BookStack Code Mirror - bookstack/blobdiff

index 6e81dfd65738942ee30cdb542fe9775360c6a8a1..5d3be4951ca70b597e5159c4f3dc13e3e2afdaf6 100644 (file)

--- a/app/Http/Controller.php

+++ b/app/Http/Controller.php

@@ -6,9 +6,12 @@ use BookStack\Activity\Models\Loggable;

use BookStack\App\Model;

use BookStack\Exceptions\NotifyException;

use BookStack\Facades\Activity;

+use BookStack\Permissions\Permission;

use Illuminate\Foundation\Bus\DispatchesJobs;

use Illuminate\Foundation\Validation\ValidatesRequests;

use Illuminate\Http\JsonResponse;

+use Illuminate\Http\RedirectResponse;

+use Illuminate\Http\Request;

use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController

@@ -25,10 +28,9 @@ abstract class Controller extends BaseController

}

/**

- * Stops the application and shows a permission error if

- * the application is in demo mode.

+ * Stops the application and shows a permission error if the application is in demo mode.

- protected function preventAccessInDemoMode()

+ protected function preventAccessInDemoMode(): void

{

if (config('app.env') === 'demo') {

$this->showPermissionError();

@@ -38,28 +40,27 @@ abstract class Controller extends BaseController

/**

* Adds the page title into the view.

- public function setPageTitle(string $title)

+ public function setPageTitle(string $title): void

{

view()->share('pageTitle', $title);

}

/**

- * On a permission error redirect to home and display.

- * the error as a notification.

+ * On a permission error redirect to home and display the error as a notification.

- * @return never

+ * @throws NotifyException

- protected function showPermissionError()

+ protected function showPermissionError(string $redirectLocation = '/'): never

{

$message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');

- throw new NotifyException($message, '/', 403);

+ throw new NotifyException($message, $redirectLocation, 403);

}

/**

* Checks that the current user has the given permission otherwise throw an exception.

- protected function checkPermission(string $permission): void

+ protected function checkPermission(string|Permission $permission): void

{

if (!user() || !user()->can($permission)) {

$this->showPermissionError();

@@ -79,10 +80,10 @@ abstract class Controller extends BaseController

/**

* Check the current user's permissions against an ownable item otherwise throw an exception.

- protected function checkOwnablePermission(string $permission, Model $ownable): void

+ protected function checkOwnablePermission(string|Permission $permission, Model $ownable, string $redirectLocation = '/'): void

{

if (!userCan($permission, $ownable)) {

- $this->showPermissionError();

+ $this->showPermissionError($redirectLocation);

}

@@ -90,7 +91,7 @@ abstract class Controller extends BaseController

* Check if a user has a permission or bypass the permission

* check if the given callback resolves true.

- protected function checkPermissionOr(string $permission, callable $callback): void

+ protected function checkPermissionOr(string|Permission $permission, callable $callback): void

{

if ($callback() !== true) {

$this->checkPermission($permission);

@@ -101,7 +102,7 @@ abstract class Controller extends BaseController

* Check if the current user has a permission or bypass if the provided user

* id matches the current user.

- protected function checkPermissionOrCurrentUser(string $permission, int $userId): void

+ protected function checkPermissionOrCurrentUser(string|Permission $permission, int $userId): void

{

$this->checkPermissionOr($permission, function () use ($userId) {

return $userId === user()->id;

@@ -109,7 +110,7 @@ abstract class Controller extends BaseController

}

/**

- * Send back a json error message.

+ * Send back a JSON error message.

protected function jsonError(string $messageText = '', int $statusCode = 500): JsonResponse

{

@@ -125,7 +126,7 @@ abstract class Controller extends BaseController

}

/**

- * Show a positive, successful notification to the user on next view load.

+ * Show a positive, successful notification to the user on the next view load.

protected function showSuccessNotification(string $message): void

{

@@ -133,7 +134,7 @@ abstract class Controller extends BaseController

}

/**

- * Show a warning notification to the user on next view load.

+ * Show a warning notification to the user on the next view load.

protected function showWarningNotification(string $message): void

{

@@ -141,7 +142,7 @@ abstract class Controller extends BaseController

}

/**

- * Show an error notification to the user on next view load.

+ * Show an error notification to the user on the next view load.

protected function showErrorNotification(string $message): void

{

@@ -150,10 +151,8 @@ abstract class Controller extends BaseController

/**

* Log an activity in the system.

- *

- * @param string|Loggable $detail

- protected function logActivity(string $type, $detail = ''): void

+ protected function logActivity(string $type, string|Loggable $detail = ''): void

{

Activity::add($type, $detail);

}

@@ -163,6 +162,22 @@ abstract class Controller extends BaseController

protected function getImageValidationRules(): array

{

- return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)];

+ return ['image_extension', 'mimes:jpeg,png,gif,webp,avif', 'max:' . (config('app.upload_limit') * 1000)];

+ }

+ /**

+ * Redirect to the URL provided in the request as a '_return' parameter.

+ * Will check that the parameter leads to a URL under the root path of the system.

+ */

+ protected function redirectToRequest(Request $request): RedirectResponse

+ {

+ $basePath = url('/');

+ $returnUrl = $request->input('_return') ?? $basePath;

+ if (!str_starts_with($returnUrl, $basePath)) {

+ return redirect($basePath);

+ }

+ return redirect($returnUrl);

}