Skip to content

Commit 33e0ceb

Browse files
duncanmccleanjasonvarga
duncanmcclean
and
jasonvarga
authored
[5.x] Add authorization to revision routes (#14301)
Co-authored-by: Jason Varga <jason@pixelfear.com>
1 parent 3eaa80c commit 33e0ceb

6 files changed

Lines changed: 163 additions & 192 deletions

File tree

resources/js/components/terms/PublishForm.vue

Lines changed: 0 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -131,45 +131,6 @@
131131
</div>
132132
</div>
133133

134-
<!--
135-
TODO
136-
<div class="flex items-center border-t justify-between px-4 py-2" v-if="!revisionsEnabled">
137-
<label v-text="__('Published')" class="publish-field-label font-medium" />
138-
<toggle-input v-model="published" />
139-
</div>
140-
141-
<div class="border-t p-4" v-if="revisionsEnabled">
142-
<label class="publish-field-label font-medium mb-2" v-text="__('Revisions')"/>
143-
<div class="mb-1 flex items-center" v-if="published">
144-
<span class="text-green-600 w-6 text-center">&check;</span>
145-
<span class="text-2xs" v-text="__('Entry has a published version')"></span>
146-
</div>
147-
<div class="mb-1 flex items-center" v-else="published">
148-
<span class="text-orange w-6 text-center">!</span>
149-
<span class="text-2xs" v-text="__('Entry has not been published')"></span>
150-
</div>
151-
<div class="mb-1 flex items-center" v-if="isWorkingCopy && isDirty">
152-
<span class="text-orange w-6 text-center">!</span>
153-
<span class="text-2xs" v-text="__('Working copy has unsaved changes')"></span>
154-
</div>
155-
<div class="mb-1 flex items-center" v-else-if="isWorkingCopy">
156-
<span class="text-orange w-6 text-center">!</span>
157-
<span class="text-2xs" v-text="__('Entry has unpublished changes')"></span>
158-
</div>
159-
<div class="mb-1 flex items-center" v-if="!isWorkingCopy && published">
160-
<span class="text-green-600 w-6 text-center">&check;</span>
161-
<span class="text-2xs" v-text="__('This is the published version')"></span>
162-
</div>
163-
<button
164-
class="flex items-center justify-center mt-4 btn-flat px-2 w-full"
165-
v-if="!isCreating && revisionsEnabled"
166-
@click="showRevisionHistory = true">
167-
<svg-icon name="history" class="h-4 w-4 rtl:ml-2 ltr:mr-2" />
168-
<span>{{ __('View History') }}</span>
169-
</button>
170-
</div>
171-
-->
172-
173134
<div class="p-4 border-t dark:border-dark-900" v-if="localizations.length > 1">
174135
<label class="publish-field-label font-medium mb-2" v-text="__('Sites')" />
175136
<div

routes/cp.php

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -83,12 +83,10 @@
8383
use Statamic\Http\Controllers\CP\StartPageController;
8484
use Statamic\Http\Controllers\CP\Taxonomies\PublishedTermsController;
8585
use Statamic\Http\Controllers\CP\Taxonomies\ReorderTaxonomyBlueprintsController;
86-
use Statamic\Http\Controllers\CP\Taxonomies\RestoreTermRevisionController;
8786
use Statamic\Http\Controllers\CP\Taxonomies\TaxonomiesController;
8887
use Statamic\Http\Controllers\CP\Taxonomies\TaxonomyBlueprintsController;
8988
use Statamic\Http\Controllers\CP\Taxonomies\TermActionController;
9089
use Statamic\Http\Controllers\CP\Taxonomies\TermPreviewController;
91-
use Statamic\Http\Controllers\CP\Taxonomies\TermRevisionsController;
9290
use Statamic\Http\Controllers\CP\Taxonomies\TermsController;
9391
use Statamic\Http\Controllers\CP\Updater\UpdateProductController;
9492
use Statamic\Http\Controllers\CP\Updater\UpdaterController;
@@ -202,12 +200,6 @@
202200
Route::post('/', [PublishedTermsController::class, 'store'])->name('taxonomies.terms.published.store');
203201
Route::delete('/', [PublishedTermsController::class, 'destroy'])->name('taxonomies.terms.published.destroy');
204202

205-
Route::resource('revisions', TermRevisionsController::class, [
206-
'as' => 'taxonomies.terms',
207-
'only' => ['index', 'store', 'show'],
208-
]);
209-
210-
Route::post('restore-revision', RestoreTermRevisionController::class)->name('taxonomies.terms.restore-revision');
211203
Route::post('preview', [TermPreviewController::class, 'edit'])->name('taxonomies.terms.preview.edit');
212204
Route::get('preview', [TermPreviewController::class, 'show'])->name('taxonomies.terms.preview.popout');
213205
Route::patch('/', [TermsController::class, 'update'])->name('taxonomies.terms.update');

src/Http/Controllers/CP/Collections/EntryRevisionsController.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ class EntryRevisionsController extends CpController
1212
{
1313
public function index(Request $request, $collection, $entry)
1414
{
15+
$this->authorize('view', $entry);
16+
1517
$revisions = $entry
1618
->revisions()
1719
->reverse()
@@ -39,6 +41,8 @@ public function index(Request $request, $collection, $entry)
3941

4042
public function store(Request $request, $collection, $entry)
4143
{
44+
$this->authorize('edit', $entry);
45+
4246
$entry->createRevision([
4347
'message' => $request->message,
4448
'user' => User::fromUser($request->user()),
@@ -49,6 +53,8 @@ public function store(Request $request, $collection, $entry)
4953

5054
public function show(Request $request, $collection, $entry, $revision)
5155
{
56+
$this->authorize('view', $entry);
57+
5258
$entry = $entry->makeFromRevision($revision);
5359

5460
// TODO: Most of this is duplicated with EntriesController@edit. DRY it off.

src/Http/Controllers/CP/Taxonomies/RestoreTermRevisionController.php

Lines changed: 0 additions & 26 deletions
This file was deleted.

src/Http/Controllers/CP/Taxonomies/TermRevisionsController.php

Lines changed: 0 additions & 118 deletions
This file was deleted.

0 commit comments

Comments
 (0)