From: Dan Brown <redacted>
Date: Sun, 25 Jun 2023 22:22:49 +0000 (+0100)
Subject: Shelf permissions: Removed unused 'create' permission from view
X-Git-Tag: v23.06~1^2~8
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/847a57a49aef525d2f7f429a30e58a34cf69d43f

Shelf permissions: Removed unused 'create' permission from view

Was causing confusion.
Added test to cover.
Also added migration to remove existing create entries to pre-emptively
avoid issues in future if 'create' is used again.
---

diff --git a/database/migrations/2023_06_25_181952_remove_bookshelf_create_entity_permissions.php b/database/migrations/2023_06_25_181952_remove_bookshelf_create_entity_permissions.php
new file mode 100644
index 000000000..efb65972b
--- /dev/null
+++ b/database/migrations/2023_06_25_181952_remove_bookshelf_create_entity_permissions.php
@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        DB::table('entity_permissions')
+            ->where('entity_type', '=', 'bookshelf')
+            ->update(['create' => 0]);
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        // No structural changes to make, and we cannot know the permissions to re-assign.
+    }
+};
diff --git a/resources/views/form/entity-permissions-row.blade.php b/resources/views/form/entity-permissions-row.blade.php
index 6b515af86..5c2e86741 100644
--- a/resources/views/form/entity-permissions-row.blade.php
+++ b/resources/views/form/entity-permissions-row.blade.php
@@ -44,7 +44,7 @@ $inheriting - Boolean if the current row should be marked as inheriting default
                 'disabled' => $inheriting
             ])
         </div>
-        @if($entityType !== 'page')
+        @if($entityType !== 'page' && $entityType !== 'bookshelf')
             <div class="px-l">
                 @include('form.custom-checkbox', [
                     'name' =>  'permissions[' . $role->id . '][create]',
diff --git a/tests/Permissions/EntityPermissionsTest.php b/tests/Permissions/EntityPermissionsTest.php
index 3c4bf4a77..035546593 100644
--- a/tests/Permissions/EntityPermissionsTest.php
+++ b/tests/Permissions/EntityPermissionsTest.php
@@ -413,6 +413,15 @@ class EntityPermissionsTest extends TestCase
         $this->entityRestrictionFormTest(Page::class, 'Page Permissions', 'delete', '2');
     }
 
+    public function test_shelf_create_permission_not_visible()
+    {
+        $shelf = $this->entities->shelf();
+
+        $resp = $this->asAdmin()->get($shelf->getUrl('/permissions'));
+        $html = $this->withHtml($resp);
+        $html->assertElementNotExists('input[name$="[create]"]');
+    }
+
     public function test_restricted_pages_not_visible_in_book_navigation_on_pages()
     {
         $chapter = $this->entities->chapter();