From 6e03078de3860cc82e30b14ebbcd192a797fd75f Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sat, 9 Apr 2016 12:40:07 +0100
Subject: [PATCH] Started work towards adding role view permissions

Work halted as re-write required.
In reference to #92
---
 app/Http/Controllers/BookController.php       |  7 +--
 app/Http/Controllers/ChapterController.php    |  1 +
 app/Http/Controllers/PageController.php       |  2 +
 ...9_100730_add_view_permissions_to_roles.php | 54 +++++++++++++++++++
 resources/views/settings/roles/form.blade.php | 14 +++++
 5 files changed, 73 insertions(+), 5 deletions(-)
 create mode 100644 database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php

diff --git a/app/Http/Controllers/BookController.php b/app/Http/Controllers/BookController.php
index 3390b41c0..46636016f 100644
--- a/app/Http/Controllers/BookController.php
+++ b/app/Http/Controllers/BookController.php
@@ -1,13 +1,9 @@
-<?php
-
-namespace BookStack\Http\Controllers;
+<?php namespace BookStack\Http\Controllers;
 
 use Activity;
 use BookStack\Repos\UserRepo;
 use Illuminate\Http\Request;
-
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Str;
 use BookStack\Http\Requests;
 use BookStack\Repos\BookRepo;
 use BookStack\Repos\ChapterRepo;
@@ -95,6 +91,7 @@ class BookController extends Controller
     public function show($slug)
     {
         $book = $this->bookRepo->getBySlug($slug);
+        $this->checkOwnablePermission('book-view', $book);
         $bookChildren = $this->bookRepo->getChildren($book);
         Views::add($book);
         $this->setPageTitle($book->getShortName());
diff --git a/app/Http/Controllers/ChapterController.php b/app/Http/Controllers/ChapterController.php
index 4641ddbdb..d1c6c1733 100644
--- a/app/Http/Controllers/ChapterController.php
+++ b/app/Http/Controllers/ChapterController.php
@@ -77,6 +77,7 @@ class ChapterController extends Controller
     {
         $book = $this->bookRepo->getBySlug($bookSlug);
         $chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
+        $this->checkOwnablePermission('chapter-view', $chapter);
         $sidebarTree = $this->bookRepo->getChildren($book);
         Views::add($chapter);
         $this->setPageTitle($chapter->getShortName());
diff --git a/app/Http/Controllers/PageController.php b/app/Http/Controllers/PageController.php
index e250d8c85..30d6c2d76 100644
--- a/app/Http/Controllers/PageController.php
+++ b/app/Http/Controllers/PageController.php
@@ -127,6 +127,8 @@ class PageController extends Controller
             return redirect($page->getUrl());
         }
 
+        $this->checkOwnablePermission('page-view', $page);
+
         $sidebarTree = $this->bookRepo->getChildren($book);
         Views::add($page);
         $this->setPageTitle($page->getShortName());
diff --git a/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php b/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php
new file mode 100644
index 000000000..dabd6a25e
--- /dev/null
+++ b/database/migrations/2016_04_09_100730_add_view_permissions_to_roles.php
@@ -0,0 +1,54 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddViewPermissionsToRoles extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $currentRoles = \BookStack\Role::all();
+
+        // Create new view permissions
+        $entities = ['Book', 'Page', 'Chapter'];
+        $ops = ['View All', 'View Own'];
+        foreach ($entities as $entity) {
+            foreach ($ops as $op) {
+                $newPermission = new \BookStack\Permission();
+                $newPermission->name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
+                $newPermission->display_name = $op . ' ' . $entity . 's';
+                $newPermission->save();
+                foreach ($currentRoles as $role) {
+                    $role->attachPermission($newPermission);
+                }
+            }
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        // Delete the new view permissions
+        $entities = ['Book', 'Page', 'Chapter'];
+        $ops = ['View All', 'View Own'];
+        foreach ($entities as $entity) {
+            foreach ($ops as $op) {
+                $permissionName = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
+                $newPermission = \BookStack\Permission::where('name', '=', $permissionName)->first();
+                foreach ($newPermission->roles as $role) {
+                    $role->detachPermission($newPermission);
+                }
+                $newPermission->delete();
+            }
+        }
+    }
+}
diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php
index ba57b4daa..cd81febb1 100644
--- a/resources/views/settings/roles/form.blade.php
+++ b/resources/views/settings/roles/form.blade.php
@@ -49,6 +49,7 @@
             <tr>
                 <th></th>
                 <th>Create</th>
+                <th>View</th>
                 <th>Edit</th>
                 <th>Delete</th>
             </tr>
@@ -57,6 +58,10 @@
                 <td>
                     <label>@include('settings/roles/checkbox', ['permission' => 'book-create-all']) All</label>
                 </td>
+                <td>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'book-view-own']) Own</label>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'book-view-all']) All</label>
+                </td>
                 <td>
                     <label>@include('settings/roles/checkbox', ['permission' => 'book-update-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'book-update-all']) All</label>
@@ -72,6 +77,10 @@
                     <label>@include('settings/roles/checkbox', ['permission' => 'chapter-create-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'chapter-create-all']) All</label>
                 </td>
+                <td>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'chapter-view-own']) Own</label>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'chapter-view-all']) All</label>
+                </td>
                 <td>
                     <label>@include('settings/roles/checkbox', ['permission' => 'chapter-update-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'chapter-update-all']) All</label>
@@ -87,6 +96,10 @@
                     <label>@include('settings/roles/checkbox', ['permission' => 'page-create-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'page-create-all']) All</label>
                 </td>
+                <td>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'page-view-own']) Own</label>
+                    <label>@include('settings/roles/checkbox', ['permission' => 'page-view-all']) All</label>
+                </td>
                 <td>
                     <label>@include('settings/roles/checkbox', ['permission' => 'page-update-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'page-update-all']) All</label>
@@ -99,6 +112,7 @@
             <tr>
                 <td>Images</td>
                 <td>@include('settings/roles/checkbox', ['permission' => 'image-create-all'])</td>
+                <td></td>
                 <td>
                     <label>@include('settings/roles/checkbox', ['permission' => 'image-update-own']) Own</label>
                     <label>@include('settings/roles/checkbox', ['permission' => 'image-update-all']) All</label>