55use BookStack \Entities \Models \Book ;
66use BookStack \Entities \Models \Entity ;
77use BookStack \Entities \EntityProvider ;
8- use BookStack \Ownable ;
8+ use BookStack \Model ;
9+ use BookStack \Traits \HasCreatorAndUpdater ;
10+ use BookStack \Traits \HasOwner ;
911use Illuminate \Database \Connection ;
1012use Illuminate \Database \Eloquent \Builder ;
1113use Illuminate \Database \Query \Builder as QueryBuilder ;
@@ -168,7 +170,7 @@ public function buildJointPermissions()
168170 });
169171
170172 // Chunk through all bookshelves
171- $ this ->entityProvider ->bookshelf ->newQuery ()->withTrashed ()->select (['id ' , 'restricted ' , 'created_by ' ])
173+ $ this ->entityProvider ->bookshelf ->newQuery ()->withTrashed ()->select (['id ' , 'restricted ' , 'owned_by ' ])
172174 ->chunk (50 , function ($ shelves ) use ($ roles ) {
173175 $ this ->buildJointPermissionsForShelves ($ shelves , $ roles );
174176 });
@@ -181,10 +183,10 @@ public function buildJointPermissions()
181183 protected function bookFetchQuery ()
182184 {
183185 return $ this ->entityProvider ->book ->withTrashed ()->newQuery ()
184- ->select (['id ' , 'restricted ' , 'created_by ' ])->with (['chapters ' => function ($ query ) {
185- $ query ->withTrashed ()->select (['id ' , 'restricted ' , 'created_by ' , 'book_id ' ]);
186+ ->select (['id ' , 'restricted ' , 'owned_by ' ])->with (['chapters ' => function ($ query ) {
187+ $ query ->withTrashed ()->select (['id ' , 'restricted ' , 'owned_by ' , 'book_id ' ]);
186188 }, 'pages ' => function ($ query ) {
187- $ query ->withTrashed ()->select (['id ' , 'restricted ' , 'created_by ' , 'book_id ' , 'chapter_id ' ]);
189+ $ query ->withTrashed ()->select (['id ' , 'restricted ' , 'owned_by ' , 'book_id ' , 'chapter_id ' ]);
188190 }]);
189191 }
190192
@@ -286,7 +288,7 @@ public function buildJointPermissionForRole(Role $role)
286288 });
287289
288290 // Chunk through all bookshelves
289- $ this ->entityProvider ->bookshelf ->newQuery ()->select (['id ' , 'restricted ' , 'created_by ' ])
291+ $ this ->entityProvider ->bookshelf ->newQuery ()->select (['id ' , 'restricted ' , 'owned_by ' ])
290292 ->chunk (50 , function ($ shelves ) use ($ roles ) {
291293 $ this ->buildJointPermissionsForShelves ($ shelves , $ roles );
292294 });
@@ -508,28 +510,24 @@ protected function createJointPermissionDataArray(Entity $entity, Role $role, $a
508510 'action ' => $ action ,
509511 'has_permission ' => $ permissionAll ,
510512 'has_permission_own ' => $ permissionOwn ,
511- 'created_by ' => $ entity ->getRawAttribute ('created_by ' )
513+ 'owned_by ' => $ entity ->getRawAttribute ('owned_by ' )
512514 ];
513515 }
514516
515517 /**
516518 * Checks if an entity has a restriction set upon it.
517- * @param Ownable $ownable
518- * @param $permission
519- * @return bool
519+ * @param HasCreatorAndUpdater|HasOwner $ownable
520520 */
521- public function checkOwnableUserAccess (Ownable $ ownable , $ permission )
521+ public function checkOwnableUserAccess (Model $ ownable , string $ permission ): bool
522522 {
523523 $ explodedPermission = explode ('- ' , $ permission );
524524
525- $ baseQuery = $ ownable ->where ('id ' , '= ' , $ ownable ->id );
525+ $ baseQuery = $ ownable ->newQuery ()-> where ('id ' , '= ' , $ ownable ->id );
526526 $ action = end ($ explodedPermission );
527527 $ this ->currentAction = $ action ;
528528
529- $ nonJointPermissions = ['restrictions ' , 'image ' , 'attachment ' , 'comment ' ];
530-
531529 // Handle non entity specific jointPermissions
532- if (in_array ( $ explodedPermission [ 0 ], $ nonJointPermissions )) {
530+ if (!( $ ownable instanceof Entity )) {
533531 $ allPermission = $ this ->currentUser () && $ this ->currentUser ()->can ($ permission . '-all ' );
534532 $ ownPermission = $ this ->currentUser () && $ this ->currentUser ()->can ($ permission . '-own ' );
535533 $ this ->currentAction = 'view ' ;
@@ -566,7 +564,7 @@ public function checkUserHasPermissionOnAnything(string $permission, string $ent
566564 $ query ->where ('has_permission ' , '= ' , 1 )
567565 ->orWhere (function ($ query2 ) use ($ userId ) {
568566 $ query2 ->where ('has_permission_own ' , '= ' , 1 )
569- ->where ('created_by ' , '= ' , $ userId );
567+ ->where ('owned_by ' , '= ' , $ userId );
570568 });
571569 });
572570
@@ -615,7 +613,7 @@ protected function entityRestrictionQuery($query)
615613 $ query ->where ('has_permission ' , '= ' , true )
616614 ->orWhere (function ($ query ) {
617615 $ query ->where ('has_permission_own ' , '= ' , true )
618- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
616+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
619617 });
620618 });
621619 });
@@ -639,7 +637,7 @@ public function restrictEntityQuery(Builder $query, string $ability = 'view'): B
639637 $ query ->where ('has_permission ' , '= ' , true )
640638 ->orWhere (function (Builder $ query ) {
641639 $ query ->where ('has_permission_own ' , '= ' , true )
642- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
640+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
643641 });
644642 });
645643 });
@@ -656,7 +654,7 @@ public function enforceDraftVisiblityOnQuery(Builder $query): Builder
656654 $ query ->where ('draft ' , '= ' , false )
657655 ->orWhere (function (Builder $ query ) {
658656 $ query ->where ('draft ' , '= ' , true )
659- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
657+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
660658 });
661659 });
662660 }
@@ -676,7 +674,7 @@ public function enforceEntityRestrictions($entityType, $query, $action = 'view')
676674 $ query ->where ('draft ' , '= ' , false )
677675 ->orWhere (function ($ query ) {
678676 $ query ->where ('draft ' , '= ' , true )
679- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
677+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
680678 });
681679 });
682680 }
@@ -710,7 +708,7 @@ public function filterRestrictedEntityRelations($query, $tableName, $entityIdCol
710708 ->where (function ($ query ) {
711709 $ query ->where ('has_permission ' , '= ' , true )->orWhere (function ($ query ) {
712710 $ query ->where ('has_permission_own ' , '= ' , true )
713- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
711+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
714712 });
715713 });
716714 });
@@ -746,7 +744,7 @@ public function filterRelatedEntity($entityType, $query, $tableName, $entityIdCo
746744 ->where (function ($ query ) {
747745 $ query ->where ('has_permission ' , '= ' , true )->orWhere (function ($ query ) {
748746 $ query ->where ('has_permission_own ' , '= ' , true )
749- ->where ('created_by ' , '= ' , $ this ->currentUser ()->id );
747+ ->where ('owned_by ' , '= ' , $ this ->currentUser ()->id );
750748 });
751749 });
752750 });
0 commit comments