Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
08b39500b3
BookStack/app/Auth/Permissions/PermissionApplicator.php

204 lines
8.2 KiB
PHP
Raw Normal View History

Apply fixes from StyleCI
2021-06-26 11:23:15 -04:00
<?php
namespace BookStack\Auth\Permissions;
Re-structured the app code to be feature based rather than code type based
2018-09-25 07:30:50 -04:00
Fleshed out entity provided and optimized imports
2018-09-25 11:58:03 -04:00
use BookStack\Auth\Role;
Done a refactor pass on PermissionService Could do with splitting out into seperate query/build classess really. Closes #2633.
2021-03-14 15:52:07 -04:00
use BookStack\Auth\User;
Fixed some mis-refactoring and split search service Search service broken into index and runner tools.
2020-11-21 19:17:45 -05:00
use BookStack\Entities\Models\Entity;
Fixed misalignment of page and chapter parent book Could occur when a chapter was moved with deleted pages. Fixes #2632
2021-03-13 10:18:37 -05:00
use BookStack\Entities\Models\Page;
Started change for entities to have concept of owners
2020-12-30 13:25:35 -05:00
use BookStack\Model;
use BookStack\Traits\HasCreatorAndUpdater;
use BookStack\Traits\HasOwner;
Started refactor to merge entity repos
2017-01-01 11:05:44 -05:00
use Illuminate\Database\Eloquent\Builder;
Made more efficiency improvements to permission system
2017-04-30 06:38:58 -04:00
use Illuminate\Database\Query\Builder as QueryBuilder;
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
use InvalidArgumentException;
Tied entity restriction system into userCan checks
2016-02-29 15:31:21 -05:00
Renamed and cleaned up existing permission service classes use
2022-07-12 15:15:41 -04:00
class PermissionApplicator
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
{
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system.
2016-03-05 13:09:21 -05:00
/**
* Checks if an entity has a restriction set upon it.
Apply fixes from StyleCI
2021-06-26 11:23:15 -04:00
*
Started change for entities to have concept of owners
2020-12-30 13:25:35 -05:00
* @param HasCreatorAndUpdater|HasOwner $ownable
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system.
2016-03-05 13:09:21 -05:00
*/
Started change for entities to have concept of owners
2020-12-30 13:25:35 -05:00
public function checkOwnableUserAccess(Model $ownable, string $permission): bool
Tied entity restriction system into userCan checks
2016-02-29 15:31:21 -05:00
{
Rolled out new permissions system throughout application
2016-04-24 11:54:20 -04:00
$explodedPermission = explode('-', $permission);
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
$action = $explodedPermission[1] ?? $explodedPermission[0];
Fixed a couple of non-intended logical permission issues Both caught in tests: Fixed loss of permissions for admin users when entity restrictions were active, since there are no entity-restrictions for the admin role but we'd force generate them in joint permissions, which would be queried. Fixed new role permission checks when permissions given with only the action (eg. 'view'), since the type prefix would be required for role permission checks. Was previously not needed as only the simpler form was used in the jointpermissions after merge & calculation.
2022-07-16 15:55:32 -04:00
$fullPermission = count($explodedPermission) > 1 ? $permission : $ownable->getMorphClass() . '-' . $permission;
Done a refactor pass on PermissionService Could do with splitting out into seperate query/build classess really. Closes #2633.
2021-03-14 15:52:07 -04:00
$user = $this->currentUser();
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
$userRoleIds = $this->getCurrentUserRoleIds();
Rolled out new permissions system throughout application
2016-04-24 11:54:20 -04:00
Fixed a couple of non-intended logical permission issues Both caught in tests: Fixed loss of permissions for admin users when entity restrictions were active, since there are no entity-restrictions for the admin role but we'd force generate them in joint permissions, which would be queried. Fixed new role permission checks when permissions given with only the action (eg. 'view'), since the type prefix would be required for role permission checks. Was previously not needed as only the simpler form was used in the jointpermissions after merge & calculation.
2022-07-16 15:55:32 -04:00
$allRolePermission = $user->can($fullPermission . '-all');
$ownRolePermission = $user->can($fullPermission . '-own');
Added owners to entity creation and updated tests
2020-12-30 17:18:28 -05:00
$nonJointPermissions = ['restrictions', 'image', 'attachment', 'comment'];
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
$ownerField = ($ownable instanceof Entity) ? 'owned_by' : 'created_by';
Fixed failed permission checks due to non-loaded fields Added additional exceptions to prevent such cases in the future, so that they are caught in dev ideally. Added test case specifically for reported favourite scenario.
2022-08-10 03:06:48 -04:00
$ownableFieldVal = $ownable->getAttribute($ownerField);
if (is_null($ownableFieldVal)) {
throw new InvalidArgumentException("{$ownerField} field used but has not been loaded");
}
$isOwner = $user->id === $ownableFieldVal;
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
$hasRolePermission = $allRolePermission || ($isOwner && $ownRolePermission);
Added owners to entity creation and updated tests
2020-12-30 17:18:28 -05:00
Major permission naming refactor and database migration cleanup
2016-05-01 16:20:50 -04:00
// Handle non entity specific jointPermissions
Added owners to entity creation and updated tests
2020-12-30 17:18:28 -05:00
if (in_array($explodedPermission[0], $nonJointPermissions)) {
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
return $hasRolePermission;
}
Shared entity permission logic across both query methods The runtime userCan() and the JointPermissionBuilder now share much of the same logic for handling entity permission resolution.
2023-01-23 10:09:03 -05:00
$hasApplicableEntityPermissions = $this->hasEntityPermission($ownable, $userRoleIds, $action);
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
Fixed a couple of non-intended logical permission issues Both caught in tests: Fixed loss of permissions for admin users when entity restrictions were active, since there are no entity-restrictions for the admin role but we'd force generate them in joint permissions, which would be queried. Fixed new role permission checks when permissions given with only the action (eg. 'view'), since the type prefix would be required for role permission checks. Was previously not needed as only the simpler form was used in the jointpermissions after merge & calculation.
2022-07-16 15:55:32 -04:00
return is_null($hasApplicableEntityPermissions) ? $hasRolePermission : $hasApplicableEntityPermissions;
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
}
Apply fixes from StyleCI
2021-06-26 11:23:15 -04:00
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
/**
Fixed a couple of non-intended logical permission issues Both caught in tests: Fixed loss of permissions for admin users when entity restrictions were active, since there are no entity-restrictions for the admin role but we'd force generate them in joint permissions, which would be queried. Fixed new role permission checks when permissions given with only the action (eg. 'view'), since the type prefix would be required for role permission checks. Was previously not needed as only the simpler form was used in the jointpermissions after merge & calculation.
2022-07-16 15:55:32 -04:00
* Check if there are permissions that are applicable for the given entity item, action and roles.
* Returns null when no entity permissions are in force.
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
*/
Shared entity permission logic across both query methods The runtime userCan() and the JointPermissionBuilder now share much of the same logic for handling entity permission resolution.
2023-01-23 10:09:03 -05:00
protected function hasEntityPermission(Entity $entity, array $userRoleIds, string $action): ?bool
Removed remaining dynamic action usages in joint permission queries
2022-07-16 14:28:04 -04:00
{
Started code update for new entity permission format
2022-10-08 08:52:59 -04:00
$this->ensureValidEntityAction($action);
Shared entity permission logic across both query methods The runtime userCan() and the JointPermissionBuilder now share much of the same logic for handling entity permission resolution.
2023-01-23 10:09:03 -05:00
return (new EntityPermissionEvaluator($action))->evaluateEntityForUser($entity, $userRoleIds);
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
}
Use joint_permissions to determine is a user has an available page or chapter to copy.
2019-01-02 00:55:28 -05:00
/**
Abstracted userCanCreatePage helper to work for any permisison - Added test to cover scenario where someone with create-own permission would want to copy a viewable item into a container entity that they own.
2019-03-09 11:50:22 -05:00
* Checks if a user has the given permission for any items in the system.
Updated shelf menu item to show on custom permission - Extended new 'userCanOnAny' helper to take a entity class for filtering. Closes #1201
2019-03-09 16:15:45 -05:00
* Can be passed an entity instance to filter on a specific type.
Use joint_permissions to determine is a user has an available page or chapter to copy.
2019-01-02 00:55:28 -05:00
*/
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
public function checkUserHasEntityPermissionOnAny(string $action, string $entityClass = ''): bool
Use joint_permissions to determine is a user has an available page or chapter to copy.
2019-01-02 00:55:28 -05:00
{
Started code update for new entity permission format
2022-10-08 08:52:59 -04:00
$this->ensureValidEntityAction($action);
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
$permissionQuery = EntityPermission::query()
Started code update for new entity permission format
2022-10-08 08:52:59 -04:00
->where($action, '=', true)
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
->whereIn('role_id', $this->getCurrentUserRoleIds());
Updated shelf menu item to show on custom permission - Extended new 'userCanOnAny' helper to take a entity class for filtering. Closes #1201
2019-03-09 16:15:45 -05:00
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
if (!empty($entityClass)) {
/** @var Entity $entityInstance */
$entityInstance = app()->make($entityClass);
Started code update for new entity permission format
2022-10-08 08:52:59 -04:00
$permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());
Updated shelf menu item to show on custom permission - Extended new 'userCanOnAny' helper to take a entity class for filtering. Closes #1201
2019-03-09 16:15:45 -05:00
}
Use joint_permissions to determine is a user has an available page or chapter to copy.
2019-01-02 00:55:28 -05:00
Updated shelf menu item to show on custom permission - Extended new 'userCanOnAny' helper to take a entity class for filtering. Closes #1201
2019-03-09 16:15:45 -05:00
$hasPermission = $permissionQuery->count() > 0;
Apply fixes from StyleCI
2021-06-26 11:23:15 -04:00
Updated shelf menu item to show on custom permission - Extended new 'userCanOnAny' helper to take a entity class for filtering. Closes #1201
2019-03-09 16:15:45 -05:00
return $hasPermission;
Use joint_permissions to determine is a user has an available page or chapter to copy.
2019-01-02 00:55:28 -05:00
}
Updated permission bookChildrenQuery to use QueryBuilder
2017-01-15 10:00:29 -05:00
/**
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
* Limit the given entity query so that the query will only
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
* return items that the user has view permission for.
Updated permission bookChildrenQuery to use QueryBuilder
2017-01-15 10:00:29 -05:00
*/
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
public function restrictEntityQuery(Builder $query): Builder
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649
2018-01-28 11:58:52 -05:00
{
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
return $query->where(function (Builder $parentQuery) {
$parentQuery->whereHas('jointPermissions', function (Builder $permissionQuery) {
Found a sql having-style approach to permissions As a way to check aggregate queries for required changes to need to analyse across combined permission values.
2023-01-24 08:44:38 -05:00
$permissionQuery->select(['entity_id', 'entity_type'])
Implemented alternate approach to current joint_permissions Is a tweak upon the existing approach, mainly to store and query role permission access in a way that allows muli-level states that may override eachother. These states are represented in the new PermissionStatus class. This also simplifies how own permissions are stored and queried, to be part of a single column.
2023-01-24 09:55:34 -05:00
->selectRaw('max(owner_id) as owner_id')
->selectRaw('max(status) as status')
Found a sql having-style approach to permissions As a way to check aggregate queries for required changes to need to analyse across combined permission values.
2023-01-24 08:44:38 -05:00
->whereIn('role_id', $this->getCurrentUserRoleIds())
->groupBy(['entity_type', 'entity_id'])
Added and addressed multi-role/own-role-perm/inheretance scenario Found during manual testing. Have checked against relation queries manually too.
2023-01-26 07:53:25 -05:00
->havingRaw('(status IN (1, 3) or (owner_id = ? and status != 2))', [$this->currentUser()->id]);
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission.
2018-09-20 14:48:08 -04:00
});
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change
2019-10-05 07:55:01 -04:00
});
}
Fixed hidden book children for admins on upgrade
2017-01-22 07:02:30 -05:00
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change
2019-10-05 07:55:01 -04:00
/**
* Extend the given page query to ensure draft items are not visible
* unless created by the given user.
*/
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
public function restrictDraftsOnPageQuery(Builder $query): Builder
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change
2019-10-05 07:55:01 -04:00
{
return $query->where(function (Builder $query) {
$query->where('draft', '=', false)
->orWhere(function (Builder $query) {
$query->where('draft', '=', true)
Started change for entities to have concept of owners
2020-12-30 13:25:35 -05:00
->where('owned_by', '=', $this->currentUser()->id);
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change
2019-10-05 07:55:01 -04:00
});
});
Rewrote book children query
2017-01-01 16:21:11 -05:00
}
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
/**
Started implementation of new search system
2017-03-19 08:48:44 -04:00
* Filter items that have entities set as a polymorphic relation.
Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.
2021-11-29 19:06:17 -05:00
* For simplicity, this will not return results attached to draft pages.
* Draft pages should never really have related items though.
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
*/
Implemented alternate approach to current joint_permissions Is a tweak upon the existing approach, mainly to store and query role permission access in a way that allows muli-level states that may override eachother. These states are represented in the new PermissionStatus class. This also simplifies how own permissions are stored and queried, to be part of a single column.
2023-01-24 09:55:34 -05:00
public function restrictEntityRelationQuery(Builder $query, string $tableName, string $entityIdColumn, string $entityTypeColumn): Builder
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
{
Reviewed addition to db table prefix Review of #2935 - Removed from .env files and added warnings for use if found in config file. - Updated permission service to use whereColumn queries to auto-handle use of prefixes.
2021-09-29 13:41:11 -04:00
$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.
2021-11-29 19:06:17 -05:00
$pageMorphClass = (new Page())->getMorphClass();
Implemented alternate approach to current joint_permissions Is a tweak upon the existing approach, mainly to store and query role permission access in a way that allows muli-level states that may override eachother. These states are represented in the new PermissionStatus class. This also simplifies how own permissions are stored and queried, to be part of a single column.
2023-01-24 09:55:34 -05:00
return $this->restrictEntityQuery($query)
->where(function ($query) use ($tableDetails, $pageMorphClass) {
/** @var Builder $query */
$query->where($tableDetails['entityTypeColumn'], '!=', $pageMorphClass)
Applied StyleCI changes
2021-11-30 09:25:09 -05:00
->orWhereExists(function (QueryBuilder $query) use ($tableDetails, $pageMorphClass) {
Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.
2021-11-29 19:06:17 -05:00
$query->select('id')->from('pages')
->whereColumn('pages.id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
->where($tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'], '=', $pageMorphClass)
->where('pages.draft', '=', false);
});
Implemented alternate approach to current joint_permissions Is a tweak upon the existing approach, mainly to store and query role permission access in a way that allows muli-level states that may override eachother. These states are represented in the new PermissionStatus class. This also simplifies how own permissions are stored and queried, to be part of a single column.
2023-01-24 09:55:34 -05:00
});
Added in restriction queries for most lists
2016-02-28 14:03:04 -05:00
}
Attached images to pages and added restriction filtering Closes #79
2016-03-13 09:30:47 -04:00
/**
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
* Add conditions to a query for a model that's a relation of a page, so only the model results
* on visible pages are returned by the query.
* Is effectively the same as "restrictEntityRelationQuery" but takes into account page drafts
* while not expecting a polymorphic relation, Just a simpler one-page-to-many-relations set-up.
Attached images to pages and added restriction filtering Closes #79
2016-03-13 09:30:47 -04:00
*/
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
public function restrictPageRelationQuery(Builder $query, string $tableName, string $pageIdColumn): Builder
Attached images to pages and added restriction filtering Closes #79
2016-03-13 09:30:47 -04:00
{
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
$fullPageIdColumn = $tableName . '.' . $pageIdColumn;
Migrated remaining relation permission usages Now all tests are passing. Some level of manual checks to do.
2023-01-24 14:04:32 -05:00
return $this->restrictEntityQuery($query)
->where(function ($query) use ($fullPageIdColumn) {
/** @var Builder $query */
$query->whereExists(function (QueryBuilder $query) use ($fullPageIdColumn) {
$query->select('id')->from('pages')
->whereColumn('pages.id', '=', $fullPageIdColumn)
->where('pages.draft', '=', false);
Fixed gallery images not visible until draft publish For #4028
2023-02-16 12:57:34 -05:00
})->orWhereExists(function (QueryBuilder $query) use ($fullPageIdColumn) {
$query->select('id')->from('pages')
->whereColumn('pages.id', '=', $fullPageIdColumn)
->where('pages.draft', '=', true)
->where('pages.created_by', '=', $this->currentUser()->id);
Aligned permission applicator method names Also removed lesser used function, that was mostly a duplicate of an existing function, and only used for search.
2022-07-16 14:54:25 -04:00
});
Migrated remaining relation permission usages Now all tests are passing. Some level of manual checks to do.
2023-01-24 14:04:32 -05:00
});
Performed further cleanup in permission service
2021-03-14 16:32:33 -04:00
}
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
/**
Apply fixes from StyleCI
2021-06-26 11:23:15 -04:00
* Get the current user.
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
*/
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
protected function currentUser(): User
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
{
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
return user();
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
}
/**
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
* Get the roles for the current logged-in user.
*
* @return int[]
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
*/
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
protected function getCurrentUserRoleIds(): array
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 13:22:04 -04:00
{
Continued removal of joint permission non-view queries Cleaned up PermissionApplicator to remove old cache system which was hardly ever actuall caching anything since it was reset after each public method run. Changed the scope of 'userCanOnAny' to just check entity permissions, and added protections of action scope creep, in case a role permission action was passed by mistake.
2022-07-16 08:17:08 -04:00
if (auth()->guest()) {
return [Role::getSystemRole('public')->id];
}
return $this->currentUser()->roles->pluck('id')->values()->all();
Attached images to pages and added restriction filtering Closes #79
2016-03-13 09:30:47 -04:00
}
Started code update for new entity permission format
2022-10-08 08:52:59 -04:00
/**
* Ensure the given action is a valid and expected entity action.
* Throws an exception if invalid otherwise does nothing.
* @throws InvalidArgumentException
*/
protected function ensureValidEntityAction(string $action): void
{
if (!in_array($action, EntityPermission::PERMISSIONS)) {
throw new InvalidArgumentException('Action should be a simple entity permission action, not a role permission');
}
}
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649
2018-01-28 11:58:52 -05:00
}
Reference in New Issue Copy Permalink