diff --git a/app/Auth/Permissions/PermissionService.php b/app/Auth/Permissions/PermissionService.php
index b4ea17cec..9e1876c90 100644
--- a/app/Auth/Permissions/PermissionService.php
+++ b/app/Auth/Permissions/PermissionService.php
@@ -683,12 +683,11 @@ class PermissionService
         if (strtolower($entityType) === 'page') {
             // Prevent drafts being visible to others.
             $query = $query->where(function ($query) {
-                $query->where('draft', '=', false);
-                if ($this->currentUser()) {
-                    $query->orWhere(function ($query) {
-                        $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);
+                $query->where('draft', '=', false)
+                    ->orWhere(function ($query) {
+                        $query->where('draft', '=', true)
+                            ->where('created_by', '=', $this->currentUser()->id);
                     });
-                }
             });
         }
 
diff --git a/app/Entities/Repos/EntityRepo.php b/app/Entities/Repos/EntityRepo.php
index c5fb3501e..13a335ea0 100644
--- a/app/Entities/Repos/EntityRepo.php
+++ b/app/Entities/Repos/EntityRepo.php
@@ -478,14 +478,16 @@ class EntityRepo
         $entity->permissions()->delete();
 
         if ($request->filled('restrictions')) {
-            foreach ($request->get('restrictions') as $roleId => $restrictions) {
-                foreach ($restrictions as $action => $value) {
-                    $entity->permissions()->create([
+            $entityPermissionData = collect($request->get('restrictions'))->flatMap(function($restrictions, $roleId) {
+                return collect($restrictions)->keys()->map(function($action) use ($roleId) {
+                    return [
                         'role_id' => $roleId,
-                        'action'  => strtolower($action),
-                    ]);
-                }
-            }
+                        'action' => strtolower($action),
+                    ] ;
+                });
+            });
+
+            $entity->permissions()->createMany($entityPermissionData);
         }
 
         $entity->save();
@@ -525,10 +527,9 @@ class EntityRepo
 
     /**
      * Update entity details from request input.
-     * Used for books and chapters.
-     * TODO: Remove type param
+     * Used for shelves, books and chapters.
      */
-    public function updateFromInput(string $type, Entity $entityModel, array $input = []): Entity
+    public function updateFromInput(Entity $entityModel, array $input): Entity
     {
         $entityModel->fill($input);
         $entityModel->updated_by = user()->id;
diff --git a/app/Http/Controllers/BookController.php b/app/Http/Controllers/BookController.php
index b2fb1dcba..a9a24d2ff 100644
--- a/app/Http/Controllers/BookController.php
+++ b/app/Http/Controllers/BookController.php
@@ -199,7 +199,7 @@ class BookController extends Controller
             'image' => $this->imageRepo->getImageValidationRules(),
         ]);
 
-         $book = $this->bookRepo->updateFromInput('book', $book, $request->all());
+         $book = $this->bookRepo->updateFromInput($book, $request->all());
          $this->bookUpdateActions($book, $request);
 
          Activity::add($book, 'book_update', $book->id);
diff --git a/app/Http/Controllers/BookshelfController.php b/app/Http/Controllers/BookshelfController.php
index b5565eb57..bef96dd01 100644
--- a/app/Http/Controllers/BookshelfController.php
+++ b/app/Http/Controllers/BookshelfController.php
@@ -177,7 +177,7 @@ class BookshelfController extends Controller
             'image' => $this->imageRepo->getImageValidationRules(),
         ]);
 
-         $shelf = $this->entityRepo->updateFromInput('bookshelf', $shelf, $request->all());
+         $shelf = $this->entityRepo->updateFromInput($shelf, $request->all());
          $this->shelfUpdateActions($shelf, $request);
 
          Activity::add($shelf, 'bookshelf_update');
diff --git a/app/Http/Controllers/ChapterController.php b/app/Http/Controllers/ChapterController.php
index 7b1fb300c..f728d1313 100644
--- a/app/Http/Controllers/ChapterController.php
+++ b/app/Http/Controllers/ChapterController.php
@@ -3,7 +3,6 @@
 use Activity;
 use BookStack\Auth\UserRepo;
 use BookStack\Entities\Repos\EntityRepo;
-use BookStack\Entities\ExportService;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Views;
@@ -113,7 +112,7 @@ class ChapterController extends Controller
         $chapter = $this->entityRepo->getEntityBySlug('chapter', $chapterSlug, $bookSlug);
         $this->checkOwnablePermission('chapter-update', $chapter);
 
-        $this->entityRepo->updateFromInput('chapter', $chapter, $request->all());
+        $this->entityRepo->updateFromInput($chapter, $request->all());
         Activity::add($chapter, 'chapter_update', $chapter->book->id);
         return redirect($chapter->getUrl());
     }
diff --git a/tests/SharedTestHelpers.php b/tests/SharedTestHelpers.php
index 2bff27223..358bf6ee3 100644
--- a/tests/SharedTestHelpers.php
+++ b/tests/SharedTestHelpers.php
@@ -215,13 +215,11 @@ trait SharedTestHelpers
     protected function runWithEnv(string $name, $value, callable $callback)
     {
         Env::disablePutenv();
-        $originalVal = $_ENV[$name] ?? null;
+        $originalVal = $_SERVER[$name] ?? null;
 
         if (is_null($value)) {
-            unset($_ENV[$name]);
             unset($_SERVER[$name]);
         } else {
-            $_ENV[$name] = $value;
             $_SERVER[$name] = $value;
         }
 
@@ -230,10 +228,8 @@ trait SharedTestHelpers
 
         if (is_null($originalVal)) {
             unset($_SERVER[$name]);
-            unset($_ENV[$name]);
         } else {
             $_SERVER[$name] = $originalVal;
-            $_ENV[$name] = $originalVal;
         }
     }
 
diff --git a/tests/Unit/ConfigTest.php b/tests/Unit/ConfigTest.php
index 7b9f64e6a..c84305ad8 100644
--- a/tests/Unit/ConfigTest.php
+++ b/tests/Unit/ConfigTest.php
@@ -20,7 +20,6 @@ class ConfigTest extends TestCase
 
     public function test_filesystem_attachments_falls_back_to_storage_type_var()
     {
-        putenv('STORAGE_TYPE=local_secure');
         $this->runWithEnv('STORAGE_TYPE', 'local_secure', function() {
             $this->checkEnvConfigResult('STORAGE_ATTACHMENT_TYPE', 's3', 'filesystems.attachments', 's3');
             $this->checkEnvConfigResult('STORAGE_ATTACHMENT_TYPE', null, 'filesystems.attachments', 'local_secure');