BookStackApp
diff --git a/‎app/Access/LoginService.php‎
Lines changed: 2 additions & 1 deletion b/‎app/Access/LoginService.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/Activity/Controllers/AuditLogApiController.php‎
Lines changed: 3 additions & 2 deletions b/‎app/Activity/Controllers/AuditLogApiController.php‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎app/Activity/Controllers/AuditLogController.php‎
Lines changed: 3 additions & 2 deletions b/‎app/Activity/Controllers/AuditLogController.php‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎app/Activity/Controllers/CommentController.php‎
Lines changed: 9 additions & 8 deletions b/‎app/Activity/Controllers/CommentController.php‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎app/Activity/Controllers/WatchController.php‎
Lines changed: 2 additions & 1 deletion b/‎app/Activity/Controllers/WatchController.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/Activity/Notifications/Handlers/BaseNotificationHandler.php‎
Lines changed: 2 additions & 1 deletion b/‎app/Activity/Notifications/Handlers/BaseNotificationHandler.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/Activity/Tools/UserEntityWatchOptions.php‎
Lines changed: 2 additions & 1 deletion b/‎app/Activity/Tools/UserEntityWatchOptions.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/Api/ApiTokenGuard.php‎
Lines changed: 2 additions & 1 deletion b/‎app/Api/ApiTokenGuard.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/Api/UserApiTokenController.php‎
Lines changed: 7 additions & 6 deletions b/‎app/Api/UserApiTokenController.php‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎app/App/helpers.php‎
Lines changed: 1 addition & 1 deletion b/‎app/App/helpers.php‎
Lines changed: 1 addition & 1 deletion
@@ -9,6 +9,7 @@
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Facades\Activity;
 use BookStack\Facades\Theme;
+use BookStack\Permissions\Permission;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Users\Models\User;
 use Exception;
@@ -50,7 +51,7 @@ public function login(User $user, string $method, bool $remember = false): void
         Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);
 
         // Authenticate on all session guards if a likely admin
-        if ($user->can('users-manage') && $user->can('user-roles-manage')) {
+        if ($user->can(Permission::UsersManage) && $user->can(Permission::UserRolesManage)) {
             $guards = ['standard', 'ldap', 'saml2', 'oidc'];
             foreach ($guards as $guard) {
                 auth($guard)->login($user);
 
@@ -4,6 +4,7 @@
 
 use BookStack\Activity\Models\Activity;
 use BookStack\Http\ApiController;
+use BookStack\Permissions\Permission;
 
 class AuditLogApiController extends ApiController
 {
@@ -16,8 +17,8 @@ class AuditLogApiController extends ApiController
      */
     public function list()
     {
-        $this->checkPermission('settings-manage');
-        $this->checkPermission('users-manage');
+        $this->checkPermission(Permission::SettingsManage);
+        $this->checkPermission(Permission::UsersManage);
 
         $query = Activity::query()->with(['user']);
 
 
@@ -5,6 +5,7 @@
 use BookStack\Activity\ActivityType;
 use BookStack\Activity\Models\Activity;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use BookStack\Sorting\SortUrl;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
@@ -13,8 +14,8 @@ class AuditLogController extends Controller
 {
     public function index(Request $request)
     {
-        $this->checkPermission('settings-manage');
-        $this->checkPermission('users-manage');
+        $this->checkPermission(Permission::SettingsManage);
+        $this->checkPermission(Permission::UsersManage);
 
         $sort = $request->get('sort', 'activity_date');
         $order = $request->get('order', 'desc');
 
@@ -7,6 +7,7 @@
 use BookStack\Activity\Tools\CommentTreeNode;
 use BookStack\Entities\Queries\PageQueries;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
@@ -42,7 +43,7 @@ public function savePageComment(Request $request, int $pageId)
         }
 
         // Create a new comment.
-        $this->checkPermission('comment-create-all');
+        $this->checkPermission(Permission::CommentCreateAll);
         $contentRef = $input['content_ref'] ?? '';
         $comment = $this->commentRepo->create($page, $input['html'], $input['parent_id'] ?? null, $contentRef);
 
@@ -64,8 +65,8 @@ public function update(Request $request, int $commentId)
         ]);
 
         $comment = $this->commentRepo->getById($commentId);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        $this->checkOwnablePermission('comment-update', $comment);
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        $this->checkOwnablePermission(Permission::CommentUpdate, $comment);
 
         $comment = $this->commentRepo->update($comment, $input['html']);
 
@@ -81,8 +82,8 @@ public function update(Request $request, int $commentId)
     public function archive(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
             $this->showPermissionError();
         }
 
@@ -101,8 +102,8 @@ public function archive(int $id)
     public function unarchive(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('page-view', $comment->entity);
-        if (!userCan('comment-update', $comment) && !userCan('comment-delete', $comment)) {
+        $this->checkOwnablePermission(Permission::PageView, $comment->entity);
+        if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
             $this->showPermissionError();
         }
 
@@ -121,7 +122,7 @@ public function unarchive(int $id)
     public function destroy(int $id)
     {
         $comment = $this->commentRepo->getById($id);
-        $this->checkOwnablePermission('comment-delete', $comment);
+        $this->checkOwnablePermission(Permission::CommentDelete, $comment);
 
         $this->commentRepo->delete($comment);
 
 
@@ -5,13 +5,14 @@
 use BookStack\Activity\Tools\UserEntityWatchOptions;
 use BookStack\Entities\Tools\MixedEntityRequestHelper;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use Illuminate\Http\Request;
 
 class WatchController extends Controller
 {
     public function update(Request $request, MixedEntityRequestHelper $entityHelper)
     {
-        $this->checkPermission('receive-notifications');
+        $this->checkPermission(Permission::ReceiveNotifications);
         $this->preventGuestAccess();
 
         $requestData = $this->validate($request, array_merge([
 
@@ -5,6 +5,7 @@
 use BookStack\Activity\Models\Loggable;
 use BookStack\Activity\Notifications\Messages\BaseActivityNotification;
 use BookStack\Entities\Models\Entity;
+use BookStack\Permissions\Permission;
 use BookStack\Permissions\PermissionApplicator;
 use BookStack\Users\Models\User;
 use Illuminate\Support\Facades\Log;
@@ -26,7 +27,7 @@ protected function sendNotificationToUserIds(string $notification, array $userId
             }
 
             // Prevent sending of the user does not have notification permissions
-            if (!$user->can('receive-notifications')) {
+            if (!$user->can(Permission::ReceiveNotifications)) {
                 continue;
             }
 
 
@@ -7,6 +7,7 @@
 use BookStack\Entities\Models\BookChild;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Permission;
 use BookStack\Users\Models\User;
 use Illuminate\Database\Eloquent\Builder;
 
@@ -22,7 +23,7 @@ public function __construct(
 
     public function canWatch(): bool
     {
-        return $this->user->can('receive-notifications') && !$this->user->isGuest();
+        return $this->user->can(Permission::ReceiveNotifications) && !$this->user->isGuest();
     }
 
     public function getWatchLevel(): string
 
@@ -4,6 +4,7 @@
 
 use BookStack\Access\LoginService;
 use BookStack\Exceptions\ApiAuthException;
+use BookStack\Permissions\Permission;
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Guard;
@@ -146,7 +147,7 @@ protected function validateToken(?ApiToken $token, string $secret): void
             throw new ApiAuthException(trans('errors.api_user_token_expired'), 403);
         }
 
-        if (!$token->user->can('access-api')) {
+        if (!$token->user->can(Permission::AccessApi)) {
             throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
         }
     }
 
@@ -4,6 +4,7 @@
 
 use BookStack\Activity\ActivityType;
 use BookStack\Http\Controller;
+use BookStack\Permissions\Permission;
 use BookStack\Users\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
@@ -16,8 +17,8 @@ class UserApiTokenController extends Controller
      */
     public function create(Request $request, int $userId)
     {
-        $this->checkPermission('access-api');
-        $this->checkPermissionOrCurrentUser('users-manage', $userId);
+        $this->checkPermission(Permission::AccessApi);
+        $this->checkPermissionOrCurrentUser(Permission::UsersManage, $userId);
         $this->updateContext($request);
 
         $user = User::query()->findOrFail($userId);
@@ -35,8 +36,8 @@ public function create(Request $request, int $userId)
      */
     public function store(Request $request, int $userId)
     {
-        $this->checkPermission('access-api');
-        $this->checkPermissionOrCurrentUser('users-manage', $userId);
+        $this->checkPermission(Permission::AccessApi);
+        $this->checkPermissionOrCurrentUser(Permission::UsersManage, $userId);
 
         $this->validate($request, [
             'name'       => ['required', 'max:250'],
@@ -143,8 +144,8 @@ public function destroy(int $userId, int $tokenId)
      */
     protected function checkPermissionAndFetchUserToken(int $userId, int $tokenId): array
     {
-        $this->checkPermissionOr('users-manage', function () use ($userId) {
-            return $userId === user()->id && userCan('access-api');
+        $this->checkPermissionOr(Permission::UsersManage, function () use ($userId) {
+            return $userId === user()->id && userCan(Permission::AccessApi);
         });
 
         $user = User::query()->findOrFail($userId);
 
@@ -56,7 +56,7 @@ function userCan(string|Permission $permission, ?Model $ownable = null): bool
  * Check if the current user can perform the given action on any items in the system.
  * Can be provided the class name of an entity to filter ability to that specific entity type.
  */
-function userCanOnAny(string $action, string $entityClass = ''): bool
+function userCanOnAny(string|Permission $action, string $entityClass = ''): bool
 {
     $permissions = app()->make(PermissionApplicator::class);
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`use BookStack\Activity\Models\Activity;`
`6`	`6`	`use BookStack\Http\ApiController;`
	`7`	`+use BookStack\Permissions\Permission;`
`7`	`8`
`8`	`9`	`class AuditLogApiController extends ApiController`
`9`	`10`	`{`
`@@ -16,8 +17,8 @@ class AuditLogApiController extends ApiController`
`16`	`17`	`*/`
`17`	`18`	`public function list()`
`18`	`19`	`{`
`19`		`- $this->checkPermission('settings-manage');`
`20`		`- $this->checkPermission('users-manage');`
	`20`	`+ $this->checkPermission(Permission::SettingsManage);`
	`21`	`+ $this->checkPermission(Permission::UsersManage);`
`21`	`22`
`22`	`23`	`$query = Activity::query()->with(['user']);`
`23`	`24`
Original file line number	Diff line number	Diff line change
`@@ -5,13 +5,14 @@`
`5`	`5`	`use BookStack\Activity\Tools\UserEntityWatchOptions;`
`6`	`6`	`use BookStack\Entities\Tools\MixedEntityRequestHelper;`
`7`	`7`	`use BookStack\Http\Controller;`
	`8`	`+use BookStack\Permissions\Permission;`
`8`	`9`	`use Illuminate\Http\Request;`
`9`	`10`
`10`	`11`	`class WatchController extends Controller`
`11`	`12`	`{`
`12`	`13`	`public function update(Request $request, MixedEntityRequestHelper $entityHelper)`
`13`	`14`	`{`
`14`		`- $this->checkPermission('receive-notifications');`
	`15`	`+ $this->checkPermission(Permission::ReceiveNotifications);`
`15`	`16`	`$this->preventGuestAccess();`
`16`	`17`
`17`	`18`	`$requestData = $this->validate($request, array_merge([`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`use BookStack\Activity\Models\Loggable;`
`6`	`6`	`use BookStack\Activity\Notifications\Messages\BaseActivityNotification;`
`7`	`7`	`use BookStack\Entities\Models\Entity;`
	`8`	`+use BookStack\Permissions\Permission;`
`8`	`9`	`use BookStack\Permissions\PermissionApplicator;`
`9`	`10`	`use BookStack\Users\Models\User;`
`10`	`11`	`use Illuminate\Support\Facades\Log;`
`@@ -26,7 +27,7 @@ protected function sendNotificationToUserIds(string $notification, array $userId`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`// Prevent sending of the user does not have notification permissions`
`29`		`- if (!$user->can('receive-notifications')) {`
	`30`	`+ if (!$user->can(Permission::ReceiveNotifications)) {`
`30`	`31`	`continue;`
`31`	`32`	`}`
`32`	`33`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`use BookStack\Entities\Models\BookChild;`
`8`	`8`	`use BookStack\Entities\Models\Entity;`
`9`	`9`	`use BookStack\Entities\Models\Page;`
	`10`	`+use BookStack\Permissions\Permission;`
`10`	`11`	`use BookStack\Users\Models\User;`
`11`	`12`	`use Illuminate\Database\Eloquent\Builder;`
`12`	`13`
`@@ -22,7 +23,7 @@ public function __construct(`
`22`	`23`
`23`	`24`	`public function canWatch(): bool`
`24`	`25`	`{`
`25`		`- return $this->user->can('receive-notifications') && !$this->user->isGuest();`
	`26`	`+ return $this->user->can(Permission::ReceiveNotifications) && !$this->user->isGuest();`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`public function getWatchLevel(): string`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`use BookStack\Access\LoginService;`
`6`	`6`	`use BookStack\Exceptions\ApiAuthException;`
	`7`	`+use BookStack\Permissions\Permission;`
`7`	`8`	`use Illuminate\Auth\GuardHelpers;`
`8`	`9`	`use Illuminate\Contracts\Auth\Authenticatable;`
`9`	`10`	`use Illuminate\Contracts\Auth\Guard;`
`@@ -146,7 +147,7 @@ protected function validateToken(?ApiToken $token, string $secret): void`
`146`	`147`	`throw new ApiAuthException(trans('errors.api_user_token_expired'), 403);`
`147`	`148`	`}`
`148`	`149`
`149`		`- if (!$token->user->can('access-api')) {`
	`150`	`+ if (!$token->user->can(Permission::AccessApi)) {`
`150`	`151`	`throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);`
`151`	`152`	`}`
`152`	`153`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ function userCan(string\|Permission $permission, ?Model $ownable = null): bool`
`56`	`56`	`* Check if the current user can perform the given action on any items in the system.`
`57`	`57`	`* Can be provided the class name of an entity to filter ability to that specific entity type.`
`58`	`58`	`*/`
`59`		`-function userCanOnAny(string $action, string $entityClass = ''): bool`
	`59`	`+function userCanOnAny(string\|Permission $action, string $entityClass = ''): bool`
`60`	`60`	`{`
`61`	`61`	`$permissions = app()->make(PermissionApplicator::class);`
`62`	`62`