BookStack Code Mirror - bookstack/blobdiff - app/Entities/Controllers/BookApiController.php

index c1e38e72fe7c2cb5c1402870bce4dda7d90c9b1d..5baea163fd683c8cd07ad42de244bd5fd885a381 100644 (file)

@@ -11,6 +11,7 @@ use BookStack\Entities\Queries\PageQueries;

use BookStack\Entities\Repos\BookRepo;

use BookStack\Entities\Tools\BookContents;

use BookStack\Http\ApiController;

+use BookStack\Permissions\Permission;

use Illuminate\Http\Request;

use Illuminate\Validation\ValidationException;

@@ -30,6 +31,7 @@ class BookApiController extends ApiController

{

$books = $this->queries

->visibleForList()

+ ->with(['cover:id,name,url'])

->addSelect(['created_by', 'updated_by']);

return $this->apiListingResponse($books, [

@@ -46,7 +48,7 @@ class BookApiController extends ApiController

public function create(Request $request)

{

- $this->checkPermission('book-create-all');

+ $this->checkPermission(Permission::BookCreateAll);

$requestData = $this->validate($request, $this->rules()['create']);

$book = $this->bookRepo->create($requestData);

@@ -91,7 +93,7 @@ class BookApiController extends ApiController

public function update(Request $request, string $id)

{

$book = $this->queries->findVisibleByIdOrFail(intval($id));

- $this->checkOwnablePermission('book-update', $book);

+ $this->checkOwnablePermission(Permission::BookUpdate, $book);

$requestData = $this->validate($request, $this->rules()['update']);

$book = $this->bookRepo->update($book, $requestData);

@@ -108,7 +110,7 @@ class BookApiController extends ApiController

public function delete(string $id)

{

$book = $this->queries->findVisibleByIdOrFail(intval($id));

- $this->checkOwnablePermission('book-delete', $book);

+ $this->checkOwnablePermission(Permission::BookDelete, $book);

$this->bookRepo->destroy($book);