BookStack/app/helpers.php

<?php

if (!function_exists('versioned_asset')) {
    /**
     * Get the path to a versioned file.
     *
     * @param  string $file
     * @return string
     *
     * @throws \InvalidArgumentException
     */
    function versioned_asset($file)
    {
        static $manifest = null;

        if (is_null($manifest)) {
            $manifest = json_decode(file_get_contents(public_path('build/manifest.json')), true);
        }

        if (isset($manifest[$file])) {
            return '/' . $manifest[$file];
        }

        if (file_exists(public_path($file))) {
            return '/' . $file;
        }

        throw new InvalidArgumentException("File {$file} not defined in asset manifest.");
    }
}

/**
 * Check if the current user has a permission.
 * If an ownable element is passed in the permissions are checked against
 * that particular item.
 * @param $permission
 * @param \BookStack\Ownable $ownable
 * @return mixed
 */
function userCan($permission, \BookStack\Ownable $ownable = null)
{
    if (!auth()->check()) return false;
    if ($ownable === null) {
        return auth()->user() && auth()->user()->can($permission);
    }

    // Check permission on ownable item
    $permissionBaseName = strtolower($permission) . '-';
    $hasPermission = false;
    if (auth()->user()->can($permissionBaseName . 'all')) $hasPermission = true;
    if (auth()->user()->can($permissionBaseName . 'own') && $ownable->createdBy && $ownable->createdBy->id === auth()->user()->id) $hasPermission = true;

    if (!$ownable instanceof \BookStack\Entity) return $hasPermission;

    // Check restrictions on the entitiy
    $restrictionService = app('BookStack\Services\RestrictionService');
    $explodedPermission = explode('-', $permission);
    $action = end($explodedPermission);
    $hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);
    return $hasAccess && $hasPermission;
}
Implemented custom asset versioning to make creating releases easier 2015-12-16 18:09:44 +01:00			`<?php`

Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-05 19:09:21 +01:00			`if (!function_exists('versioned_asset')) {`
Implemented custom asset versioning to make creating releases easier 2015-12-16 18:09:44 +01:00			`/**`
			`* Get the path to a versioned file.`
			`*`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-05 19:09:21 +01:00			`* @param string $file`
Implemented custom asset versioning to make creating releases easier 2015-12-16 18:09:44 +01:00			`* @return string`
			`*`
			`* @throws \InvalidArgumentException`
			`*/`
			`function versioned_asset($file)`
			`{`
			`static $manifest = null;`

			`if (is_null($manifest)) {`
			`$manifest = json_decode(file_get_contents(public_path('build/manifest.json')), true);`
			`}`

			`if (isset($manifest[$file])) {`
			`return '/' . $manifest[$file];`
			`}`

			`if (file_exists(public_path($file))) {`
			`return '/' . $file;`
			`}`

			`throw new InvalidArgumentException("File {$file} not defined in asset manifest.");`
			`}`
Finished initial implementation of custom role system 2016-02-27 20:24:42 +01:00			`}`

			`/**`
			`* Check if the current user has a permission.`
			`* If an ownable element is passed in the permissions are checked against`
			`* that particular item.`
			`* @param $permission`
			`* @param \BookStack\Ownable $ownable`
			`* @return mixed`
			`*/`
			`function userCan($permission, \BookStack\Ownable $ownable = null)`
			`{`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-05 19:09:21 +01:00			`if (!auth()->check()) return false;`
Finished initial implementation of custom role system 2016-02-27 20:24:42 +01:00			`if ($ownable === null) {`
			`return auth()->user() && auth()->user()->can($permission);`
			`}`

Tied entity restriction system into userCan checks 2016-02-29 21:31:21 +01:00			`// Check permission on ownable item`
Finished initial implementation of custom role system 2016-02-27 20:24:42 +01:00			`$permissionBaseName = strtolower($permission) . '-';`
Tied entity restriction system into userCan checks 2016-02-29 21:31:21 +01:00			`$hasPermission = false;`
			`if (auth()->user()->can($permissionBaseName . 'all')) $hasPermission = true;`
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-05 19:09:21 +01:00			`if (auth()->user()->can($permissionBaseName . 'own') && $ownable->createdBy && $ownable->createdBy->id === auth()->user()->id) $hasPermission = true;`
Tied entity restriction system into userCan checks 2016-02-29 21:31:21 +01:00
Added restriction tests and fixed any bugs in the process Also updated many styles within areas affected by the new permission and roles system. 2016-03-05 19:09:21 +01:00			`if (!$ownable instanceof \BookStack\Entity) return $hasPermission;`
Tied entity restriction system into userCan checks 2016-02-29 21:31:21 +01:00
			`// Check restrictions on the entitiy`
			`$restrictionService = app('BookStack\Services\RestrictionService');`
			`$explodedPermission = explode('-', $permission);`
			`$action = end($explodedPermission);`
			`$hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);`
			`return $hasAccess && $hasPermission;`
Implemented custom asset versioning to make creating releases easier 2015-12-16 18:09:44 +01:00			`}`