[5.x] Add view other authors entries permission

resources/lang/en/permissions.php

@@ -31,6 +31,7 @@
     'publish_{collection}_entries_desc' => 'Ability to change from draft to published and vice versa',
     'reorder_{collection}_entries' => 'Reorder entries',
     'reorder_{collection}_entries_desc' => 'Enables drag and drop reordering',
+    'view_other_authors_{collection}_entries' => "View other authors' entries",
     'edit_other_authors_{collection}_entries' => "Edit other authors' entries",
     'publish_other_authors_{collection}_entries' => "Manage publish state of other authors' entries",
     'delete_other_authors_{collection}_entries' => "Delete other authors' entries",

src/Auth/CorePermissions.php

@@ -97,9 +97,11 @@ protected function registerCollections()
                     $this->permission('delete {collection} entries'),
                     $this->permission('publish {collection} entries'),
                     $this->permission('reorder {collection} entries'),
-                    $this->permission('edit other authors {collection} entries')->children([
-                        $this->permission('publish other authors {collection} entries'),
-                        $this->permission('delete other authors {collection} entries'),
+                    $this->permission('view other authors {collection} entries')->children([
+                        $this->permission('edit other authors {collection} entries')->children([
+                            $this->permission('publish other authors {collection} entries'),
+                            $this->permission('delete other authors {collection} entries'),
+                        ]),
                     ]),
                 ]),
             ])->replacements('collection', function () {

src/Fieldtypes/Entries.php

@@ -144,6 +144,20 @@ public function getIndexItems($request)
             $query->whereIn('blueprint', $blueprints);
         }
 
+        collect($this->getConfiguredCollections())
+            ->map(fn ($handle) => Collection::findByHandle($handle))
+            ->filter(fn ($collection) => User::current()->cant('view-other-authors-entries', [EntryContract::class, $collection]))
+            ->each(function ($collection) use ($query) {
+                $blueprintsWithoutAuthor = $collection->entryBlueprints()
+                    ->filter(fn ($blueprint) => ! $blueprint->hasField('author'))
+                    ->map->handle()->all();
+
+                    $query->where(fn ($query) => $query
+                        ->whereIn('blueprint', $blueprintsWithoutAuthor)
+                        ->orWhere('author', User::current()->id())
+                    );
+            });
+
         $this->activeFilterBadges = $this->queryFilters($query, $filters, $this->getSelectionFilterContext());
 
         if ($sort = $this->getSortColumn($request)) {

src/Http/Controllers/CP/Collections/CollectionsController.php

@@ -55,10 +55,24 @@ private function collections()
                 || User::current()->can('view', $collection)
                 && $collection->sites()->contains(Site::selected()->handle());
         })->map(function ($collection) {
+            $entriesCount = $collection->queryEntries()
+                ->where('site', Site::selected())
+                ->when(User::current()->cant('view-other-authors-entries', [EntryContract::class, $collection]), function ($query) use ($collection) {
+                    $blueprintsWithoutAuthor = $collection->entryBlueprints()
+                        ->filter(fn ($blueprint) => ! $blueprint->hasField('author'))
+                        ->map->handle()->all();
+
+                    $query->where(fn ($query) => $query
+                        ->whereIn('blueprint', $blueprintsWithoutAuthor)
+                        ->orWhere('author', User::current()->id())
+                    );
+                })
+                ->count();
+
             return [
                 'id' => $collection->handle(),
                 'title' => $collection->title(),
-                'entries' => $collection->queryEntries()->where('site', Site::selected())->count(),
+                'entries' => $entriesCount,
                 'edit_url' => $collection->editUrl(),
                 'delete_url' => $collection->deleteUrl(),
                 'entries_url' => cp_route('collections.show', $collection->handle()),

src/Http/Controllers/CP/Collections/EntriesController.php

@@ -84,6 +84,18 @@ protected function indexQuery($collection)
             $query->whereIn('site', Site::authorized()->map->handle()->all());
         }
 
+        if (User::current()->cant('view-other-authors-entries', [EntryContract::class, $collection])) {
+            // Mirror the behavior of the hasAnotherAuthor() method in the EntryPolicy.
+            $blueprintsWithoutAuthor = $collection->entryBlueprints()
+                ->filter(fn ($blueprint) => ! $blueprint->hasField('author'))
+                ->map->handle()->all();
+
+            $query->where(fn ($query) => $query
+                ->whereIn('blueprint', $blueprintsWithoutAuthor)
+                ->orWhere('author', User::current()->id())
+            );
+        }
+
         return $query;
     }
 

src/Policies/EntryPolicy.php

@@ -30,6 +30,10 @@ public function view($user, $entry)
             return false;
         }
 
+        if ($this->hasAnotherAuthor($user, $entry)) {
+            return $user->hasPermission("view other authors {$entry->collectionHandle()} entries");
+        }
+
         return $this->edit($user, $entry)
             || $user->hasPermission("view {$entry->collectionHandle()} entries");
     }
@@ -49,6 +53,11 @@ public function edit($user, $entry)
         return $user->hasPermission("edit {$entry->collectionHandle()} entries");
     }
 
+    public function viewOtherAuthorsEntries($user, $collection)
+    {
+        return $user->hasPermission("view other authors {$collection->handle()} entries");
+    }
+
     public function editOtherAuthorsEntries($user, $collection, $blueprint = null)
     {
         $blueprint = $blueprint ?? $collection->entryBlueprint();