Fixed entities wrongly visible on 404

Also ensured header state as expected on 404. In reference to BookStackApp/website#9

Fixed entities wrongly visible on 404
Also ensured header state as expected on 404. In reference to BookStackApp/website#9
Dan Brown
Commit 6638ee47d3b62015323f2be3a0c383c9cdcdd4f5 6638ee47 1 parent 80f84413
Showing 5 changed files with 42 additions and 21 deletions
app/Http/Kernel.php
app/helpers.php
resources/views/base.blade.php
resources/views/errors/404.blade.php
tests/PublicActionTest.php
--- a/app/Http/Kernel.php
View file @6638ee4
+++ b/app/Http/Kernel.php
View file @6638ee4
@@ -13,6 +13,8 @@ class Kernel extends HttpKernel
      */
     protected $middleware = [
         \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
+        \Illuminate\Session\Middleware\StartSession::class,
+        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
     ];
     /**
@@ -24,8 +26,6 @@ class Kernel extends HttpKernel
         'web' => [
             \BookStack\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \BookStack\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \BookStack\Http\Middleware\Localization::class
--- a/app/helpers.php
View file @6638ee4
+++ b/app/helpers.php
View file @6638ee4
@@ -38,6 +38,15 @@ function user()
 }
 /**
+ * Check if current user is a signed in user.
+ * @return bool
+ */
+function signedInUser()
+{
+    return auth()->user() && !auth()->user()->isDefault();
+}
+
+/**
  * Check if the current user has a permission.
  * If an ownable element is passed in the jointPermissions are checked against
  * that particular item.
--- a/resources/views/base.blade.php
View file @6638ee4
+++ b/resources/views/base.blade.php
View file @6638ee4
@@ -55,15 +55,15 @@
                     <div class="float right">
                         <div class="links text-center">
                             <a href="{{ baseUrl('/books') }}"><i class="zmdi zmdi-book"></i>{{ trans('entities.books') }}</a>
-                            @if(isset($currentUser) && userCan('settings-manage'))
+                            @if(signedInUser() && userCan('settings-manage'))
                                 <a href="{{ baseUrl('/settings') }}"><i class="zmdi zmdi-settings"></i>{{ trans('settings.settings') }}</a>
                             @endif
-                            @if(!isset($signedIn) || !$signedIn)
+                            @if(!signedInUser())
                                 <a href="{{ baseUrl('/login') }}"><i class="zmdi zmdi-sign-in"></i>{{ trans('auth.log_in') }}</a>
                             @endif
                         </div>
-                        @if(isset($signedIn) && $signedIn)
+                        @if(signedInUser())
-                            @include('partials._header-dropdown', ['currentUser' => $currentUser])
+                            @include('partials._header-dropdown', ['currentUser' => user()])
                         @endif
                     </div>
--- a/resources/views/errors/404.blade.php
View file @6638ee4
+++ b/resources/views/errors/404.blade.php
View file @6638ee4
@@ -10,22 +10,24 @@
     <p>{{ trans('errors.sorry_page_not_found') }}</p>
     <p><a href="{{ baseUrl('/') }}" class="button">{{ trans('errors.return_home') }}</a></p>
-    <hr>
+    @if (setting('app-public') || !user()->isDefault())
-
+        <hr>
-    <div class="row">
+
-        <div class="col-md-4">
+        <div class="row">
-            <h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
+            <div class="col-md-4">
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
+                <h3 class="text-muted">{{ trans('entities.pages_popular') }}</h3>
-        </div>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Page::class]), 'style' => 'compact'])
-        <div class="col-md-4">
+            </div>
-            <h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
+            <div class="col-md-4">
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
+                <h3 class="text-muted">{{ trans('entities.books_popular') }}</h3>
-        </div>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Book::class]), 'style' => 'compact'])
-        <div class="col-md-4">
+            </div>
-            <h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
+            <div class="col-md-4">
-            @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
+                <h3 class="text-muted">{{ trans('entities.chapters_popular') }}</h3>
+                @include('partials.entity-list', ['entities' => Views::getPopular(10, 0, [\BookStack\Chapter::class]), 'style' => 'compact'])
+            </div>
         </div>
-    </div>
+    @endif
 </div>
 @stop
\ No newline at end of file
--- a/tests/PublicActionTest.php
View file @6638ee4
+++ b/tests/PublicActionTest.php
View file @6638ee4
@@ -80,4 +80,14 @@ class PublicActionTest extends TestCase
         ]);
     }
+    public function test_content_not_listed_on_404_for_public_users()
+    {
+        $page = \BookStack\Page::first();
+        $this->asAdmin()->visit($page->getUrl());
+        Auth::logout();
+        view()->share('pageTitle', '');
+        $this->forceVisit('/cats/dogs/hippos');
+        $this->dontSee($page->name);
+    }
+
 }
\ No newline at end of file