Added in restriction queries for most lists
This commit is contained in:
parent
201f788806
commit
7f5872372d
10 changed files with 359 additions and 95 deletions
|
@ -19,11 +19,7 @@ class Activity extends Model
|
|||
*/
|
||||
public function entity()
|
||||
{
|
||||
if ($this->entity_id) {
|
||||
return $this->morphTo('entity')->first();
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return $this->morphTo('entity');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -28,11 +28,17 @@ class CustomFacadeProvider extends ServiceProvider
|
|||
public function register()
|
||||
{
|
||||
$this->app->bind('activity', function() {
|
||||
return new ActivityService($this->app->make('BookStack\Activity'));
|
||||
return new ActivityService(
|
||||
$this->app->make('BookStack\Activity'),
|
||||
$this->app->make('BookStack\Services\RestrictionService')
|
||||
);
|
||||
});
|
||||
|
||||
$this->app->bind('views', function() {
|
||||
return new ViewService($this->app->make('BookStack\View'));
|
||||
return new ViewService(
|
||||
$this->app->make('BookStack\View'),
|
||||
$this->app->make('BookStack\Services\RestrictionService')
|
||||
);
|
||||
});
|
||||
|
||||
$this->app->bind('setting', function() {
|
||||
|
@ -41,6 +47,7 @@ class CustomFacadeProvider extends ServiceProvider
|
|||
$this->app->make('Illuminate\Contracts\Cache\Repository')
|
||||
);
|
||||
});
|
||||
|
||||
$this->app->bind('images', function() {
|
||||
return new ImageService(
|
||||
$this->app->make('Intervention\Image\ImageManager'),
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
<?php namespace BookStack\Repos;
|
||||
|
||||
use Activity;
|
||||
use BookStack\Services\RestrictionService;
|
||||
use Illuminate\Support\Str;
|
||||
use BookStack\Book;
|
||||
use Views;
|
||||
|
@ -11,18 +12,31 @@ class BookRepo
|
|||
protected $book;
|
||||
protected $pageRepo;
|
||||
protected $chapterRepo;
|
||||
protected $restrictionService;
|
||||
|
||||
/**
|
||||
* BookRepo constructor.
|
||||
* @param Book $book
|
||||
* @param PageRepo $pageRepo
|
||||
* @param ChapterRepo $chapterRepo
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(Book $book, PageRepo $pageRepo, ChapterRepo $chapterRepo)
|
||||
public function __construct(Book $book, PageRepo $pageRepo, ChapterRepo $chapterRepo, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->book = $book;
|
||||
$this->pageRepo = $pageRepo;
|
||||
$this->chapterRepo = $chapterRepo;
|
||||
$this->restrictionService = $restrictionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Base query for getting books.
|
||||
* Takes into account any restrictions.
|
||||
* @return mixed
|
||||
*/
|
||||
private function bookQuery()
|
||||
{
|
||||
return $this->restrictionService->enforceBookRestrictions($this->book, 'view');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -32,7 +46,7 @@ class BookRepo
|
|||
*/
|
||||
public function getById($id)
|
||||
{
|
||||
return $this->book->findOrFail($id);
|
||||
return $this->bookQuery()->findOrFail($id);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -42,7 +56,7 @@ class BookRepo
|
|||
*/
|
||||
public function getAll($count = 10)
|
||||
{
|
||||
$bookQuery = $this->book->orderBy('name', 'asc');
|
||||
$bookQuery = $this->bookQuery()->orderBy('name', 'asc');
|
||||
if (!$count) return $bookQuery->get();
|
||||
return $bookQuery->take($count)->get();
|
||||
}
|
||||
|
@ -54,7 +68,8 @@ class BookRepo
|
|||
*/
|
||||
public function getAllPaginated($count = 10)
|
||||
{
|
||||
return $this->book->orderBy('name', 'asc')->paginate($count);
|
||||
return $this->bookQuery()
|
||||
->orderBy('name', 'asc')->paginate($count);
|
||||
}
|
||||
|
||||
|
||||
|
@ -65,7 +80,7 @@ class BookRepo
|
|||
*/
|
||||
public function getLatest($count = 10)
|
||||
{
|
||||
return $this->book->orderBy('created_at', 'desc')->take($count)->get();
|
||||
return $this->bookQuery()->orderBy('created_at', 'desc')->take($count)->get();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -76,6 +91,7 @@ class BookRepo
|
|||
*/
|
||||
public function getRecentlyViewed($count = 10, $page = 0)
|
||||
{
|
||||
// TODO restrict
|
||||
return Views::getUserRecentlyViewed($count, $page, $this->book);
|
||||
}
|
||||
|
||||
|
@ -87,6 +103,7 @@ class BookRepo
|
|||
*/
|
||||
public function getPopular($count = 10, $page = 0)
|
||||
{
|
||||
// TODO - Restrict
|
||||
return Views::getPopular($count, $page, $this->book);
|
||||
}
|
||||
|
||||
|
@ -97,7 +114,7 @@ class BookRepo
|
|||
*/
|
||||
public function getBySlug($slug)
|
||||
{
|
||||
$book = $this->book->where('slug', '=', $slug)->first();
|
||||
$book = $this->bookQuery()->where('slug', '=', $slug)->first();
|
||||
if ($book === null) abort(404);
|
||||
return $book;
|
||||
}
|
||||
|
@ -109,7 +126,7 @@ class BookRepo
|
|||
*/
|
||||
public function exists($id)
|
||||
{
|
||||
return $this->book->where('id', '=', $id)->exists();
|
||||
return $this->bookQuery()->where('id', '=', $id)->exists();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -119,17 +136,7 @@ class BookRepo
|
|||
*/
|
||||
public function newFromInput($input)
|
||||
{
|
||||
return $this->book->fill($input);
|
||||
}
|
||||
|
||||
/**
|
||||
* Count the amount of books that have a specific slug.
|
||||
* @param $slug
|
||||
* @return mixed
|
||||
*/
|
||||
public function countBySlug($slug)
|
||||
{
|
||||
return $this->book->where('slug', '=', $slug)->count();
|
||||
return $this->bookQuery()->fill($input);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -202,8 +209,13 @@ class BookRepo
|
|||
*/
|
||||
public function getChildren(Book $book)
|
||||
{
|
||||
$pages = $book->pages()->where('chapter_id', '=', 0)->get();
|
||||
$chapters = $book->chapters()->with('pages')->get();
|
||||
$pageQuery = $book->pages()->where('chapter_id', '=', 0);
|
||||
$this->restrictionService->enforcePageRestrictions($pageQuery, 'view');
|
||||
$pages = $pageQuery->get();
|
||||
|
||||
$chapterQuery = $book->chapters()->with('pages');
|
||||
$this->restrictionService->enforceChapterRestrictions($chapterQuery, 'view');
|
||||
$chapters = $chapterQuery->get();
|
||||
$children = $pages->merge($chapters);
|
||||
$bookSlug = $book->slug;
|
||||
$children->each(function ($child) use ($bookSlug) {
|
||||
|
@ -227,7 +239,7 @@ class BookRepo
|
|||
public function getBySearch($term, $count = 20, $paginationAppends = [])
|
||||
{
|
||||
$terms = explode(' ', $term);
|
||||
$books = $this->book->fullTextSearchQuery(['name', 'description'], $terms)
|
||||
$books = $this->restrictionService->enforceBookRestrictions($this->book->fullTextSearchQuery(['name', 'description'], $terms))
|
||||
->paginate($count)->appends($paginationAppends);
|
||||
$words = join('|', explode(' ', preg_quote(trim($term), '/')));
|
||||
foreach ($books as $book) {
|
||||
|
@ -249,11 +261,11 @@ class BookRepo
|
|||
$book->restricted = $request->has('restricted') && $request->get('restricted') === 'true';
|
||||
$book->restrictions()->delete();
|
||||
if ($request->has('restrictions')) {
|
||||
foreach($request->get('restrictions') as $roleId => $restrictions) {
|
||||
foreach ($request->get('restrictions') as $roleId => $restrictions) {
|
||||
foreach ($restrictions as $action => $value) {
|
||||
$book->restrictions()->create([
|
||||
'role_id' => $roleId,
|
||||
'action' => strtolower($action)
|
||||
'action' => strtolower($action)
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
|
||||
use Activity;
|
||||
use BookStack\Services\RestrictionService;
|
||||
use Illuminate\Support\Str;
|
||||
use BookStack\Chapter;
|
||||
|
||||
|
@ -9,14 +10,26 @@ class ChapterRepo
|
|||
{
|
||||
|
||||
protected $chapter;
|
||||
protected $restrictionService;
|
||||
|
||||
/**
|
||||
* ChapterRepo constructor.
|
||||
* @param $chapter
|
||||
* @param Chapter $chapter
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(Chapter $chapter)
|
||||
public function __construct(Chapter $chapter, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->chapter = $chapter;
|
||||
$this->restrictionService = $restrictionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Base query for getting chapters, Takes restrictions into account.
|
||||
* @return mixed
|
||||
*/
|
||||
private function chapterQuery()
|
||||
{
|
||||
return $this->restrictionService->enforceChapterRestrictions($this->chapter, 'view');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -26,7 +39,7 @@ class ChapterRepo
|
|||
*/
|
||||
public function idExists($id)
|
||||
{
|
||||
return $this->chapter->where('id', '=', $id)->count() > 0;
|
||||
return $this->chapterQuery()->where('id', '=', $id)->count() > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -36,7 +49,7 @@ class ChapterRepo
|
|||
*/
|
||||
public function getById($id)
|
||||
{
|
||||
return $this->chapter->findOrFail($id);
|
||||
return $this->chapterQuery()->findOrFail($id);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -45,7 +58,7 @@ class ChapterRepo
|
|||
*/
|
||||
public function getAll()
|
||||
{
|
||||
return $this->chapter->all();
|
||||
return $this->chapterQuery()->all();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -56,7 +69,7 @@ class ChapterRepo
|
|||
*/
|
||||
public function getBySlug($slug, $bookId)
|
||||
{
|
||||
$chapter = $this->chapter->where('slug', '=', $slug)->where('book_id', '=', $bookId)->first();
|
||||
$chapter = $this->chapterQuery()->where('slug', '=', $slug)->where('book_id', '=', $bookId)->first();
|
||||
if ($chapter === null) abort(404);
|
||||
return $chapter;
|
||||
}
|
||||
|
@ -132,7 +145,7 @@ class ChapterRepo
|
|||
public function getBySearch($term, $whereTerms = [], $count = 20, $paginationAppends = [])
|
||||
{
|
||||
$terms = explode(' ', $term);
|
||||
$chapters = $this->chapter->fullTextSearchQuery(['name', 'description'], $terms, $whereTerms)
|
||||
$chapters = $this->restrictionService->enforceChapterRestrictions($this->chapter->fullTextSearchQuery(['name', 'description'], $terms, $whereTerms))
|
||||
->paginate($count)->appends($paginationAppends);
|
||||
$words = join('|', explode(' ', preg_quote(trim($term), '/')));
|
||||
foreach ($chapters as $chapter) {
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
use BookStack\Book;
|
||||
use BookStack\Chapter;
|
||||
use BookStack\Page;
|
||||
use BookStack\Services\RestrictionService;
|
||||
|
||||
class EntityRepo
|
||||
{
|
||||
|
@ -11,18 +12,21 @@ class EntityRepo
|
|||
public $book;
|
||||
public $chapter;
|
||||
public $page;
|
||||
private $restrictionService;
|
||||
|
||||
/**
|
||||
* EntityService constructor.
|
||||
* @param $book
|
||||
* @param $chapter
|
||||
* @param $page
|
||||
* @param Book $book
|
||||
* @param Chapter $chapter
|
||||
* @param Page $page
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(Book $book, Chapter $chapter, Page $page)
|
||||
public function __construct(Book $book, Chapter $chapter, Page $page, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->book = $book;
|
||||
$this->chapter = $chapter;
|
||||
$this->page = $page;
|
||||
$this->restrictionService = $restrictionService;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -32,7 +36,8 @@ class EntityRepo
|
|||
*/
|
||||
public function getRecentlyCreatedBooks($count = 20, $page = 0)
|
||||
{
|
||||
return $this->book->orderBy('created_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
return $this->restrictionService->enforceBookRestrictions($this->book)
|
||||
->orderBy('created_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -43,7 +48,8 @@ class EntityRepo
|
|||
*/
|
||||
public function getRecentlyUpdatedBooks($count = 20, $page = 0)
|
||||
{
|
||||
return $this->book->orderBy('updated_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
return $this->restrictionService->enforceBookRestrictions($this->book)
|
||||
->orderBy('updated_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -53,7 +59,8 @@ class EntityRepo
|
|||
*/
|
||||
public function getRecentlyCreatedPages($count = 20, $page = 0)
|
||||
{
|
||||
return $this->page->orderBy('created_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
return $this->restrictionService->enforcePageRestrictions($this->page)
|
||||
->orderBy('created_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -64,7 +71,8 @@ class EntityRepo
|
|||
*/
|
||||
public function getRecentlyUpdatedPages($count = 20, $page = 0)
|
||||
{
|
||||
return $this->page->orderBy('updated_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
return $this->restrictionService->enforcePageRestrictions($this->page)
|
||||
->orderBy('updated_at', 'desc')->skip($page*$count)->take($count)->get();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
use Activity;
|
||||
use BookStack\Book;
|
||||
use BookStack\Chapter;
|
||||
use BookStack\Services\RestrictionService;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
@ -16,26 +17,28 @@ class PageRepo
|
|||
{
|
||||
protected $page;
|
||||
protected $pageRevision;
|
||||
protected $restrictionService;
|
||||
|
||||
/**
|
||||
* PageRepo constructor.
|
||||
* @param Page $page
|
||||
* @param Page $page
|
||||
* @param PageRevision $pageRevision
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(Page $page, PageRevision $pageRevision)
|
||||
public function __construct(Page $page, PageRevision $pageRevision, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->page = $page;
|
||||
$this->pageRevision = $pageRevision;
|
||||
$this->restrictionService = $restrictionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a page id exists.
|
||||
* @param $id
|
||||
* @return bool
|
||||
* Base query for getting pages, Takes restrictions into account.
|
||||
* @return mixed
|
||||
*/
|
||||
public function idExists($id)
|
||||
private function pageQuery()
|
||||
{
|
||||
return $this->page->where('page_id', '=', $id)->count() > 0;
|
||||
return $this->restrictionService->enforcePageRestrictions($this->page, 'view');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -45,16 +48,7 @@ class PageRepo
|
|||
*/
|
||||
public function getById($id)
|
||||
{
|
||||
return $this->page->findOrFail($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all pages.
|
||||
* @return \Illuminate\Database\Eloquent\Collection|static[]
|
||||
*/
|
||||
public function getAll()
|
||||
{
|
||||
return $this->page->all();
|
||||
return $this->pageQuery()->findOrFail($id);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -65,7 +59,7 @@ class PageRepo
|
|||
*/
|
||||
public function getBySlug($slug, $bookId)
|
||||
{
|
||||
$page = $this->page->where('slug', '=', $slug)->where('book_id', '=', $bookId)->first();
|
||||
$page = $this->pageQuery()->where('slug', '=', $slug)->where('book_id', '=', $bookId)->first();
|
||||
if ($page === null) throw new NotFoundHttpException('Page not found');
|
||||
return $page;
|
||||
}
|
||||
|
@ -81,6 +75,9 @@ class PageRepo
|
|||
public function findPageUsingOldSlug($pageSlug, $bookSlug)
|
||||
{
|
||||
$revision = $this->pageRevision->where('slug', '=', $pageSlug)
|
||||
->whereHas('page', function($query) {
|
||||
$this->restrictionService->enforcePageRestrictions($query);
|
||||
})
|
||||
->where('book_slug', '=', $bookSlug)->orderBy('created_at', 'desc')
|
||||
->with('page')->first();
|
||||
return $revision !== null ? $revision->page : null;
|
||||
|
@ -97,16 +94,6 @@ class PageRepo
|
|||
return $page;
|
||||
}
|
||||
|
||||
/**
|
||||
* Count the pages with a particular slug within a book.
|
||||
* @param $slug
|
||||
* @param $bookId
|
||||
* @return mixed
|
||||
*/
|
||||
public function countBySlug($slug, $bookId)
|
||||
{
|
||||
return $this->page->where('slug', '=', $slug)->where('book_id', '=', $bookId)->count();
|
||||
}
|
||||
|
||||
/**
|
||||
* Save a new page into the system.
|
||||
|
@ -202,7 +189,7 @@ class PageRepo
|
|||
public function getBySearch($term, $whereTerms = [], $count = 20, $paginationAppends = [])
|
||||
{
|
||||
$terms = explode(' ', $term);
|
||||
$pages = $this->page->fullTextSearchQuery(['name', 'text'], $terms, $whereTerms)
|
||||
$pages = $this->restrictionService->enforcePageRestrictions($this->page->fullTextSearchQuery(['name', 'text'], $terms, $whereTerms))
|
||||
->paginate($count)->appends($paginationAppends);
|
||||
|
||||
// Add highlights to page text.
|
||||
|
@ -240,7 +227,7 @@ class PageRepo
|
|||
*/
|
||||
public function searchForImage($imageString)
|
||||
{
|
||||
$pages = $this->page->where('html', 'like', '%' . $imageString . '%')->get();
|
||||
$pages = $this->pageQuery()->where('html', 'like', '%' . $imageString . '%')->get();
|
||||
foreach ($pages as $page) {
|
||||
$page->url = $page->getUrl();
|
||||
$page->html = '';
|
||||
|
@ -395,7 +382,7 @@ class PageRepo
|
|||
*/
|
||||
public function getRecentlyCreatedPaginated($count = 20)
|
||||
{
|
||||
return $this->page->orderBy('created_at', 'desc')->paginate($count);
|
||||
return $this->pageQuery()->orderBy('created_at', 'desc')->paginate($count);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -404,7 +391,7 @@ class PageRepo
|
|||
*/
|
||||
public function getRecentlyUpdatedPaginated($count = 20)
|
||||
{
|
||||
return $this->page->orderBy('updated_at', 'desc')->paginate($count);
|
||||
return $this->pageQuery()->orderBy('updated_at', 'desc')->paginate($count);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -9,14 +9,17 @@ class ActivityService
|
|||
{
|
||||
protected $activity;
|
||||
protected $user;
|
||||
protected $restrictionService;
|
||||
|
||||
/**
|
||||
* ActivityService constructor.
|
||||
* @param $activity
|
||||
* @param Activity $activity
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(Activity $activity)
|
||||
public function __construct(Activity $activity, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->activity = $activity;
|
||||
$this->restrictionService = $restrictionService;
|
||||
$this->user = auth()->user();
|
||||
}
|
||||
|
||||
|
@ -86,8 +89,10 @@ class ActivityService
|
|||
*/
|
||||
public function latest($count = 20, $page = 0)
|
||||
{
|
||||
$activityList = $this->activity->orderBy('created_at', 'desc')
|
||||
->skip($count * $page)->take($count)->get();
|
||||
$activityList = $this->restrictionService
|
||||
->filterRestrictedEntityRelations($this->activity, 'activities', 'entity_id', 'entity_type')
|
||||
->orderBy('created_at', 'desc')->skip($count * $page)->take($count)->get();
|
||||
|
||||
return $this->filterSimilar($activityList);
|
||||
}
|
||||
|
||||
|
|
230
app/Services/RestrictionService.php
Normal file
230
app/Services/RestrictionService.php
Normal file
|
@ -0,0 +1,230 @@
|
|||
<?php namespace BookStack\Services;
|
||||
|
||||
class RestrictionService
|
||||
{
|
||||
|
||||
protected $userRoles;
|
||||
protected $isAdmin;
|
||||
protected $currentAction;
|
||||
|
||||
/**
|
||||
* RestrictionService constructor.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
$this->userRoles = auth()->user()->roles->pluck('id');
|
||||
$this->isAdmin = auth()->user()->hasRole('admin');
|
||||
}
|
||||
|
||||
/**
|
||||
* Add restrictions for a page query
|
||||
* @param $query
|
||||
* @param string $action
|
||||
* @return mixed
|
||||
*/
|
||||
public function enforcePageRestrictions($query, $action = 'view')
|
||||
{
|
||||
if ($this->isAdmin) return $query;
|
||||
$this->currentAction = $action;
|
||||
return $this->pageRestrictionQuery($query);
|
||||
}
|
||||
|
||||
/**
|
||||
* The base query for restricting pages.
|
||||
* @param $query
|
||||
* @return mixed
|
||||
*/
|
||||
private function pageRestrictionQuery($query)
|
||||
{
|
||||
return $query->where(function ($parentWhereQuery) {
|
||||
|
||||
$parentWhereQuery
|
||||
// (Book & chapter & page) or (Book & page & NO CHAPTER) unrestricted
|
||||
->where(function ($query) {
|
||||
$query->where(function ($query) {
|
||||
$query->whereExists(function ($query) {
|
||||
$query->select('*')->from('chapters')
|
||||
->whereRaw('chapters.id=pages.chapter_id')
|
||||
->where('restricted', '=', false);
|
||||
})->whereExists(function ($query) {
|
||||
$query->select('*')->from('books')
|
||||
->whereRaw('books.id=pages.book_id')
|
||||
->where('restricted', '=', false);
|
||||
})->where('restricted', '=', false);
|
||||
})->orWhere(function ($query) {
|
||||
$query->where('restricted', '=', false)->where('chapter_id', '=', 0)
|
||||
->whereExists(function ($query) {
|
||||
$query->select('*')->from('books')
|
||||
->whereRaw('books.id=pages.book_id')
|
||||
->where('restricted', '=', false);
|
||||
});
|
||||
});
|
||||
})
|
||||
// Page unrestricted, Has no chapter & book has accepted restrictions
|
||||
->orWhere(function ($query) {
|
||||
$query->where('restricted', '=', false)
|
||||
->whereExists(function ($query) {
|
||||
$query->select('*')->from('chapters')
|
||||
->whereRaw('chapters.id=pages.chapter_id');
|
||||
}, 'and', true)
|
||||
->whereExists(function ($query) {
|
||||
$query->select('*')->from('books')
|
||||
->whereRaw('books.id=pages.book_id')
|
||||
->whereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'books', 'Book');
|
||||
});
|
||||
});
|
||||
})
|
||||
// Page unrestricted, Has a chapter with accepted permissions
|
||||
->orWhere(function ($query) {
|
||||
$query->where('restricted', '=', false)
|
||||
->whereExists(function ($query) {
|
||||
$query->select('*')->from('chapters')
|
||||
->whereRaw('chapters.id=pages.chapter_id')
|
||||
->whereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'chapters', 'Chapter');
|
||||
});
|
||||
});
|
||||
})
|
||||
// Page has accepted permissions
|
||||
->orWhereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'pages', 'Page');
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Add on permission restrictions to a chapter query.
|
||||
* @param $query
|
||||
* @param string $action
|
||||
* @return mixed
|
||||
*/
|
||||
public function enforceChapterRestrictions($query, $action = 'view')
|
||||
{
|
||||
if ($this->isAdmin) return $query;
|
||||
$this->currentAction = $action;
|
||||
return $this->chapterRestrictionQuery($query);
|
||||
}
|
||||
|
||||
/**
|
||||
* The base query for restricting chapters.
|
||||
* @param $query
|
||||
* @return mixed
|
||||
*/
|
||||
private function chapterRestrictionQuery($query)
|
||||
{
|
||||
return $query->where(function ($parentWhereQuery) {
|
||||
|
||||
$parentWhereQuery
|
||||
// Book & chapter unrestricted
|
||||
->where(function ($query) {
|
||||
$query->where('restricted', '=', false)->whereExists(function ($query) {
|
||||
$query->select('*')->from('books')
|
||||
->whereRaw('books.id=chapters.book_id')
|
||||
->where('restricted', '=', false);
|
||||
});
|
||||
})
|
||||
// Chapter unrestricted & book has accepted restrictions
|
||||
->orWhere(function ($query) {
|
||||
$query->where('restricted', '=', false)
|
||||
->whereExists(function ($query) {
|
||||
$query->select('*')->from('books')
|
||||
->whereRaw('books.id=chapters.book_id')
|
||||
->whereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'books', 'Book');
|
||||
});
|
||||
});
|
||||
})
|
||||
// Chapter has accepted permissions
|
||||
->orWhereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'chapters', 'Chapter');
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Add restrictions to a book query.
|
||||
* @param $query
|
||||
* @param string $action
|
||||
* @return mixed
|
||||
*/
|
||||
public function enforceBookRestrictions($query, $action = 'view')
|
||||
{
|
||||
if ($this->isAdmin) return $query;
|
||||
$this->currentAction = $action;
|
||||
return $this->bookRestrictionQuery($query);
|
||||
}
|
||||
|
||||
/**
|
||||
* The base query for restricting books.
|
||||
* @param $query
|
||||
* @return mixed
|
||||
*/
|
||||
private function bookRestrictionQuery($query)
|
||||
{
|
||||
return $query->where(function ($parentWhereQuery) {
|
||||
$parentWhereQuery
|
||||
->where('restricted', '=', false)
|
||||
->orWhereExists(function ($query) {
|
||||
$this->checkRestrictionsQuery($query, 'books', 'Book');
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter items that have entities set a a polymorphic relation.
|
||||
* @param $query
|
||||
* @param string $tableName
|
||||
* @param string $entityIdColumn
|
||||
* @param string $entityTypeColumn
|
||||
* @return mixed
|
||||
*/
|
||||
public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn)
|
||||
{
|
||||
if ($this->isAdmin) return $query;
|
||||
$this->currentAction = 'view';
|
||||
$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
|
||||
return $query->where(function($query) use ($tableDetails) {
|
||||
$query->where(function ($query) use (&$tableDetails) {
|
||||
$query->where($tableDetails['entityTypeColumn'], '=', 'BookStack\Page')
|
||||
->whereExists(function ($query) use (&$tableDetails) {
|
||||
$query->select('*')->from('pages')->whereRaw('pages.id='.$tableDetails['tableName'].'.'.$tableDetails['entityIdColumn'])
|
||||
->where(function ($query) {
|
||||
$this->pageRestrictionQuery($query);
|
||||
});
|
||||
});
|
||||
})->orWhere(function ($query) use (&$tableDetails) {
|
||||
$query->where($tableDetails['entityTypeColumn'], '=', 'BookStack\Book')->whereExists(function ($query) use (&$tableDetails) {
|
||||
$query->select('*')->from('books')->whereRaw('books.id='.$tableDetails['tableName'].'.'.$tableDetails['entityIdColumn'])
|
||||
->where(function ($query) {
|
||||
$this->bookRestrictionQuery($query);
|
||||
});
|
||||
});
|
||||
})->orWhere(function ($query) use (&$tableDetails) {
|
||||
$query->where($tableDetails['entityTypeColumn'], '=', 'BookStack\Chapter')->whereExists(function ($query) use (&$tableDetails) {
|
||||
$query->select('*')->from('chapters')->whereRaw('chapters.id='.$tableDetails['tableName'].'.'.$tableDetails['entityIdColumn'])
|
||||
->where(function ($query) {
|
||||
$this->chapterRestrictionQuery($query);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* The query to check the restrictions on an entity.
|
||||
* @param $query
|
||||
* @param $tableName
|
||||
* @param $modelName
|
||||
*/
|
||||
private function checkRestrictionsQuery($query, $tableName, $modelName)
|
||||
{
|
||||
$query->select('*')->from('restrictions')
|
||||
->whereRaw('restrictions.restrictable_id=' . $tableName . '.id')
|
||||
->where('restrictions.restrictable_type', '=', 'BookStack\\' . $modelName)
|
||||
->where('restrictions.action', '=', $this->currentAction)
|
||||
->whereIn('restrictions.role_id', $this->userRoles);
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -9,15 +9,18 @@ class ViewService
|
|||
|
||||
protected $view;
|
||||
protected $user;
|
||||
protected $restrictionService;
|
||||
|
||||
/**
|
||||
* ViewService constructor.
|
||||
* @param $view
|
||||
* @param View $view
|
||||
* @param RestrictionService $restrictionService
|
||||
*/
|
||||
public function __construct(View $view)
|
||||
public function __construct(View $view, RestrictionService $restrictionService)
|
||||
{
|
||||
$this->view = $view;
|
||||
$this->user = auth()->user();
|
||||
$this->restrictionService = $restrictionService;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -27,7 +30,7 @@ class ViewService
|
|||
*/
|
||||
public function add(Entity $entity)
|
||||
{
|
||||
if($this->user === null) return 0;
|
||||
if ($this->user === null) return 0;
|
||||
$view = $entity->views()->where('user_id', '=', $this->user->id)->first();
|
||||
// Add view if model exists
|
||||
if ($view) {
|
||||
|
@ -47,18 +50,19 @@ class ViewService
|
|||
|
||||
/**
|
||||
* Get the entities with the most views.
|
||||
* @param int $count
|
||||
* @param int $page
|
||||
* @param int $count
|
||||
* @param int $page
|
||||
* @param bool|false $filterModel
|
||||
*/
|
||||
public function getPopular($count = 10, $page = 0, $filterModel = false)
|
||||
{
|
||||
$skipCount = $count * $page;
|
||||
$query = $this->view->select('id', 'viewable_id', 'viewable_type', \DB::raw('SUM(views) as view_count'))
|
||||
$query = $this->restrictionService->filterRestrictedEntityRelations($this->view, 'views', 'viewable_id', 'viewable_type')
|
||||
->select('id', 'viewable_id', 'viewable_type', \DB::raw('SUM(views) as view_count'))
|
||||
->groupBy('viewable_id', 'viewable_type')
|
||||
->orderBy('view_count', 'desc');
|
||||
|
||||
if($filterModel) $query->where('viewable_type', '=', get_class($filterModel));
|
||||
if ($filterModel) $query->where('viewable_type', '=', get_class($filterModel));
|
||||
|
||||
$views = $query->with('viewable')->skip($skipCount)->take($count)->get();
|
||||
$viewedEntities = $views->map(function ($item) {
|
||||
|
@ -69,22 +73,24 @@ class ViewService
|
|||
|
||||
/**
|
||||
* Get all recently viewed entities for the current user.
|
||||
* @param int $count
|
||||
* @param int $page
|
||||
* @param int $count
|
||||
* @param int $page
|
||||
* @param Entity|bool $filterModel
|
||||
* @return mixed
|
||||
*/
|
||||
public function getUserRecentlyViewed($count = 10, $page = 0, $filterModel = false)
|
||||
{
|
||||
if($this->user === null) return collect();
|
||||
if ($this->user === null) return collect();
|
||||
$skipCount = $count * $page;
|
||||
$query = $this->view->where('user_id', '=', auth()->user()->id);
|
||||
$query = $this->restrictionService
|
||||
->filterRestrictedEntityRelations($this->view, 'views', 'viewable_id', 'viewable_type');
|
||||
|
||||
if ($filterModel) $query->where('viewable_type', '=', get_class($filterModel));
|
||||
if ($filterModel) $query = $query->where('viewable_type', '=', get_class($filterModel));
|
||||
$query = $query->where('user_id', '=', auth()->user()->id);
|
||||
|
||||
$views = $query->with('viewable')->orderBy('updated_at', 'desc')->skip($skipCount)->take($count)->get();
|
||||
$viewedEntities = $views->map(function ($item) {
|
||||
return $item->viewable()->getResults();
|
||||
return $item->viewable;
|
||||
});
|
||||
return $viewedEntities;
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
{{ $activity->getText() }}
|
||||
|
||||
@if($activity->entity())
|
||||
<a href="{{ $activity->entity()->getUrl() }}">{{ $activity->entity()->name }}</a>
|
||||
<a href="{{ $activity->entity->getUrl() }}">{{ $activity->entity->name }}</a>
|
||||
@endif
|
||||
|
||||
@if($activity->extra) "{{$activity->extra}}" @endif
|
||||
|
|
Loading…
Reference in a new issue