mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-01-19 05:52:48 +08:00
Updated shelf-list view to enforce view permissions for child books
- Aligned shelf-homepage behaviour to match - Updated testing to cover. For #2111
This commit is contained in:
parent
d3ec38bee3
commit
9666c8c0f7
|
@ -28,8 +28,10 @@ class BookshelfRepo
|
|||
*/
|
||||
public function getAllPaginated(int $count = 20, string $sort = 'name', string $order = 'asc'): LengthAwarePaginator
|
||||
{
|
||||
return Bookshelf::visible()->with('visibleBooks')
|
||||
->orderBy($sort, $order)->paginate($count);
|
||||
return Bookshelf::visible()
|
||||
->with('visibleBooks')
|
||||
->orderBy($sort, $order)
|
||||
->paginate($count);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -69,11 +69,7 @@ class HomeController extends Controller
|
|||
}
|
||||
|
||||
if ($homepageOption === 'bookshelves') {
|
||||
$shelfRepo = app(BookshelfRepo::class);
|
||||
$shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['sort'], $commonData['order']);
|
||||
foreach ($shelves as $shelf) {
|
||||
$shelf->books = $shelf->visibleBooks;
|
||||
}
|
||||
$data = array_merge($commonData, ['shelves' => $shelves]);
|
||||
return view('common.home-shelves', $data);
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
</div>
|
||||
</a>
|
||||
<div class="entity-shelf-books grid third gap-y-xs entity-list-item-children">
|
||||
@foreach($shelf->books as $book)
|
||||
@foreach($shelf->visibleBooks as $book)
|
||||
<div>
|
||||
<a href="{{ $book->getUrl('?shelf=' . $shelf->id) }}" class="entity-chip text-book">
|
||||
@icon('book')
|
||||
|
|
|
@ -56,6 +56,25 @@ class BookShelfTest extends TestCase
|
|||
$resp->assertElementContains('a', 'New Shelf');
|
||||
}
|
||||
|
||||
public function test_book_not_visible_in_shelf_list_view_if_user_cant_view_shelf()
|
||||
{
|
||||
config()->set([
|
||||
'app.views.bookshelves' => 'list',
|
||||
]);
|
||||
$shelf = Bookshelf::query()->first();
|
||||
$book = $shelf->books()->first();
|
||||
|
||||
$resp = $this->asEditor()->get('/shelves');
|
||||
$resp->assertSee($book->name);
|
||||
$resp->assertSee($book->getUrl());
|
||||
|
||||
$this->setEntityRestrictions($book, []);
|
||||
|
||||
$resp = $this->asEditor()->get('/shelves');
|
||||
$resp->assertDontSee($book->name);
|
||||
$resp->assertDontSee($book->getUrl());
|
||||
}
|
||||
|
||||
public function test_shelves_create()
|
||||
{
|
||||
$booksToInclude = Book::take(2)->get();
|
||||
|
|
Loading…
Reference in New Issue
Block a user