starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-06 09:09:38 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

[PR #4099] [MERGED] Content-Permissions API Endpoints #6306

New Issue
Closed
opened 2026-02-05 10:28:54 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-05 10:28:54 +03:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/4099
Author: @ssddanbrown
Created: 3/13/2023
Status: Merged
Merged: 3/13/2023
Merged by: @ssddanbrown

Base: developmentHead: permissions_api

📝 Commits (3)

  • c42956b Started build of content-permissions API endpoints
  • 0de7530 Tweaked content permission endpoints, covered with tests
  • 1903924 Added content-perms API examples and docs tweaks

📊 Changes

9 files changed (+558 additions, -39 deletions)

View changed files

📝 app/Auth/Permissions/EntityPermission.php (+8 -9)
📝 app/Entities/EntityProvider.php (+12 -26)
📝 app/Entities/Tools/PermissionsUpdater.php (+70 -4)
app/Http/Controllers/Api/ContentPermissionsController.php (+100 -0)
dev/api/requests/content-permissions-update.json (+26 -0)
dev/api/responses/content-permissions-read.json (+38 -0)
dev/api/responses/content-permissions-update.json (+38 -0)
📝 routes/api.php (+4 -0)
tests/Api/ContentPermissionsApiTest.php (+262 -0)

📄 Description

Functionality to allow full control of item permissions via the API.

Related to #2702.

Questionables

  • Too much varied responsibility here? With controlling owner? Mirrors UI but widens API endpoints to a category, instead of data type.
    • Either way we go will be messy. Decided to proceed with mirroring UI here to align scope while having control for future changes.
  • Should we instead have flat list of permissions with type for fallback/role. Still include role_id or have type_id? How can we query on that type for api list filter?
    • As above, no. Can quickly get messy.

TODO

  • Questionables as above
  • Listing endpoint for wider querying?
  • Cover with auto testing.
  • Test endpoints manually.
  • Add examples for docs.
  • Check over docs, adding notes where required.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/4099 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 3/13/2023 **Status:** ✅ Merged **Merged:** 3/13/2023 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `development` ← **Head:** `permissions_api` --- ### 📝 Commits (3) - [`c42956b`](https://github.com/BookStackApp/BookStack/commit/c42956bcafc7c43275457887c119476af8f72b36) Started build of content-permissions API endpoints - [`0de7530`](https://github.com/BookStackApp/BookStack/commit/0de75300591873ece8af60152fdb51172e41f3a5) Tweaked content permission endpoints, covered with tests - [`1903924`](https://github.com/BookStackApp/BookStack/commit/190392482992801e4bed18828ad328b07f7e572a) Added content-perms API examples and docs tweaks ### 📊 Changes **9 files changed** (+558 additions, -39 deletions) <details> <summary>View changed files</summary> 📝 `app/Auth/Permissions/EntityPermission.php` (+8 -9) 📝 `app/Entities/EntityProvider.php` (+12 -26) 📝 `app/Entities/Tools/PermissionsUpdater.php` (+70 -4) ➕ `app/Http/Controllers/Api/ContentPermissionsController.php` (+100 -0) ➕ `dev/api/requests/content-permissions-update.json` (+26 -0) ➕ `dev/api/responses/content-permissions-read.json` (+38 -0) ➕ `dev/api/responses/content-permissions-update.json` (+38 -0) 📝 `routes/api.php` (+4 -0) ➕ `tests/Api/ContentPermissionsApiTest.php` (+262 -0) </details> ### 📄 Description Functionality to allow full control of item permissions via the API. Related to #2702. --- ### Questionables - Too much varied responsibility here? With controlling owner? Mirrors UI but widens API endpoints to a category, instead of data type. - Either way we go will be messy. Decided to proceed with mirroring UI here to align scope while having control for future changes. - Should we instead have flat list of permissions with `type` for fallback/role. Still include `role_id` or have `type_id`? How can we query on that `type` for api list filter? - As above, no. Can quickly get messy. ### TODO - [x] Questionables as above - ~~Listing endpoint for wider querying?~~ - [x] Cover with auto testing. - [x] Test endpoints manually. - [x] Add examples for docs. - [x] Check over docs, adding notes where required. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-05 10:28:54 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#6306
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?