]> BookStack Code Mirror - bookstack/blob - tests/Permissions/RestrictionsTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added basic system tests for markdown editor, Added extra test helpers
[bookstack] / tests / Permissions / RestrictionsTest.php
1 <?php
2
3 class RestrictionsTest extends TestCase
4 {
5     protected $user;
6
7     public function setUp()
8     {
9         parent::setUp();
10         $this->user = $this->getNewUser();
11     }
12
13     /**
14      * Manually set some restrictions on an entity.
15      * @param \BookStack\Entity $entity
16      * @param $actions
17      */
18     protected function setEntityRestrictions(\BookStack\Entity $entity, $actions)
19     {
20         $entity->restricted = true;
21         $entity->restrictions()->delete();
22         $role = $this->user->roles->first();
23         foreach ($actions as $action) {
24             $entity->restrictions()->create([
25                 'role_id' => $role->id,
26                 'action' => strtolower($action)
27             ]);
28         }
29         $entity->save();
30         $entity->load('restrictions');
31     }
32
33     public function test_book_view_restriction()
34     {
35         $book = \BookStack\Book::first();
36         $bookPage = $book->pages->first();
37         $bookChapter = $book->chapters->first();
38
39         $bookUrl = $book->getUrl();
40         $this->actingAs($this->user)
41             ->visit($bookUrl)
42             ->seePageIs($bookUrl);
43
44         $this->setEntityRestrictions($book, []);
45
46         $this->forceVisit($bookUrl)
47             ->see('Book not found');
48         $this->forceVisit($bookPage->getUrl())
49             ->see('Book not found');
50         $this->forceVisit($bookChapter->getUrl())
51             ->see('Book not found');
52
53         $this->setEntityRestrictions($book, ['view']);
54
55         $this->visit($bookUrl)
56             ->see($book->name);
57         $this->visit($bookPage->getUrl())
58             ->see($bookPage->name);
59         $this->visit($bookChapter->getUrl())
60             ->see($bookChapter->name);
61     }
62
63     public function test_book_create_restriction()
64     {
65         $book = \BookStack\Book::first();
66
67         $bookUrl = $book->getUrl();
68         $this->actingAs($this->user)
69             ->visit($bookUrl)
70             ->seeInElement('.action-buttons', 'New Page')
71             ->seeInElement('.action-buttons', 'New Chapter');
72
73         $this->setEntityRestrictions($book, ['view', 'delete', 'update']);
74
75         $this->forceVisit($bookUrl . '/chapter/create')
76             ->see('You do not have permission')->seePageIs('/');
77         $this->forceVisit($bookUrl . '/page/create')
78             ->see('You do not have permission')->seePageIs('/');
79         $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
80             ->dontSeeInElement('.action-buttons', 'New Chapter');
81
82         $this->setEntityRestrictions($book, ['view', 'create']);
83
84         $this->visit($bookUrl . '/chapter/create')
85             ->type('test chapter', 'name')
86             ->type('test description for chapter', 'description')
87             ->press('Save Chapter')
88             ->seePageIs($bookUrl . '/chapter/test-chapter');
89         $this->visit($bookUrl . '/page/create')
90             ->type('test page', 'name')
91             ->type('test content', 'html')
92             ->press('Save Page')
93             ->seePageIs($bookUrl . '/page/test-page');
94         $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
95             ->seeInElement('.action-buttons', 'New Chapter');
96     }
97
98     public function test_book_update_restriction()
99     {
100         $book = \BookStack\Book::first();
101         $bookPage = $book->pages->first();
102         $bookChapter = $book->chapters->first();
103
104         $bookUrl = $book->getUrl();
105         $this->actingAs($this->user)
106             ->visit($bookUrl . '/edit')
107             ->see('Edit Book');
108
109         $this->setEntityRestrictions($book, ['view', 'delete']);
110
111         $this->forceVisit($bookUrl . '/edit')
112             ->see('You do not have permission')->seePageIs('/');
113         $this->forceVisit($bookPage->getUrl() . '/edit')
114             ->see('You do not have permission')->seePageIs('/');
115         $this->forceVisit($bookChapter->getUrl() . '/edit')
116             ->see('You do not have permission')->seePageIs('/');
117
118         $this->setEntityRestrictions($book, ['view', 'update']);
119
120         $this->visit($bookUrl . '/edit')
121             ->seePageIs($bookUrl . '/edit');
122         $this->visit($bookPage->getUrl() . '/edit')
123             ->seePageIs($bookPage->getUrl() . '/edit');
124         $this->visit($bookChapter->getUrl() . '/edit')
125             ->see('Edit Chapter');
126     }
127
128     public function test_book_delete_restriction()
129     {
130         $book = \BookStack\Book::first();
131         $bookPage = $book->pages->first();
132         $bookChapter = $book->chapters->first();
133
134         $bookUrl = $book->getUrl();
135         $this->actingAs($this->user)
136             ->visit($bookUrl . '/delete')
137             ->see('Delete Book');
138
139         $this->setEntityRestrictions($book, ['view', 'update']);
140
141         $this->forceVisit($bookUrl . '/delete')
142             ->see('You do not have permission')->seePageIs('/');
143         $this->forceVisit($bookPage->getUrl() . '/delete')
144             ->see('You do not have permission')->seePageIs('/');
145         $this->forceVisit($bookChapter->getUrl() . '/delete')
146             ->see('You do not have permission')->seePageIs('/');
147
148         $this->setEntityRestrictions($book, ['view', 'delete']);
149
150         $this->visit($bookUrl . '/delete')
151             ->seePageIs($bookUrl . '/delete')->see('Delete Book');
152         $this->visit($bookPage->getUrl() . '/delete')
153             ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
154         $this->visit($bookChapter->getUrl() . '/delete')
155             ->see('Delete Chapter');
156     }
157
158     public function test_chapter_view_restriction()
159     {
160         $chapter = \BookStack\Chapter::first();
161         $chapterPage = $chapter->pages->first();
162
163         $chapterUrl = $chapter->getUrl();
164         $this->actingAs($this->user)
165             ->visit($chapterUrl)
166             ->seePageIs($chapterUrl);
167
168         $this->setEntityRestrictions($chapter, []);
169
170         $this->forceVisit($chapterUrl)
171             ->see('Chapter not found');
172         $this->forceVisit($chapterPage->getUrl())
173             ->see('Page not found');
174
175         $this->setEntityRestrictions($chapter, ['view']);
176
177         $this->visit($chapterUrl)
178             ->see($chapter->name);
179         $this->visit($chapterPage->getUrl())
180             ->see($chapterPage->name);
181     }
182
183     public function test_chapter_create_restriction()
184     {
185         $chapter = \BookStack\Chapter::first();
186
187         $chapterUrl = $chapter->getUrl();
188         $this->actingAs($this->user)
189             ->visit($chapterUrl)
190             ->seeInElement('.action-buttons', 'New Page');
191
192         $this->setEntityRestrictions($chapter, ['view', 'delete', 'update']);
193
194         $this->forceVisit($chapterUrl . '/create-page')
195             ->see('You do not have permission')->seePageIs('/');
196         $this->visit($chapterUrl)->dontSeeInElement('.action-buttons', 'New Page');
197
198         $this->setEntityRestrictions($chapter, ['view', 'create']);
199
200
201         $this->visit($chapterUrl . '/create-page')
202             ->type('test page', 'name')
203             ->type('test content', 'html')
204             ->press('Save Page')
205             ->seePageIs($chapter->book->getUrl() . '/page/test-page');
206         $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page');
207     }
208
209     public function test_chapter_update_restriction()
210     {
211         $chapter = \BookStack\Chapter::first();
212         $chapterPage = $chapter->pages->first();
213
214         $chapterUrl = $chapter->getUrl();
215         $this->actingAs($this->user)
216             ->visit($chapterUrl . '/edit')
217             ->see('Edit Chapter');
218
219         $this->setEntityRestrictions($chapter, ['view', 'delete']);
220
221         $this->forceVisit($chapterUrl . '/edit')
222             ->see('You do not have permission')->seePageIs('/');
223         $this->forceVisit($chapterPage->getUrl() . '/edit')
224             ->see('You do not have permission')->seePageIs('/');
225
226         $this->setEntityRestrictions($chapter, ['view', 'update']);
227
228         $this->visit($chapterUrl . '/edit')
229             ->seePageIs($chapterUrl . '/edit')->see('Edit Chapter');
230         $this->visit($chapterPage->getUrl() . '/edit')
231             ->seePageIs($chapterPage->getUrl() . '/edit');
232     }
233
234     public function test_chapter_delete_restriction()
235     {
236         $chapter = \BookStack\Chapter::first();
237         $chapterPage = $chapter->pages->first();
238
239         $chapterUrl = $chapter->getUrl();
240         $this->actingAs($this->user)
241             ->visit($chapterUrl . '/delete')
242             ->see('Delete Chapter');
243
244         $this->setEntityRestrictions($chapter, ['view', 'update']);
245
246         $this->forceVisit($chapterUrl . '/delete')
247             ->see('You do not have permission')->seePageIs('/');
248         $this->forceVisit($chapterPage->getUrl() . '/delete')
249             ->see('You do not have permission')->seePageIs('/');
250
251         $this->setEntityRestrictions($chapter, ['view', 'delete']);
252
253         $this->visit($chapterUrl . '/delete')
254             ->seePageIs($chapterUrl . '/delete')->see('Delete Chapter');
255         $this->visit($chapterPage->getUrl() . '/delete')
256             ->seePageIs($chapterPage->getUrl() . '/delete')->see('Delete Page');
257     }
258
259     public function test_page_view_restriction()
260     {
261         $page = \BookStack\Page::first();
262
263         $pageUrl = $page->getUrl();
264         $this->actingAs($this->user)
265             ->visit($pageUrl)
266             ->seePageIs($pageUrl);
267
268         $this->setEntityRestrictions($page, ['update', 'delete']);
269
270         $this->forceVisit($pageUrl)
271             ->see('Page not found');
272
273         $this->setEntityRestrictions($page, ['view']);
274
275         $this->visit($pageUrl)
276             ->see($page->name);
277     }
278
279     public function test_page_update_restriction()
280     {
281         $page = \BookStack\Chapter::first();
282
283         $pageUrl = $page->getUrl();
284         $this->actingAs($this->user)
285             ->visit($pageUrl . '/edit')
286             ->seeInField('name', $page->name);
287
288         $this->setEntityRestrictions($page, ['view', 'delete']);
289
290         $this->forceVisit($pageUrl . '/edit')
291             ->see('You do not have permission')->seePageIs('/');
292
293         $this->setEntityRestrictions($page, ['view', 'update']);
294
295         $this->visit($pageUrl . '/edit')
296             ->seePageIs($pageUrl . '/edit')->seeInField('name', $page->name);
297     }
298
299     public function test_page_delete_restriction()
300     {
301         $page = \BookStack\Page::first();
302
303         $pageUrl = $page->getUrl();
304         $this->actingAs($this->user)
305             ->visit($pageUrl . '/delete')
306             ->see('Delete Page');
307
308         $this->setEntityRestrictions($page, ['view', 'update']);
309
310         $this->forceVisit($pageUrl . '/delete')
311             ->see('You do not have permission')->seePageIs('/');
312
313         $this->setEntityRestrictions($page, ['view', 'delete']);
314
315         $this->visit($pageUrl . '/delete')
316             ->seePageIs($pageUrl . '/delete')->see('Delete Page');
317     }
318
319     public function test_book_restriction_form()
320     {
321         $book = \BookStack\Book::first();
322         $this->asAdmin()->visit($book->getUrl() . '/restrict')
323             ->see('Book Restrictions')
324             ->check('restricted')
325             ->check('restrictions[2][view]')
326             ->press('Save Restrictions')
327             ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
328             ->seeInDatabase('restrictions', [
329                 'restrictable_id' => $book->id,
330                 'restrictable_type' => 'BookStack\Book',
331                 'role_id' => '2',
332                 'action' => 'view'
333             ]);
334     }
335
336     public function test_chapter_restriction_form()
337     {
338         $chapter = \BookStack\Chapter::first();
339         $this->asAdmin()->visit($chapter->getUrl() . '/restrict')
340             ->see('Chapter Restrictions')
341             ->check('restricted')
342             ->check('restrictions[2][update]')
343             ->press('Save Restrictions')
344             ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
345             ->seeInDatabase('restrictions', [
346                 'restrictable_id' => $chapter->id,
347                 'restrictable_type' => 'BookStack\Chapter',
348                 'role_id' => '2',
349                 'action' => 'update'
350             ]);
351     }
352
353     public function test_page_restriction_form()
354     {
355         $page = \BookStack\Page::first();
356         $this->asAdmin()->visit($page->getUrl() . '/restrict')
357             ->see('Page Restrictions')
358             ->check('restricted')
359             ->check('restrictions[2][delete]')
360             ->press('Save Restrictions')
361             ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
362             ->seeInDatabase('restrictions', [
363                 'restrictable_id' => $page->id,
364                 'restrictable_type' => 'BookStack\Page',
365                 'role_id' => '2',
366                 'action' => 'delete'
367             ]);
368     }
369
370     public function test_restricted_pages_not_visible_in_book_navigation_on_pages()
371     {
372         $chapter = \BookStack\Chapter::first();
373         $page = $chapter->pages->first();
374         $page2 = $chapter->pages[2];
375
376         $this->setEntityRestrictions($page, []);
377
378         $this->actingAs($this->user)
379             ->visit($page2->getUrl())
380             ->dontSeeInElement('.sidebar-page-list', $page->name);
381     }
382
383     public function test_restricted_pages_not_visible_in_book_navigation_on_chapters()
384     {
385         $chapter = \BookStack\Chapter::first();
386         $page = $chapter->pages->first();
387
388         $this->setEntityRestrictions($page, []);
389
390         $this->actingAs($this->user)
391             ->visit($chapter->getUrl())
392             ->dontSeeInElement('.sidebar-page-list', $page->name);
393     }
394
395     public function test_restricted_pages_not_visible_on_chapter_pages()
396     {
397         $chapter = \BookStack\Chapter::first();
398         $page = $chapter->pages->first();
399
400         $this->setEntityRestrictions($page, []);
401
402         $this->actingAs($this->user)
403             ->visit($chapter->getUrl())
404             ->dontSee($page->name);
405     }
406
407 }
The core source code for the BookStack project.