diff --git a/app/Http/Controllers/BookController.php b/app/Http/Controllers/BookController.php
index 3390b41c0..46636016f 100644
--- a/app/Http/Controllers/BookController.php
+++ b/app/Http/Controllers/BookController.php
@@ -1,13 +1,9 @@
-bookRepo->getBySlug($slug);
+ $this->checkOwnablePermission('book-view', $book);
$bookChildren = $this->bookRepo->getChildren($book);
Views::add($book);
$this->setPageTitle($book->getShortName());
diff --git a/app/Http/Controllers/ChapterController.php b/app/Http/Controllers/ChapterController.php
index 4641ddbdb..d1c6c1733 100644
--- a/app/Http/Controllers/ChapterController.php
+++ b/app/Http/Controllers/ChapterController.php
@@ -77,6 +77,7 @@ class ChapterController extends Controller
{
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
+ $this->checkOwnablePermission('chapter-view', $chapter);
$sidebarTree = $this->bookRepo->getChildren($book);
Views::add($chapter);
$this->setPageTitle($chapter->getShortName());
diff --git a/app/Http/Controllers/PageController.php b/app/Http/Controllers/PageController.php
index e250d8c85..30d6c2d76 100644
--- a/app/Http/Controllers/PageController.php
+++ b/app/Http/Controllers/PageController.php
@@ -127,6 +127,8 @@ class PageController extends Controller
return redirect($page->getUrl());
}
+ $this->checkOwnablePermission('page-view', $page);
+
$sidebarTree = $this->bookRepo->getChildren($book);
Views::add($page);
$this->setPageTitle($page->getShortName());
diff --git a/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php b/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php
new file mode 100644
index 000000000..dabd6a25e
--- /dev/null
+++ b/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php
@@ -0,0 +1,54 @@
+name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
+ $newPermission->display_name = $op . ' ' . $entity . 's';
+ $newPermission->save();
+ foreach ($currentRoles as $role) {
+ $role->attachPermission($newPermission);
+ }
+ }
+ }
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ // Delete the new view permissions
+ $entities = ['Book', 'Page', 'Chapter'];
+ $ops = ['View All', 'View Own'];
+ foreach ($entities as $entity) {
+ foreach ($ops as $op) {
+ $permissionName = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
+ $newPermission = \BookStack\Permission::where('name', '=', $permissionName)->first();
+ foreach ($newPermission->roles as $role) {
+ $role->detachPermission($newPermission);
+ }
+ $newPermission->delete();
+ }
+ }
+ }
+}
diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php
index ba57b4daa..cd81febb1 100644
--- a/resources/views/settings/roles/form.blade.php
+++ b/resources/views/settings/roles/form.blade.php
@@ -49,6 +49,7 @@
|
Create |
+ View |
Edit |
Delete |
@@ -57,6 +58,10 @@
|
+
+
+
+ |
@@ -72,6 +77,10 @@
|
+
+
+
+ |
@@ -87,6 +96,10 @@
|
+
+
+
+ |
@@ -99,6 +112,7 @@
|
| Images |
@include('settings/roles/checkbox', ['permission' => 'image-create-all']) |
+ |
|