Merge pull request #5793 from BookStackApp/role_permission_refactor

Permissions: Use of enum references and RolePermission cleanup

Author: ssddanbrown

app/Access/LoginService.php

@@ -9,6 +9,7 @@
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Facades\Activity;
 use BookStack\Facades\Theme;
+use BookStack\Permissions\Permission;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Users\Models\User;
 use Exception;
@@ -50,7 +51,7 @@ public function login(User $user, string $method, bool $remember = false): void
         Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);
 
         // Authenticate on all session guards if a likely admin
-        if ($user->can('users-manage') && $user->can('user-roles-manage')) {
+        if ($user->can(Permission::UsersManage) && $user->can(Permission::UserRolesManage)) {
             $guards = ['standard', 'ldap', 'saml2', 'oidc'];
             foreach ($guards as $guard) {
                 auth($guard)->login($user);

app/Activity/Controllers/AuditLogApiController.php

@@ -4,6 +4,7 @@
 
 use BookStack\Activity\Models\Activity;
 use BookStack\Http\ApiController;
+use BookStack\Permissions\Permission;
 
 class AuditLogApiController extends ApiController
 {
@@ -16,8 +17,8 @@ class AuditLogApiController extends ApiController
      */
     public function list()
     {
-        $this->checkPermission('settings-manage');
-        $this->checkPermission('users-manage');
+        $this->checkPermission(Permission::SettingsManage);
+        $this->checkPermission(Permission::UsersManage);
 
         $query = Activity::query()->with(['user']);
 

app/Activity/Controllers/AuditLogController.php

@@ -5,6 +5,7 @@
 use BookStack\Activity\ActivityType;
 use BookStack\Activity\Models\Activity;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use BookStack\Sorting\SortUrl;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
@@ -13,8 +14,8 @@ class AuditLogController extends Controller
 {
     public function index(Request $request)
     {
-        $this->checkPermission('settings-manage');
-        $this->checkPermission('users-manage');
+        $this->checkPermission(Permission::SettingsManage);
+        $this->checkPermission(Permission::UsersManage);
 
         $sort = $request->get('sort', 'activity_date');
         $order = $request->get('order', 'desc');

app/Activity/Controllers/CommentController.php

@@ -7,6 +7,7 @@
 use BookStack\Activity\Tools\CommentTreeNode;
 use BookStack\Entities\Queries\PageQueries;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
@@ -42,7 +43,7 @@ public function savePageComment(Request $request, int $pageId)
         }
 
         // Create a new comment.
-        $this->checkPermission('comment-create-all');
+        $this->checkPermission(Permission::CommentCreateAll);
         $contentRef = $input['content_ref'] ?? '';
         $comment = $this->commentRepo->create($page, $input['html'], $input['parent_id'] ?? null, $contentRef);
 
@@ -64,8 +65,8 @@ public function update(Request $request, int $commentId)
         ]);
 
         $comment = $this->commentRepo->getById($commentId);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        $this->checkOwnablePermission('comment-update', $comment);
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        $this->checkOwnablePermission(Permission::CommentUpdate, $comment);
 
         $comment = $this->commentRepo->update($comment, $input['html']);
 
@@ -81,8 +82,8 @@ public function update(Request $request, int $commentId)
     public function archive(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
             $this->showPermissionError();
         }
 
@@ -101,8 +102,8 @@ public function archive(int $id)
     public function unarchive(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
             $this->showPermissionError();
         }
 
@@ -121,7 +122,7 @@ public function unarchive(int $id)
     public function destroy(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('comment-delete', $comment);
+        $this->checkOwnablePermission(Permission::CommentDelete, $comment);
 
         $this->commentRepo->delete($comment);
 

app/Activity/Controllers/WatchController.php

@@ -5,13 +5,14 @@
 use BookStack\Activity\Tools\UserEntityWatchOptions;
 use BookStack\Entities\Tools\MixedEntityRequestHelper;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use Illuminate\Http\Request;
 
 class WatchController extends Controller
 {
     public function update(Request $request, MixedEntityRequestHelper $entityHelper)
     {
-        $this->checkPermission('receive-notifications');
+        $this->checkPermission(Permission::ReceiveNotifications);
         $this->preventGuestAccess();
 
         $requestData = $this->validate($request, array_merge([

app/Activity/Controllers/WebhookController.php

@@ -6,6 +6,7 @@
 use BookStack\Activity\Models\Webhook;
 use BookStack\Activity\Queries\WebhooksAllPaginatedAndSorted;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
 
@@ -14,7 +15,7 @@ class WebhookController extends Controller
     public function __construct()
     {
         $this->middleware([
-            'can:settings-manage',
+            Permission::SettingsManage->middleware()
         ]);
     }
 

app/Activity/Notifications/Handlers/BaseNotificationHandler.php

@@ -5,6 +5,7 @@
 use BookStack\Activity\Models\Loggable;
 use BookStack\Activity\Notifications\Messages\BaseActivityNotification;
 use BookStack\Entities\Models\Entity;
+use BookStack\Permissions\Permission;
 use BookStack\Permissions\PermissionApplicator;
 use BookStack\Users\Models\User;
 use Illuminate\Support\Facades\Log;
@@ -26,7 +27,7 @@ protected function sendNotificationToUserIds(string $notification, array $userId
             }
 
             // Prevent sending of the user does not have notification permissions
-            if (!$user->can('receive-notifications')) {
+            if (!$user->can(Permission::ReceiveNotifications)) {
                 continue;
             }
 

app/Activity/Tools/CommentTree.php

@@ -4,6 +4,7 @@
 
 use BookStack\Activity\Models\Comment;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;
 
 class CommentTree
 {
@@ -70,7 +71,7 @@ public function getCommentNodeForId(int $commentId): ?CommentTreeNode
     public function canUpdateAny(): bool
     {
         foreach ($this->comments as $comment) {
-            if (userCan('comment-update', $comment)) {
+            if (userCan(Permission::CommentUpdate, $comment)) {
                 return true;
             }
         }

app/Activity/Tools/TagClassGenerator.php

@@ -6,6 +6,7 @@
 use BookStack\Entities\Models\BookChild;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;
 
 class TagClassGenerator
 {
@@ -26,14 +27,14 @@ public function generate(): array
              array_push($classes, ...$this->generateClassesForTag($tag));
         }
 
-        if ($this->entity instanceof BookChild && userCan('view', $this->entity->book)) {
+        if ($this->entity instanceof BookChild && userCan(Permission::BookView, $this->entity->book)) {
             $bookTags = $this->entity->book->tags;
             foreach ($bookTags as $bookTag) {
                  array_push($classes, ...$this->generateClassesForTag($bookTag, 'book-'));
             }
         }
 
-        if ($this->entity instanceof Page && $this->entity->chapter && userCan('view', $this->entity->chapter)) {
+        if ($this->entity instanceof Page && $this->entity->chapter && userCan(Permission::ChapterView, $this->entity->chapter)) {
             $chapterTags = $this->entity->chapter->tags;
             foreach ($chapterTags as $chapterTag) {
                  array_push($classes, ...$this->generateClassesForTag($chapterTag, 'chapter-'));

app/Activity/Tools/UserEntityWatchOptions.php

@@ -7,6 +7,7 @@
 use BookStack\Entities\Models\BookChild;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;
 use BookStack\Users\Models\User;
 use Illuminate\Database\Eloquent\Builder;
 
@@ -22,7 +23,7 @@ public function __construct(
 
     public function canWatch(): bool
     {
-        return $this->user->can('receive-notifications') && !$this->user->isGuest();
+        return $this->user->can(Permission::ReceiveNotifications) && !$this->user->isGuest();
     }
 
     public function getWatchLevel(): string