Updated entity restrictions to allow permissions, Not just restrict

ssddanbrown · ssddanbrown · commit 097d9c9f3cb1 · 2016-03-30T20:15:44.000+01:00
Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
diff --git a/app/Http/routes.php b/app/Http/routes.php
@@ -19,8 +19,8 @@
         Route::delete('/{id}', 'BookController@destroy');
         Route::get('/{slug}/sort-item', 'BookController@getSortItem');
         Route::get('/{slug}', 'BookController@show');
-        Route::get('/{bookSlug}/restrict', 'BookController@showRestrict');
-        Route::put('/{bookSlug}/restrict', 'BookController@restrict');
+        Route::get('/{bookSlug}/permissions', 'BookController@showRestrict');
+        Route::put('/{bookSlug}/permissions', 'BookController@restrict');
         Route::get('/{slug}/delete', 'BookController@showDelete');
         Route::get('/{bookSlug}/sort', 'BookController@sort');
         Route::put('/{bookSlug}/sort', 'BookController@saveSort');
@@ -36,8 +36,8 @@
         Route::get('/{bookSlug}/page/{pageSlug}/edit', 'PageController@edit');
         Route::get('/{bookSlug}/page/{pageSlug}/delete', 'PageController@showDelete');
         Route::get('/{bookSlug}/draft/{pageId}/delete', 'PageController@showDeleteDraft');
-        Route::get('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@showRestrict');
-        Route::put('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@restrict');
+        Route::get('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@showRestrict');
+        Route::put('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@restrict');
         Route::put('/{bookSlug}/page/{pageSlug}', 'PageController@update');
         Route::delete('/{bookSlug}/page/{pageSlug}', 'PageController@destroy');
         Route::delete('/{bookSlug}/draft/{pageId}', 'PageController@destroyDraft');
@@ -54,8 +54,8 @@
         Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show');
         Route::put('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@update');
         Route::get('/{bookSlug}/chapter/{chapterSlug}/edit', 'ChapterController@edit');
-        Route::get('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@showRestrict');
-        Route::put('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@restrict');
+        Route::get('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@showRestrict');
+        Route::put('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@restrict');
         Route::get('/{bookSlug}/chapter/{chapterSlug}/delete', 'ChapterController@showDelete');
         Route::delete('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@destroy');
 
diff --git a/app/Services/RestrictionService.php b/app/Services/RestrictionService.php
@@ -41,6 +41,25 @@ public function checkIfEntityRestricted(Entity $entity, $action)
         return false;
     }
 
+    /**
+     * Check if an entity has restrictions set on itself or its
+     * parent tree.
+     * @param Entity $entity
+     * @param $action
+     * @return bool|mixed
+     */
+    public function checkIfRestrictionsSet(Entity $entity, $action)
+    {
+        $this->currentAction = $action;
+        if ($entity->isA('page')) {
+            return $entity->restricted || ($entity->chapter && $entity->chapter->restricted) || $entity->book->restricted;
+        } elseif ($entity->isA('chapter')) {
+            return $entity->restricted || $entity->book->restricted;
+        } elseif ($entity->isA('book')) {
+            return $entity->restricted;
+        }
+    }
+
     /**
      * Add restrictions for a page query
      * @param $query
diff --git a/app/helpers.php b/app/helpers.php
@@ -52,12 +52,13 @@ function userCan($permission, \BookStack\Ownable $ownable = null)
 
     if (!$ownable instanceof \BookStack\Entity) return $hasPermission;
 
-    // Check restrictions on the entitiy
+    // Check restrictions on the entity
     $restrictionService = app('BookStack\Services\RestrictionService');
     $explodedPermission = explode('-', $permission);
     $action = end($explodedPermission);
     $hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);
-    return $hasAccess && $hasPermission;
+    $restrictionsSet = $restrictionService->checkIfRestrictionsSet($ownable, $action);
+    return ($hasAccess && $restrictionsSet) || (!$restrictionsSet && $hasPermission);
 }
 
 /**
diff --git a/resources/views/books/restrictions.blade.php b/resources/views/books/restrictions.blade.php
@@ -16,7 +16,7 @@
 
 
     <div class="container" ng-non-bindable>
-        <h1>Book Restrictions</h1>
+        <h1>Book Permissions</h1>
         @include('form/restriction-form', ['model' => $book])
     </div>
 
diff --git a/resources/views/books/show.blade.php b/resources/views/books/show.blade.php
@@ -24,7 +24,7 @@
                                         <li><a href="{{ $book->getUrl() }}/sort" class="text-primary"><i class="zmdi zmdi-sort"></i>Sort</a></li>
                                     @endif
                                     @if(userCan('restrictions-manage', $book))
-                                        <li><a href="{{$book->getUrl()}}/restrict" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Restrict</a></li>
+                                        <li><a href="{{$book->getUrl()}}/permissions" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Permissions</a></li>
                                     @endif
                                     @if(userCan('book-delete', $book))
                                         <li><a href="{{ $book->getUrl() }}/delete" class="text-neg"><i class="zmdi zmdi-delete"></i>Delete</a></li>
@@ -90,9 +90,9 @@
                 @if($book->restricted)
                     <p class="text-muted">
                         @if(userCan('restrictions-manage', $book))
-                            <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a>
+                            <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                         @else
-                            <i class="zmdi zmdi-lock-outline"></i>Book Restricted
+                            <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                         @endif
                     </p>
                 @endif
diff --git a/resources/views/chapters/restrictions.blade.php b/resources/views/chapters/restrictions.blade.php
@@ -17,7 +17,7 @@
     </div>
 
     <div class="container" ng-non-bindable>
-        <h1>Chapter Restrictions</h1>
+        <h1>Chapter Permissions</h1>
         @include('form/restriction-form', ['model' => $chapter])
     </div>
 
diff --git a/resources/views/chapters/show.blade.php b/resources/views/chapters/show.blade.php
@@ -19,7 +19,7 @@
                             <a href="{{$chapter->getUrl() . '/edit'}}" class="text-primary text-button"><i class="zmdi zmdi-edit"></i>Edit</a>
                         @endif
                         @if(userCan('restrictions-manage', $chapter))
-                            <a href="{{$chapter->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a>
+                            <a href="{{$chapter->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
                         @endif
                         @if(userCan('chapter-delete', $chapter))
                             <a href="{{$chapter->getUrl() . '/delete'}}" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@@ -69,18 +69,18 @@
 
                         @if($book->restricted)
                             @if(userCan('restrictions-manage', $book))
-                                <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a>
+                                <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                             @else
-                                <i class="zmdi zmdi-lock-outline"></i>Book Restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                             @endif
                                 <br>
                         @endif
 
                         @if($chapter->restricted)
                             @if(userCan('restrictions-manage', $chapter))
-                                <a href="{{ $chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter Restricted</a>
+                                <a href="{{ $chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
                             @else
-                                <i class="zmdi zmdi-lock-outline"></i>Chapter Restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
                             @endif
                         @endif
                     </div>
diff --git a/resources/views/form/restriction-form.blade.php b/resources/views/form/restriction-form.blade.php
@@ -1,11 +1,14 @@
-<form action="{{ $model->getUrl() }}/restrict" method="POST">
+<form action="{{ $model->getUrl() }}/permissions" method="POST">
     {!! csrf_field() !!}
     <input type="hidden" name="_method" value="PUT">
 
+    <p>Once enabled, These permissions will take priority over any set role permissions.</p>
+
     <div class="form-group">
-        @include('form/checkbox', ['name' => 'restricted', 'label' => 'Restrict this ' . $model->getClassName()])
+        @include('form/checkbox', ['name' => 'restricted', 'label' => 'Enable custom permissions'])
     </div>
 
+
     <table class="table">
         <tr>
             <th>Role</th>
@@ -25,5 +28,5 @@
     </table>
 
     <a href="{{ $model->getUrl() }}" class="button muted">Cancel</a>
-    <button type="submit" class="button pos">Save Restrictions</button>
+    <button type="submit" class="button pos">Save Permissions</button>
 </form>
diff --git a/resources/views/pages/restrictions.blade.php b/resources/views/pages/restrictions.blade.php
@@ -24,7 +24,7 @@
     </div>
 
     <div class="container" ng-non-bindable>
-        <h1>Page Restrictions</h1>
+        <h1>Page Permissions</h1>
         @include('form/restriction-form', ['model' => $page])
     </div>
 
diff --git a/resources/views/pages/show.blade.php b/resources/views/pages/show.blade.php
@@ -32,7 +32,7 @@
                             <a href="{{$page->getUrl()}}/edit" class="text-primary text-button" ><i class="zmdi zmdi-edit"></i>Edit</a>
                         @endif
                         @if(userCan('restrictions-manage', $page))
-                            <a href="{{$page->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a>
+                            <a href="{{$page->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
                         @endif
                         @if(userCan('page-delete', $page))
                             <a href="{{$page->getUrl()}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@@ -76,27 +76,27 @@
 
                         @if($book->restricted)
                             @if(userCan('restrictions-manage', $book))
-                                <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book restricted</a>
+                                <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                             @else
-                                <i class="zmdi zmdi-lock-outline"></i>Book restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                             @endif
                             <br>
                         @endif
 
                         @if($page->chapter && $page->chapter->restricted)
                             @if(userCan('restrictions-manage', $page->chapter))
-                                <a href="{{ $page->chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter restricted</a>
+                                <a href="{{ $page->chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
                             @else
-                                <i class="zmdi zmdi-lock-outline"></i>Chapter restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
                             @endif
                             <br>
                         @endif
 
                         @if($page->restricted)
                             @if(userCan('restrictions-manage', $page))
-                                <a href="{{ $page->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Page restricted</a>
+                                <a href="{{ $page->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Page Permissions Active</a>
                             @else
-                                <i class="zmdi zmdi-lock-outline"></i>Page restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Page Permissions Active
                             @endif
                             <br>
                         @endif
diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php
@@ -24,10 +24,10 @@
         <hr class="even">
         <div class="row">
             <div class="col-md-6">
-                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all restrictions</label>
+                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all Book, Chapter & Page permissions</label>
             </div>
             <div class="col-md-6">
-                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage restrictions on own content</label>
+                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage permissions on own Book, Chapter & Pages</label>
             </div>
         </div>
         <hr class="even">
@@ -43,7 +43,7 @@
         <h3>Asset Permissions</h3>
         <p>
             These permissions control default access to the assets within the system. <br>
-            Restrictions on Books, Chapters and Pages will override these permissions.
+            Permissions on Books, Chapters and Pages will override these permissions.
         </p>
         <table class="table">
             <tr>
diff --git a/resources/views/users/delete.blade.php b/resources/views/users/delete.blade.php
@@ -10,7 +10,7 @@
         <form action="/settings/users/{{$user->id}}" method="POST">
             {!! csrf_field() !!}
             <input type="hidden" name="_method" value="DELETE">
-            <a href="/users/{{$user->id}}" class="button muted">Cancel</a>
+            <a href="/settings/users/{{$user->id}}" class="button muted">Cancel</a>
             <button type="submit" class="button neg">Confirm</button>
         </form>
     </div>
diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php
diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php
diff --git a/tests/TestCase.php b/tests/TestCase.php
