Build and minify assets for production
-npm run production
-
-# Build for dev (With sourcemaps) and watch for changes
-npm run dev
-```
-
-BookStack has many integration tests that use Laravel's built-in testing capabilities which makes use of PHPUnit. There is a `mysql_testing` database defined within the app config which is what is used by PHPUnit. This database is set with the database name, username and password all defined as `bookstack-test`. You will have to create that database and that set of credentials before testing.
-
-The testing database will also need migrating and seeding beforehand. This can be done by running `composer refresh-test-database`.
-
-Once done you can run `composer test` in the application root directory to run all tests. Tests can be ran in parallel by running them via `composer t`. This will use Laravel's built-in parallel testing functionality, and attempt to create and seed a database instance for each testing thread. If required these parallel testing instances can be reset, before testing again, by running `composer t-reset`.
-
-## Code Standards
-
-PHP code standards are managed by [using PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer).
-Static analysis is in place using [PHPStan](https://phpstan.org/) & [Larastan](https://github.com/nunomaduro/larastan).
-The below commands can be used to utilise these tools:
-
-```bash
-# Run code linting using PHP_CodeSniffer
-composer lint
-
-# As above, but show rule names in output
-composer lint -- -s
-
-# Auto-fix formatting & lint issues via PHP_CodeSniffer phpcbf
-composer format
-
-# Run static analysis via larastan/phpstan
-composer check-static
-```
-
-If submitting a PR, formatting as per our project standards would help for clarity but don't worry too much about using/understanding these tools as we can always address issues at a later stage when they're picked up by our automated tools.
-
-## Development using Docker
-
-This repository ships with a Docker Compose configuration intended for development purposes. It'll build a PHP image with all needed extensions installed and start up a MySQL server and a Node image watching the UI assets.
-
-To get started, make sure you meet the following requirements:
-
-- Docker and Docker Compose are installed
-- Your user is part of the `docker` group
-
-If all the conditions are met, you can proceed with the following steps:
-
-1. **Copy `.env.example` to `.env`**, change `APP_KEY` to a random 32 char string and set `APP_ENV` to `local`.
-2. Make sure **port 8080 is unused** *or else* change `DEV_PORT` to a free port on your host.
-3. **Run `chgrp -R docker storage`**. The development container will chown the `storage` directory to the `www-data` user inside the container so BookStack can write to it. You need to change the group to your host's `docker` group here to not lose access to the `storage` directory.
-4. **Run `docker-compose up`** and wait until the image is built and all database migrations have been done.
-5. You can now login with `admin@admin.com` and `password` as password on `localhost:8080` (or another port if specified).
-
-If needed, You'll be able to run any artisan commands via docker-compose like so:
-
-```bash
-docker-compose run app php artisan list
-```
-
-The docker-compose setup runs an instance of [MailHog](https://github.com/mailhog/MailHog) and sets environment variables to redirect any BookStack-sent emails to MailHog. You can view this mail via the MailHog web interface on `localhost:8025`. You can change the port MailHog is accessible on by setting a `DEV_MAIL_PORT` environment variable.
-
-### Running tests
-
-After starting the general development Docker, migrate & seed the testing database:
-
- ```bash
-# This only needs to be done once
-docker-compose run app php artisan migrate --database=mysql_testing
-docker-compose run app php artisan db:seed --class=DummyContentSeeder --database=mysql_testing
-```
-
-Once the database has been migrated & seeded, you can run the tests like so:
-
- ```bash
-docker-compose run app php vendor/bin/phpunit
-```
-
-### Debugging
-
-The docker-compose setup ships with Xdebug, which you can listen to on port 9090.
-NB : For some editors like Visual Studio Code, you might need to map your workspace folder to the /app folder within the docker container for this to work.

dev/docs/javascript-code.md

@@ -1,138 +0,0 @@
-# BookStack JavaScript Code
-
-BookStack is primarily server-side-rendered, but it uses JavaScript sparingly to drive any required dynamic elements. Most JavaScript is applied via a custom, and very thin, component interface to keep code organised and somewhat reusable.
-
-JavaScript source code can be found in the `resources/js` directory. This gets bundled and transformed by `esbuild`, ending up in the `public/dist` folder for browser use. Read the [Development > "Building CSS & JavaScript Assets"](development.md#building-css-&-javascript-assets) documentation for details on this process.
-
-## Components
-
-This section details the format for JavaScript components in BookStack. This is a really simple class-based setup with a few helpers provided.
-
-### Defining a Component in JS
-
-```js
-class Dropdown {
-    setup() {
-        this.container = this.$el;
-        this.menu = this.$refs.menu;
-        this.toggles = this.$manyRefs.toggle;
-    
-        this.speed = parseInt(this.$opts.speed);
-    }
-}
-```
-
-All usage of $refs, $manyRefs and $opts should be done at the top of the `setup` function so any requirements can be easily seen.
-
-Once defined, the component has to be registered for use. This is done in the `resources/js/components/index.js` file. You'll need to import the component class then add it to `componentMapping` object, following the pattern of other components. 
-
-### Using a Component in HTML
-
-A component is used like so:
-
-```html
-<div component="dropdown"></div>
-
-<!-- or, for multiple -->
-
-<div components="dropdown image-picker"></div>
-```
-
-The names will be parsed and new component instance will be created if a matching name is found in the `components/index.js` componentMapping. 
-
-### Element References
-
-Within a component you'll often need to refer to other element instances. This can be done like so:
-
-```html
-<div component="dropdown">
-    <span refs="dropdown@toggle othercomponent@handle">View more</span>
-</div>
-```
-
-You can then access the span element as `this.$refs.toggle` in your component.
-
-Multiple elements of the same reference name can be accessed via a `this.$manyRefs` property within your component. For example, all the buttons in the below example could be accessed via `this.$manyRefs.buttons`.
-
-```html
-<div component="list">
-    <button refs="list@button">Click here</button>
-    <button refs="list@button">No, Click here</button>
-    <button refs="list@button">This button is better</button>
-</div>
-```
-
-### Component Options
-
-```html
-<div component="dropdown"
-    option:dropdown:delay="500"
-    option:dropdown:show>
-</div>
-```
-
-Will result with `this.$opts` being:
-
-```json
-{
-    "delay": "500",
-    "show": ""  
-}
-```
-
-#### Component Properties
-
-A component has the below shown properties available for use. As mentioned above, most of these should be used within the `setup()` function to make the requirements/dependencies of the component clear.
-
-```javascript
-// The root element that the compontent has been applied to.
-this.$el
-
-// A map of defined element references within the compontent.
-// See "Element References" above.
-this.$refs
-
-// A map of defined multi-element references within the compontent.
-// See "Element References" above.
-this.$manyRefs
-
-// Options defined for the compontent.
-this.$opts
-```
-
-## Global JavaScript Helpers
-
-There are various global helper libraries in BookStack which can be accessed via the `window`. The below provides an overview of what's available. 
-
-```js
-// HTTP service
-window.$http.get(url, params);
-window.$http.post(url, data);
-window.$http.put(url, data);
-window.$http.delete(url, data);
-window.$http.patch(url, data);
-
-// Global event system
-// Emit a global event
-window.$events.emit(eventName, eventData);
-// Listen to a global event
-window.$events.listen(eventName, callback);
-// Show a success message
-window.$events.success(message);
-// Show an error message
-window.$events.error(message);
-// Show validation errors, if existing, as an error notification
-window.$events.showValidationErrors(error);
-
-// Translator
-// Take the given plural text and count to decide on what plural option
-// to use, Similar to laravel's trans_choice function but instead
-// takes the direction directly instead of a translation key.
-window.trans_plural(translationString, count, replacements);
-
-// Component System
-// Parse and initialise any components from the given root el down.
-window.components.init(rootEl);
-// Get the first active component of the given name
-window.components.first(name);
-```

dev/docs/release-process.md

@@ -1,24 +0,0 @@
-# Release Versioning & Process
-
-### BookStack Version Number Scheme
-
-BookStack releases are each assigned a date-based version number in the format `v<year>.<month>[.<optional_patch_number>]`. For example:
-
-- `v20.12` - New feature released launched during December 2020.
-- `v21.06.2` - Second patch release upon the June 2021 feature release.
-
-Patch releases are generally fairly minor, primarily intended for fixes and therefore are fairly unlikely to cause breakages upon update.
-Feature releases are generally larger, bringing new features in addition to fixes and enhancements. These releases have a greater chance of introducing breaking changes upon update, so it's worth checking for any notes in the [update guide](https://www.bookstackapp.com/docs/admin/updates/).
-
-### Release Planning Process
-
-Each BookStack release will have a [milestone](https://github.com/BookStackApp/BookStack/milestones) created with issues & pull requests assigned to it to define what will be in that release. Milestones are built up then worked through until complete at which point, after some testing and documentation updates, the release will be deployed.
-
-### Release Announcements
-
-Feature releases, and some patch releases, will be accompanied by a post on the [BookStack blog](https://www.bookstackapp.com/blog/) which will provide additional detail on features, changes & updates otherwise the [GitHub release page](https://github.com/BookStackApp/BookStack/releases) will show a list of changes. You can sign up to be alerted to new BookStack blog posts (once per week maximum) [at this link](https://updates.bookstackapp.com/signup/bookstack-news-and-updates).
-
-### Release Technical Process
-
-Deploying a release, at a high level, simply involves merging the development branch into the release branch before then building & committing any release-only assets.
-A helper script [can be found in our](https://github.com/BookStackApp/devops/blob/main/meta-scripts/bookstack-release-steps) devops repo which provides the steps and commands for deploying a new release. 

phpcs.xml

@@ -1,35 +0,0 @@
-<?xml version="1.0"?>
-<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd">
-    <description>The coding standard for BookStack</description>
-
-    <file>app</file>
-    <file>bootstrap/app.php</file>
-    <file>database</file>
-    <file>public/index.php</file>
-    <file>routes</file>
-    <file>tests</file>
-
-    <arg name="basepath" value="."/>
-    <arg name="colors"/>
-    <arg name="parallel" value="75"/>
-    <arg value="np"/>
-
-    <rule  ref="PSR12"/>
-
-    <rule ref="PSR1.Methods.CamelCapsMethodName">
-        <exclude-pattern>./tests/*</exclude-pattern>
-    </rule>
-
-    <rule ref="PSR1.Classes.ClassDeclaration.MultipleClasses">
-        <exclude-pattern>./tests/*</exclude-pattern>
-    </rule>
-
-    <rule ref="PSR1.Classes.ClassDeclaration.MissingNamespace">
-        <exclude-pattern>./database/*</exclude-pattern>
-    </rule>
-
-    <rule ref="PSR12.Files.FileHeader.IncorrectOrder">
-        <exclude-pattern>./app/Config/*</exclude-pattern>
-    </rule>
-
-</ruleset>

public/dist/print-styles.css

@@ -0,0 +1 @@
+:root{--color-primary: #206ea7;--color-primary-light: rgba(32,110,167,0.15);--color-page: #206ea7;--color-page-draft: #7e50b1;--color-chapter: #af4d0d;--color-book: #077b70;--color-bookshelf: #a94747;--bg-disabled: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' height='100%25' width='100%25'%3E%3Cdefs%3E%3Cpattern id='doodad' width='19' height='19' viewBox='0 0 40 40' patternUnits='userSpaceOnUse' patternTransform='rotate(143)'%3E%3Crect width='100%25' height='100%25' fill='rgba(42, 67, 101,0)'/%3E%3Cpath d='M-10 30h60v20h-60zM-10-10h60v20h-60' fill='rgba(26, 32, 44,0)'/%3E%3Cpath d='M-10 10h60v20h-60zM-10-30h60v20h-60z' fill='rgba(0, 0, 0,0.05)'/%3E%3C/pattern%3E%3C/defs%3E%3Crect fill='url(%23doodad)' height='200%25' width='200%25'/%3E%3C/svg%3E")}:root.dark-mode{--bg-disabled: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' height='100%25' width='100%25'%3E%3Cdefs%3E%3Cpattern id='doodad' width='19' height='19' viewBox='0 0 40 40' patternUnits='userSpaceOnUse' patternTransform='rotate(143)'%3E%3Crect width='100%25' height='100%25' fill='rgba(42, 67, 101,0)'/%3E%3Cpath d='M-10 30h60v20h-60zM-10-10h60v20h-60' fill='rgba(26, 32, 44,0)'/%3E%3Cpath d='M-10 10h60v20h-60zM-10-30h60v20h-60z' fill='rgba(255, 255, 255,0.05)'/%3E%3C/pattern%3E%3C/defs%3E%3Crect fill='url(%23doodad)' height='200%25' width='200%25'/%3E%3C/svg%3E")}header{display:none}html,body{font-size:12px;background-color:#fff}.page-content{margin:0 auto}.print-hidden{display:none !important}.tri-layout-container{grid-template-columns:1fr;grid-template-areas:"b";margin-inline-start:0;margin-inline-end:0;display:block}.card{box-shadow:none}.content-wrap.card{padding-inline-start:0;padding-inline-end:0}/*# sourceMappingURL=print-styles.css.map */

readme.md

@@ -3,8 +3,8 @@
 [![GitHub release](https://img.shields.io/github/release/BookStackApp/BookStack.svg)](https://github.com/BookStackApp/BookStack/releases/latest)
 [![license](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/BookStackApp/BookStack/blob/development/LICENSE)
 [![Crowdin](https://badges.crowdin.net/bookstack/localized.svg)](https://crowdin.com/project/bookstack)
-[![Build Status](https://github.com/BookStackApp/BookStack/workflows/test-php/badge.svg)](https://github.com/BookStackApp/BookStack/actions)
-[![Lint Status](https://github.com/BookStackApp/BookStack/workflows/lint-php/badge.svg)](https://github.com/BookStackApp/BookStack/actions)
+[![Build Status](https://github.com/BookStackApp/BookStack/workflows/phpunit/badge.svg)](https://github.com/BookStackApp/BookStack/actions)
+[![StyleCI](https://github.styleci.io/repos/41589337/shield?style=flat)](https://github.styleci.io/repos/41589337)
 [![Maintainability](https://api.codeclimate.com/v1/badges/5551731994dd22fa1f4f/maintainability)](https://codeclimate.com/github/BookStackApp/BookStack/maintainability)
 
 [![Repo Stats](https://img.shields.io/static/v1?label=GitHub+project&message=stats&color=f27e3f)](https://gh-stats.bookstackapp.com/)
@@ -59,26 +59,120 @@ Note: Listed services are not tested, vetted nor supported by the official BookS
 
 ## 🛣️ Road Map
 
-Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in our [Release Process](dev/docs/release-process.md) documentation.
+Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in the "Release Process" section below.
 
 - **Platform REST API** - *(Most actions implemented, maturing)*
     - *A REST API covering, at minimum, control of core content models (Books, Chapters, Pages) for automation and platform extension.*
+- **Editor Alignment & Review** - *(Done)*
+    - *Review the page editors with the goal of achieving increased interoperability & feature parity while also considering collaborative editing potential.*
 - **Permission System Review** - *(In Progress)*
     - *Improvement in how permissions are applied and a review of the efficiency of the permission & roles system.*
+- **Installation & Deployment Process Revamp**
+    - *Creation of a streamlined & secure process for users to deploy & update BookStack with reduced development requirements (No git or composer requirement).*
+
+## 🚀 Release Versioning & Process
+
+BookStack releases are each assigned a date-based version number in the format `v<year>.<month>[.<optional_patch_number>]`. For example:
+
+- `v20.12` - New feature released launched during December 2020. 
+- `v21.06.2` - Second patch release upon the June 2021 feature release.
+
+Patch releases are generally fairly minor, primarily intended for fixes and therefore are fairly unlikely to cause breakages upon update.
+Feature releases are generally larger, bringing new features in addition to fixes and enhancements. These releases have a greater chance of introducing breaking changes upon update, so it's worth checking for any notes in the [update guide](https://www.bookstackapp.com/docs/admin/updates/).
+
+Each BookStack release will have a [milestone](https://github.com/BookStackApp/BookStack/milestones) created with issues & pull requests assigned to it to define what will be in that release. Milestones are built up then worked through until complete at which point, after some testing and documentation updates, the release will be deployed.
+
+Feature releases, and some patch releases, will be accompanied by a post on the [BookStack blog](https://www.bookstackapp.com/blog/) which will provide additional detail on features, changes & updates otherwise the [GitHub release page](https://github.com/BookStackApp/BookStack/releases) will show a list of changes. You can sign up to be alerted to new BookStack blog posts (once per week maximum) [at this link](https://updates.bookstackapp.com/signup/bookstack-news-and-updates).
 
 ## 🛠️ Development & Testing
 
-Please see our [development docs](dev/docs/development.md) for full details regarding work on the BookStack source code.
+All development on BookStack is currently done on the `development` branch. When it's time for a release the `development` branch is merged into release with built & minified CSS & JS then tagged at its version. Here are the current development requirements:
 
-If you're just looking to customize or extend your own BookStack instance, take a look at our [Hacking BookStack documentation page](https://www.bookstackapp.com/docs/admin/hacking-bookstack/) for details on various options to achieve this without altering the BookStack source code.
+* [Node.js](https://nodejs.org/en/) v14.0+
 
-Details about BookStack's versioning scheme and the general release process [can be found here](dev/docs/release-process.md).
+This project uses SASS for CSS development and this is built, along with the JavaScript, using a range of npm scripts. The below npm commands can be used to install the dependencies & run the build tasks:
+
+``` bash
+# Install NPM Dependencies
+npm install
+
+# Build assets for development
+npm run build
+
+# Build and minify assets for production
+npm run production
+
+# Build for dev (With sourcemaps) and watch for changes
+npm run dev
+```
+
+BookStack has many integration tests that use Laravel's built-in testing capabilities which makes use of PHPUnit. There is a `mysql_testing` database defined within the app config which is what is used by PHPUnit. This database is set with the database name, user name and password all defined as `bookstack-test`. You will have to create that database and that set of credentials before testing.
+
+The testing database will also need migrating and seeding beforehand. This can be done with the following commands:
+
+``` bash
+php artisan migrate --database=mysql_testing
+php artisan db:seed --class=DummyContentSeeder --database=mysql_testing
+```
+
+Once done you can run `php vendor/bin/phpunit` in the application root directory to run all tests.
+
+### 📜 Code Standards
+
+PHP code style is enforced automatically [using StyleCI](https://github.styleci.io/repos/41589337). 
+If submitting a PR, any formatting changes to be made will be automatically fixed after merging.  
+
+### 🐋 Development using Docker
+
+This repository ships with a Docker Compose configuration intended for development purposes. It'll build a PHP image with all needed extensions installed and start up a MySQL server and a Node image watching the UI assets.
+
+To get started, make sure you meet the following requirements:
+
+- Docker and Docker Compose are installed
+- Your user is part of the `docker` group
+
+If all the conditions are met, you can proceed with the following steps:
+
+1. **Copy `.env.example` to `.env`**, change `APP_KEY` to a random 32 char string and set `APP_ENV` to `local`.
+2. Make sure **port 8080 is unused** *or else* change `DEV_PORT` to a free port on your host.
+3. **Run `chgrp -R docker storage`**. The development container will chown the `storage` directory to the `www-data` user inside the container so BookStack can write to it. You need to change the group to your host's `docker` group here to not lose access to the `storage` directory.
+4. **Run `docker-compose up`** and wait until the image is built and all database migrations have been done.
+5. You can now login with `admin@admin.com` and `password` as password on `localhost:8080` (or another port if specified).
+
+If needed, You'll be able to run any artisan commands via docker-compose like so:
+
+```bash
+docker-compose run app php artisan list
+```
+
+The docker-compose setup runs an instance of [MailHog](https://github.com/mailhog/MailHog) and sets environment variables to redirect any BookStack-sent emails to MailHog. You can view this mail via the MailHog web interface on `localhost:8025`. You can change the port MailHog is accessible on by setting a `DEV_MAIL_PORT` environment variable.
+
+#### Running tests
+
+After starting the general development Docker, migrate & seed the testing database:
+
+ ```bash
+# This only needs to be done once
+docker-compose run app php artisan migrate --database=mysql_testing
+docker-compose run app php artisan db:seed --class=DummyContentSeeder --database=mysql_testing
+```
+
+Once the database has been migrated & seeded, you can run the tests like so:
+
+ ```bash
+docker-compose run app php vendor/bin/phpunit
+```
+
+#### Debugging
+
+The docker-compose setup ships with Xdebug, which you can listen to on port 9090.
+NB : For some editors like Visual Studio Code, you might need to map your workspace folder to the /app folder within the docker container for this to work.
 
 ## 🌎 Translations
 
 Translations for text within BookStack is managed through the [BookStack project on Crowdin](https://crowdin.com/project/bookstack). Some strings have colon-prefixed variables such as `:userName`. Leave these values as they are as they will be replaced at run-time. Crowdin is the preferred way to provide translations, otherwise the raw translations files can be found within the `resources/lang` path.
 
-If you'd like a new language to be added to Crowdin, for you to be able to provide translations for, please [open a new issue here](https://github.com/BookStackApp/BookStack/issues/new?template=language_request.yml).
+If you'd like a new language to be added to Crowdin, for you to be able to provide translations for, please [open a new issue here](https://github.com/BookStackApp/BookStack/issues/new?template=language_request.md).
 
 Please note, translations in BookStack are provided to the "Crowdin Global Translation Memory" which helps BookStack and other projects with finding translations. If you are not happy with contributing to this then providing translations to BookStack, even manually via GitHub, is not advised.
 
@@ -106,18 +200,20 @@ We want BookStack to remain accessible to as many people as possible. We aim for
 
 ## 🖥️ Website, Docs & Blog
 
-The website which contains the project docs & blog can be found in the [BookStackApp/website](https://github.com/BookStackApp/website) repo.
+The website which contains the project docs & Blog can be found in the [BookStackApp/website](https://github.com/BookStackApp/website) repo.
 
 ## ⚖️ License
 
-The BookStack source is provided under the [MIT License](https://github.com/BookStackApp/BookStack/blob/development/LICENSE). 
+The BookStack source is provided under the MIT License. 
 
 The libraries used by, and included with, BookStack are provided under their own licenses and copyright.
 The licenses for many of our core dependencies can be found in the attribution list below but this is not an exhaustive list of all projects used within BookStack. 
 
 ## 👪 Attribution
 
-The great people that have worked to build and improve BookStack can [be seen here](https://github.com/BookStackApp/BookStack/graphs/contributors). The wonderful people that have provided translations, either through GitHub or via Crowdin [can be seen here](https://github.com/BookStackApp/BookStack/blob/development/.github/translators.txt).
+The great people that have worked to build and improve BookStack can [be seen here](https://github.com/BookStackApp/BookStack/graphs/contributors).
+
+The wonderful people that have provided translations, either through GitHub or via Crowdin [can be seen here](https://github.com/BookStackApp/BookStack/blob/development/.github/translators.txt).
 
 Below are the great open-source projects used to help build BookStack. 
 Note: This is not an exhaustive list of all libraries and projects that would be used in an active BookStack instance.
@@ -138,9 +234,9 @@ Note: This is not an exhaustive list of all libraries and projects that would be
 * [OneLogin's SAML PHP Toolkit](https://github.com/onelogin/php-saml) - _[MIT](https://github.com/onelogin/php-saml/blob/master/LICENSE)_
 * [League/CommonMark](https://commonmark.thephpleague.com/) - _[BSD-3-Clause](https://github.com/thephpleague/commonmark/blob/2.2/LICENSE)_
 * [League/Flysystem](https://flysystem.thephpleague.com) - _[MIT](https://github.com/thephpleague/flysystem/blob/3.x/LICENSE)_
+* [StyleCI](https://styleci.io/) - _Hosted Service_
 * [pragmarx/google2fa](https://github.com/antonioribeiro/google2fa) - _[MIT](https://github.com/antonioribeiro/google2fa/blob/8.x/LICENSE.md)_
 * [Bacon/BaconQrCode](https://github.com/Bacon/BaconQrCode) - _[BSD-2-Clause](https://github.com/Bacon/BaconQrCode/blob/master/LICENSE)_
 * [phpseclib](https://github.com/phpseclib/phpseclib) - _[MIT](https://github.com/phpseclib/phpseclib/blob/master/LICENSE)_
 * [Clockwork](https://github.com/itsgoingd/clockwork) - _[MIT](https://github.com/itsgoingd/clockwork/blob/master/LICENSE)_
 * [PHPStan](https://phpstan.org/) & [Larastan](https://github.com/nunomaduro/larastan) - _[MIT](https://github.com/phpstan/phpstan/blob/master/LICENSE) and [MIT](https://github.com/nunomaduro/larastan/blob/master/LICENSE.md)_
-* [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) - _[BSD 3-Clause](https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt)_

resources/icons/groups.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="24px"><g><path d="M12,12.75c1.63,0,3.07,0.39,4.24,0.9c1.08,0.48,1.76,1.56,1.76,2.73L18,17c0,0.55-0.45,1-1,1H7c-0.55,0-1-0.45-1-1l0-0.61 c0-1.18,0.68-2.26,1.76-2.73C8.93,13.14,10.37,12.75,12,12.75z M4,13c1.1,0,2-0.9,2-2c0-1.1-0.9-2-2-2s-2,0.9-2,2 C2,12.1,2.9,13,4,13z M5.13,14.1C4.76,14.04,4.39,14,4,14c-0.99,0-1.93,0.21-2.78,0.58C0.48,14.9,0,15.62,0,16.43L0,17 c0,0.55,0.45,1,1,1l3.5,0v-1.61C4.5,15.56,4.73,14.78,5.13,14.1z M20,13c1.1,0,2-0.9,2-2c0-1.1-0.9-2-2-2s-2,0.9-2,2 C18,12.1,18.9,13,20,13z M24,16.43c0-0.81-0.48-1.53-1.22-1.85C21.93,14.21,20.99,14,20,14c-0.39,0-0.76,0.04-1.13,0.1 c0.4,0.68,0.63,1.46,0.63,2.29V18l3.5,0c0.55,0,1-0.45,1-1L24,16.43z M12,6c1.66,0,3,1.34,3,3c0,1.66-1.34,3-3,3s-3-1.34-3-3 C9,7.34,10.34,6,12,6z"/></g></svg>

resources/icons/role.svg

@@ -1,4 +0,0 @@
-<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
-    <path d="M0 0h24v24H0z" fill="none"/>
-    <path d="M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5C6.34 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-7 1.17-7 3.5V19h14v-2.5c0-2.33-4.67-3.5-7-3.5zm8 0c-.29 0-.62.02-.97.05 1.16.84 1.97 1.97 1.97 3.45V19h6v-2.5c0-2.33-4.67-3.5-7-3.5z"/>
-</svg>

resources/js/code.mjs

@@ -15,7 +15,6 @@ import 'codemirror/mode/lua/lua';
 import 'codemirror/mode/markdown/markdown';
 import 'codemirror/mode/mllike/mllike';
 import 'codemirror/mode/nginx/nginx';
-import 'codemirror/mode/octave/octave';
 import 'codemirror/mode/perl/perl';
 import 'codemirror/mode/pascal/pascal';
 import 'codemirror/mode/php/php';
@@ -66,13 +65,11 @@ const modeMap = {
     julia: 'text/x-julia',
     latex: 'text/x-stex',
     lua: 'lua',
-    matlab: 'text/x-octave',
     md: 'markdown',
     mdown: 'markdown',
     markdown: 'markdown',
     ml: 'mllike',
     nginx: 'nginx',
-    octave: 'text/x-octave',
     perl: 'perl',
     pl: 'perl',
     powershell: 'powershell',