Permissions: Started addition of revision-view permission

Author: ssddanbrown

app/Entities/Controllers/PageRevisionController.php

@@ -34,6 +34,7 @@ public function __construct(
      */
     public function index(Request $request, string $bookSlug, string $pageSlug)
     {
+        $this->checkPermission(Permission::RevisionViewAll);
         $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
         $listOptions = SimpleListOptions::fromRequest($request, 'page_revisions', true)->withSortOptions([
             'id' => trans('entities.pages_revisions_sort_number')
@@ -65,6 +66,8 @@ public function index(Request $request, string $bookSlug, string $pageSlug)
      */
     public function show(string $bookSlug, string $pageSlug, int $revisionId)
     {
+        $this->checkPermission(Permission::RevisionViewAll);
+
         $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
         /** @var ?PageRevision $revision */
         $revision = $page->revisions()->where('id', '=', $revisionId)->first();
@@ -94,6 +97,8 @@ public function show(string $bookSlug, string $pageSlug, int $revisionId)
      */
     public function changes(string $bookSlug, string $pageSlug, int $revisionId)
     {
+        $this->checkPermission(Permission::RevisionViewAll);
+
         $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
         /** @var ?PageRevision $revision */
         $revision = $page->revisions()->where('id', '=', $revisionId)->first();
@@ -130,6 +135,7 @@ public function changes(string $bookSlug, string $pageSlug, int $revisionId)
     public function restore(string $bookSlug, string $pageSlug, int $revisionId)
     {
         $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
+        $this->checkPermission(Permission::RevisionViewAll);
         $this->checkOwnablePermission(Permission::PageUpdate, $page);
 
         $page = $this->pageRepo->restoreRevision($page, $revisionId);
@@ -145,6 +151,7 @@ public function restore(string $bookSlug, string $pageSlug, int $revisionId)
     public function destroy(string $bookSlug, string $pageSlug, int $revId)
     {
         $page = $this->pageQueries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
+        $this->checkPermission(Permission::RevisionViewAll);
         $this->checkOwnablePermission(Permission::PageDelete, $page);
 
         $revision = $page->revisions()->where('id', '=', $revId)->first();

app/Permissions/Permission.php

@@ -118,6 +118,8 @@ enum Permission: string
     case PageViewAll = 'page-view-all';
     case PageViewOwn = 'page-view-own';
 
+    case RevisionViewAll = 'revision-view-all';
+
     /**
      * Get the generic permissions which may be queried for entities.
      */

lang/en/settings.php

@@ -207,6 +207,7 @@
     'role_all' => 'All',
     'role_own' => 'Own',
     'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',
+    'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
     'role_save' => 'Save Role',
     'role_users' => 'Users in this role',
     'role_users_none' => 'No users are currently assigned to this role',

resources/views/entities/meta.blade.php

@@ -9,7 +9,7 @@
         </div>
     @endif
 
-    @if ($entity->isA('page'))
+    @if ($entity->isA('page') && userCan(\BookStack\Permissions\Permission::RevisionViewAll))
         <a href="{{ $entity->getUrl('/revisions') }}" class="entity-meta-item">
             @icon('history'){{ trans('entities.meta_revision', ['revisionCount' => $entity->revision_count]) }}
         </a>

resources/views/pages/parts/show-sidebar-section-actions.blade.php

@@ -24,10 +24,12 @@
                 </a>
             @endif
         @endif
-        <a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
-            <span>@icon('history')</span>
-            <span>{{ trans('entities.revisions') }}</span>
-        </a>
+        @if(userCan(\BookStack\Permissions\Permission::RevisionViewAll))
+            <a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
+                <span>@icon('history')</span>
+                <span>{{ trans('entities.revisions') }}</span>
+            </a>
+        @endif
         @if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
             <a href="{{ $page->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
                 <span>@icon('lock')</span>

resources/views/settings/roles/parts/form.blade.php

@@ -79,6 +79,7 @@ class="item-list toggle-switch-list">
             @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.books'), 'permissionPrefix' => 'book'])
             @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.chapters'), 'permissionPrefix' => 'chapter'])
             @include('settings.roles.parts.asset-permissions-row', ['title' => trans('entities.pages'), 'permissionPrefix' => 'page'])
+            @include('settings.roles.parts.revisions-permissions-row', ['title' => trans('entities.revisions'), 'permissionPrefix' => 'revision'])
             @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.images'), 'permissionPrefix' => 'image'])
             @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.attachments'), 'permissionPrefix' => 'attachment'])
             @include('settings.roles.parts.related-asset-permissions-row', ['title' => trans('entities.comments'), 'permissionPrefix' => 'comment'])

resources/views/settings/roles/parts/revisions-permissions-row.blade.php

@@ -0,0 +1,22 @@
+<div class="item-list-row flex-container-row items-center wrap">
+    <div class="flex py-s px-m min-width-s">
+        <strong>{{ $title }}</strong> <br>
+        <a href="#" refs="permissions-table@toggle-row" class="text-small text-link">{{ trans('common.toggle_all') }}</a>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.create') }}<br></small>
+        <strong class="text-muted opacity-70 text-large">-</strong>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.view') }}<br></small>
+        @include('settings.roles.parts.checkbox', ['permission' => $permissionPrefix . '-view-all', 'label' => trans('settings.role_all')])
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.edit') }}<br></small>
+        <strong class="text-muted opacity-70 text-large">-</strong>
+    </div>
+    <div class="flex py-s px-m min-width-xxs">
+        <small class="hide-over-m bold">{{ trans('common.delete') }}<br></small>
+        <small>{{ trans('settings.role_controlled_by_page_delete') }}</small>
+    </div>
+</div>