mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-08-26 20:22:18 +00:00
Performed further cleanup in permission service
This commit is contained in:
Dan Brown
parent
1e5951a75f
commit
b929c0adbb
@ -495,19 +495,15 @@ class PermissionService
|
|||||||
$userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray();
|
$userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray();
|
||||||
$userId = $this->currentUser()->id;
|
$userId = $this->currentUser()->id;
|
||||||
|
|
||||||
$permissionQuery = $this->db->table('joint_permissions')
|
$permissionQuery = JointPermission::query()
|
||||||
->where('action', '=', $permission)
|
->where('action', '=', $permission)
|
||||||
->whereIn('role_id', $userRoleIds)
|
->whereIn('role_id', $userRoleIds)
|
||||||
->where(function ($query) use ($userId) {
|
->where(function (Builder $query) use ($userId) {
|
||||||
$query->where('has_permission', '=', 1)
|
$this->addJointHasPermissionCheck($query, $userId);
|
||||||
->orWhere(function ($query2) use ($userId) {
|
|
||||||
$query2->where('has_permission_own', '=', 1)
|
|
||||||
->where('owned_by', '=', $userId);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!is_null($entityClass)) {
|
if (!is_null($entityClass)) {
|
||||||
$entityInstance = app()->make($entityClass);
|
$entityInstance = app($entityClass);
|
||||||
$permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());
|
$permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -526,12 +522,8 @@ class PermissionService
|
|||||||
$parentQuery->whereHas('jointPermissions', function ($permissionQuery) use ($action) {
|
$parentQuery->whereHas('jointPermissions', function ($permissionQuery) use ($action) {
|
||||||
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
|
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
->where('action', '=', $action)
|
->where('action', '=', $action)
|
||||||
->where(function ($query) {
|
->where(function (Builder $query) {
|
||||||
$query->where('has_permission', '=', true)
|
$this->addJointHasPermissionCheck($query, $this->currentUser()->id);
|
||||||
->orWhere(function ($query) {
|
|
||||||
$query->where('has_permission_own', '=', true)
|
|
||||||
->where('owned_by', '=', $this->currentUser()->id);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -552,11 +544,7 @@ class PermissionService
|
|||||||
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
|
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
->where('action', '=', $ability)
|
->where('action', '=', $ability)
|
||||||
->where(function (Builder $query) {
|
->where(function (Builder $query) {
|
||||||
$query->where('has_permission', '=', true)
|
$this->addJointHasPermissionCheck($query, $this->currentUser()->id);
|
||||||
->orWhere(function (Builder $query) {
|
|
||||||
$query->where('has_permission_own', '=', true)
|
|
||||||
->where('owned_by', '=', $this->currentUser()->id);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -580,17 +568,11 @@ class PermissionService
|
|||||||
/**
|
/**
|
||||||
* Add restrictions for a generic entity.
|
* Add restrictions for a generic entity.
|
||||||
*/
|
*/
|
||||||
public function enforceEntityRestrictions(string $entityType, Builder $query, string $action = 'view'): Builder
|
public function enforceEntityRestrictions(Entity $entity, Builder $query, string $action = 'view'): Builder
|
||||||
{
|
{
|
||||||
if (strtolower($entityType) === 'page') {
|
if ($entity instanceof Page) {
|
||||||
// Prevent drafts being visible to others.
|
// Prevent drafts being visible to others.
|
||||||
$query->where(function ($query) {
|
$this->enforceDraftVisibilityOnQuery($query);
|
||||||
$query->where('draft', '=', false)
|
|
||||||
->orWhere(function ($query) {
|
|
||||||
$query->where('draft', '=', true)
|
|
||||||
->where('owned_by', '=', $this->currentUser()->id);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->entityRestrictionQuery($query, $action);
|
return $this->entityRestrictionQuery($query, $action);
|
||||||
@ -610,11 +592,8 @@ class PermissionService
|
|||||||
->whereRaw('joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
|
->whereRaw('joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
|
||||||
->where('action', '=', $action)
|
->where('action', '=', $action)
|
||||||
->whereIn('role_id', $this->getCurrentUserRoles())
|
->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
->where(function ($query) {
|
->where(function (QueryBuilder $query) {
|
||||||
$query->where('has_permission', '=', true)->orWhere(function ($query) {
|
$this->addJointHasPermissionCheck($query, $this->currentUser()->id);
|
||||||
$query->where('has_permission_own', '=', true)
|
|
||||||
->where('owned_by', '=', $this->currentUser()->id);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -640,11 +619,8 @@ class PermissionService
|
|||||||
->where('entity_type', '=', $morphClass)
|
->where('entity_type', '=', $morphClass)
|
||||||
->where('action', '=', 'view')
|
->where('action', '=', 'view')
|
||||||
->whereIn('role_id', $this->getCurrentUserRoles())
|
->whereIn('role_id', $this->getCurrentUserRoles())
|
||||||
->where(function ($query) {
|
->where(function (QueryBuilder $query) {
|
||||||
$query->where('has_permission', '=', true)->orWhere(function ($query) {
|
$this->addJointHasPermissionCheck($query, $this->currentUser()->id);
|
||||||
$query->where('has_permission_own', '=', true)
|
|
||||||
->where('owned_by', '=', $this->currentUser()->id);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
})->orWhere($tableDetails['entityIdColumn'], '=', 0);
|
})->orWhere($tableDetails['entityIdColumn'], '=', 0);
|
||||||
@ -654,6 +630,19 @@ class PermissionService
|
|||||||
return $q;
|
return $q;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add the query for checking the given user id has permission
|
||||||
|
* within the join_permissions table.
|
||||||
|
* @param QueryBuilder|Builder $query
|
||||||
|
*/
|
||||||
|
protected function addJointHasPermissionCheck($query, int $userIdToCheck)
|
||||||
|
{
|
||||||
|
$query->where('has_permission', '=', true)->orWhere(function ($query) use ($userIdToCheck) {
|
||||||
|
$query->where('has_permission_own', '=', true)
|
||||||
|
->where('owned_by', '=', $userIdToCheck);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the current user
|
* Get the current user
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -179,7 +179,7 @@ class SearchRunner
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->permissionService->enforceEntityRestrictions($entityType, $entitySelect, $action);
|
return $this->permissionService->enforceEntityRestrictions($entity, $entitySelect, $action);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user