Showing
1 changed file
with
15 additions
and
10 deletions
| ... | @@ -486,17 +486,22 @@ class PermissionService | ... | @@ -486,17 +486,22 @@ class PermissionService |
| 486 | } | 486 | } |
| 487 | }); | 487 | }); |
| 488 | $chapterSelect = $this->db->table('chapters')->selectRaw("'BookStack\\\\Chapter' as entity_type, id, slug, name, '' as text, description, book_id, priority, 0 as chapter_id, 0 as draft")->where('book_id', '=', $book_id); | 488 | $chapterSelect = $this->db->table('chapters')->selectRaw("'BookStack\\\\Chapter' as entity_type, id, slug, name, '' as text, description, book_id, priority, 0 as chapter_id, 0 as draft")->where('book_id', '=', $book_id); |
| 489 | - $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)') | ||
| 490 | - ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type') | ||
| 491 | - ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles()) | ||
| 492 | - ->where(function($query) { | ||
| 493 | - $query->where('jp.has_permission', '=', 1)->orWhere(function($query) { | ||
| 494 | - $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id); | ||
| 495 | - }); | ||
| 496 | - }); | ||
| 497 | $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U")) | 489 | $query = $this->db->query()->select('*')->from($this->db->raw("({$pageSelect->toSql()} UNION {$chapterSelect->toSql()}) AS U")) |
| 498 | - ->mergeBindings($pageSelect)->mergeBindings($chapterSelect) | 490 | + ->mergeBindings($pageSelect)->mergeBindings($chapterSelect); |
| 499 | - ->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery)->orderBy('draft', 'desc')->orderBy('priority', 'asc'); | 491 | + |
| 492 | + if (!$this->isAdmin()) { | ||
| 493 | + $whereQuery = $this->db->table('joint_permissions as jp')->selectRaw('COUNT(*)') | ||
| 494 | + ->whereRaw('jp.entity_id=U.id')->whereRaw('jp.entity_type=U.entity_type') | ||
| 495 | + ->where('jp.action', '=', 'view')->whereIn('jp.role_id', $this->getRoles()) | ||
| 496 | + ->where(function($query) { | ||
| 497 | + $query->where('jp.has_permission', '=', 1)->orWhere(function($query) { | ||
| 498 | + $query->where('jp.has_permission_own', '=', 1)->where('jp.created_by', '=', $this->currentUser()->id); | ||
| 499 | + }); | ||
| 500 | + }); | ||
| 501 | + $query->whereRaw("({$whereQuery->toSql()}) > 0")->mergeBindings($whereQuery); | ||
| 502 | + } | ||
| 503 | + | ||
| 504 | + $query->orderBy('draft', 'desc')->orderBy('priority', 'asc'); | ||
| 500 | $this->clean(); | 505 | $this->clean(); |
| 501 | return $query; | 506 | return $query; |
| 502 | } | 507 | } | ... | ... |
-
Please register or sign in to post a comment