Reviewed addition to db table prefix

Review of #2935 - Removed from .env files and added warnings for use if found in config file. - Updated permission service to use whereColumn queries to auto-handle use of prefixes.
BookStackApp · Sep 29, 2021 · 025442f · 025442f
1 parent 0f66c8a
commit 025442f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/.env.example b/.env.example
@@ -23,7 +23,6 @@ APP_URL=https://example.com
 # Database details
 DB_HOST=localhost
 DB_DATABASE=database_database
-DB_TABLE_PREFIX=
 DB_USERNAME=database_username
 DB_PASSWORD=database_user_password
 

diff --git a/.env.example.complete b/.env.example.complete
@@ -55,7 +55,6 @@ APP_PROXIES=null
 DB_HOST=localhost
 DB_PORT=3306
 DB_DATABASE=database_database
-DB_TABLE_PREFIX=
 DB_USERNAME=database_username
 DB_PASSWORD=database_user_password
 

diff --git a/app/Auth/Permissions/PermissionService.php b/app/Auth/Permissions/PermissionService.php
@@ -603,17 +603,18 @@ public function enforceEntityRestrictions(Entity $entity, Builder $query, string
     /**
      * Filter items that have entities set as a polymorphic relation.
      *
-     * @param Builder|\Illuminate\Database\Query\Builder $query
+     * @param Builder|QueryBuilder $query
      */
     public function filterRestrictedEntityRelations($query, string $tableName, string $entityIdColumn, string $entityTypeColumn, string $action = 'view')
     {
-        $tableDetails = ['tableName' => $this->db->getTablePrefix() . $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
+        $tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
 
         $q = $query->where(function ($query) use ($tableDetails, $action) {
             $query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) {
+                /** @var Builder $permissionQuery */
                 $permissionQuery->select(['role_id'])->from('joint_permissions')
-                    ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
-                    ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
+                    ->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
+                    ->whereColumn('joint_permissions.entity_type', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
                     ->where('action', '=', $action)
                     ->whereIn('role_id', $this->getCurrentUserRoles())
                     ->where(function (QueryBuilder $query) {
@@ -639,8 +640,9 @@ public function filterRelatedEntity(string $entityClass, Builder $query, string
         $q = $query->where(function ($query) use ($tableDetails, $morphClass) {
             $query->where(function ($query) use (&$tableDetails, $morphClass) {
                 $query->whereExists(function ($permissionQuery) use (&$tableDetails, $morphClass) {
+                    /** @var Builder $permissionQuery */
                     $permissionQuery->select('id')->from('joint_permissions')
-                        ->whereRaw($this->db->getTablePrefix() . 'joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
+                        ->whereColumn('joint_permissions.entity_id', '=',  $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
                         ->where('entity_type', '=', $morphClass)
                         ->where('action', '=', 'view')
                         ->whereIn('role_id', $this->getCurrentUserRoles())

diff --git a/app/Config/database.php b/app/Config/database.php
@@ -69,6 +69,9 @@
             'port'           => $mysql_port,
             'charset'        => 'utf8mb4',
             'collation'      => 'utf8mb4_unicode_ci',
+            // Prefixes are only semi-supported and may be unstable
+            // since they are not tested as part of our automated test suite.
+            // If used, the prefix should not be changed otherwise you will likely receive errors.
             'prefix'         => env('DB_TABLE_PREFIX', ''),
             'prefix_indexes' => true,
             'strict'         => false,