mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-09-20 08:16:04 +00:00
Merge pull request #4554 from BookStackApp/guest_user_cleanup
Guest control: Cleaned methods involved in fetching/handling
This commit is contained in:
Dan Brown
GitHub
commit
54791c8627
@ -41,7 +41,7 @@ class View extends Model
|
||||
public static function incrementFor(Viewable $viewable): int
|
||||
{
|
||||
$user = user();
|
||||
if (is_null($user) || $user->isDefault()) {
|
||||
if ($user->isGuest()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ class UserEntityWatchOptions
|
||||
|
||||
public function canWatch(): bool
|
||||
{
|
||||
return $this->user->can('receive-notifications') && !$this->user->isDefault();
|
||||
return $this->user->can('receive-notifications') && !$this->user->isGuest();
|
||||
}
|
||||
|
||||
public function getWatchLevel(): string
|
||||
|
||||
@ -9,6 +9,7 @@ use BookStack\Access\LdapService;
|
||||
use BookStack\Access\LoginService;
|
||||
use BookStack\Access\RegistrationService;
|
||||
use BookStack\Api\ApiTokenGuard;
|
||||
use BookStack\Users\Models\User;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
@ -65,5 +66,11 @@ class AuthServiceProvider extends ServiceProvider
|
||||
Auth::provider('external-users', function ($app, array $config) {
|
||||
return new ExternalBaseUserProvider($config['model']);
|
||||
});
|
||||
|
||||
// Bind and provide the default system user as a singleton to the app instance when needed.
|
||||
// This effectively "caches" fetching the user at an app-instance level.
|
||||
$this->app->singleton('users.default', function () {
|
||||
return User::query()->where('system_name', '=', 'public')->first();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@ -35,23 +35,7 @@ function versioned_asset(string $file = ''): string
|
||||
*/
|
||||
function user(): User
|
||||
{
|
||||
return auth()->user() ?: User::getDefault();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if current user is a signed in user.
|
||||
*/
|
||||
function signedInUser(): bool
|
||||
{
|
||||
return auth()->user() && !auth()->user()->isDefault();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the current user has general access.
|
||||
*/
|
||||
function hasAppAccess(): bool
|
||||
{
|
||||
return !auth()->guest() || setting('app-public');
|
||||
return auth()->user() ?: User::getGuest();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -61,7 +45,7 @@ function hasAppAccess(): bool
|
||||
function userCan(string $permission, Model $ownable = null): bool
|
||||
{
|
||||
if ($ownable === null) {
|
||||
return user() && user()->can($permission);
|
||||
return user()->can($permission);
|
||||
}
|
||||
|
||||
// Check permission on ownable item
|
||||
|
||||
@ -10,7 +10,7 @@ class RecentlyViewed extends EntityQuery
|
||||
public function run(int $count, int $page): Collection
|
||||
{
|
||||
$user = user();
|
||||
if ($user === null || $user->isDefault()) {
|
||||
if ($user === null || $user->isGuest()) {
|
||||
return collect();
|
||||
}
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ class TopFavourites extends EntityQuery
|
||||
public function run(int $count, int $skip = 0)
|
||||
{
|
||||
$user = user();
|
||||
if ($user->isDefault()) {
|
||||
if ($user->isGuest()) {
|
||||
return collect();
|
||||
}
|
||||
|
||||
|
||||
@ -71,7 +71,7 @@ abstract class Controller extends BaseController
|
||||
*/
|
||||
protected function preventGuestAccess(): void
|
||||
{
|
||||
if (!signedInUser()) {
|
||||
if (user()->isGuest()) {
|
||||
$this->showPermissionError();
|
||||
}
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@ class ApiAuthenticate
|
||||
{
|
||||
// Return if the user is already found to be signed in via session-based auth.
|
||||
// This is to make it easy to browser the API via browser after just logging into the system.
|
||||
if (signedInUser() || session()->isStarted()) {
|
||||
if (!user()->isGuest() || session()->isStarted()) {
|
||||
if (!$this->sessionUserHasApiAccess()) {
|
||||
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
||||
}
|
||||
@ -53,6 +53,6 @@ class ApiAuthenticate
|
||||
{
|
||||
$hasApiPermission = user()->can('access-api');
|
||||
|
||||
return $hasApiPermission && hasAppAccess();
|
||||
return $hasApiPermission && user()->hasAppAccess();
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,7 +12,7 @@ class Authenticate
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if (!hasAppAccess()) {
|
||||
if (!user()->hasAppAccess()) {
|
||||
if ($request->ajax()) {
|
||||
return response('Unauthorized.', 401);
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ class PreventAuthenticatedResponseCaching
|
||||
/** @var Response $response */
|
||||
$response = $next($request);
|
||||
|
||||
if (signedInUser()) {
|
||||
if (!user()->isGuest()) {
|
||||
$response->headers->set('Cache-Control', 'max-age=0, no-store, private');
|
||||
$response->headers->set('Pragma', 'no-cache');
|
||||
$response->headers->set('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
|
||||
|
||||
@ -34,7 +34,7 @@ class SettingController extends Controller
|
||||
return view('settings.' . $category, [
|
||||
'category' => $category,
|
||||
'version' => $version,
|
||||
'guestUser' => User::getDefault(),
|
||||
'guestUser' => User::getGuest(),
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ class SettingService
|
||||
$default = config('setting-defaults.user.' . $key, false);
|
||||
}
|
||||
|
||||
if ($user->isDefault()) {
|
||||
if ($user->isGuest()) {
|
||||
return $this->getFromSession($key, $default);
|
||||
}
|
||||
|
||||
@ -206,7 +206,7 @@ class SettingService
|
||||
*/
|
||||
public function putUser(User $user, string $key, string $value): bool
|
||||
{
|
||||
if ($user->isDefault()) {
|
||||
if ($user->isGuest()) {
|
||||
session()->put($key, $value);
|
||||
|
||||
return true;
|
||||
|
||||
@ -75,7 +75,7 @@ class LanguageManager
|
||||
return $default;
|
||||
}
|
||||
|
||||
if ($user->isDefault() && config('app.auto_detect_locale')) {
|
||||
if ($user->isGuest() && config('app.auto_detect_locale')) {
|
||||
return $this->autoDetectLocale($request, $default);
|
||||
}
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ class UserSearchController extends Controller
|
||||
*/
|
||||
public function forSelect(Request $request)
|
||||
{
|
||||
$hasPermission = signedInUser() && (
|
||||
$hasPermission = !user()->isGuest() && (
|
||||
userCan('users-manage')
|
||||
|| userCan('restrictions-manage-own')
|
||||
|| userCan('restrictions-manage-all')
|
||||
|
||||
@ -88,38 +88,31 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
|
||||
*/
|
||||
protected string $avatarUrl = '';
|
||||
|
||||
/**
|
||||
* This holds the default user when loaded.
|
||||
*/
|
||||
protected static ?User $defaultUser = null;
|
||||
|
||||
/**
|
||||
* Returns the default public user.
|
||||
* Fetches from the container as a singleton to effectively cache at an app level.
|
||||
*/
|
||||
public static function getDefault(): self
|
||||
public static function getGuest(): self
|
||||
{
|
||||
if (!is_null(static::$defaultUser)) {
|
||||
return static::$defaultUser;
|
||||
}
|
||||
|
||||
static::$defaultUser = static::query()->where('system_name', '=', 'public')->first();
|
||||
|
||||
return static::$defaultUser;
|
||||
}
|
||||
|
||||
public static function clearDefault(): void
|
||||
{
|
||||
static::$defaultUser = null;
|
||||
return app()->make('users.default');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user is the default public user.
|
||||
*/
|
||||
public function isDefault(): bool
|
||||
public function isGuest(): bool
|
||||
{
|
||||
return $this->system_name === 'public';
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user has general access to the application.
|
||||
*/
|
||||
public function hasAppAccess(): bool
|
||||
{
|
||||
return !$this->isGuest() || setting('app-public');
|
||||
}
|
||||
|
||||
/**
|
||||
* The roles that belong to the user.
|
||||
*
|
||||
|
||||
@ -142,7 +142,7 @@
|
||||
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
|
||||
@include('entities.watch-action', ['entity' => $book])
|
||||
@endif
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $book])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
|
||||
@ -160,7 +160,7 @@
|
||||
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
|
||||
@include('entities.watch-action', ['entity' => $chapter])
|
||||
@endif
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $chapter])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
|
||||
47
resources/views/common/header-user-menu.blade.php
Normal file
47
resources/views/common/header-user-menu.blade.php
Normal file
@ -0,0 +1,47 @@
|
||||
<div class="dropdown-container" component="dropdown" option:dropdown:bubble-escapes="true">
|
||||
<span class="user-name py-s hide-under-l" refs="dropdown@toggle"
|
||||
aria-haspopup="true" aria-expanded="false" aria-label="{{ trans('common.profile_menu') }}" tabindex="0">
|
||||
<img class="avatar" src="{{$user->getAvatar(30)}}" alt="{{ $user->name }}">
|
||||
<span class="name">{{ $user->getShortName(9) }}</span> @icon('caret-down')
|
||||
</span>
|
||||
<ul refs="dropdown@menu" class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<a href="{{ url('/favourites') }}" data-shortcut="favourites_view" class="icon-item">
|
||||
@icon('star')
|
||||
<div>{{ trans('entities.my_favourites') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ $user->getProfileUrl() }}" data-shortcut="profile_view" class="icon-item">
|
||||
@icon('user')
|
||||
<div>{{ trans('common.view_profile') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ $user->getEditUrl() }}" class="icon-item">
|
||||
@icon('edit')
|
||||
<div>{{ trans('common.edit_profile') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<form action="{{ url(config('auth.method') === 'saml2' ? '/saml2/logout' : '/logout') }}"
|
||||
method="post">
|
||||
{{ csrf_field() }}
|
||||
<button class="icon-item" data-shortcut="logout">
|
||||
@icon('logout')
|
||||
<div>{{ trans('auth.logout') }}</div>
|
||||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li><hr></li>
|
||||
<li>
|
||||
<a href="{{ url('/preferences') }}" class="icon-item">
|
||||
@icon('user-preferences')
|
||||
<div>{{ trans('preferences.preferences') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
@include('common.dark-mode-toggle', ['classes' => 'icon-item'])
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
@ -18,7 +18,7 @@
|
||||
</div>
|
||||
|
||||
<div class="flex-container-column items-center justify-center hide-under-l">
|
||||
@if (hasAppAccess())
|
||||
@if (user()->hasAppAccess())
|
||||
<form component="global-search" action="{{ url('/search') }}" method="GET" class="search-box" role="search" tabindex="0">
|
||||
<button id="header-search-box-button"
|
||||
refs="global-search@button"
|
||||
@ -44,76 +44,29 @@
|
||||
|
||||
<nav refs="header-mobile-toggle@menu" class="header-links">
|
||||
<div class="links text-center">
|
||||
@if (hasAppAccess())
|
||||
@if (user()->hasAppAccess())
|
||||
<a class="hide-over-l" href="{{ url('/search') }}">@icon('search'){{ trans('common.search') }}</a>
|
||||
@if(userCanOnAny('view', \BookStack\Entities\Models\Bookshelf::class) || userCan('bookshelf-view-all') || userCan('bookshelf-view-own'))
|
||||
<a href="{{ url('/shelves') }}" data-shortcut="shelves_view">@icon('bookshelf'){{ trans('entities.shelves') }}</a>
|
||||
@endif
|
||||
<a href="{{ url('/books') }}" data-shortcut="books_view">@icon('books'){{ trans('entities.books') }}</a>
|
||||
@if(signedInUser() && userCan('settings-manage'))
|
||||
@if(!user()->isGuest() && userCan('settings-manage'))
|
||||
<a href="{{ url('/settings') }}" data-shortcut="settings_view">@icon('settings'){{ trans('settings.settings') }}</a>
|
||||
@endif
|
||||
@if(signedInUser() && userCan('users-manage') && !userCan('settings-manage'))
|
||||
@if(!user()->isGuest() && userCan('users-manage') && !userCan('settings-manage'))
|
||||
<a href="{{ url('/settings/users') }}" data-shortcut="settings_view">@icon('users'){{ trans('settings.users') }}</a>
|
||||
@endif
|
||||
@endif
|
||||
|
||||
@if(!signedInUser())
|
||||
@if(user()->isGuest())
|
||||
@if(setting('registration-enabled') && config('auth.method') === 'standard')
|
||||
<a href="{{ url('/register') }}">@icon('new-user'){{ trans('auth.sign_up') }}</a>
|
||||
@endif
|
||||
<a href="{{ url('/login') }}">@icon('login'){{ trans('auth.log_in') }}</a>
|
||||
@endif
|
||||
</div>
|
||||
@if(signedInUser())
|
||||
<?php $currentUser = user(); ?>
|
||||
<div class="dropdown-container" component="dropdown" option:dropdown:bubble-escapes="true">
|
||||
<span class="user-name py-s hide-under-l" refs="dropdown@toggle"
|
||||
aria-haspopup="true" aria-expanded="false" aria-label="{{ trans('common.profile_menu') }}" tabindex="0">
|
||||
<img class="avatar" src="{{$currentUser->getAvatar(30)}}" alt="{{ $currentUser->name }}">
|
||||
<span class="name">{{ $currentUser->getShortName(9) }}</span> @icon('caret-down')
|
||||
</span>
|
||||
<ul refs="dropdown@menu" class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<a href="{{ url('/favourites') }}" data-shortcut="favourites_view" class="icon-item">
|
||||
@icon('star')
|
||||
<div>{{ trans('entities.my_favourites') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ $currentUser->getProfileUrl() }}" data-shortcut="profile_view" class="icon-item">
|
||||
@icon('user')
|
||||
<div>{{ trans('common.view_profile') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ $currentUser->getEditUrl() }}" class="icon-item">
|
||||
@icon('edit')
|
||||
<div>{{ trans('common.edit_profile') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<form action="{{ url(config('auth.method') === 'saml2' ? '/saml2/logout' : '/logout') }}"
|
||||
method="post">
|
||||
{{ csrf_field() }}
|
||||
<button class="icon-item" data-shortcut="logout">
|
||||
@icon('logout')
|
||||
<div>{{ trans('auth.logout') }}</div>
|
||||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li><hr></li>
|
||||
<li>
|
||||
<a href="{{ url('/preferences') }}" class="icon-item">
|
||||
@icon('user-preferences')
|
||||
<div>{{ trans('preferences.preferences') }}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
@include('common.dark-mode-toggle', ['classes' => 'icon-item'])
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
@if(!user()->isGuest())
|
||||
@include('common.header-user-menu', ['user' => user()])
|
||||
@endif
|
||||
</nav>
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
])
|
||||
</div>
|
||||
<div class="text-right">
|
||||
@if(!signedInUser())
|
||||
@if(user()->isGuest())
|
||||
<a href="{{ url('/login') }}" class="button outline">{{ trans('auth.log_in') }}</a>
|
||||
@endif
|
||||
<a href="{{ url('/') }}" class="button outline">{{ trans('errors.return_home') }}</a>
|
||||
@ -22,7 +22,7 @@
|
||||
|
||||
</div>
|
||||
|
||||
@if (setting('app-public') || !user()->isDefault())
|
||||
@if (setting('app-public') || !user()->isGuest())
|
||||
<div class="grid third gap-xxl">
|
||||
<div>
|
||||
<div class="card mb-xl">
|
||||
|
||||
@ -188,7 +188,7 @@
|
||||
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
|
||||
@include('entities.watch-action', ['entity' => $page])
|
||||
@endif
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
@include('entities.favourite-action', ['entity' => $page])
|
||||
@endif
|
||||
@if(userCan('content-export'))
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
<h6>{{ trans('entities.search_tags') }}</h6>
|
||||
@include('search.parts.term-list', ['type' => 'tags', 'currentList' => $options->tags])
|
||||
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
<h6>{{ trans('entities.search_options') }}</h6>
|
||||
|
||||
@component('search.parts.boolean-filter', ['filters' => $options->filters, 'name' => 'viewed_by_me', 'value' => null])
|
||||
|
||||
@ -143,7 +143,7 @@
|
||||
</a>
|
||||
@endif
|
||||
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
<hr class="primary-background">
|
||||
@include('entities.favourite-action', ['entity' => $shelf])
|
||||
@endif
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
</div>
|
||||
</section>
|
||||
|
||||
@if(signedInUser() && userCan('receive-notifications'))
|
||||
@if(!user()->isGuest() && userCan('receive-notifications'))
|
||||
<section class="card content-wrap auto-height items-center justify-space-between gap-m flex-container-row wrap">
|
||||
<div class="flex min-width-m">
|
||||
<h2 class="list-heading">{{ trans('preferences.notifications') }}</h2>
|
||||
@ -25,7 +25,7 @@
|
||||
</section>
|
||||
@endif
|
||||
|
||||
@if(signedInUser())
|
||||
@if(!user()->isGuest())
|
||||
<section class="card content-wrap auto-height items-center justify-space-between gap-m flex-container-row wrap">
|
||||
<div class="flex min-width-m">
|
||||
<h2 class="list-heading">{{ trans('settings.users_edit_profile') }}</h2>
|
||||
|
||||
@ -136,7 +136,7 @@ class PageRevisionTest extends TestCase
|
||||
$page = $this->entities->page();
|
||||
$this->createRevisions($page, 2);
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView = $this->asViewer()->get($page->getUrl());
|
||||
$pageView->assertSee('Revision #' . $page->revision_count);
|
||||
}
|
||||
|
||||
|
||||
@ -55,7 +55,7 @@ class UserRoleProvider
|
||||
*/
|
||||
public function guest(): User
|
||||
{
|
||||
return User::getDefault();
|
||||
return User::getGuest();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -103,7 +103,7 @@ class PublicActionTest extends TestCase
|
||||
$resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
|
||||
$resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
|
||||
|
||||
$user = User::getDefault();
|
||||
$user = $this->users->guest();
|
||||
$this->assertDatabaseHas('pages', [
|
||||
'name' => 'My guest page',
|
||||
'chapter_id' => $chapter->id,
|
||||
@ -197,7 +197,7 @@ class PublicActionTest extends TestCase
|
||||
public function test_public_view_can_take_on_other_roles()
|
||||
{
|
||||
$this->setSettings(['app-public' => 'true']);
|
||||
$newRole = $this->users->attachNewRole(User::getDefault(), []);
|
||||
$newRole = $this->users->attachNewRole($this->users->guest(), []);
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->disableEntityInheritedPermissions($page);
|
||||
$this->permissions->addEntityPermission($page, ['view', 'update'], $newRole);
|
||||
|
||||
@ -42,7 +42,6 @@ abstract class TestCase extends BaseTestCase
|
||||
$this->permissions = new PermissionsProvider($this->users);
|
||||
$this->files = new FileProvider();
|
||||
|
||||
User::clearDefault();
|
||||
parent::setUp();
|
||||
|
||||
// We can uncomment the below to run tests with failings upon deprecations.
|
||||
|
||||
@ -191,7 +191,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_guest_profile_shows_limited_form()
|
||||
{
|
||||
$guest = User::getDefault();
|
||||
$guest = $this->users->guest();
|
||||
$resp = $this->asAdmin()->get('/settings/users/' . $guest->id);
|
||||
$resp->assertSee('Guest');
|
||||
$this->withHtml($resp)->assertElementNotExists('#password');
|
||||
@ -199,7 +199,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_guest_profile_cannot_be_deleted()
|
||||
{
|
||||
$guestUser = User::getDefault();
|
||||
$guestUser = $this->users->guest();
|
||||
$resp = $this->asAdmin()->get('/settings/users/' . $guestUser->id . '/delete');
|
||||
$resp->assertSee('Delete User');
|
||||
$resp->assertSee('Guest');
|
||||
|
||||
@ -57,8 +57,7 @@ class UserSearchTest extends TestCase
|
||||
public function test_select_requires_logged_in_user()
|
||||
{
|
||||
$this->setSettings(['app-public' => true]);
|
||||
$defaultUser = User::getDefault();
|
||||
$this->permissions->grantUserRolePermissions($defaultUser, ['users-manage']);
|
||||
$this->permissions->grantUserRolePermissions($this->users->guest(), ['users-manage']);
|
||||
|
||||
$resp = $this->get('/search/users/select?search=a');
|
||||
$this->assertPermissionError($resp);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user