Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Content Permissions API: Fixed param combination bug

Browse Source 
Fixes issue where providing owner_id alongside certain
fallback_permissions would cause the owner change not to take affect,
due to bad variable shadowing.

For #4323
This commit is contained in:
Dan Brown 2023-06-20 14:13:26 +01:00
parent f5396ecaf0
commit 41c3ed154b
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
2 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Entities/Tools/PermissionsUpdater.php
View File

@ -55,9 +55,9 @@ class PermissionsUpdater
} }
if (isset($data['fallback_permissions']['inheriting']) && $data['fallback_permissions']['inheriting'] !== true) { if (isset($data['fallback_permissions']['inheriting']) && $data['fallback_permissions']['inheriting'] !== true) {
$data = $data['fallback_permissions']; $fallbackData = $data['fallback_permissions'];
$data['role_id'] = 0; $fallbackData['role_id'] = 0;
$rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$data], true); $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$fallbackData], true);
$entity->permissions()->createMany($rolePermissionData); $entity->permissions()->createMany($rolePermissionData);
} }

32
tests/Api/ContentPermissionsApiTest.php
View File

@ -259,4 +259,36 @@ class ContentPermissionsApiTest extends TestCase
], ],
]); ]);
} }
public function test_update_can_both_provide_owner_and_fallback_permissions()
{
$user = $this->users->viewer();
$page = $this->entities->page();
$page->owned_by = null;
$page->save();
$this->actingAsApiAdmin();
$resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
"owner_id" => $user->id,
'fallback_permissions' => [
'inheriting' => false,
'view' => false,
'create' => false,
'update' => false,
'delete' => false,
],
]);
$resp->assertOk();
$this->assertDatabaseHas('pages', ['id' => $page->id, 'owned_by' => $user->id]);
$this->assertDatabaseHas('entity_permissions', [
'entity_id' => $page->id,
'entity_type' => 'page',
'role_id' => 0,
'view' => false,
'create' => false,
'update' => false,
'delete' => false,
]);
}
} }