Updated shelf-list view to enforce view permissions for child books

- Aligned shelf-homepage behaviour to match - Updated testing to cover. For #2111
2024-07-07 20:02:40 +00:00 · 2020-05-12 22:21:45 +01:00 · 2020-05-12 22:21:45 +01:00 · 9666c8c0f7
commit 9666c8c0f7
parent d3ec38bee3
4 changed files with 24 additions and 7 deletions
--- a/app/Entities/Repos/BookshelfRepo.php
+++ b/app/Entities/Repos/BookshelfRepo.php
@ -28,8 +28,10 @@ class BookshelfRepo
     */
    public function getAllPaginated(int $count = 20, string $sort = 'name', string $order = 'asc'): LengthAwarePaginator
    {
-        return Bookshelf::visible()->with('visibleBooks')
-            ->orderBy($sort, $order)->paginate($count);
+        return Bookshelf::visible()
+            ->with('visibleBooks')
+            ->orderBy($sort, $order)
+            ->paginate($count);
    }

    /**
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
@ -69,11 +69,7 @@ class HomeController extends Controller
        }

        if ($homepageOption === 'bookshelves') {
-            $shelfRepo = app(BookshelfRepo::class);
            $shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['sort'], $commonData['order']);
-            foreach ($shelves as $shelf) {
-                $shelf->books = $shelf->visibleBooks;
-            }
            $data = array_merge($commonData, ['shelves' => $shelves]);
            return view('common.home-shelves', $data);
        }
--- a/resources/views/shelves/list-item.blade.php
+++ b/resources/views/shelves/list-item.blade.php
@ -10,7 +10,7 @@
    </div>
 </a>
 <div class="entity-shelf-books grid third gap-y-xs entity-list-item-children">
-    @foreach($shelf->books as $book)
+    @foreach($shelf->visibleBooks as $book)
        <div>
            <a href="{{ $book->getUrl('?shelf=' . $shelf->id) }}" class="entity-chip text-book">
                @icon('book')
--- a/tests/Entity/BookShelfTest.php
+++ b/tests/Entity/BookShelfTest.php
@ -56,6 +56,25 @@ class BookShelfTest extends TestCase
        $resp->assertElementContains('a', 'New Shelf');
    }

+    public function test_book_not_visible_in_shelf_list_view_if_user_cant_view_shelf()
+    {
+        config()->set([
+            'app.views.bookshelves' => 'list',
+        ]);
+        $shelf = Bookshelf::query()->first();
+        $book = $shelf->books()->first();
+
+        $resp = $this->asEditor()->get('/shelves');
+        $resp->assertSee($book->name);
+        $resp->assertSee($book->getUrl());
+
+        $this->setEntityRestrictions($book, []);
+
+        $resp = $this->asEditor()->get('/shelves');
+        $resp->assertDontSee($book->name);
+        $resp->assertDontSee($book->getUrl());
+    }
+
    public function test_shelves_create()
    {
        $booksToInclude = Book::take(2)->get();