Shelf permissions: Removed unused 'create' permission from view

Was causing confusion. Added test to cover. Also added migration to remove existing create entries to pre-emptively avoid issues in future if 'create' is used again.
BookStackApp · Jun 25, 2023 · 847a57a · 847a57a
1 parent c74a260
commit 847a57a
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/database/migrations/2023_06_25_181952_remove_bookshelf_create_entity_permissions.php b/database/migrations/2023_06_25_181952_remove_bookshelf_create_entity_permissions.php
@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        DB::table('entity_permissions')
+            ->where('entity_type', '=', 'bookshelf')
+            ->update(['create' => 0]);
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        // No structural changes to make, and we cannot know the permissions to re-assign.
+    }
+};
diff --git a/resources/views/form/entity-permissions-row.blade.php b/resources/views/form/entity-permissions-row.blade.php
@@ -44,7 +44,7 @@ class="ml-auto flex-none text-small text-link text-button hover-underline item-l
                 'disabled' => $inheriting
             ])
         </div>
-        @if($entityType !== 'page')
+        @if($entityType !== 'page' && $entityType !== 'bookshelf')
             <div class="px-l">
                 @include('form.custom-checkbox', [
                     'name' =>  'permissions[' . $role->id . '][create]',

diff --git a/tests/Permissions/EntityPermissionsTest.php b/tests/Permissions/EntityPermissionsTest.php
@@ -413,6 +413,15 @@ public function test_page_restriction_form()
         $this->entityRestrictionFormTest(Page::class, 'Page Permissions', 'delete', '2');
     }
 
+    public function test_shelf_create_permission_not_visible()
+    {
+        $shelf = $this->entities->shelf();
+
+        $resp = $this->asAdmin()->get($shelf->getUrl('/permissions'));
+        $html = $this->withHtml($resp);
+        $html->assertElementNotExists('input[name$="[create]"]');
+    }
+
     public function test_restricted_pages_not_visible_in_book_navigation_on_pages()
     {
         $chapter = $this->entities->chapter();