Removed most usages of restricted entitiy property

This commit is contained in:
Dan Brown 2022-10-10 16:58:26 +01:00
parent 63056dbef4
commit 0f68be608d
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
22 changed files with 42 additions and 52 deletions

View file

@ -66,6 +66,8 @@ class PermissionApplicator
return true;
}
// The chain order here is very important due to the fact we walk up the chain
// in the loop below. Earlier items in the chain have higher priority.
$chain = [$entity];
if ($entity instanceof Page && $entity->chapter_id) {
$chain[] = $entity->chapter;
@ -76,16 +78,26 @@ class PermissionApplicator
}
foreach ($chain as $currentEntity) {
if (is_null($currentEntity->restricted)) {
throw new InvalidArgumentException('Entity restricted field used but has not been loaded');
$allowedByRoleId = $currentEntity->permissions()
->whereIn('role_id', [0, ...$userRoleIds])
->pluck($action, 'role_id');
// Continue up the chain if no applicable entity permission overrides.
if (empty($allowedByRoleId)) {
continue;
}
if ($currentEntity->restricted) {
return $currentEntity->permissions()
->whereIn('role_id', $userRoleIds)
->where($action, '=', true)
->count() > 0;
// If we have user-role-specific permissions set, allow if any of those
// role permissions allow access.
$hasDefault = $allowedByRoleId->has(0);
if (!$hasDefault || $allowedByRoleId->count() > 1) {
return $allowedByRoleId->search(function (bool $allowed, int $roleId) {
return $roleId !== 0 && $allowed;
}) !== false;
}
// Otherwise, return the default "Other roles" fallback value.
return $allowedByRoleId->get(0);
}
return null;

View file

@ -66,11 +66,11 @@ class CopyShelfPermissions extends Command
return;
}
$shelves = Bookshelf::query()->get(['id', 'restricted']);
$shelves = Bookshelf::query()->get(['id']);
}
if ($shelfSlug) {
$shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id', 'restricted']);
$shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id']);
if ($shelves->count() === 0) {
$this->info('No shelves found with the given slug.');
}

View file

@ -28,7 +28,7 @@ class Book extends Entity implements HasCoverImage
public $searchFactor = 1.2;
protected $fillable = ['name', 'description'];
protected $hidden = ['restricted', 'pivot', 'image_id', 'deleted_at'];
protected $hidden = ['pivot', 'image_id', 'deleted_at'];
/**
* Get the url for this book.

View file

@ -17,7 +17,7 @@ class Bookshelf extends Entity implements HasCoverImage
protected $fillable = ['name', 'description', 'image_id'];
protected $hidden = ['restricted', 'image_id', 'deleted_at'];
protected $hidden = ['image_id', 'deleted_at'];
/**
* Get the books in this shelf.

View file

@ -19,7 +19,7 @@ class Chapter extends BookChild
public $searchFactor = 1.2;
protected $fillable = ['name', 'description', 'priority'];
protected $hidden = ['restricted', 'pivot', 'deleted_at'];
protected $hidden = ['pivot', 'deleted_at'];
/**
* Get the pages that this chapter contains.

View file

@ -42,7 +42,6 @@ use Illuminate\Database\Eloquent\SoftDeletes;
* @property Carbon $deleted_at
* @property int $created_by
* @property int $updated_by
* @property bool $restricted
* @property Collection $tags
*
* @method static Entity|Builder visible()

View file

@ -39,7 +39,7 @@ class Page extends BookChild
public $textField = 'text';
protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot', 'deleted_at'];
protected $hidden = ['html', 'markdown', 'text', 'pivot', 'deleted_at'];
protected $casts = [
'draft' => 'boolean',

View file

@ -31,7 +31,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
class PageRevision extends Model implements Loggable
{
protected $fillable = ['name', 'text', 'summary'];
protected $hidden = ['html', 'markdown', 'restricted', 'text'];
protected $hidden = ['html', 'markdown', 'text'];
/**
* Get the user that created the page revision.

View file

@ -122,7 +122,6 @@ class Cloner
*/
public function copyEntityPermissions(Entity $sourceEntity, Entity $targetEntity): void
{
$targetEntity->restricted = $sourceEntity->restricted;
$permissions = $sourceEntity->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
$targetEntity->permissions()->delete();
$targetEntity->permissions()->createMany($permissions);

View file

@ -65,7 +65,7 @@ class HierarchyTransformer
foreach ($book->chapters as $index => $chapter) {
$newBook = $this->transformChapterToBook($chapter);
$shelfBookSyncData[$newBook->id] = ['order' => $index];
if (!$newBook->restricted) {
if (!$newBook->hasPermissions()) {
$this->cloner->copyEntityPermissions($shelf, $newBook);
}
}

View file

@ -75,9 +75,8 @@ class PermissionsUpdater
*/
public function updateBookPermissionsFromShelf(Bookshelf $shelf, $checkUserPermissions = true): int
{
// TODO - Fix for new format
$shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
$shelfBooks = $shelf->books()->get(['id', 'restricted', 'owned_by']);
$shelfBooks = $shelf->books()->get(['id', 'owned_by']);
$updatedBookCount = 0;
/** @var Book $book */
@ -86,9 +85,7 @@ class PermissionsUpdater
continue;
}
$book->permissions()->delete();
$book->restricted = $shelf->restricted;
$book->permissions()->createMany($shelfPermissions);
$book->save();
$book->rebuildPermissions();
$updatedBookCount++;
}

View file

@ -87,7 +87,7 @@ class FavouriteController extends Controller
$modelInstance = $model->newQuery()
->where('id', '=', $modelInfo['id'])
->first(['id', 'name', 'restricted', 'owned_by']);
->first(['id', 'name', 'owned_by']);
$inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
if (is_null($modelInstance) || $inaccessibleEntity) {

View file

@ -50,9 +50,7 @@ class AttachmentsApiTest extends TestCase
],
]]);
$page->restricted = true;
$page->save();
$this->entities->regenPermissions($page);
$this->entities->setPermissions($page, [], []);
$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
$resp->assertJsonMissing(['data' => [

View file

@ -19,7 +19,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
$shelf = $this->entities->shelf();
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default');
$this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -28,7 +28,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
]);
$child = $shelf->books()->first();
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted');
$this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);
@ -40,7 +40,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
Bookshelf::query()->where('id', '!=', $shelf->id)->delete();
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default');
$this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -48,7 +48,7 @@ class CopyShelfPermissionsCommandTest extends TestCase
->expectsQuestion('Permission settings for all shelves will be cascaded. Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. Are you sure you want to proceed?', 'y');
$child = $shelf->books()->first();
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted');
$this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);

View file

@ -295,7 +295,7 @@ class BookShelfTest extends TestCase
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$this->assertFalse(boolval($child->restricted), 'Child book should not be restricted by default');
$this->assertFalse(boolval($child->hasPermissions()), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
@ -303,7 +303,7 @@ class BookShelfTest extends TestCase
$child = $shelf->books()->first();
$resp->assertRedirect($shelf->getUrl());
$this->assertTrue(boolval($child->restricted), 'Child book should now be restricted');
$this->assertTrue(boolval($child->hasPermissions()), 'Child book should now be restricted');
$this->assertTrue($child->permissions()->count() === 2, 'Child book should have copied permissions');
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'view', 'role_id' => $editorRole->id]);
$this->assertDatabaseHas('entity_permissions', ['restrictable_id' => $child->id, 'action' => 'update', 'role_id' => $editorRole->id]);

View file

@ -304,9 +304,7 @@ class BookTest extends TestCase
// Hide child content
/** @var BookChild $page */
foreach ($book->getDirectChildren() as $child) {
$child->restricted = true;
$child->save();
$this->entities->regenPermissions($child);
$this->entities->setPermissions($child, [], []);
}
$this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']);

View file

@ -101,9 +101,7 @@ class ChapterTest extends TestCase
// Hide pages to all non-admin roles
/** @var Page $page */
foreach ($chapter->pages as $page) {
$page->restricted = true;
$page->save();
$this->entities->regenPermissions($page);
$this->entities->setPermissions($page, [], []);
}
$this->asEditor()->post($chapter->getUrl('/copy'), [

View file

@ -172,8 +172,7 @@ class EntitySearchTest extends TestCase
// Restricted filter
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertDontSee($page->name);
$page->restricted = true;
$page->save();
$this->entities->setPermissions($page, [], []);
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertSee($page->name);
// Date filters

View file

@ -75,9 +75,7 @@ class TagTest extends TestCase
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
// Set restricted permission the page
$page->restricted = true;
$page->save();
$page->rebuildPermissions();
$this->entities->setPermissions($page, [], []);
$this->asAdmin()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson([]);
@ -180,8 +178,7 @@ class TagTest extends TestCase
$resp = $this->get('/tags?name=SuperCategory');
$resp->assertSee('GreatTestContent');
$page->restricted = true;
$this->entities->regenPermissions($page);
$this->entities->setPermissions($page, [], []);
$resp = $this->asEditor()->get('/tags');
$resp->assertDontSee('SuperCategory');

View file

@ -204,7 +204,6 @@ class EntityProvider
*/
public function setPermissions(Entity $entity, array $actions = [], array $roles = []): void
{
$entity->restricted = true;
$entity->permissions()->delete();
$permissions = [];
@ -217,7 +216,6 @@ class EntityProvider
}
$entity->permissions()->createMany($permissions);
$entity->save();
$entity->load('permissions');
$this->regenPermissions($entity);
}

View file

@ -376,7 +376,6 @@ class EntityPermissionsTest extends TestCase
->assertSee($title);
$this->put($modelInstance->getUrl('/permissions'), [
'restricted' => 'true',
'restrictions' => [
$roleId => [
$permission => 'true',

View file

@ -253,11 +253,7 @@ class AttachmentTest extends TestCase
$this->uploadFile($fileName, $page->id);
$attachment = Attachment::orderBy('id', 'desc')->take(1)->first();
$page->restricted = true;
$page->permissions()->delete();
$page->save();
$page->rebuildPermissions();
$page->load('jointPermissions');
$this->entities->setPermissions($page, [], []);
$this->actingAs($viewer);
$attachmentGet = $this->get($attachment->getUrl());