archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-20 03:16:18 +00:00
Code Issues Projects Releases Wiki Activity

Prevented guest users creating draft pages.

Browse source
This commit is contained in:
Dan Brown 2016-09-29 15:56:57 +01:00
parent 771626b6ec
commit b662670efc
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
6 changed files with 93 additions and 16 deletions

59
app/Http/Controllers/PageController.php
View file

@ -44,20 +44,53 @@ class PageController extends Controller
/** /**
* Show the form for creating a new page. * Show the form for creating a new page.
* @param string $bookSlug * @param string $bookSlug
* @param bool $chapterSlug * @param string $chapterSlug
* @return Response * @return Response
* @internal param bool $pageSlug * @internal param bool $pageSlug
*/ */
public function create($bookSlug, $chapterSlug = false) public function create($bookSlug, $chapterSlug = null)
{ {
$book = $this->bookRepo->getBySlug($bookSlug); $book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null; $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
$parent = $chapter ? $chapter : $book; $parent = $chapter ? $chapter : $book;
$this->checkOwnablePermission('page-create', $parent); $this->checkOwnablePermission('page-create', $parent);
$this->setPageTitle('Create New Page');
$draft = $this->pageRepo->getDraftPage($book, $chapter); // Redirect to draft edit screen if signed in
return redirect($draft->getUrl()); if ($this->signedIn) {
$draft = $this->pageRepo->getDraftPage($book, $chapter);
return redirect($draft->getUrl());
}
// Otherwise show edit view
$this->setPageTitle('Create New Page');
return view('pages/guest-create', ['parent' => $parent]);
}
/**
* Create a new page as a guest user.
* @param Request $request
* @param string $bookSlug
* @param string|null $chapterSlug
* @return mixed
* @throws NotFoundException
*/
public function createAsGuest(Request $request, $bookSlug, $chapterSlug = null)
{
$this->validate($request, [
'name' => 'required|string|max:255'
]);
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
$parent = $chapter ? $chapter : $book;
$this->checkOwnablePermission('page-create', $parent);
$page = $this->pageRepo->getDraftPage($book, $chapter);
$this->pageRepo->publishDraft($page, [
'name' => $request->get('name'),
'html' => ''
]);
return redirect($page->getUrl('/edit'));
} }
/** /**
@ -183,7 +216,13 @@ class PageController extends Controller
if (count($warnings) > 0) session()->flash('warning', implode("\n", $warnings)); if (count($warnings) > 0) session()->flash('warning', implode("\n", $warnings));
return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]); $draftsEnabled = $this->signedIn;
return view('pages/edit', [
'page' => $page,
'book' => $book,
'current' => $page,
'draftsEnabled' => $draftsEnabled
]);
} }
/** /**
@ -216,6 +255,14 @@ class PageController extends Controller
{ {
$page = $this->pageRepo->getById($pageId, true); $page = $this->pageRepo->getById($pageId, true);
$this->checkOwnablePermission('page-update', $page); $this->checkOwnablePermission('page-update', $page);
if (!$this->signedIn) {
return response()->json([
'status' => 'error',
'message' => 'Guests cannot save drafts',
], 500);
}
if ($page->draft) { if ($page->draft) {
$draft = $this->pageRepo->updateDraftPage($page, $request->only(['name', 'html', 'markdown'])); $draft = $this->pageRepo->updateDraftPage($page, $request->only(['name', 'html', 'markdown']));
} else { } else {

4
resources/assets/js/controllers.js
View file

@ -300,6 +300,7 @@ module.exports = function (ngApp, events) {
var isEdit = pageId !== 0; var isEdit = pageId !== 0;
var autosaveFrequency = 30; // AutoSave interval in seconds. var autosaveFrequency = 30; // AutoSave interval in seconds.
var isMarkdown = $attrs.editorType === 'markdown'; var isMarkdown = $attrs.editorType === 'markdown';
$scope.draftsEnabled = $attrs.draftsEnabled === 'true';
$scope.isUpdateDraft = Number($attrs.pageUpdateDraft) === 1; $scope.isUpdateDraft = Number($attrs.pageUpdateDraft) === 1;
$scope.isNewPageDraft = Number($attrs.pageNewDraft) === 1; $scope.isNewPageDraft = Number($attrs.pageNewDraft) === 1;
@ -317,7 +318,7 @@ module.exports = function (ngApp, events) {
html: false html: false
}; };
if (isEdit) { if (isEdit && $scope.draftsEnabled) {
setTimeout(() => { setTimeout(() => {
startAutoSave(); startAutoSave();
}, 1000); }, 1000);
@ -366,6 +367,7 @@ module.exports = function (ngApp, events) {
* Save a draft update into the system via an AJAX request. * Save a draft update into the system via an AJAX request.
*/ */
function saveDraft() { function saveDraft() {
if (!$scope.draftsEnabled) return;
var data = { var data = {
name: $('#name').val(), name: $('#name').val(),
html: isMarkdown ? $sce.getTrustedHtml($scope.displayContent) : $scope.editContent html: isMarkdown ? $sce.getTrustedHtml($scope.displayContent) : $scope.editContent

6
resources/views/pages/edit.blade.php
View file

@ -23,10 +23,4 @@
@include('partials/image-manager', ['imageType' => 'gallery', 'uploaded_to' => $page->id]) @include('partials/image-manager', ['imageType' => 'gallery', 'uploaded_to' => $page->id])
@include('partials/entity-selector-popup') @include('partials/entity-selector-popup')
<script>
(function() {
})();
</script>
@stop @stop

13
resources/views/pages/form.blade.php
View file

@ -1,7 +1,9 @@
<div class="page-editor flex-fill flex" ng-controller="PageEditController" editor-type="{{ setting('app-editor') }}" page-id="{{ $model->id or 0 }}" page-new-draft="{{ $model->draft or 0 }}" page-update-draft="{{ $model->isDraft or 0 }}"> <div class="page-editor flex-fill flex" ng-controller="PageEditController" drafts-enabled="{{ $draftsEnabled ? 'true' : 'false' }}" editor-type="{{ setting('app-editor') }}" page-id="{{ $model->id or 0 }}" page-new-draft="{{ $model->draft or 0 }}" page-update-draft="{{ $model->isDraft or 0 }}">
{{ csrf_field() }} {{ csrf_field() }}
{{--Header Bar--}}
<div class="faded-small toolbar"> <div class="faded-small toolbar">
<div class="container"> <div class="container">
<div class="row"> <div class="row">
@ -13,7 +15,7 @@
</div> </div>
<div class="col-sm-4 faded text-center"> <div class="col-sm-4 faded text-center">
<div dropdown class="dropdown-container draft-display"> <div ng-show="draftsEnabled" dropdown class="dropdown-container draft-display">
<a dropdown-toggle class="text-primary text-button"><span class="faded-text" ng-bind="draftText"></span>&nbsp; <i class="zmdi zmdi-more-vert"></i></a> <a dropdown-toggle class="text-primary text-button"><span class="faded-text" ng-bind="draftText"></span>&nbsp; <i class="zmdi zmdi-more-vert"></i></a>
<i class="zmdi zmdi-check-circle text-pos draft-notification" ng-class="{visible: draftUpdated}"></i> <i class="zmdi zmdi-check-circle text-pos draft-notification" ng-class="{visible: draftUpdated}"></i>
<ul> <ul>
@ -48,13 +50,17 @@
</div> </div>
</div> </div>
{{--Title input--}}
<div class="title-input page-title clearfix" ng-non-bindable> <div class="title-input page-title clearfix" ng-non-bindable>
<div class="input"> <div class="input">
@include('form/text', ['name' => 'name', 'placeholder' => 'Page Title']) @include('form/text', ['name' => 'name', 'placeholder' => 'Page Title'])
</div> </div>
</div> </div>
{{--Editors--}}
<div class="edit-area flex-fill flex"> <div class="edit-area flex-fill flex">
{{--WYSIWYG Editor--}}
@if(setting('app-editor') === 'wysiwyg') @if(setting('app-editor') === 'wysiwyg')
<div tinymce="editorOptions" mce-change="editorChange" mce-model="editContent" class="flex-fill flex"> <div tinymce="editorOptions" mce-change="editorChange" mce-model="editContent" class="flex-fill flex">
<textarea id="html-editor" name="html" rows="5" ng-non-bindable <textarea id="html-editor" name="html" rows="5" ng-non-bindable
@ -66,6 +72,7 @@
@endif @endif
@endif @endif
{{--Markdown Editor--}}
@if(setting('app-editor') === 'markdown') @if(setting('app-editor') === 'markdown')
<div id="markdown-editor" markdown-editor class="flex-fill flex"> <div id="markdown-editor" markdown-editor class="flex-fill flex">
@ -102,7 +109,7 @@
@if($errors->has('markdown')) @if($errors->has('markdown'))
<div class="text-neg text-small">{{ $errors->first('markdown') }}</div> <div class="text-neg text-small">{{ $errors->first('markdown') }}</div>
@endif @endif
@endif @endif
</div> </div>
</div> </div>

25
resources/views/pages/guest-create.blade.php Normal file
View file

@ -0,0 +1,25 @@
@extends('base')
@section('content')
<div class="container small" ng-non-bindable>
<h1>Create Page</h1>
<form action="{{ $parent->getUrl('/page/create/guest') }}" method="POST">
{!! csrf_field() !!}
<div class="form-group title-input">
<label for="name">Page Name</label>
@include('form/text', ['name' => 'name'])
</div>
<div class="form-group">
<a href="{{ $parent->getUrl() }}" class="button muted">Cancel</a>
<button type="submit" class="button pos">Continue</button>
</div>
</form>
</div>
@stop

2
routes/web.php
View file

@ -27,6 +27,7 @@ Route::group(['middleware' => 'auth'], function () {
// Pages // Pages
Route::get('/{bookSlug}/page/create', 'PageController@create'); Route::get('/{bookSlug}/page/create', 'PageController@create');
Route::post('/{bookSlug}/page/create/guest', 'PageController@createAsGuest');
Route::get('/{bookSlug}/draft/{pageId}', 'PageController@editDraft'); Route::get('/{bookSlug}/draft/{pageId}', 'PageController@editDraft');
Route::post('/{bookSlug}/draft/{pageId}', 'PageController@store'); Route::post('/{bookSlug}/draft/{pageId}', 'PageController@store');
Route::get('/{bookSlug}/page/{pageSlug}', 'PageController@show'); Route::get('/{bookSlug}/page/{pageSlug}', 'PageController@show');
@ -52,6 +53,7 @@ Route::group(['middleware' => 'auth'], function () {
// Chapters // Chapters
Route::get('/{bookSlug}/chapter/{chapterSlug}/create-page', 'PageController@create'); Route::get('/{bookSlug}/chapter/{chapterSlug}/create-page', 'PageController@create');
Route::post('/{bookSlug}/chapter/{chapterSlug}/page/create/guest', 'PageController@createAsGuest');
Route::get('/{bookSlug}/chapter/create', 'ChapterController@create'); Route::get('/{bookSlug}/chapter/create', 'ChapterController@create');
Route::post('/{bookSlug}/chapter/create', 'ChapterController@store'); Route::post('/{bookSlug}/chapter/create', 'ChapterController@store');
Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show'); Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show');