Refactored the code to first check for the permissions before sorting the book.

Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-01-06 01:04:48 +05:30 · 2018-01-06 01:04:48 +05:30 · a77756a2da
commit a77756a2da
parent e269cc7ea7
1 changed files with 25 additions and 17 deletions
--- a/app/Http/Controllers/BookController.php
+++ b/app/Http/Controllers/BookController.php
@ -195,7 +195,32 @@ class BookController extends Controller
        $sortMap = json_decode($request->get('sort-tree'));
        $defaultBookId = $book->id;

+        // Check permissions for all target and source books
        $permissionsList = [$book->id];
+        foreach ($sortMap as $bookChild) {
+            // Check permission for target book
+            if (!in_array($bookChild->book, $permissionsList)) {
+                $targetBook = $this->entityRepo->getById('book', $bookChild->book);
+                if (!empty($targetBook)) {
+                    $bookId = $targetBook->id;
+                    $this->checkOwnablePermission('book-update', $targetBook);
+                    // cache the permission for future use.
+                    $permissionsList[] = $bookId;
+                }
+            }
+
+            // Check permissions for the source book
+            $id = intval($bookChild->id);
+            $isPage = $bookChild->type == 'page';
+            $model = $this->entityRepo->getById($isPage?'page':'chapter', $id);
+            $sourceBook = $model->book;
+            if (!in_array($sourceBook->id, $permissionsList)) {
+                $this->checkOwnablePermission('book-update', $sourceBook);
+
+                // cache the permission for future use.
+                $permissionsList[] = $sourceBook->id;
+            }
+        }

        // Loop through contents of provided map and update entities accordingly
        foreach ($sortMap as $bookChild) {
@ -205,26 +230,9 @@ class BookController extends Controller
            $bookId = $defaultBookId;
            $targetBook = $this->entityRepo->getById('book', $bookChild->book);

-            // Check permission for target book
-            if (!empty($targetBook)) {
-                $bookId = $targetBook->id;
-                if (!in_array($bookId, $permissionsList)) {
-                    $this->checkOwnablePermission('book-update', $targetBook);
-                    // cache the permission for future use.
-                    $permissionsList[] = $bookId;
-                }
-            }
-
            $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter);
            $model = $this->entityRepo->getById($isPage?'page':'chapter', $id);

-            // Check permissions for the source book
-            $sourceBook = $model->book;
-            if (!in_array($sourceBook->id, $permissionsList)) {
-                $this->checkOwnablePermission('book-update', $sourceBook);
-                $permissionsList[] = $sourceBook->id;
-            }
-
            // Update models only if there's a change in parent chain or ordering.
            if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) {
                $this->entityRepo->changeBook($isPage?'page':'chapter', $bookId, $model);