Finished initial implementation of custom role system

2025-05-26 00:30:02 +08:00 · 2016-02-27 19:24:42 +00:00
parent a54be85185
commit 473261be35
37 changed files with 644 additions and 213 deletions
--- a/app/Http/Controllers/PageController.php
+++ b/app/Http/Controllers/PageController.php
@ -1,12 +1,8 @@
-<?php
-
-namespace BookStack\Http\Controllers;
+<?php namespace BookStack\Http\Controllers;

 use Activity;
 use BookStack\Services\ExportService;
 use Illuminate\Http\Request;
-
-use Illuminate\Support\Facades\Auth;
 use BookStack\Http\Requests;
 use BookStack\Repos\BookRepo;
 use BookStack\Repos\ChapterRepo;
@ -40,7 +36,6 @@ class PageController extends Controller

    /**
     * Show the form for creating a new page.
-     *
     * @param      $bookSlug
     * @param bool $chapterSlug
     * @return Response
@ -48,23 +43,22 @@ class PageController extends Controller
     */
    public function create($bookSlug, $chapterSlug = false)
    {
-        $this->checkPermission('page-create');
        $book = $this->bookRepo->getBySlug($bookSlug);
        $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : false;
+        $parent = $chapter ? $chapter : $book;
+        $this->checkOwnablePermission('page-create', $parent);
        $this->setPageTitle('Create New Page');
        return view('pages/create', ['book' => $book, 'chapter' => $chapter]);
    }

    /**
     * Store a newly created page in storage.
-     *
     * @param  Request $request
     * @param          $bookSlug
     * @return Response
     */
    public function store(Request $request, $bookSlug)
    {
-        $this->checkPermission('page-create');
        $this->validate($request, [
            'name'   => 'required|string|max:255'
        ]);
@ -72,6 +66,8 @@ class PageController extends Controller
        $input = $request->all();
        $book = $this->bookRepo->getBySlug($bookSlug);
        $chapterId = ($request->has('chapter') && $this->chapterRepo->idExists($request->get('chapter'))) ? $request->get('chapter') : null;
+        $parent = $chapterId !== null ? $this->chapterRepo->getById($chapterId) : $book;
+        $this->checkOwnablePermission('page-create', $parent);
        $input['priority'] = $this->bookRepo->getNewPriority($book);

        $page = $this->pageRepo->saveNew($input, $book, $chapterId);
@ -84,7 +80,6 @@ class PageController extends Controller
     * Display the specified page.
     * If the page is not found via the slug the
     * revisions are searched for a match.
-     *
     * @param $bookSlug
     * @param $pageSlug
     * @return Response
@ -109,23 +104,21 @@ class PageController extends Controller

    /**
     * Show the form for editing the specified page.
-     *
     * @param $bookSlug
     * @param $pageSlug
     * @return Response
     */
    public function edit($bookSlug, $pageSlug)
    {
-        $this->checkPermission('page-update');
        $book = $this->bookRepo->getBySlug($bookSlug);
        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $this->checkOwnablePermission('page-update', $page);
        $this->setPageTitle('Editing Page ' . $page->getShortName());
        return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]);
    }

    /**
     * Update the specified page in storage.
-     *
     * @param  Request $request
     * @param          $bookSlug
     * @param          $pageSlug
@ -133,12 +126,12 @@ class PageController extends Controller
     */
    public function update(Request $request, $bookSlug, $pageSlug)
    {
-        $this->checkPermission('page-update');
        $this->validate($request, [
            'name'   => 'required|string|max:255'
        ]);
        $book = $this->bookRepo->getBySlug($bookSlug);
        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $this->checkOwnablePermission('page-update', $page);
        $this->pageRepo->updatePage($page, $book->id, $request->all());
        Activity::add($page, 'page_update', $book->id);
        return redirect($page->getUrl());
@ -164,9 +157,9 @@ class PageController extends Controller
     */
    public function showDelete($bookSlug, $pageSlug)
    {
-        $this->checkPermission('page-delete');
        $book = $this->bookRepo->getBySlug($bookSlug);
        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $this->checkOwnablePermission('page-delete', $page);
        $this->setPageTitle('Delete Page ' . $page->getShortName());
        return view('pages/delete', ['book' => $book, 'page' => $page, 'current' => $page]);
    }
@ -181,9 +174,9 @@ class PageController extends Controller
     */
    public function destroy($bookSlug, $pageSlug)
    {
-        $this->checkPermission('page-delete');
        $book = $this->bookRepo->getBySlug($bookSlug);
        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $this->checkOwnablePermission('page-delete', $page);
        Activity::addMessage('page_delete', $book->id, $page->name);
        $this->pageRepo->destroy($page);
        return redirect($book->getUrl());
@ -229,9 +222,9 @@ class PageController extends Controller
     */
    public function restoreRevision($bookSlug, $pageSlug, $revisionId)
    {
-        $this->checkPermission('page-update');
        $book = $this->bookRepo->getBySlug($bookSlug);
        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $this->checkOwnablePermission('page-update', $page);
        $page = $this->pageRepo->restoreRevision($page, $book, $revisionId);
        Activity::add($page, 'page_restore', $book->id);
        return redirect($page->getUrl());