Merge branch 'development' into release

Author: ssddanbrown

.env.example.complete

@@ -80,6 +80,9 @@ MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 
+# Command to use when email is sent via sendmail
+MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
+
 # Cache & Session driver to use
 # Can be 'file', 'database', 'memcached' or 'redis'
 CACHE_DRIVER=file

.github/translators.txt

@@ -308,3 +308,6 @@ Adrian Ocneanu (aocneanu) :: Romanian
 Eduardo Castanho (EduardoCastanho) :: Portuguese
 VIET NAM VPS (vietnamvps) :: Vietnamese
 m4tthi4s :: French
+toras9000 :: Japanese
+pathab :: German
+MichelSchoon85 :: Dutch

.github/workflows/test-migrations.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['7.4', '8.0', '8.1', '8.2']
+        php: ['8.0', '8.1', '8.2']
     steps:
       - uses: actions/checkout@v1
 

.github/workflows/test-php.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['7.4', '8.0', '8.1', '8.2']
+        php: ['8.0', '8.1', '8.2']
     steps:
     - uses: actions/checkout@v1
 

.gitignore

@@ -11,6 +11,7 @@ yarn-error.log
 /public/js/*.map
 /public/bower
 /public/build/
+/public/favicon.ico
 /storage/images
 _ide_helper.php
 /storage/debugbar

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2022, Dan Brown and the BookStack Project contributors.
+Copyright (c) 2015-2023, Dan Brown and the BookStack Project contributors.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Auth/Permissions/PermissionApplicator.php

@@ -158,6 +158,11 @@ public function restrictPageRelationQuery(Builder $query, string $tableName, str
                     $query->select('id')->from('pages')
                         ->whereColumn('pages.id', '=', $fullPageIdColumn)
                         ->where('pages.draft', '=', false);
+                })->orWhereExists(function (QueryBuilder $query) use ($fullPageIdColumn) {
+                    $query->select('id')->from('pages')
+                        ->whereColumn('pages.id', '=', $fullPageIdColumn)
+                        ->where('pages.draft', '=', true)
+                        ->where('pages.created_by', '=', $this->currentUser()->id);
                 });
             });
     }

app/Auth/Permissions/PermissionsRepo.php

@@ -12,11 +12,8 @@
 class PermissionsRepo
 {
     protected JointPermissionBuilder $permissionBuilder;
-    protected $systemRoles = ['admin', 'public'];
+    protected array $systemRoles = ['admin', 'public'];
 
-    /**
-     * PermissionsRepo constructor.
-     */
     public function __construct(JointPermissionBuilder $permissionBuilder)
     {
         $this->permissionBuilder = $permissionBuilder;
@@ -41,7 +38,7 @@ public function getAllRolesExcept(Role $role): Collection
     /**
      * Get a role via its ID.
      */
-    public function getRoleById($id): Role
+    public function getRoleById(int $id): Role
     {
         return Role::query()->findOrFail($id);
     }
@@ -52,10 +49,10 @@ public function getRoleById($id): Role
     public function saveNewRole(array $roleData): Role
     {
         $role = new Role($roleData);
-        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
+        $role->mfa_enforced = boolval($roleData['mfa_enforced'] ?? false);
         $role->save();
 
-        $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
+        $permissions = $roleData['permissions'] ?? [];
         $this->assignRolePermissions($role, $permissions);
         $this->permissionBuilder->rebuildForRole($role);
 
@@ -66,42 +63,45 @@ public function saveNewRole(array $roleData): Role
 
     /**
      * Updates an existing role.
-     * Ensure Admin role always have core permissions.
+     * Ensures Admin system role always have core permissions.
      */
-    public function updateRole($roleId, array $roleData)
+    public function updateRole($roleId, array $roleData): Role
     {
         $role = $this->getRoleById($roleId);
 
-        $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
-        if ($role->system_name === 'admin') {
-            $permissions = array_merge($permissions, [
-                'users-manage',
-                'user-roles-manage',
-                'restrictions-manage-all',
-                'restrictions-manage-own',
-                'settings-manage',
-            ]);
+        if (isset($roleData['permissions'])) {
+            $this->assignRolePermissions($role, $roleData['permissions']);
         }
 
-        $this->assignRolePermissions($role, $permissions);
-
         $role->fill($roleData);
-        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
         $role->save();
         $this->permissionBuilder->rebuildForRole($role);
 
         Activity::add(ActivityType::ROLE_UPDATE, $role);
+
+        return $role;
     }
 
     /**
-     * Assign a list of permission names to a role.
+     * Assign a list of permission names to the given role.
      */
-    protected function assignRolePermissions(Role $role, array $permissionNameArray = [])
+    protected function assignRolePermissions(Role $role, array $permissionNameArray = []): void
     {
         $permissions = [];
         $permissionNameArray = array_values($permissionNameArray);
 
-        if ($permissionNameArray) {
+        // Ensure the admin system role retains vital system permissions
+        if ($role->system_name === 'admin') {
+            $permissionNameArray = array_unique(array_merge($permissionNameArray, [
+                'users-manage',
+                'user-roles-manage',
+                'restrictions-manage-all',
+                'restrictions-manage-own',
+                'settings-manage',
+            ]));
+        }
+
+        if (!empty($permissionNameArray)) {
             $permissions = RolePermission::query()
                 ->whereIn('name', $permissionNameArray)
                 ->pluck('id')
@@ -114,13 +114,13 @@ protected function assignRolePermissions(Role $role, array $permissionNameArray
     /**
      * Delete a role from the system.
      * Check it's not an admin role or set as default before deleting.
-     * If an migration Role ID is specified the users assign to the current role
+     * If a migration Role ID is specified the users assign to the current role
      * will be added to the role of the specified id.
      *
      * @throws PermissionsException
      * @throws Exception
      */
-    public function deleteRole($roleId, $migrateRoleId)
+    public function deleteRole(int $roleId, int $migrateRoleId = 0): void
     {
         $role = $this->getRoleById($roleId);
 
@@ -131,7 +131,7 @@ public function deleteRole($roleId, $migrateRoleId)
             throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
         }
 
-        if ($migrateRoleId) {
+        if ($migrateRoleId !== 0) {
             $newRole = Role::query()->find($migrateRoleId);
             if ($newRole) {
                 $users = $role->users()->pluck('id')->toArray();

app/Auth/Permissions/RolePermission.php

@@ -8,6 +8,8 @@
 
 /**
  * @property int $id
+ * @property string $name
+ * @property string $display_name
  */
 class RolePermission extends Model
 {

app/Auth/Role.php

@@ -27,10 +27,14 @@ class Role extends Model implements Loggable
 {
     use HasFactory;
 
-    protected $fillable = ['display_name', 'description', 'external_auth_id'];
+    protected $fillable = ['display_name', 'description', 'external_auth_id', 'mfa_enforced'];
 
     protected $hidden = ['pivot'];
 
+    protected $casts = [
+        'mfa_enforced' => 'boolean',
+    ];
+
     /**
      * The roles that belong to the role.
      */
@@ -107,7 +111,13 @@ public static function getRole(string $displayName): ?self
      */
     public static function getSystemRole(string $systemName): ?self
     {
-        return static::query()->where('system_name', '=', $systemName)->first();
+        static $cache = [];
+
+        if (!isset($cache[$systemName])) {
+            $cache[$systemName] = static::query()->where('system_name', '=', $systemName)->first();
+        }
+
+        return $cache[$systemName];
     }
 
     /**