Fixed entities wrongly visible on 404

Also ensured header state as expected on 404.
In reference to BookStackApp/website#9
This commit is contained in:
Dan Brown 2017-02-05 21:19:29 +00:00
parent 80f844139c
commit 6638ee47d3
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
5 changed files with 41 additions and 20 deletions

View file

@ -13,6 +13,8 @@ class Kernel extends HttpKernel
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
];
/**
@ -24,8 +26,6 @@ class Kernel extends HttpKernel
'web' => [
\BookStack\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\BookStack\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\BookStack\Http\Middleware\Localization::class

View file

@ -37,6 +37,15 @@ function user()
return auth()->user() ?: \BookStack\User::getDefault();
}
/**
* Check if current user is a signed in user.
* @return bool
*/
function signedInUser()
{
return auth()->user() && !auth()->user()->isDefault();
}
/**
* Check if the current user has a permission.
* If an ownable element is passed in the jointPermissions are checked against

View file

@ -55,15 +55,15 @@
<div class="float right">
<div class="links text-center">
<a href="{{ baseUrl('/books') }}"><i class="zmdi zmdi-book"></i>{{ trans('entities.books') }}</a>
@if(isset($currentUser) && userCan('settings-manage'))
@if(signedInUser() && userCan('settings-manage'))
<a href="{{ baseUrl('/settings') }}"><i class="zmdi zmdi-settings"></i>{{ trans('settings.settings') }}</a>
@endif
@if(!isset($signedIn) || !$signedIn)
@if(!signedInUser())
<a href="{{ baseUrl('/login') }}"><i class="zmdi zmdi-sign-in"></i>{{ trans('auth.log_in') }}</a>
@endif
</div>
@if(isset($signedIn) && $signedIn)
@include('partials._header-dropdown', ['currentUser' => $currentUser])
@if(signedInUser())
@include('partials._header-dropdown', ['currentUser' => user()])
@endif
</div>

View file

@ -10,22 +10,24 @@
<p>{{ trans('errors.sorry_page_not_found') }}</p>
<p><a href="{{ baseUrl('/') }}" class="button">{{ trans('errors.return_home') }}</a></p>
<hr>
@if (setting('app-public') || !user()->isDefault())
<hr>
<div class="row">
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
<div class="row">
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
</div>
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
</div>
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
</div>
</div>
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
</div>
<div class="col-md-4">
<h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
@include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
</div>
</div>
@endif
</div>
@stop

View file

@ -80,4 +80,14 @@ class PublicActionTest extends TestCase
]);
}
public function test_content_not_listed_on_404_for_public_users()
{
$page = \BookStack\Page::first();
$this->asAdmin()->visit($page->getUrl());
Auth::logout();
view()->share('pageTitle', '');
$this->forceVisit('/cats/dogs/hippos');
$this->dontSee($page->name);
}
}