BookStack Code Mirror - bookstack/blobdiff - app/Entities/Controllers/BookshelfApiController.php

index a665bcb6bab7d314c35939f1c7e6aa3e4e902c28..f4bd394a9e7b54490525ab3a31a0a16b2a0f7919 100644 (file)

@@ -6,6 +6,7 @@ use BookStack\Entities\Models\Bookshelf;

use BookStack\Entities\Queries\BookshelfQueries;

use BookStack\Entities\Repos\BookshelfRepo;

use BookStack\Http\ApiController;

+use BookStack\Permissions\Permission;

use Exception;

use Illuminate\Database\Eloquent\Relations\BelongsToMany;

use Illuminate\Http\Request;

@@ -26,6 +27,7 @@ class BookshelfApiController extends ApiController

{

$shelves = $this->queries

->visibleForList()

+ ->with(['cover:id,name,url'])

->addSelect(['created_by', 'updated_by']);

return $this->apiListingResponse($shelves, [

@@ -44,7 +46,7 @@ class BookshelfApiController extends ApiController

*/

public function create(Request $request)

{

- $this->checkPermission('bookshelf-create-all');

+ $this->checkPermission(Permission::BookshelfCreateAll);

$requestData = $this->validate($request, $this->rules()['create']);

$bookIds = $request->get('books', []);

@@ -83,7 +85,7 @@ class BookshelfApiController extends ApiController

public function update(Request $request, string $id)

{

$shelf = $this->queries->findVisibleByIdOrFail(intval($id));

- $this->checkOwnablePermission('bookshelf-update', $shelf);

+ $this->checkOwnablePermission(Permission::BookshelfUpdate, $shelf);

$requestData = $this->validate($request, $this->rules()['update']);

$bookIds = $request->get('books', null);

@@ -102,7 +104,7 @@ class BookshelfApiController extends ApiController

public function delete(string $id)

{

$shelf = $this->queries->findVisibleByIdOrFail(intval($id));

- $this->checkOwnablePermission('bookshelf-delete', $shelf);

+ $this->checkOwnablePermission(Permission::BookshelfDelete, $shelf);

$this->bookshelfRepo->destroy($shelf);