mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
Merge branch 'Abijeet-bug-638'
This commit is contained in:
Dan Brown
commit
5b075aa9bd
@ -155,7 +155,7 @@ class BookController extends Controller
|
|||||||
$book = $this->entityRepo->getBySlug('book', $bookSlug);
|
$book = $this->entityRepo->getBySlug('book', $bookSlug);
|
||||||
$this->checkOwnablePermission('book-update', $book);
|
$this->checkOwnablePermission('book-update', $book);
|
||||||
$bookChildren = $this->entityRepo->getBookChildren($book, true);
|
$bookChildren = $this->entityRepo->getBookChildren($book, true);
|
||||||
$books = $this->entityRepo->getAll('book', false);
|
$books = $this->entityRepo->getAll('book', false, 'update');
|
||||||
$this->setPageTitle(trans('entities.books_sort_named', ['bookName'=>$book->getShortName()]));
|
$this->setPageTitle(trans('entities.books_sort_named', ['bookName'=>$book->getShortName()]));
|
||||||
return view('books/sort', ['book' => $book, 'current' => $book, 'books' => $books, 'bookChildren' => $bookChildren]);
|
return view('books/sort', ['book' => $book, 'current' => $book, 'books' => $books, 'bookChildren' => $bookChildren]);
|
||||||
}
|
}
|
||||||
@ -190,42 +190,56 @@ class BookController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Sort pages and chapters
|
// Sort pages and chapters
|
||||||
$sortedBooks = [];
|
$sortMap = collect(json_decode($request->get('sort-tree')));
|
||||||
$updatedModels = collect();
|
$bookIdsInvolved = collect([$book->id]);
|
||||||
$sortMap = json_decode($request->get('sort-tree'));
|
|
||||||
$defaultBookId = $book->id;
|
|
||||||
|
|
||||||
// Loop through contents of provided map and update entities accordingly
|
// Load models into map
|
||||||
foreach ($sortMap as $bookChild) {
|
$sortMap->each(function($mapItem) use ($bookIdsInvolved) {
|
||||||
$priority = $bookChild->sort;
|
$mapItem->type = ($mapItem->type === 'page' ? 'page' : 'chapter');
|
||||||
$id = intval($bookChild->id);
|
$mapItem->model = $this->entityRepo->getById($mapItem->type, $mapItem->id);
|
||||||
$isPage = $bookChild->type == 'page';
|
// Store source and target books
|
||||||
$bookId = $this->entityRepo->exists('book', $bookChild->book) ? intval($bookChild->book) : $defaultBookId;
|
$bookIdsInvolved->push(intval($mapItem->model->book_id));
|
||||||
$chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter);
|
$bookIdsInvolved->push(intval($mapItem->book));
|
||||||
$model = $this->entityRepo->getById($isPage?'page':'chapter', $id);
|
});
|
||||||
|
|
||||||
// Update models only if there's a change in parent chain or ordering.
|
// Get the books involved in the sort
|
||||||
if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) {
|
$bookIdsInvolved = $bookIdsInvolved->unique()->toArray();
|
||||||
$this->entityRepo->changeBook($isPage?'page':'chapter', $bookId, $model);
|
$booksInvolved = $this->entityRepo->book->newQuery()->whereIn('id', $bookIdsInvolved)->get();
|
||||||
$model->priority = $priority;
|
// Throw permission error if invalid ids or inaccessible books given.
|
||||||
if ($isPage) $model->chapter_id = $chapterId;
|
if (count($bookIdsInvolved) !== count($booksInvolved)) {
|
||||||
|
$this->showPermissionError();
|
||||||
|
}
|
||||||
|
// Check permissions of involved books
|
||||||
|
$booksInvolved->each(function(Book $book) {
|
||||||
|
$this->checkOwnablePermission('book-update', $book);
|
||||||
|
});
|
||||||
|
|
||||||
|
// Perform the sort
|
||||||
|
$sortMap->each(function($mapItem) {
|
||||||
|
$model = $mapItem->model;
|
||||||
|
|
||||||
|
$priorityChanged = intval($model->priority) !== intval($mapItem->sort);
|
||||||
|
$bookChanged = intval($model->book_id) !== intval($mapItem->book);
|
||||||
|
$chapterChanged = ($mapItem->type === 'page') && intval($model->chapter_id) !== $mapItem->parentChapter;
|
||||||
|
|
||||||
|
if ($bookChanged) {
|
||||||
|
$this->entityRepo->changeBook($mapItem->type, $mapItem->book, $model);
|
||||||
|
}
|
||||||
|
if ($chapterChanged) {
|
||||||
|
$model->chapter_id = intval($mapItem->parentChapter);
|
||||||
$model->save();
|
$model->save();
|
||||||
$updatedModels->push($model);
|
|
||||||
}
|
}
|
||||||
|
if ($priorityChanged) {
|
||||||
|
$model->priority = intval($mapItem->sort);
|
||||||
|
$model->save();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// Store involved books to be sorted later
|
// Rebuild permissions and add activity for involved books.
|
||||||
if (!in_array($bookId, $sortedBooks)) {
|
$booksInvolved->each(function(Book $book) {
|
||||||
$sortedBooks[] = $bookId;
|
$this->entityRepo->buildJointPermissionsForBook($book);
|
||||||
}
|
Activity::add($book, 'book_sort', $book->id);
|
||||||
}
|
});
|
||||||
|
|
||||||
// Add activity for books
|
|
||||||
foreach ($sortedBooks as $bookId) {
|
|
||||||
/** @var Book $updatedBook */
|
|
||||||
$updatedBook = $this->entityRepo->getById('book', $bookId);
|
|
||||||
$this->entityRepo->buildJointPermissionsForBook($updatedBook);
|
|
||||||
Activity::add($updatedBook, 'book_sort', $updatedBook->id);
|
|
||||||
}
|
|
||||||
|
|
||||||
return redirect($book->getUrl());
|
return redirect($book->getUrl());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -113,9 +113,9 @@ class EntityRepo
|
|||||||
* @param bool $allowDrafts
|
* @param bool $allowDrafts
|
||||||
* @return \Illuminate\Database\Query\Builder
|
* @return \Illuminate\Database\Query\Builder
|
||||||
*/
|
*/
|
||||||
protected function entityQuery($type, $allowDrafts = false)
|
protected function entityQuery($type, $allowDrafts = false, $permission = 'view')
|
||||||
{
|
{
|
||||||
$q = $this->permissionService->enforceEntityRestrictions($type, $this->getEntity($type), 'view');
|
$q = $this->permissionService->enforceEntityRestrictions($type, $this->getEntity($type), $permission);
|
||||||
if (strtolower($type) === 'page' && !$allowDrafts) {
|
if (strtolower($type) === 'page' && !$allowDrafts) {
|
||||||
$q = $q->where('draft', '=', false);
|
$q = $q->where('draft', '=', false);
|
||||||
}
|
}
|
||||||
@ -196,14 +196,15 @@ class EntityRepo
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all entities of a type limited by count unless count if false.
|
* Get all entities of a type with the given permission, limited by count unless count is false.
|
||||||
* @param string $type
|
* @param string $type
|
||||||
* @param integer|bool $count
|
* @param integer|bool $count
|
||||||
|
* @param string $permission
|
||||||
* @return Collection
|
* @return Collection
|
||||||
*/
|
*/
|
||||||
public function getAll($type, $count = 20)
|
public function getAll($type, $count = 20, $permission = 'view')
|
||||||
{
|
{
|
||||||
$q = $this->entityQuery($type)->orderBy('name', 'asc');
|
$q = $this->entityQuery($type, false, $permission)->orderBy('name', 'asc');
|
||||||
if ($count !== false) $q = $q->take($count);
|
if ($count !== false) $q = $q->take($count);
|
||||||
return $q->get();
|
return $q->get();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
use BookStack\Entity;
|
use BookStack\Entity;
|
||||||
use BookStack\Role;
|
use BookStack\Role;
|
||||||
use BookStack\Services\PermissionService;
|
use BookStack\Services\PermissionService;
|
||||||
use BookStack\User;
|
|
||||||
use Illuminate\Contracts\Console\Kernel;
|
use Illuminate\Contracts\Console\Kernel;
|
||||||
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
||||||
use Laravel\BrowserKitTesting\TestCase;
|
use Laravel\BrowserKitTesting\TestCase;
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
use BookStack\Book;
|
use BookStack\Book;
|
||||||
use BookStack\Services\PermissionService;
|
use BookStack\Services\PermissionService;
|
||||||
use BookStack\User;
|
use BookStack\User;
|
||||||
|
use BookStack\Repos\EntityRepo;
|
||||||
|
|
||||||
class RestrictionsTest extends BrowserKitTest
|
class RestrictionsTest extends BrowserKitTest
|
||||||
{
|
{
|
||||||
@ -554,4 +555,70 @@ class RestrictionsTest extends BrowserKitTest
|
|||||||
$this->dontSee(substr($bookChapter->name, 0, 15));
|
$this->dontSee(substr($bookChapter->name, 0, 15));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_book_sort_view_permission()
|
||||||
|
{
|
||||||
|
$firstBook = Book::first();
|
||||||
|
$secondBook = Book::find(2);
|
||||||
|
$thirdBook = Book::find(3);
|
||||||
|
|
||||||
|
$this->setEntityRestrictions($firstBook, ['view', 'update']);
|
||||||
|
$this->setEntityRestrictions($secondBook, ['view']);
|
||||||
|
$this->setEntityRestrictions($thirdBook, ['view', 'update']);
|
||||||
|
|
||||||
|
// Test sort page visibility
|
||||||
|
$this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort')
|
||||||
|
->see('You do not have permission')
|
||||||
|
->seePageIs('/');
|
||||||
|
|
||||||
|
// Check sort page on first book
|
||||||
|
$this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort')
|
||||||
|
->see($thirdBook->name)
|
||||||
|
->dontSee($secondBook->name);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_book_sort_permission() {
|
||||||
|
$firstBook = Book::first();
|
||||||
|
$secondBook = Book::find(2);
|
||||||
|
|
||||||
|
$this->setEntityRestrictions($firstBook, ['view', 'update']);
|
||||||
|
$this->setEntityRestrictions($secondBook, ['view']);
|
||||||
|
|
||||||
|
$firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
|
||||||
|
['name' => 'first book chapter'], $firstBook);
|
||||||
|
$secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
|
||||||
|
['name' => 'second book chapter'], $secondBook);
|
||||||
|
|
||||||
|
// Create request data
|
||||||
|
$reqData = [
|
||||||
|
[
|
||||||
|
'id' => $firstBookChapter->id,
|
||||||
|
'sort' => 0,
|
||||||
|
'parentChapter' => false,
|
||||||
|
'type' => 'chapter',
|
||||||
|
'book' => $secondBook->id
|
||||||
|
]
|
||||||
|
];
|
||||||
|
|
||||||
|
// Move chapter from first book to a second book
|
||||||
|
$this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
|
||||||
|
->followRedirects()
|
||||||
|
->see('You do not have permission')
|
||||||
|
->seePageIs('/');
|
||||||
|
|
||||||
|
$reqData = [
|
||||||
|
[
|
||||||
|
'id' => $secondBookChapter->id,
|
||||||
|
'sort' => 0,
|
||||||
|
'parentChapter' => false,
|
||||||
|
'type' => 'chapter',
|
||||||
|
'book' => $firstBook->id
|
||||||
|
]
|
||||||
|
];
|
||||||
|
|
||||||
|
// Move chapter from second book to first book
|
||||||
|
$this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
|
||||||
|
->followRedirects()
|
||||||
|
->see('You do not have permission')
|
||||||
|
->seePageIs('/');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user