Merge branch 'Copy-For-View-Only' of git://github.com/mark-james/BookStack into mark-james-Copy-For-View-Only

2024-10-01 05:36:00 +00:00 · 2019-03-09 16:12:12 +00:00 · 2019-03-09 16:12:12 +00:00 · 6be2d3f28c
commit 6be2d3f28c
parent 33e999909f 19770d2792
4 changed files with 47 additions and 7 deletions
--- a/app/Auth/Permissions/PermissionService.php
+++ b/app/Auth/Permissions/PermissionService.php
@ -556,6 +556,33 @@ class PermissionService
        return $q;
    }

+    /**
+     * Checks if a user has a book or chapter available to create a page
+     * @param Ownable $ownable
+     * @param $permission
+     * @return bool
+     */
+    public function checkAvailableCreatePageAccess()
+    {
+        $userRoleIds = $this->currentUser()->roles()->pluck('id')->toArray();
+        $userId = $this->currentUser()->id;
+
+
+        $canCreatePage = $this->db->table('joint_permissions')
+            ->where('action', '=', 'page-create')
+            ->whereIn('role_id', $userRoleIds)
+            ->where(function ($query) use ($userId) {
+                $query->where('has_permission', '=', 1)
+                ->orWhere(function ($query2) use ($userId) {
+                    $query2->where('has_permission_own', '=', 1)
+                    ->where('created_by', '=', $userId);
+                });       
+            })
+            ->get()->count() > 0;
+
+        return $canCreatePage;
+    }
+
    /**
     * Check if an entity has restrictions set on itself or its
     * parent tree.
--- a/app/Http/Controllers/PageController.php
+++ b/app/Http/Controllers/PageController.php
@ -643,7 +643,7 @@ class PageController extends Controller
    public function showCopy($bookSlug, $pageSlug)
    {
        $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug);
-        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('page-view', $page);
        session()->flashInput(['name' => $page->name]);
        return view('pages/copy', [
            'book' => $page->book,
@ -662,7 +662,7 @@ class PageController extends Controller
    public function copy($bookSlug, $pageSlug, Request $request)
    {
        $page = $this->pageRepo->getPageBySlug($pageSlug, $bookSlug);
-        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('page-view', $page);

        $entitySelection = $request->get('entity_selection', null);
        if ($entitySelection === null || $entitySelection === '') {
--- a/app/helpers.php
+++ b/app/helpers.php
@ -65,6 +65,17 @@ function userCan($permission, Ownable $ownable = null)
    return $permissionService->checkOwnableUserAccess($ownable, $permission);
 }

+/**
+ * Check if the current user has the ability to create a page for an existing object
+ * @return bool
+ */
+function userCanCreatePage()
+{
+    // Check for create page permissions
+    $permissionService = app(\BookStack\Auth\Permissions\PermissionService::class);
+    return $permissionService->checkAvailableCreatePageAccess();
+}
+
 /**
 * Helper to access system settings.
 * @param $key
--- a/resources/views/pages/show.blade.php
+++ b/resources/views/pages/show.blade.php
@ -17,15 +17,17 @@
            @if(userCan('page-update', $page))
                <a href="{{ $page->getUrl('/edit') }}" class="text-primary text-button" >@icon('edit'){{ trans('common.edit') }}</a>
            @endif
-            @if(userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page))
+            @if((userCan('page-view', $page) && userCanCreatePage()) || userCan('page-update', $page) || userCan('restrictions-manage', $page) || userCan('page-delete', $page))
                <div dropdown class="dropdown-container">
                    <a dropdown-toggle class="text-primary text-button">@icon('more') {{ trans('common.more') }}</a>
                    <ul>
-                        @if(userCan('page-update', $page))
+                        @if(userCanCreatePage())
                            <li><a href="{{ $page->getUrl('/copy') }}" class="text-primary" >@icon('copy'){{ trans('common.copy') }}</a></li>
-                            @if(userCan('page-delete', $page))
-                                <li><a href="{{ $page->getUrl('/move') }}" class="text-primary" >@icon('folder'){{ trans('common.move') }}</a></li>
-                            @endif
+                        @endif
+                        @if(userCan('page-delete', $page) && userCan('page-update, $page))
+                            <li><a href="{{ $page->getUrl('/move') }}" class="text-primary" >@icon('folder'){{ trans('common.move') }}</a></li>
+                        @endif
+                        @if(userCan('page-update', $page))
                            <li><a href="{{ $page->getUrl('/revisions') }}" class="text-primary">@icon('history'){{ trans('entities.revisions') }}</a></li>
                        @endif
                        @if(userCan('restrictions-manage', $page))